Automatic import for version 1.4.8-2.1

2025-02-23 13:52:46 +00:00 · 2012-08-07 10:02:02 +00:00 · 2012-08-07 10:02:02 +00:00 · 2c0b90630d
commit 2c0b90630d
parent ca1c008087
2 changed files with 45 additions and 4 deletions
--- a/cups-1.4.8-CVE-2011-3170.diff
+++ b/cups-1.4.8-CVE-2011-3170.diff
@ -0,0 +1,38 @@
+
+http://www.cups.org/str.php?L3914
+
+svn diff -c 9865 http://svn.easysw.com/public/cups/
+https://bugzilla.redhat.com/show_bug.cgi?id=727800#c8
+
+--- filter/image-gif.c	2011-06-20 20:37:51.000000000 +0000
+++ filter/image-gif.c.oden	2011-10-10 08:50:17.000000000 +0000
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp,			/* I - File to
+ 
+     if (code == max_code)
+     {
+-      *sp++ = firstcode;
+-      code  = oldcode;
+      if (sp < (stack + 8192))
+	*sp++ = firstcode;
+
+      code = oldcode;
+     }
+ 
+-    while (code >= clear_code)
+    while (code >= clear_code && sp < (stack + 8192))
+     {
+       *sp++ = table[1][code];
+       if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp,			/* I - File to
+       code = table[0][code];
+     }
+ 
+-    *sp++ = firstcode = table[1][code];
+-    code  = max_code;
+    if (sp < (stack + 8192))
+      *sp++ = firstcode = table[1][code];
+
+    code = max_code;
+ 
+     if (code < 4096)
+     {
--- a/cups.spec
+++ b/cups.spec
@ -6,14 +6,14 @@
 %define cupsversion 1.4
 %define cupsminorversion .0
 %define cupsextraversion svn-r%{cupssvnrevision}
-%define release %mkrel 0.%{cupssvnrevision}.4
+%define release %mkrel 0.%{cupssvnrevision}.1
 %else
 %define cupsnameext %nil
 %define cupssvnrevision %nil
 %define cupsversion 1.4.8
 %define cupsminorversion %nil
 %define cupsextraversion %nil
-%define release %mkrel 5
+%define release %mkrel 2
 %endif
 %define cupstarballname %{cupsbasename}-%{cupsversion}%{cupsextraversion}

@ -40,6 +40,7 @@
 Summary:	Common Unix Printing System - Server package
 Name:		%{cupsbasename}%{cupsnameext}
 Version:	%{cupsversion}%{cupsminorversion}
+%define subrel 1
 Release:	%{release}
 License:	GPLv2 and LGPLv2
 Group:		System/Printing
@ -133,6 +134,7 @@ Patch1020: cups-res_init.patch
 Patch1023: cups-cups-get-classes.patch
 # build against avahi (RH bug #245824).
 Patch1024: cups-avahi.patch
+Patch1025: cups-1.4.8-CVE-2011-3170.diff

 ##### ADDITIONAL DEFINITIONS #####

@ -329,6 +331,7 @@ rm -rf $RPM_BUILD_DIR/%{cupsbasename}-%{version}
 %patch1020 -p1 -b .res_init
 %patch1023 -p1 -b .cups-get-classes
 %patch1024 -p1 -b .avahi
+%patch1025 -p0 -0 .CVE-2011-3170

 %if 0
 # Fix libdir for 64-bit architectures
@ -971,8 +974,8 @@ rm -rf %{buildroot}


 %changelog
-* Wed Feb 22 2012 abf
- The release updated by ABF
+* Mon Oct 10 2011 Oden Eriksson <oeriksson@mandriva.com> 1.4.8-2.1
+- P1025: security fix for CVE-2011-3170 (upstream L3914)

 * Wed Aug 24 2011 Oden Eriksson <oeriksson@mandriva.com> 1.4.8-2mdv2011.0
 + Revision: 696366