head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.28 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.26 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.24 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.22 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.20 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.4.0.18 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.16 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.14 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.12 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.4.0.10 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.8 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.6 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.4 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.2 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.3.0.8 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.6 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.4 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.2 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.1.0.2 pkgsrc-2005Q4-base:1.1; locks; strict; comment @# @; 1.4 date 2007.03.14.12.29.06; author markd; state dead; branches; next 1.3; 1.3 date 2006.03.29.17.22.46; author joerg; state Exp; branches; next 1.2; 1.2 date 2006.02.15.19.06.13; author joerg; state Exp; branches; next 1.1; 1.1 date 2005.12.17.04.22.55; author jlam; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2006.02.16.00.25.30; author salo; state Exp; branches; next ; desc @@ 1.4 log @Update cups to 1.2.8 ok'ed jlam a while back. CUPS 1.2.8 adds a French localization, updates the Japanese and Spanish localizations, and fixes several web interface, printing, and networking bugs. CUPS 1.2.7 adds several Mac OS X improvements, implements timeouts in the SSL negotiation code, and fixes the bounding box generated by the PostScript filter, bidirectional support in the USB backend, and another case where the lpstat command could hang. CUPS 1.2.6 fixes some compile errors, localization of the web interface on Mac OS X, bugs in the lpc and lpstat commands, and backchannel support in the parallel backend. CUPS 1.2.5 fixes minor printing, networking, and documentation issues and adds support for older versions of DBUS and a translation for Estonian. CUPS 1.2.4 fixes a number of web interface, scheduler, and CUPS API issues. CUPS 1.2.3 fixes a number of web interface, networking, remote printing, and CUPS API issues. CUPS 1.2.2 fixes several build, platform, notification, and printing bugs. CUPS 1.2.1 fixes several build, platform, and printing bugs. CUPS 1.2.0 is the first stable feature release in the 1.2.x series and includes over 90 new features and changes since CUPS 1.1.23, including a greatly improved web interface and "plug-and-print" support for many local and network printers. @ text @$NetBSD: patch-be,v 1.3 2006/03/29 17:22:46 joerg Exp $ --- pdftops/Stream.cxx.orig 2004-02-02 17:41:09.000000000 -0500 +++ pdftops/Stream.cxx @@@@ -12,6 +12,7 @@@@ #pragma implementation #endif +#include #include #include #include @@@@ -409,13 +410,26 @@@@ StreamPredictor::StreamPredictor(Stream width = widthA; nComps = nCompsA; nBits = nBitsA; + predLine = NULL; + ok = gFalse; nVals = width * nComps; + if (width <= 0 || nComps <= 0 || nBits <= 0 || + nComps >= INT_MAX / nBits || + width >= INT_MAX / nComps / nBits || + nVals * nBits + 7 < 0) { + return; + } pixBytes = (nComps * nBits + 7) >> 3; rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; + if (rowBytes <= 0) { + return; + } predLine = (Guchar *)gmalloc(rowBytes); memset(predLine, 0, rowBytes); predIdx = rowBytes; + + ok = gTrue; } StreamPredictor::~StreamPredictor() { @@@@ -991,6 +1005,10 @@@@ LZWStream::LZWStream(Stream *strA, int p FilterStream(strA) { if (predictor != 1) { pred = new StreamPredictor(this, predictor, columns, colors, bits); + if (!pred->isOK()) { + delete pred; + pred = NULL; + } } else { pred = NULL; } @@@@ -1239,6 +1257,9 @@@@ CCITTFaxStream::CCITTFaxStream(Stream *s endOfLine = endOfLineA; byteAlign = byteAlignA; columns = columnsA; + if (columns + 4 <= 0) { + columns = INT_MAX - 4; + } rows = rowsA; endOfBlock = endOfBlockA; black = blackA; @@@@ -2891,6 +2912,11 @@@@ GBool DCTStream::readBaselineSOF() { height = read16(); width = read16(); numComps = str->getChar(); + if (numComps <= 0 || numComps > 4) { + error(getPos(), "Bad number of components in DCT stream", prec); + numComps = 0; + return gFalse; + } if (prec != 8) { error(getPos(), "Bad DCT precision %d", prec); return gFalse; @@@@ -2917,6 +2943,11 @@@@ GBool DCTStream::readProgressiveSOF() { height = read16(); width = read16(); numComps = str->getChar(); + if (numComps <= 0 || numComps > 4) { + error(getPos(), "Bad number of components in DCT stream", prec); + numComps = 0; + return gFalse; + } if (prec != 8) { error(getPos(), "Bad DCT precision %d", prec); return gFalse; @@@@ -2939,6 +2970,11 @@@@ GBool DCTStream::readScanInfo() { length = read16() - 2; scanInfo.numComps = str->getChar(); + if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) { + error(getPos(), "Bad number of components in DCT stream"); + scanInfo.numComps = 0; + return gFalse; + } --length; if (length != 2 * scanInfo.numComps + 3) { error(getPos(), "Bad DCT scan info block"); @@@@ -2980,22 +3016,32 @@@@ GBool DCTStream::readScanInfo() { } GBool DCTStream::readQuantTables() { - int length; - int i; - int index; + int length, prec, i, index; length = read16() - 2; while (length > 0) { index = str->getChar(); - if ((index & 0xf0) || index >= 4) { + prec = (index >> 4) & 0x0f; + index &= 0x0f; + if (prec > 1 || index >= 4) { error(getPos(), "Bad DCT quantization table"); return gFalse; } - if (index == numQuantTables) + if (index == numQuantTables) { numQuantTables = index + 1; - for (i = 0; i < 64; ++i) - quantTables[index][dctZigZag[i]] = str->getChar(); - length -= 65; + } + for (i = 0; i < 64; ++i) { + if (prec) { + quantTables[index][dctZigZag[i]] = read16(); + } else { + quantTables[index][dctZigZag[i]] = str->getChar(); + } + } + if (prec) { + length -= 129; + } else { + length -= 65; + } } return gTrue; } @@@@ -3023,6 +3069,7 @@@@ GBool DCTStream::readHuffmanTables() { numACHuffTables = index+1; tbl = &acHuffTables[index]; } else { + index &= 0x0f; if (index >= numDCHuffTables) numDCHuffTables = index+1; tbl = &dcHuffTables[index]; @@@@ -3136,7 +3183,7 @@@@ int DCTStream::readMarker() { do { do { c = str->getChar(); - } while (c != 0xff); + } while (c != 0xff && c != EOF); do { c = str->getChar(); } while (c == 0xff); @@@@ -3249,6 +3296,10 @@@@ FlateStream::FlateStream(Stream *strA, i FilterStream(strA) { if (predictor != 1) { pred = new StreamPredictor(this, predictor, columns, colors, bits); + if (!pred->isOK()) { + delete pred; + pred = NULL; + } } else { pred = NULL; } @ 1.3 log @Sync pdftops with xpdf 3.01pl2, fixing at least two possible integer overflows. Bump revision. @ text @d1 1 a1 1 $NetBSD: patch-be,v 1.2 2006/02/15 19:06:13 joerg Exp $ @ 1.2 log @Port the security fixes for SA181303 from print/xpdf to print/cups. @ text @d1 1 a1 1 $NetBSD: patch-be,v 1.1 2005/12/17 04:22:55 jlam Exp $ d5 5 a9 1 @@@@ -15,6 +15,7 @@@@ d13 1 a13 5 +#include #ifndef WIN32 #include #endif @@@@ -409,13 +410,30 @@@@ StreamPredictor::StreamPredictor(Stream d19 2 a20 1 + d23 2 a24 6 + width >= INT_MAX / nComps / nBits) { + return; + } nVals = width * nComps; + if (nVals * nBits + 7 <= 0) { d29 1 a29 1 + if (rowBytes < 0) { a31 1 + d40 1 a40 1 @@@@ -991,6 +1009,10 @@@@ LZWStream::LZWStream(Stream *strA, int p d44 1 a44 1 + if (!pred->isOk()) { d51 1 a51 1 @@@@ -1239,6 +1261,9 @@@@ CCITTFaxStream::CCITTFaxStream(Stream *s d55 2 a56 2 + if (columns + 3 < 1 || columns + 4 < 1 || columns < 1) { + columns = 1; d61 1 a61 1 @@@@ -2891,6 +2916,10 @@@@ GBool DCTStream::readBaselineSOF() { d66 2 a67 1 + error(getPos(), "Bad number of components %d in DCT stream", numComps); d73 1 a73 1 @@@@ -2917,6 +2946,10 @@@@ GBool DCTStream::readProgressiveSOF() { d78 2 a79 1 + error(getPos(), "Bad number of components %d in DCT stream", numComps); d85 1 a85 1 @@@@ -2939,6 +2972,10 @@@@ GBool DCTStream::readScanInfo() { d91 1 d97 10 a106 1 @@@@ -3013,12 +3050,12 @@@@ GBool DCTStream::readHuffmanTables() { d109 5 a113 4 --length; - if ((index & 0x0f) >= 4) { + if ((index & 0x0f) >= 4 || (index & ~0x10) < 0) { error(getPos(), "Bad DCT Huffman table"); d116 23 a138 4 if (index & 0x10) { - index &= 0x0f; + index &= 0x03; if (index >= numACHuffTables) d141 15 a155 1 @@@@ -3249,6 +3286,10 @@@@ FlateStream::FlateStream(Stream *strA, i d159 1 a159 1 + if (!pred->isOk()) { @ 1.1 log @Fix for the following security advisories which affect cups-1.1.x: CAN-2005-3191 CAN-2005-3192 The fixes were largely copied from xpdf-3.01pl1.patch from foolabs.com; however, patch-be for Stream.cxx also includes a proper fix for CAN-2005-3191 which was only partially fixed in the foolabs.com patch. Bump the PKGREVISION to 4. @ text @d1 1 a1 1 $NetBSD$ d5 9 a13 8 @@@@ -404,18 +404,34 @@@@ void ImageStream::skipLine() { StreamPredictor::StreamPredictor(Stream *strA, int predictorA, int widthA, int nCompsA, int nBitsA) { + int totalBits; + str = strA; predictor = predictorA; d19 6 d27 1 a27 4 + totalBits = nVals * nBits; + if (totalBits == 0 || + (totalBits / nBits) / nComps != width || + totalBits + 7 < 0) { d31 1 a31 2 - rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; + rowBytes = ((totalBits + 7) >> 3) + pixBytes; d44 1 a44 1 @@@@ -991,6 +1007,10 @@@@ LZWStream::LZWStream(Stream *strA, int p d55 11 a65 1 @@@@ -2891,6 +2911,10 @@@@ GBool DCTStream::readBaselineSOF() { d76 1 a76 1 @@@@ -2917,6 +2941,10 @@@@ GBool DCTStream::readProgressiveSOF() { d87 27 a113 1 @@@@ -3249,6 +3277,10 @@@@ FlateStream::FlateStream(Stream *strA, i @ 1.1.2.1 log @Pullup ticket 1139 - requested by Joerg Sonnenberger security fix for cups Revisions pulled up: - pkgsrc/print/cups/Makefile patch - pkgsrc/print/cups/distinfo 1.37 - pkgsrc/print/cups/patches/patch-ap 1.6 - pkgsrc/print/cups/patches/patch-be 1.2 Module Name: pkgsrc Committed By: joerg Date: Wed Feb 15 19:06:13 UTC 2006 Modified Files: pkgsrc/print/cups: distinfo pkgsrc/print/cups/patches: patch-be Added Files: pkgsrc/print/cups/patches: patch-ap Log Message: Port the security fixes for SA18303 from print/xpdf to print/cups. @ text @d1 1 a1 1 $NetBSD: patch-be,v 1.2 2006/02/15 19:06:13 joerg Exp $ d5 8 a12 9 @@@@ -15,6 +15,7 @@@@ #include #include #include +#include #ifndef WIN32 #include #endif @@@@ -409,13 +410,30 @@@@ StreamPredictor::StreamPredictor(Stream a17 6 + + if (width <= 0 || nComps <= 0 || nBits <= 0 || + nComps >= INT_MAX / nBits || + width >= INT_MAX / nComps / nBits) { + return; + } d20 4 a23 1 + if (nVals * nBits + 7 <= 0) { d27 2 a28 1 rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes; d41 1 a41 1 @@@@ -991,6 +1009,10 @@@@ LZWStream::LZWStream(Stream *strA, int p d52 1 a52 11 @@@@ -1239,6 +1261,9 @@@@ CCITTFaxStream::CCITTFaxStream(Stream *s endOfLine = endOfLineA; byteAlign = byteAlignA; columns = columnsA; + if (columns + 3 < 1 || columns + 4 < 1 || columns < 1) { + columns = 1; + } rows = rowsA; endOfBlock = endOfBlockA; black = blackA; @@@@ -2891,6 +2916,10 @@@@ GBool DCTStream::readBaselineSOF() { d63 1 a63 1 @@@@ -2917,6 +2946,10 @@@@ GBool DCTStream::readProgressiveSOF() { d74 1 a74 27 @@@@ -2939,6 +2972,10 @@@@ GBool DCTStream::readScanInfo() { length = read16() - 2; scanInfo.numComps = str->getChar(); + if (scanInfo.numComps <= 0 || scanInfo.numComps > 4) { + error(getPos(), "Bad number of components in DCT stream"); + return gFalse; + } --length; if (length != 2 * scanInfo.numComps + 3) { error(getPos(), "Bad DCT scan info block"); @@@@ -3013,12 +3050,12 @@@@ GBool DCTStream::readHuffmanTables() { while (length > 0) { index = str->getChar(); --length; - if ((index & 0x0f) >= 4) { + if ((index & 0x0f) >= 4 || (index & ~0x10) < 0) { error(getPos(), "Bad DCT Huffman table"); return gFalse; } if (index & 0x10) { - index &= 0x0f; + index &= 0x03; if (index >= numACHuffTables) numACHuffTables = index+1; tbl = &acHuffTables[index]; @@@@ -3249,6 +3286,10 @@@@ FlateStream::FlateStream(Stream *strA, i @