- security fix for a DoS vulnerability (CAN-2005-2097)

- release 4

Changed files:
    cups-CAN-2005-2097.patch -> 1.1
    cups.spec -> 1.124

diff --git a/cups-CAN-2005-2097.patch b/cups-CAN-2005-2097.patch
new file mode 100644 (file)
index 0000000..c3e6221
--- /dev/null
+++ b/cups-CAN-2005-2097.patch
@@ -0,0 +1,21 @@
+diff -burN cups-1.1.23.orig/pdftops/FontFile.cxx cups-1.1.23/pdftops/FontFile.cxx
+--- cups-1.1.23.orig/pdftops/FontFile.cxx      2005-09-02 19:02:24.273122328 +0200
++++ cups-1.1.23/pdftops/FontFile.cxx   2005-09-02 19:02:39.174856920 +0200
+@@ -18,6 +18,7 @@
+ #include <stdarg.h>
+ #include <string.h>
+ #include <ctype.h>
++#include <error.h>
+ #include "gmem.h"
+ #include "GHash.h"
+ #include "Error.h"
+@@ -3572,6 +3573,9 @@
+     } else {
+       origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
+     }
++
++    if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
++      error (1, 0, "bad loca table pos value");
+   }
+   qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
+   for (i = 0; i < nGlyphs; ++i) {

diff --git a/cups.spec b/cups.spec
index 200199665882075d510cae5f3960017a4e851d94..51973ac8c7ca1ae3dec4eac5287a84bf83b4c47d 100644 (file)
--- a/cups.spec
+++ b/cups.spec
@@ -13,7 +13,7 @@ Summary(pl):  Popularny system druku dla Uniksa
 Summary(pt_BR):        Sistema Unix de Impressão
 Name:          cups
 Version:       1.1.23
-Release:       3
+Release:       4
 Epoch:         1
 License:       GPL/LGPL
 Group:         Applications/Printing
@@ -34,6 +34,7 @@ Patch7:               %{name}-rpath.patch
 Patch8:                %{name}-gcc34.patch
 Patch9:                %{name}-tmpdir.patch
 Patch10:       %{name}-gcc4.patch
+Patch11:       %{name}-CAN-2005-2097.patch
 URL:           http://www.cups.org/
 BuildRequires: autoconf
 BuildRequires: automake
@@ -240,6 +241,7 @@ pod
 # wtf?
 #%patch9 -p1
 %patch10 -p1
+%patch11 -p1
 
 %build
 %{__aclocal}