From e5e9e3ba43bd3caa1a68e8368be9f5dca1aedddc Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@redhat.com>
Date: Wed, 28 Sep 2011 10:38:42 +0100
Subject: [PATCH] Fixed string manipulation in the dbus notifier (bug #741833).

---
 cups-str3947.patch | 26 ++++++++++++++++++++++++++
 cups.spec          |  8 +++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 cups-str3947.patch

diff --git a/cups-str3947.patch b/cups-str3947.patch
new file mode 100644
index 0000000..4a6b261
--- /dev/null
+++ b/cups-str3947.patch
@@ -0,0 +1,26 @@
+diff -up cups-1.4.8/notifier/dbus.c.str3947 cups-1.4.8/notifier/dbus.c
+--- cups-1.4.8/notifier/dbus.c.str3947	2011-03-04 19:28:38.000000000 +0000
++++ cups-1.4.8/notifier/dbus.c	2011-09-28 10:37:30.443753266 +0100
+@@ -4,7 +4,7 @@
+  *   D-Bus notifier for the Common UNIX Printing System (CUPS).
+  *
+  *   Copyright 2008 by Apple Inc.
+- *   Copyright (C) 2007 Red Hat, Inc.
++ *   Copyright (C) 2011 Red Hat, Inc.
+  *   Copyright (C) 2007 Tim Waugh <twaugh@redhat.com>
+  *   Copyright 1997-2005 by Easy Software Products.
+  *
+@@ -423,10 +423,11 @@ main(int  argc,				/* I - Number of comm
+ 	  p = printer_reasons;
+ 	  for (i = 0; i < attr->num_values; i++)
+ 	  {
+-	    strcpy(p, attr->values[i].string.text);
+-	    p += strlen(p);
+ 	    if (i)
+ 	      *p++ = ',';
++
++	    strcpy(p, attr->values[i].string.text);
++	    p += strlen(p);
+ 	  }
+ 	  dbus_message_iter_append_string(&iter, &printer_reasons);
+ 	}
diff --git a/cups.spec b/cups.spec
index b2d9dfd..ebb2599 100644
--- a/cups.spec
+++ b/cups.spec
@@ -8,7 +8,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4.8
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -67,6 +67,7 @@ Patch32: cups-ricoh-deviceid-oid.patch
 Patch33: cups-texttops-rotate-page.patch
 Patch34: cups-polld-busy-loop.patch
 Patch35: cups-CVE-2011-2896.patch
+Patch36: cups-str3947.patch
 
 Patch100: cups-lspp.patch
 
@@ -269,6 +270,8 @@ module.
 %patch34 -p1 -b .polld-busy-loop
 # Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
 %patch35 -p1 -b .CVE-2011-2896
+# Fixed string manipulation in the dbus notifier (STR #3947, bug #741833).
+%patch36 -p1 -b .str3947
 
 %if %lspp
 # LSPP support.
@@ -577,6 +580,9 @@ rm -rf $RPM_BUILD_ROOT
 %{php_extdir}/phpcups.so
 
 %changelog
+* Wed Sep 28 2011 Tim Waugh <twaugh@redhat.com> 1:1.4.8-5
+- Fixed string manipulation in the dbus notifier (STR #3947, bug #741833).
+
 * Wed Sep 14 2011 Tim Waugh <twaugh@redhat.com> 1:1.4.8-4
 - Prevent libcups crash in cups-get-classes patch (bug #736698).