OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=26

2008-03-21 00:37:51 +00:00 · 2008-03-21 00:37:51 +00:00 · c00e9d8533
commit c00e9d8533
parent 986050d645
3 changed files with 23 additions and 1 deletions
--- a/cups-1.3.6-search_regex.patch
+++ b/cups-1.3.6-search_regex.patch
@ -0,0 +1,13 @@
+--- cups-1.3.6/cgi-bin/search.c.orig	2008-01-16 23:20:33.000000000 +0100
+++ cups-1.3.6/cgi-bin/search.c	2008-03-06 10:55:20.000000000 +0100
+@@ -167,7 +167,9 @@ cgiCompileSearch(const char *query)	/* I
+       * string + RE overhead...
+       */
+ 
+-      wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4;
+      wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
+      if (lword)
+        wlen += strlen(lword);
+ 
+       if (wlen > slen)
+       {
--- a/cups.changes
+++ b/cups.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Mar  6 10:56:10 CET 2008 - kssingvo@suse.de
+
+- fixed issue in cgi-bin search CVE-2008-0047 (bugzilla#367225)
+
 -------------------------------------------------------------------
 Fri Feb 29 13:37:18 CET 2008 - kssingvo@suse.de

--- a/cups.spec
+++ b/cups.spec
@ -18,7 +18,7 @@ License:        GPL v2 or later
 Group:          Hardware/Printing
 Summary:        The Common UNIX Printing System
 Version:        1.3.6
-Release:        1
+Release:        7
 Requires:       cups-libs = %{version}, cups-client = %{version}
 Requires:       ghostscript_any, ghostscript-fonts-std, foomatic-filters
 Requires:       util-linux
@ -53,6 +53,7 @@ Patch14:        cups-1.1.21-testppd_duplex.patch
 Patch15:        cups-1.2.11-testppd_filename.patch
 Patch16:        cups-1.2.5-desktop_file.patch
 Patch17:        cups-1.3.3-testppd_none.patch
+Patch18:        cups-1.3.6-search_regex.patch
 Patch100:       cups-1.1.23-testpage.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %suse_version >= 801
@ -146,6 +147,7 @@ Authors:
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
+%patch18 -p1
 if [ -f /.buildenv ]; then
 	. /.buildenv
 else
@ -386,6 +388,8 @@ rm -rf $RPM_BUILD_ROOT/usr/share/locale/no
 %{_datadir}/locale/*/cups_*

 %changelog
+* Thu Mar 06 2008 kssingvo@suse.de
+- fixed issue in cgi-bin search CVE-2008-0047 (bugzilla#367225)
 * Fri Feb 29 2008 kssingvo@suse.de
 - update to version 1.3.6:
  * Documentation updates