From 4b8b8d30d91253d904c0eb1b21769be586a05eea Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@redhat.com>
Date: Aug 19 2011 10:36:19 +0000
Subject: Merge branch 'f14' into f15


---

diff --git a/cups-CVE-2011-2896.patch b/cups-CVE-2011-2896.patch
new file mode 100644
index 0000000..a949b9d
--- /dev/null
+++ b/cups-CVE-2011-2896.patch
@@ -0,0 +1,33 @@
+diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c
+--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896	2011-06-20 21:37:51.000000000 +0100
++++ cups-1.4.8/filter/image-gif.c	2011-08-19 11:33:37.547911212 +0100
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+ 
+     if (code == max_code)
+     {
+-      *sp++ = firstcode;
+-      code  = oldcode;
++      if (sp < (stack + 8192))
++	*sp++ = firstcode;
++
++      code = oldcode;
+     }
+ 
+-    while (code >= clear_code)
++    while (code >= clear_code && sp < (stack + 8192))
+     {
+       *sp++ = table[1][code];
+       if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+       code = table[0][code];
+     }
+ 
+-    *sp++ = firstcode = table[1][code];
+-    code  = max_code;
++    if (sp < (stack + 8192))
++      *sp++ = firstcode = table[1][code];
++
++    code = max_code;
+ 
+     if (code < 4096)
+     {
diff --git a/cups.spec b/cups.spec
index a3579fc..a400a2d 100644
--- a/cups.spec
+++ b/cups.spec
@@ -13,7 +13,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4.8
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -72,6 +72,7 @@ Patch32: cups-texttops-rotate-page.patch
 Patch33: cups-usb-parallel.patch
 Patch34: cups-str3535.patch
 Patch35: cups-polld-busy-loop.patch
+Patch36: cups-CVE-2011-2896.patch
 
 Patch40: cups-avahi-1-config.patch
 Patch41: cups-avahi-2-backend.patch
@@ -291,6 +292,8 @@ module.
 %patch34 -p1 -b .str3535
 # Avoid busy loop in cups-polld (bug #720921).
 %patch35 -p1 -b .polld-busy-loop
+# Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
+%patch36 -p1 -b .CVE-2011-2896
 
 # Avahi support:
 # - discovery in the dnssd backend
@@ -633,6 +636,9 @@ rm -rf $RPM_BUILD_ROOT
 %{php_extdir}/phpcups.so
 
 %changelog
+* Fri Aug 19 2011 Tim Waugh <twaugh@redhat.com> 1:1.4.8-2
+- Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
+
 * Tue Jul 26 2011 Jiri Popelka <jpopelka@redhat.com> 1:1.4.8-1
 - 1.4.8