~ubuntu-branches/ubuntu/jaunty/cups/jaunty-proposed

Viewing changes to debian/patches/hpgl-regression.dpatch

Committer: Bazaar Package Importer
Author(s): Martin Pitt
Date: 2008-12-01 17:33:18 UTC
mfrom: (7.1.1 sid)
Revision ID: james.westby@ubuntu.com-20081201173318-9tpgqzvxaosjnvsv

Tags: 1.3.8-1lenny4

http://bugs.debian.org/507183

* High urgency due to security bug fix.
* Add png-image-int-overflow.dpatch: Fix integer overflow in the PNG image
reader (Closes: #507183, STR #2974, CVE-2008-5286)

files added:
debian/patches/png-image-int-overflow.dpatch

debian/patches/runloop-backchannel-eof-spin.dpatch

files modified:
debian/changelog

debian/cups-bsd.postinst

debian/patches/00list

debian/patches/hpgl-regression.dpatch

debian/rules

Show diffs side-by-side

added added

removed removed

debian/patches/hpgl-regression.dpatch

#! /bin/sh /usr/share/dpatch/dpatch-run

## hpgl-regression.dpatch by Martin Pitt <mpitt@debian.org>

## DP: Revert the SP_select_pen() enumeration change introduced in STR #2911,

## DP: because it changes the color mapping (e. g. "SP1" would now select a

## DP: white pen instead of a black one, and "SP0" would not be valid at all

## DP: any more). Also fix a remaining off-by-one loop. (STR #2966)

## DP: Fix HPGL pen selection regression introduced in STR #2911.

## DP: Also fix a remaining off-by-one loop. (STR #2966)

@DPATCH@

diff -urNad trunk~/filter/hpgl-attr.c trunk/filter/hpgl-attr.c

--- trunk~/filter/hpgl-attr.c 2008-10-09 22:12:03.000000000 +0200

+++ trunk/filter/hpgl-attr.c 2008-10-10 10:55:46.000000000 +0200

+++ trunk/filter/hpgl-attr.c 2008-11-13 11:26:46.000000000 +0100

@@ -3,7 +3,7 @@

* HP-GL/2 attribute processing for the Common UNIX Printing System (CUPS).

* These coded instructions, statements, and computer programs are the

@@ -214,7 +214,7 @@

"DEBUG: HP-GL/2 \'NP\' command with invalid number of "

"parameters (%d)!\n", num_params);

Pens[i].width = PenWidth;

PC_pen_color(0, NULL);

@@ -433,7 +433,7 @@

fprintf(stderr, "DEBUG: HP-GL/2 \'SP\' command with invalid pen (%d)!\n",

(int)params[0].value.number);

else

- PenNumber = (int)params[0].value.number - 1;

+ PenNumber = (int)params[0].value.number;

if (PageDirty)

printf("%.3f %.3f %.3f %.2f SP\n", Pens[PenNumber].rgb[0],

@@ -232,14 +232,14 @@

int i; /* Looping var */

static float standard_colors[8][3] = /* Standard colors for first 8 pens */

{

- { 1.0, 1.0, 1.0 }, /* White */

{ 0.0, 0.0, 0.0 }, /* Black */

{ 1.0, 0.0, 0.0 }, /* Red */

{ 0.0, 1.0, 0.0 }, /* Green */

{ 1.0, 1.0, 0.0 }, /* Yellow */

{ 0.0, 0.0, 1.0 }, /* Blue */

{ 1.0, 0.0, 1.0 }, /* Magenta */

- { 0.0, 1.0, 1.0 } /* Cyan */

+ { 0.0, 1.0, 1.0 }, /* Cyan */

+ { 1.0, 1.0, 1.0 } /* White */

};

diff -urNad trunk~/filter/hpgl-vector.c trunk/filter/hpgl-vector.c

--- trunk~/filter/hpgl-vector.c 2008-07-12 00:48:49.000000000 +0200

+++ trunk/filter/hpgl-vector.c 2008-11-13 11:26:03.000000000 +0100

@@ -3,7 +3,7 @@

* HP-GL/2 vector routines for the Common UNIX Printing System (CUPS).

* These coded instructions, statements, and computer programs are the

@@ -393,13 +393,20 @@

break;

case ':' : /* Select pen */

s ++;

- PenNumber = (int)decode_number(&s, base_bits, 1.0);

+ temp = (int)decode_number(&s, base_bits, 1.0) - 1;

+ if (temp < 0 || temp >= PenCount)

+ {

+ fprintf(stderr, "DEBUG: Bad pen number %d in PE\n", temp + 1);

+ return;

+ }

+ PenNumber = temp;

#ifdef DEBUG

- fprintf(stderr, "DEBUG: set pen #%d\n", PenNumber);

+ fprintf(stderr, "DEBUG: set pen #%d\n", PenNumber + 1);

#endif /* DEBUG */

- Outputf("%% PE: set pen #%d\n", PenNumber);

+ Outputf("%% PE: set pen #%d\n", PenNumber + 1);

if (PageDirty)

printf("%.3f %.3f %.3f %.2f SP\n", Pens[PenNumber].rgb[0],

Older »