SECURITY FIX for CVE-2009-3608, CVE-2009-3609.

CUPS "pdftops" Filter Data Handling Integer Overflow Vulnerabilities
Patch from Ubuntu.

ok ajacoutot@ (MAINTAINER)
This commit is contained in:
jasper 2009-10-25 16:04:34 +00:00
parent 104a083fec
commit 6a63c0cb29
4 changed files with 81 additions and 2 deletions

View File

@ -1,10 +1,10 @@
# $OpenBSD: Makefile,v 1.58 2009/10/12 11:17:17 ajacoutot Exp $
# $OpenBSD: Makefile,v 1.59 2009/10/25 16:04:34 jasper Exp $
COMMENT= Common Unix Printing System
VERSION= 1.3.11
DISTNAME= cups-${VERSION}-source
PKGNAME= cups-${VERSION}p1
PKGNAME= cups-${VERSION}p2
CATEGORIES= print sysutils

View File

@ -0,0 +1,22 @@
$OpenBSD: patch-config-scripts_cups-pdf_m4,v 1.1 2009/10/25 16:04:34 jasper Exp $
Security fix for CVE-2009-3608, CVE-2009-3609.
CUPS "pdftops" Filter Data Handling Integer Overflow Vulnerabilities
Patch from Ubuntu: poppler-based-pdftops-fixes.dpatch
--- config-scripts/cups-pdf.m4.orig Fri Oct 23 13:00:39 2009
+++ config-scripts/cups-pdf.m4 Fri Oct 23 13:01:00 2009
@@ -64,6 +64,12 @@ case "x$with_pdftops" in
;;
esac
+if test "x$CUPS_PDFTOPS" != x; then
+ if `$CUPS_PDFTOPS -h 2>&1 | grep -q -- -origpagesizes 2>/dev/null`; then
+ AC_DEFINE(HAVE_PDFTOPS_WITH_ORIGPAGESIZES)
+ fi
+fi
+
AC_DEFINE_UNQUOTED(CUPS_PDFTOPS, "$CUPS_PDFTOPS")
AC_DEFINE_UNQUOTED(CUPS_GHOSTSCRIPT, "$CUPS_GHOSTSCRIPT")
AC_SUBST(PDFTOPS)

View File

@ -0,0 +1,17 @@
$OpenBSD: patch-config_h_in,v 1.1 2009/10/25 16:04:34 jasper Exp $
Security fix for CVE-2009-3608, CVE-2009-3609.
CUPS "pdftops" Filter Data Handling Integer Overflow Vulnerabilities
Patch from Ubuntu: poppler-based-pdftops-fixes.dpatch
--- config.h.in.orig Fri Oct 23 13:01:25 2009
+++ config.h.in Fri Oct 23 13:01:39 2009
@@ -440,6 +440,7 @@
*/
#undef HAVE_PDFTOPS
+#undef HAVE_PDFTOPS_WITH_ORIGPAGESIZES
#define CUPS_PDFTOPS "/usr/bin/pdftops"

View File

@ -0,0 +1,40 @@
$OpenBSD: patch-filter_pdftops_c,v 1.1 2009/10/25 16:04:34 jasper Exp $
Security fix for CVE-2009-3608, CVE-2009-3609.
CUPS "pdftops" Filter Data Handling Integer Overflow Vulnerabilities
Patch from Ubuntu: poppler-based-pdftops-fixes.dpatch
--- filter/pdftops.c.orig Fri Oct 23 13:02:31 2009
+++ filter/pdftops.c Fri Oct 23 13:03:37 2009
@@ -303,7 +303,9 @@ main(int argc, /* I - Number of command-line args
}
else
#ifdef HAVE_PDFTOPS
- pdf_argv[pdf_argc++] = (char *)"-level3";
+ /* Do not emit PS Level 3 with Poppler, some HP PostScript printers
+ do not like it. See https://bugs.launchpad.net/bugs/277404. */
+ pdf_argv[pdf_argc++] = (char *)"-level2";
#else
pdf_argv[pdf_argc++] = (char *)"-dLanguageLevel=3";
#endif /* HAVE_PDFTOPS */
@@ -389,7 +391,19 @@ main(int argc, /* I - Number of command-line args
pdf_argv[pdf_argc++] = pdf_width;
pdf_argv[pdf_argc++] = pdf_height;
#endif /* HAVE_PDFTOPS */
+ }
+#if defined(HAVE_PDFTOPS) && defined(HAVE_PDFTOPS_WITH_ORIGPAGESIZES)
+ else
+ {
+ /*
+ * Use the page sizes of the original PDF document, this way documents
+ * which contain pages of different sizes can be printed correctly
+ */
+
+ pdf_argv[pdf_argc++] = (char *)"-origpagesizes";
+
}
+#endif /* HAVE_PDFTOPS && HAVE_PDFTOPS_WITH_ORIGPAGESIZES */
}
#ifdef HAVE_PDFTOPS