From a82e34fd34c73d5009d8160dd68eda1f96f75c90 Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@fedoraproject.org>
Date: Thu, 30 Jul 2009 13:49:52 +0000
Subject: [PATCH] - Fixed CVE-2009-0583,0584 patch by using 255 as the maximum
 number of     points, not 100, and by not treating a missing black point tag
 as an     error (bug #487744).

---
 ghostscript-CVE-2009-0583,0584.patch | 12 ++++++++++--
 ghostscript.spec                     |  7 ++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/ghostscript-CVE-2009-0583,0584.patch b/ghostscript-CVE-2009-0583,0584.patch
index cb733ed..4471433 100644
--- a/ghostscript-CVE-2009-0583,0584.patch
+++ b/ghostscript-CVE-2009-0583,0584.patch
@@ -1,6 +1,6 @@
 diff -up ghostscript-8.64/icclib/icc.c.CVE-2009-0583,0584 ghostscript-8.64/icclib/icc.c
 --- ghostscript-8.64/icclib/icc.c.CVE-2009-0583,0584	2008-05-09 05:12:01.000000000 +0100
-+++ ghostscript-8.64/icclib/icc.c	2009-03-06 15:24:33.000000000 +0000
++++ ghostscript-8.64/icclib/icc.c	2009-07-30 13:29:08.853734640 +0100
 @@ -152,6 +152,8 @@
   *      Various bug fixes and enhancements.
   */
@@ -373,7 +373,7 @@ diff -up ghostscript-8.64/icclib/icc.c.CVE-2009-0583,0584 ghostscript-8.64/iccli
  		return icp->errc = 1;
  	}
  
-+	if (p->clutPoints > 100) {
++	if (p->clutPoints > 255) {
 +		sprintf(icp->err,"icmLut_read: too many clutPoints");
 +		return icp->errc = 1;
 +	}
@@ -987,3 +987,11 @@ diff -up ghostscript-8.64/icclib/icc.c.CVE-2009-0583,0584 ghostscript-8.64/iccli
  	if (p->data == NULL)
  		tp = p->al->malloc(p->al, (p->count+1) * sizeof(icmTag));
  	else
+@@ -12246,6 +12545,7 @@ static icmLuBase* icc_get_luobj (
+ 		if ((blackPointTag = (icmXYZArray *)p->read_tag(p, icSigMediaBlackPointTag)) == NULL
+          || blackPointTag->ttype != icSigXYZType || blackPointTag->size < 1) {
+ 			blackPoint = icmBlack;						/* default */
++			p->errc = 0;	/* reset the error code. black point is NOT required */
+ 		} else 
+ 			blackPoint = blackPointTag->data[0];	/* Copy structure */
+ 	}
diff --git a/ghostscript.spec b/ghostscript.spec
index be92d81..a49c10f 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -5,7 +5,7 @@ Summary: A PostScript interpreter and renderer.
 Name: ghostscript
 Version: %{gs_ver}
 
-Release: 10%{?dist}
+Release: 11%{?dist}
 
 # Included CMap data is Redistributable, no modification permitted,
 # see http://bugzilla.redhat.com/487510
@@ -312,6 +312,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libgs.so
 
 %changelog
+* Thu Jul 30 2009 Tim Waugh <twaugh@redhat.com> 8.64-11
+- Fixed CVE-2009-0583,0584 patch by using 255 as the maximum number of
+  points, not 100, and by not treating a missing black point tag as an
+  error (bug #487744).
+
 * Thu Jul 30 2009 Rex Dieter <rdieter@fedoraproject.org> - 8.64-10
 - License: GPLv2 and Redistributable, no modification permitted (bug #487510)