Merge branch 'f14' into f15

2011-08-19 11:36:19 +01:00 · 2011-08-19 11:36:19 +01:00 · 4b8b8d30d9
commit 4b8b8d30d9
parent dd41b5b161 cf15da723a
2 changed files with 40 additions and 1 deletions
--- a/cups-CVE-2011-2896.patch
+++ b/cups-CVE-2011-2896.patch
@ -0,0 +1,33 @@
+diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c
+--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896	2011-06-20 21:37:51.000000000 +0100
+++ cups-1.4.8/filter/image-gif.c	2011-08-19 11:33:37.547911212 +0100
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+ 
+     if (code == max_code)
+     {
+-      *sp++ = firstcode;
+-      code  = oldcode;
+      if (sp < (stack + 8192))
+	*sp++ = firstcode;
+
+      code = oldcode;
+     }
+ 
+-    while (code >= clear_code)
+    while (code >= clear_code && sp < (stack + 8192))
+     {
+       *sp++ = table[1][code];
+       if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+       code = table[0][code];
+     }
+ 
+-    *sp++ = firstcode = table[1][code];
+-    code  = max_code;
+    if (sp < (stack + 8192))
+      *sp++ = firstcode = table[1][code];
+
+    code = max_code;
+ 
+     if (code < 4096)
+     {
--- a/cups.spec
+++ b/cups.spec
@ -13,7 +13,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4.8
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -72,6 +72,7 @@ Patch32: cups-texttops-rotate-page.patch
 Patch33: cups-usb-parallel.patch
 Patch34: cups-str3535.patch
 Patch35: cups-polld-busy-loop.patch
+Patch36: cups-CVE-2011-2896.patch

 Patch40: cups-avahi-1-config.patch
 Patch41: cups-avahi-2-backend.patch
@ -291,6 +292,8 @@ module.
 %patch34 -p1 -b .str3535
 # Avoid busy loop in cups-polld (bug #720921).
 %patch35 -p1 -b .polld-busy-loop
+# Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
+%patch36 -p1 -b .CVE-2011-2896

 # Avahi support:
 # - discovery in the dnssd backend
@ -633,6 +636,9 @@ rm -rf $RPM_BUILD_ROOT
 %{php_extdir}/phpcups.so

 %changelog
+* Fri Aug 19 2011 Tim Waugh <twaugh@redhat.com> 1:1.4.8-2
+- Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
+
 * Tue Jul 26 2011 Jiri Popelka <jpopelka@redhat.com> 1:1.4.8-1
 - 1.4.8