From 6a9458065f29c26e435fdc6ff7ccc879cf8d0d23 Mon Sep 17 00:00:00 2001
From: Dmitry Mikhirev <mikhirev@mezon.ru>
Date: Tue, 10 Apr 2012 14:33:40 +0400
Subject: [PATCH] sync with mdv 2011 updates

---
 cups-1.4.8-CVE-2011-3170.diff | 38 +++++++++++++++++++++++++++++++++++
 cups.spec                     |  4 +++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 cups-1.4.8-CVE-2011-3170.diff

diff --git a/cups-1.4.8-CVE-2011-3170.diff b/cups-1.4.8-CVE-2011-3170.diff
new file mode 100644
index 0000000..1c2908e
--- /dev/null
+++ b/cups-1.4.8-CVE-2011-3170.diff
@@ -0,0 +1,38 @@
+
+http://www.cups.org/str.php?L3914
+
+svn diff -c 9865 http://svn.easysw.com/public/cups/
+https://bugzilla.redhat.com/show_bug.cgi?id=727800#c8
+
+--- filter/image-gif.c	2011-06-20 20:37:51.000000000 +0000
++++ filter/image-gif.c.oden	2011-10-10 08:50:17.000000000 +0000
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp,			/* I - File to
+ 
+     if (code == max_code)
+     {
+-      *sp++ = firstcode;
+-      code  = oldcode;
++      if (sp < (stack + 8192))
++	*sp++ = firstcode;
++
++      code = oldcode;
+     }
+ 
+-    while (code >= clear_code)
++    while (code >= clear_code && sp < (stack + 8192))
+     {
+       *sp++ = table[1][code];
+       if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp,			/* I - File to
+       code = table[0][code];
+     }
+ 
+-    *sp++ = firstcode = table[1][code];
+-    code  = max_code;
++    if (sp < (stack + 8192))
++      *sp++ = firstcode = table[1][code];
++
++    code = max_code;
+ 
+     if (code < 4096)
+     {
diff --git a/cups.spec b/cups.spec
index 29a18a2..7869e87 100644
--- a/cups.spec
+++ b/cups.spec
@@ -13,7 +13,7 @@
 %define cupsversion 1.4.8
 %define cupsminorversion %nil
 %define cupsextraversion %nil
-%define release %mkrel 6
+%define release %mkrel 7
 %endif
 %define cupstarballname %{cupsbasename}-%{cupsversion}%{cupsextraversion}
 
@@ -133,6 +133,7 @@ Patch1020: cups-res_init.patch
 Patch1023: cups-cups-get-classes.patch
 # build against avahi (RH bug #245824).
 Patch1024: cups-avahi.patch
+Patch1025: cups-1.4.8-CVE-2011-3170.diff
 
 ##### ADDITIONAL DEFINITIONS #####
 
@@ -331,6 +332,7 @@ rm -rf $RPM_BUILD_DIR/%{cupsbasename}-%{version}
 %patch1020 -p1 -b .res_init
 %patch1023 -p1 -b .cups-get-classes
 %patch1024 -p1 -b .avahi
+%patch1025 -p0 -0 .CVE-2011-3170
 
 %if 0
 # Fix libdir for 64-bit architectures