OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=56

cups.spec

@@ -30,7 +30,7 @@ License:        GPL v2 or later
 Group:          Hardware/Printing
 Summary:        The Common UNIX Printing System
 Version:        1.3.9
-Release:        10
+Release:        11
 Requires:       cups-libs = %{version}, cups-client = %{version}
 Requires:       ghostscript_any, ghostscript-fonts-std, foomatic-filters
 Requires:       util-linux /usr/bin/pdftops
@@ -85,6 +85,9 @@ Patch23:        cups-1.3.9-cupstestppd.patch
 Patch24:        cups-1.3.9-max_subscription.patch
 Patch25:        cups-1.3.9-filter_png_overflow2.patch
 Patch26:        cups-1.3.9-hpgltops2.patch
+# Patch27 fixes an integer overflow in the "_cupsImageReadTIFF()" function,
+# (CVE-2009-0163 and CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895):
+Patch27:        cups-1.3.9-cupsImageReadTiff.patch
 Patch100:       cups-1.1.23-testpage.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -200,6 +203,9 @@ mv pdftops pdftos.use_filter_pdftops_c
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
+# Patch27 fixes an integer overflow in the "_cupsImageReadTIFF()" function,
+# (CVE-2009-0163 and CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895):
+%patch27
 if [ -f /.buildenv ]; then
 	. /.buildenv
 	test -z "$BUILD_DISTRIBUTION_NAME" && BUILD_DISTRIBUTION_NAME="%{?distribution}"
@@ -454,6 +460,10 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no
 %{_datadir}/locale/*/cups_*
 
 %changelog
+* Thu Mar 26 2009 jsmeix@suse.de
+- cups-1.3.9-cupsImageReadTiff.patch fixes an integer overflow
+  in the "_cupsImageReadTIFF()" function CVE-2009-0163
+  (CUPS STR #3031 and Novell/Suse Bugzilla bnc#485895).
 * Wed Jan 21 2009 kssingvo@suse.de
 - added directory %%{libdir}/cups/driver to %%files of cups (bnc#465794)
 * Wed Jan 14 2009 olh@suse.de