Re: squeeze update of cups?
Hi,
Le lundi, 23 février 2015, 11.58:33 Raphael Hertzog a écrit :
> the Debian LTS team would like to fix the security issues which are
> currently open in the Squeeze version of your package:
> https://security-tracker.debian.org/tracker/CVE-2014-9679
>
> Would you like to take care of this yourself?
>
> If yes, please follow the workflow we have defined here:
> http://wiki.debian.org/LTS/Development
I will, but keep in mind that we're still discussing the Wheezy patch
with the security team, so I'd like to get that fixed too (ideally
first).
That said, the part from the upstream patch that we're discussing
doesn't apply to Squeeze(-LTS), so we might as well upload the patch as-
is.
Proposed debdiff attached.
Cheers
OdyX
diff -u cups-1.4.4/debian/changelog cups-1.4.4/debian/changelog
--- cups-1.4.4/debian/changelog
+++ cups-1.4.4/debian/changelog
@@ -1,3 +1,11 @@
+cups (1.4.4-7+squeeze7) squeeze-lts; urgency=medium
+
+ * Backport upstream patch to fix cupsRasterReadPixels buffer overflow with
+ invalid page header and compressed raster data
+ (Closes: #778387, STR #4551, CVE-2014-9679)
+
+ -- Didier Raboud <odyx@debian.org> Mon, 23 Feb 2015 18:27:19 +0100
+
cups (1.4.4-7+squeeze6) squeeze-lts; urgency=medium
* Backport upstream patches to fix:
diff -u cups-1.4.4/debian/patches/00list cups-1.4.4/debian/patches/00list
--- cups-1.4.4/debian/patches/00list
+++ cups-1.4.4/debian/patches/00list
@@ -1,3 +1,6 @@
+# patches backported from upstream SVN trunk for 2.0:
+str4551-fix-buffer-overflow-in-cupsRasterReadPixels.dpatch
+
# patches backported from upstream SVN trunk for 1.7:
fix-insufficient-checking-leading-to-privilege-escalation-str4450.dpatch
fix-insufficient-checking-when-allowing-files-download-from-the-webinterface.dpatch
only in patch2:
unchanged:
--- cups-1.4.4.orig/debian/patches/str4551-fix-buffer-overflow-in-cupsRasterReadPixels.dpatch
+++ cups-1.4.4/debian/patches/str4551-fix-buffer-overflow-in-cupsRasterReadPixels.dpatch
@@ -0,0 +1,38 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## str4551-fix-buffer-overflow-in-cupsRasterReadPixels.dpatch by Michael Sweet <msweet@apple.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: Fix cupsRasterReadPixels buffer overflow with invalid page header
+## DP: and compressed raster data
+## DP: Author: Michael Sweet <msweet@apple.com>
+## DP: Bug-Debian: https://bugs.debian.org/778387
+## DP: Bug-Upstream: https://www.cups.org/str.php?L4551
+## DP: Bug-CVE: CVE-2014-2679
+## DP: Last-Update: 2015-02-16
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' cups~/filter/raster.c cups/filter/raster.c
+--- cups~/filter/raster.c 2015-02-16 09:08:08.000000000 +0100
++++ cups/filter/raster.c 2015-02-16 09:11:17.000000000 +0100
+@@ -239,7 +239,10 @@
+ */
+
+ if (!cups_raster_read_header(r))
++ {
++ memset(h, 0, sizeof(cups_page_header_t));
+ return (0);
++ }
+
+ /*
+ * Copy the header to the user-supplied buffer...
+@@ -268,7 +271,10 @@
+ */
+
+ if (!cups_raster_read_header(r))
++ {
++ memset(h, 0, sizeof(cups_page_header2_t));
+ return (0);
++ }
+
+ /*
+ * Copy the header to the user-supplied buffer...
Reply to: