fix secrutiy issue in pdftops, bug #69662

10 files changed, 363 insertions, 8 deletions

diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index 4d6c484aaab3..fb297743111d 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-print/cups
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.93 2004/10/21 14:02:38 lanius Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.94 2004/11/01 14:37:18 lanius Exp $
+
+*cups-1.1.22 (01 Nov 2004)
+
+  01 Nov 2004; <heino@gentoo.org> +files/xpdf-goo-sizet.patch,
+  +cups-1.1.20-r5.ebuild, -cups-1.1.21-r2.ebuild, +cups-1.1.22.ebuild:
+  fix secrutiy issue in pdftops, bug #69662
 
 *cups-1.1.21-r2 (21 Oct 2004)
 
diff --git a/net-print/cups/Manifest b/net-print/cups/Manifest
index f07a366c9033..02e78bd6ebbf 100644
--- a/net-print/cups/Manifest
+++ b/net-print/cups/Manifest
@@ -1,18 +1,23 @@
 MD5 f27f8d0bb2f59bb9b52e827c5106959a cups-1.1.20-r4.ebuild 3534
+MD5 7b0b1fe6e058c12e37293d58503c3d7f cups-1.1.22.ebuild 3886
 MD5 e270118520bdf5e46c568047cea6eb0d cups-1.1.20-r3.ebuild 3460
-MD5 6c2fc017ffacc66b52650b522cc90eda cups-1.1.21-r2.ebuild 3872
-MD5 239e69686923c7a89b86b6ff78e7c9f9 ChangeLog 12335
+MD5 b22861e9295dce3cff78f2f69fa9ab7a cups-1.1.20-r5.ebuild 3659
+MD5 d2d38298608218cd5d9edd914460b77f ChangeLog 12542
 MD5 26b4b081d538c195dc39bcb2ec8e6f3a metadata.xml 161
+MD5 85bc20d893f097ef0f13947179c3838c files/cups-1.1.22-xpdf2-underflow.patch 2301
 MD5 1219d8139b95119054d7744f6dea85a6 files/str920.patch 5795
 MD5 ff2fde0af36236ae1813438275525fa2 files/cups-1.1.21-xpdf-CESA-2004-007.patch.bz2 966
 MD5 d7e6454c7e8062203b324c5f6a1a2c65 files/cupsd.rc6 515
 MD5 fbd28fb7593c247a7151704df5a253ea files/cups-1.1.20-zero-len-udp-dos.patch 965
 MD5 7242b8a2000fe4c5a2b398e6602f7f1c files/cups.pam 234
+MD5 bef8c5e9724acac435ca092c232685f8 files/digest-cups-1.1.22 72
 MD5 baaa1e0bc63f959779998f5e57de6f9d files/digest-cups-1.1.20-r3 72
 MD5 baaa1e0bc63f959779998f5e57de6f9d files/digest-cups-1.1.20-r4 72
-MD5 91e81d96543dd250e610b0d542becb3a files/digest-cups-1.1.21-r2 72
+MD5 baaa1e0bc63f959779998f5e57de6f9d files/digest-cups-1.1.20-r5 72
 MD5 7bce495a238ee9dbebb61496f3b3ae51 files/disable-strip.patch 422
 MD5 152f70bcd644a5da56756b8b82193d10 files/cups-1.1.20-str633.patch 268
 MD5 04f90143ff0dc0329b242a1f955af20e files/cups-1.1.20-xpdf-CESA-2004-007.patch.bz2 968
 MD5 e8608b3605ae84d0f10dbc635d65292a files/cupsd.conf-1.1.18 20538
+MD5 2fce5bedd61300fad1566a41f991a782 files/xpdf-goo-sizet.patch 1424
+MD5 ef32d65c7ec41690574a92d2436366df files/cups-1.1.20-xpdf2-underflow.patch 2295
 MD5 b041836e6ee51876ca7ec86869643018 files/cups.xinetd 368
diff --git a/net-print/cups/cups-1.1.20-r5.ebuild b/net-print/cups/cups-1.1.20-r5.ebuild
new file mode 100644
index 000000000000..4d9d0172530d
--- /dev/null
+++ b/net-print/cups/cups-1.1.20-r5.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.1.20-r5.ebuild,v 1.1 2004/11/01 14:37:18 lanius Exp $
+
+inherit eutils flag-o-matic
+
+DESCRIPTION="The Common Unix Printing System"
+HOMEPAGE="http://www.cups.org/"
+SRC_URI="ftp://ftp.easysw.com/pub/cups/${PV}/${P}-source.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~s390 ~ppc64"
+IUSE="ssl slp pam"
+
+DEP="virtual/libc
+	pam? ( >=sys-libs/pam-0.75 )
+	ssl? ( >=dev-libs/openssl-0.9.6b )
+	slp? ( >=net-libs/openslp-1.0.4 )
+	>=media-libs/libpng-1.2.1
+	>=media-libs/tiff-3.5.5
+	>=media-libs/jpeg-6b"
+DEPEND="${DEP}
+	>=sys-devel/autoconf-2.58"
+RDEPEND="${DEP}
+	!virtual/lpr"
+PROVIDE="virtual/lpr"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/disable-strip.patch
+	epatch ${FILESDIR}/${P}-str633.patch
+	epatch ${FILESDIR}/${P}-zero-len-udp-dos.patch
+	epatch ${FILESDIR}/str920.patch
+	( cd pdftops; epatch ${FILESDIR}/${P}-xpdf-CESA-2004-007.patch.bz2 )
+	( cd pdftops; epatch ${FILESDIR}/xpdf-goo-sizet.patch )
+	( cd pdftops; epatch ${FILESDIR}/${P}-xpdf2-underflow.patch )
+	WANT_AUTOCONF=2.5 autoconf || die
+}
+
+src_compile() {
+	filter-flags -fomit-frame-pointer
+
+	local myconf
+	use amd64 && replace-flags -Os -O2
+	use pam || myconf="${myconf} --disable-pam"
+	use ssl || myconf="${myconf} --disable-ssl"
+	use slp || myconf="${myconf} --disable-slp"
+
+	./configure \
+		--with-cups-user=lp \
+		--with-cups-group=lp \
+		--host=${CHOST} ${myconf} || die "bad ./configure"
+
+	make || die "compile problem"
+}
+
+src_install() {
+	dodir /var/spool /var/log/cups /etc/cups
+
+	make \
+	LOCALEDIR=${D}/usr/share/locale \
+	DOCDIR=${D}/usr/share/cups/docs \
+	REQUESTS=${D}/var/spool/cups \
+	SERVERBIN=${D}/usr/$(get_libdir)/cups \
+	DATADIR=${D}/usr/share/cups \
+	INCLUDEDIR=${D}/usr/include \
+	AMANDIR=${D}/usr/share/man \
+	PMANDIR=${D}/usr/share/man \
+	MANDIR=${D}/usr/share/man \
+	SERVERROOT=${D}/etc/cups \
+	LOGDIR=${D}/var/log/cups \
+	SBINDIR=${D}/usr/sbin \
+	PAMDIR=${D}/etc/pam.d \
+	EXEC_PREFIX=${D}/usr \
+	LIBDIR=${D}/usr/$(get_libdir) \
+	BINDIR=${D}/usr/bin \
+	bindir=${D}/usr/bin \
+	INITDIR=${D}/etc \
+	PREFIX=${D} \
+	install || die "install problem"
+
+	dodoc {CHANGES,CREDITS,ENCRYPTION,LICENSE,README}.txt
+	dosym /usr/share/cups/docs /usr/share/doc/${PF}/html
+
+	#seems nobody installs it like this anymore.. security risk?
+	#fowners lp.root /usr/bin/lppasswd
+	#fperms 4755 /usr/bin/lppasswd
+
+	# cleanups
+	rm -rf ${D}/etc/init.d
+	rm -rf ${D}/etc/pam.d
+	rm -rf ${D}/etc/rc*
+	rm -rf ${D}/usr/share/man/cat*
+	rm -rf ${D}/etc/cups/{certs,interfaces,ppd}
+	rm -rf ${D}/var
+
+	sed -i -e "s:^#\(DocumentRoot\).*:\1 /usr/share/cups/docs:" \
+		-e "s:^#\(SystemGroup\).*:\1 lp:" \
+		-e "s:^#\(User\).*:\1 lp:" \
+		-e "s:^#\(Group\).*:\1 lp:" \
+		${D}/etc/cups/cupsd.conf
+
+	insinto /etc/pam.d ; newins ${FILESDIR}/cups.pam cups
+	exeinto /etc/init.d ; newexe ${FILESDIR}/cupsd.rc6 cupsd
+	insinto /etc/xinetd.d ; newins ${FILESDIR}/cups.xinetd cups-lpd
+
+	#insinto /etc/cups; newins ${FILESDIR}/cupsd.conf-1.1.18 cupsd.conf
+}
+
+pkg_postinst() {
+	install -d -m0755 ${ROOT}/var/log/cups
+	install -d -m0755 ${ROOT}/var/spool
+	install -m0700 -o lp -d ${ROOT}/var/spool/cups
+	install -m1700 -o lp -d ${ROOT}/var/spool/cups/tmp
+	install -m0711 -o lp -d ${ROOT}/etc/cups/certs
+	install -d -m0755 ${ROOT}/etc/cups/{interfaces,ppd}
+
+	einfo "If you're using a USB printer, \"emerge hotplug; rc-update add"
+	einfo "hotplug default\" is something you should probably do. This"
+	einfo "will allow any USB kernel modules (if present) to be loaded"
+	einfo "automatically at boot."
+}
diff --git a/net-print/cups/cups-1.1.21-r2.ebuild b/net-print/cups/cups-1.1.22.ebuild
index 0f936acbe4dd..c93e4ac6713c 100644
--- a/net-print/cups/cups-1.1.21-r2.ebuild
+++ b/net-print/cups/cups-1.1.22.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.1.21-r2.ebuild,v 1.1 2004/10/21 14:02:38 lanius Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.1.22.ebuild,v 1.1 2004/11/01 14:37:18 lanius Exp $
 
 inherit eutils flag-o-matic
 
@@ -35,8 +35,8 @@ src_unpack() {
 	unpack ${A}
 	cd ${S}
 	epatch ${FILESDIR}/disable-strip.patch
-	epatch ${FILESDIR}/str920.patch
-	( cd pdftops; epatch ${FILESDIR}/${P}-xpdf-CESA-2004-007.patch.bz2 )
+	( cd pdftops; epatch ${FILESDIR}/xpdf-goo-sizet.patch )
+	( cd pdftops; epatch ${FILESDIR}/${P}-xpdf2-underflow.patch )
 	WANT_AUTOCONF=2.5 autoconf || die
 }
 
diff --git a/net-print/cups/files/cups-1.1.20-xpdf2-underflow.patch b/net-print/cups/files/cups-1.1.20-xpdf2-underflow.patch
new file mode 100644
index 000000000000..ba6b9d498d7f
--- /dev/null
+++ b/net-print/cups/files/cups-1.1.20-xpdf2-underflow.patch
@@ -0,0 +1,81 @@
+diff -ru XRef.cxx XRef.cxx
+--- XRef.cxx	2004-10-29 15:16:45.790089001 +0200
++++ XRef.cxx	2004-10-29 15:11:54.132168025 +0200
+@@ -66,6 +66,8 @@
+   start = str->getStart();
+   pos = readTrailer();
+ 
++  entries = NULL;
++
+   // if there was a problem with the trailer,
+   // try to reconstruct the xref table
+   if (pos == 0) {
+@@ -76,7 +78,7 @@
+ 
+   // trailer is ok - read the xref table
+   } else {
+-    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++    if ((size < 0) || (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size)) {
+       error(-1, "Invalid 'size' inside xref table.");
+       ok = gFalse;
+       errCode = errDamaged;
+@@ -181,7 +183,7 @@
+     n = atoi(p);
+     while ('0' <= *p && *p <= '9') ++p;
+     while (isspace(*p)) ++p;
+-    if (p == buf)
++    if ((p == buf) || (n < 0)) /* must make progress */
+       return 0;
+     pos1 += (p - buf) + n * 20;
+   }
+@@ -255,6 +257,10 @@
+     }
+     s[i] = '\0';
+     first = atoi(s);
++    if (first < 0) {
++        error(-1, "Invalid 'first'");
++        goto err2;
++    }
+     while ((c = str->lookChar()) != EOF && isspace(c)) {
+       str->getChar();
+     }
+@@ -266,6 +272,10 @@
+     }
+     s[i] = '\0';
+     n = atoi(s);
++    if (n<=0) {
++        error(-1, "Invalid 'n'");
++        goto err2;
++    }
+     while ((c = str->lookChar()) != EOF && isspace(c)) {
+       str->getChar();
+     }
+@@ -273,7 +283,7 @@
+     // table size
+     if (first + n > size) {
+       newSize = size + 256;
+-      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++      if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+         error(-1, "Invalid 'newSize'");
+         goto err2;
+       }
+@@ -406,6 +416,10 @@
+     // look for object
+     } else if (isdigit(*p)) {
+       num = atoi(p);
++      if (num < 0) {
++	error(-1, "Invalid 'num' parameters.");
++	return gFalse;
++      }
+       do {
+ 	++p;
+       } while (*p && isdigit(*p));
+@@ -425,7 +439,7 @@
+ 	    if (!strncmp(p, "obj", 3)) {
+ 	      if (num >= size) {
+ 		newSize = (num + 1 + 255) & ~255;
+-	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++	        if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+ 	          error(-1, "Invalid 'obj' parameters.");
+ 	          return gFalse;
+ 	        }
diff --git a/net-print/cups/files/cups-1.1.22-xpdf2-underflow.patch b/net-print/cups/files/cups-1.1.22-xpdf2-underflow.patch
new file mode 100644
index 000000000000..6fffd57809f4
--- /dev/null
+++ b/net-print/cups/files/cups-1.1.22-xpdf2-underflow.patch
@@ -0,0 +1,81 @@
+diff -ru XRef.cxx XRef.cxx
+--- XRef.cxx	2004-10-29 15:16:45.790089001 +0200
++++ XRef.cxx	2004-10-29 15:11:54.132168025 +0200
+@@ -66,6 +66,8 @@
+   start = str->getStart();
+   pos = readTrailer();
+ 
++  entries = NULL;
++
+   // if there was a problem with the trailer,
+   // try to reconstruct the xref table
+   if (pos == 0) {
+@@ -76,7 +78,7 @@
+ 
+   // trailer is ok - read the xref table
+   } else {
+-    if (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size) {
++    if ((size < 0) || (size*sizeof(XRefEntry)/sizeof(XRefEntry) != size)) {
+       error(-1, "Invalid 'size' inside xref table.");
+       ok = gFalse;
+       errCode = errDamaged;
+@@ -181,7 +183,7 @@
+     n = atoi(p);
+     while ('0' <= *p && *p <= '9') ++p;
+     while (isspace(*p)) ++p;
+-    if (p == buf) {
++    if ((p == buf) || (n < 0)) /* must make progress */ {
+       goto err1;
+     }
+     pos1 += (p - buf) + n * 20;
+@@ -255,6 +257,10 @@
+     }
+     s[i] = '\0';
+     first = atoi(s);
++    if (first < 0) {
++        error(-1, "Invalid 'first'");
++        goto err2;
++    }
+     while ((c = str->lookChar()) != EOF && isspace(c)) {
+       str->getChar();
+     }
+@@ -266,6 +272,10 @@
+     }
+     s[i] = '\0';
+     n = atoi(s);
++    if (n<=0) {
++        error(-1, "Invalid 'n'");
++        goto err2;
++    }
+     while ((c = str->lookChar()) != EOF && isspace(c)) {
+       str->getChar();
+     }
+@@ -273,7 +283,7 @@
+     // table size
+     if (first + n > size) {
+       newSize = first + n;
+-      if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++      if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+         error(-1, "Invalid 'newSize'");
+         goto err2;
+       }
+@@ -406,6 +416,10 @@
+     // look for object
+     } else if (isdigit(*p)) {
+       num = atoi(p);
++      if (num < 0) {
++	error(-1, "Invalid 'num' parameters.");
++	return gFalse;
++      }
+       do {
+ 	++p;
+       } while (*p && isdigit(*p));
+@@ -425,7 +439,7 @@
+ 	    if (!strncmp(p, "obj", 3)) {
+ 	      if (num >= size) {
+ 		newSize = (num + 1 + 255) & ~255;
+-	        if (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize) {
++	        if ((newSize < 0) || (newSize*sizeof(XRefEntry)/sizeof(XRefEntry) != newSize)) {
+ 	          error(-1, "Invalid 'obj' parameters.");
+ 	          return gFalse;
+ 	        }
diff --git a/net-print/cups/files/digest-cups-1.1.20-r5 b/net-print/cups/files/digest-cups-1.1.20-r5
new file mode 100644
index 000000000000..002ebb34be36
--- /dev/null
+++ b/net-print/cups/files/digest-cups-1.1.20-r5
@@ -0,0 +1 @@
+MD5 09d0be2bad1b0617bc0eba6eef81f6e9 cups-1.1.20-source.tar.bz2 3741510
diff --git a/net-print/cups/files/digest-cups-1.1.21-r2 b/net-print/cups/files/digest-cups-1.1.21-r2
deleted file mode 100644
index 71015b6895ef..000000000000
--- a/net-print/cups/files/digest-cups-1.1.21-r2
+++ /dev/null
@@ -1 +0,0 @@
-MD5 54e9b0d9c0bdb45b956f88c14793ef65 cups-1.1.21-source.tar.bz2 8549181
diff --git a/net-print/cups/files/digest-cups-1.1.22 b/net-print/cups/files/digest-cups-1.1.22
new file mode 100644
index 000000000000..dae8de805e2e
--- /dev/null
+++ b/net-print/cups/files/digest-cups-1.1.22
@@ -0,0 +1 @@
+MD5 fe0a1b0fedccfe8b2e35e0cea1e5f0a9 cups-1.1.22-source.tar.bz2 8527045
diff --git a/net-print/cups/files/xpdf-goo-sizet.patch b/net-print/cups/files/xpdf-goo-sizet.patch
new file mode 100644
index 000000000000..5d90c5120bd4
--- /dev/null
+++ b/net-print/cups/files/xpdf-goo-sizet.patch
@@ -0,0 +1,57 @@
+diff -ru xpdf-2.02pl1/goo/gmem.c xpdf-2.02pl1/goo/gmem.c
+--- xpdf-2.02pl1/goo/gmem.c	2003-06-16 22:01:26.000000000 +0200
++++ xpdf-2.02pl1/goo/gmem.c	2004-10-29 15:13:34.866919791 +0200
+@@ -53,9 +53,9 @@
+ 
+ #endif /* DEBUG_MEM */
+ 
+-void *gmalloc(int size) {
++void *gmalloc(size_t size) {
+ #ifdef DEBUG_MEM
+-  int size1;
++  size_t size1;
+   char *mem;
+   GMemHdr *hdr;
+   void *data;
+@@ -94,11 +94,11 @@
+ #endif
+ }
+ 
+-void *grealloc(void *p, int size) {
++void *grealloc(void *p, size_t size) {
+ #ifdef DEBUG_MEM
+   GMemHdr *hdr;
+   void *q;
+-  int oldSize;
++  size_t oldSize;
+ 
+   if (size == 0) {
+     if (p)
+@@ -137,7 +137,7 @@
+ 
+ void gfree(void *p) {
+ #ifdef DEBUG_MEM
+-  int size;
++  size_t size;
+   GMemHdr *hdr;
+   GMemHdr *prevHdr, *q;
+   int lst;
+diff -ru xpdf-2.02pl1/goo/gmem.h xpdf-2.02pl1/goo/gmem.h
+--- xpdf-2.02pl1/goo/gmem.h	2003-06-16 22:01:26.000000000 +0200
++++ xpdf-2.02pl1/goo/gmem.h	2004-10-29 15:13:50.864027201 +0200
+@@ -19,13 +19,13 @@
+  * Same as malloc, but prints error message and exits if malloc()
+  * returns NULL.
+  */
+-extern void *gmalloc(int size);
++extern void *gmalloc(size_t size);
+ 
+ /*
+  * Same as realloc, but prints error message and exits if realloc()
+  * returns NULL.  If <p> is NULL, calls malloc instead of realloc().
+  */
+-extern void *grealloc(void *p, int size);
++extern void *grealloc(void *p, size_t size);
+ 
+ /*
+  * Same as free, but checks for and ignores NULL pointers.