From 9792d1a51281f6257b91bd9286af06d6f6fa5fae Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@fedoraproject.org>
Date: Dec 05 2006 19:32:04 +0000
Subject: Apply patch from Mandriva to fix CVE-2006-5864/bug 215136


---

diff --git a/gv-3.6.2-CVE-2006-5864.patch b/gv-3.6.2-CVE-2006-5864.patch
new file mode 100644
index 0000000..a72e0f0
--- /dev/null
+++ b/gv-3.6.2-CVE-2006-5864.patch
@@ -0,0 +1,25 @@
+--- gv-3.6.1/src/ps.c.cve-2006-5864	2004-12-07 16:55:59.000000000 -0700
++++ gv-3.6.1/src/ps.c	2006-11-16 05:53:28.000000000 -0700
+@@ -1433,6 +1433,8 @@ gettext(line, next_char)
+ 	quoted=1;
+ 	line++;
+ 	while (*line && !(*line == ')' && level == 0 )) {
++	    if (cp - text >= PSLINELENGTH - 1)
++		break;
+ 	    if (*line == '\\') {
+ 		if (*(line+1) == 'n') {
+ 		    *cp++ = '\n';
+@@ -1487,9 +1489,12 @@ gettext(line, next_char)
+ 	    }
+ 	}
+     } else {
+-	while (*line && !(*line == ' ' || *line == '\t' || *line == '\n'))
++	while (*line && !(*line == ' ' || *line == '\t' || *line == '\n')) {
++	    if (cp - text >= PSLINELENGTH - 2)
++		break;
+ 	    *cp++ = *line++;
++	}
+     }
+     *cp = '\0';
+     if (next_char) *next_char = line;
+     if (!quoted && strlen(text) == 0) {ENDMESSAGE(gettext) return NULL;}
diff --git a/gv.spec b/gv.spec
index a23f307..b3335b4 100644
--- a/gv.spec
+++ b/gv.spec
@@ -1,7 +1,7 @@
 Summary: A X front-end for the Ghostscript PostScript(TM) interpreter
 Name: gv
 Version: 3.6.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPL
 Group: Applications/Publishing
 Requires: ghostscript
@@ -9,6 +9,7 @@ URL: http://www.gnu.org/software/gv/
 Source0: ftp://ftp.gnu.org/gnu/gv/gv-%{version}.tar.gz
 Patch0: gv-3.5.8-buffer.patch
 Patch1: gv-3.6.1-pkglibdir.patch
+Patch2: gv-3.6.2-CVE-2006-5864.patch
 BuildRequires: /usr/bin/makeinfo
 BuildRequires: Xaw3d-devel, /usr/bin/desktop-file-install
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -28,6 +29,7 @@ Gv can display PostScript and PDF documents on an X Window System.
 %setup -q
 %patch0 -p1 -b .buffer
 %patch1 -p1 -b .pkglibdir
+%patch2 -p1 -b .CVE-2006-5864
 
 
 %build
@@ -101,6 +103,9 @@ fi
 %{_mandir}/man1/gv.*
 
 %changelog
+* Tue Dec  5 2006 Orion Poplawski <orion@cora.nwra.com> 3.6.2-2
+- Apply patch from Mandriva to fix CVE-2006-5864/bug 215136
+
 * Wed Oct 11 2006 Orion Poplawski <orion@cora.nwra.com> 3.6.2-1
 - Update to 3.6.2