From d8f3723224d2fdded0106d00fd7d892d3406d0afc26ae90d543bba6860019822 Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Thu, 9 Aug 2007 16:27:19 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=15

---
 cups-1.2.7-xpdf_CVE_2007_3387.patch | 15 +++++++++++++++
 cups.changes                        |  5 +++++
 cups.spec                           |  6 +++++-
 3 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 cups-1.2.7-xpdf_CVE_2007_3387.patch

diff --git a/cups-1.2.7-xpdf_CVE_2007_3387.patch b/cups-1.2.7-xpdf_CVE_2007_3387.patch
new file mode 100644
index 0000000..0707e91
--- /dev/null
+++ b/cups-1.2.7-xpdf_CVE_2007_3387.patch
@@ -0,0 +1,15 @@
+--- cups-1.2.7/pdftops/Stream.cxx.orig	2006-02-13 04:08:11.000000000 +0100
++++ cups-1.2.7/pdftops/Stream.cxx	2007-08-06 16:45:54.000000000 +0200
+@@ -412,9 +412,9 @@
+ 
+   nVals = width * nComps;
+   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits ||
+-      nVals * nBits + 7 < 0) {
++      nComps >= 4 || nBits > 16 ||
++      width >= INT_MAX / nComps ||
++      nVals >= (INT_MAX - 7) / nBits) {
+     return;
+   }
+   pixBytes = (nComps * nBits + 7) >> 3;
diff --git a/cups.changes b/cups.changes
index 7647148..f2c5598 100644
--- a/cups.changes
+++ b/cups.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Aug  6 17:46:56 CEST 2007 - kssingvo@suse.de
+
+- fix for xpdf bugzilla#291690, CVE-2007-3387, swamp-11865
+
 -------------------------------------------------------------------
 Mon Jul 30 15:41:27 CEST 2007 - kssingvo@suse.de
 
diff --git a/cups.spec b/cups.spec
index d954824..4bbdceb 100644
--- a/cups.spec
+++ b/cups.spec
@@ -17,7 +17,7 @@ License:        GPL v2 or later, individual distribution permission.
 Group:          Hardware/Printing
 Summary:        The Common UNIX Printing System
 Version:        1.2.12
-Release:        3
+Release:        6
 Requires:       cups-libs = %{version}, cups-client = %{version}
 Requires:       ghostscript_any, ghostscript-fonts-std, foomatic-filters
 Requires:       util-linux
@@ -52,6 +52,7 @@ Patch14:        cups-1.1.21-testppd_duplex.patch
 Patch15:        cups-1.2.11-testppd_filename.patch
 Patch16:        cups-1.2.5-desktop_file.patch
 Patch17:        cups-1.2.6-lppasswd_permission.patch
+Patch18:        cups-1.2.7-xpdf_CVE_2007_3387.patch
 Patch100:       cups-1.1.23-testpage.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %suse_version >= 801
@@ -144,6 +145,7 @@ Authors:
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
+%patch18 -p1
 if [ -f /.buildenv ]; then
 	. /.buildenv
 else
@@ -381,6 +383,8 @@ install -m 644 %{SOURCE17} $RPM_BUILD_ROOT/etc/sysconfig/SuSEfirewall2.d/service
 %{_datadir}/locale/*/cups_*
 
 %changelog
+* Mon Aug 06 2007 - kssingvo@suse.de
+- fix for xpdf bugzilla#291690, CVE-2007-3387, swamp-11865
 * Mon Jul 30 2007 - kssingvo@suse.de
 - upgrade to cups-1.2.12:
   * The PHP cups_print_file() function crashed if the options array