From e99c8d5b9a0ffe751e4d15c4de560be76c157741 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@fedoraproject.org>
Date: Mon, 11 Dec 2006 03:09:48 +0000
Subject: [PATCH] - Fix an overflow in the PostScript backend (#217674,
 CVE-2006-5864)

---
 evince-0.6.0-overflow.patch | 22 ++++++++++++++++++++++
 evince.spec                 |  7 ++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 evince-0.6.0-overflow.patch

diff --git a/evince-0.6.0-overflow.patch b/evince-0.6.0-overflow.patch
new file mode 100644
index 0000000..0fd027c
--- /dev/null
+++ b/evince-0.6.0-overflow.patch
@@ -0,0 +1,22 @@
+--- evince-0.6.0/ps/ps.c.overflow	2006-12-10 21:59:29.000000000 -0500
++++ evince-0.6.0/ps/ps.c	2006-12-10 21:59:34.000000000 -0500
+@@ -1231,7 +1231,8 @@
+     int level = 0;
+     quoted = 1;
+     line++;
+-    while(*line && !(*line == ')' && level == 0)) {
++    while(*line && !(*line == ')' && level == 0)
++	  && (cp - text) < PSLINELENGTH - 1) {
+       if(*line == '\\') {
+         if(*(line + 1) == 'n') {
+           *cp++ = '\n';
+@@ -1302,7 +1303,8 @@
+     }
+   }
+   else {
+-    while(*line && !(*line == ' ' || *line == '\t' || *line == '\n'))
++    while(*line && !(*line == ' ' || *line == '\t' || *line == '\n')
++	  && (cp - text) < PSLINELENGTH - 1)
+       *cp++ = *line++;
+   }
+   *cp = '\0';
diff --git a/evince.spec b/evince.spec
index 51d227b..0b2a31b 100644
--- a/evince.spec
+++ b/evince.spec
@@ -4,7 +4,7 @@
 
 Name:		evince
 Version:	0.6.1
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Document viewer
 
 License: 	GPL
@@ -12,6 +12,7 @@ Group:		Applications/Publishing
 URL:		http://www.gnome.org/projects/evince/
 Source0: 	http://ftp.gnome.org/pub/GNOME/sources/%{name}/%{version}/%{name}-%{version}.tar.bz2
 Patch0:		evince-0.6.0-print-error.patch
+Patch1:		evince-0.6.0-overflow.patch
 BuildRoot: 	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	gtk2-devel >= %{gtk2_version}
@@ -44,6 +45,7 @@ evince is a GNOME-based document viewer.
 %prep
 %setup -q
 %patch0 -p1 -b .print-error
+%patch1 -p1 -b .overflow
 
 %build
 %configure --disable-scrollkeeper
@@ -129,6 +131,9 @@ fi
 
 
 %changelog
+* Sun Dec 10 2006 Matthias Clasen <mclasen@redhat.com> - 0.6.1-2
+- Fix an overflow in the PostScript backend (#217674, CVE-2006-5864)
+
 * Fri Oct 20 2006 Matthias Clasen <mclasen@redhat.com> - 0.6.1-1
 - Update to 0.6.1