- CVE-2008-1373 patch is no longer needed (applied upstream).

2008-07-15 12:55:32 +00:00 · 2008-07-15 12:55:32 +00:00 · d95259d60f
commit d95259d60f
parent 2467bda6e4
2 changed files with 1 additions and 23 deletions
--- a/cups-CVE-2008-1373.patch
+++ b/cups-CVE-2008-1373.patch
@ -1,22 +0,0 @@
-diff -up cups-1.3.6/filter/image-gif.c.CVE-2008-1373 cups-1.3.6/filter/image-gif.c
--- cups-1.3.6/filter/image-gif.c.CVE-2008-1373	2008-01-14 22:12:58.000000000 +0000
-+++ cups-1.3.6/filter/image-gif.c	2008-04-01 16:43:22.000000000 +0100
-@@ -38,6 +38,8 @@
- #define GIF_INTERLACE	0x40
- #define GIF_COLORMAP	0x80
- 
-+#define MAX_LWZ_BITS	12
-+
- typedef cups_ib_t	gif_cmap_t[256][4];
- typedef short		gif_table_t[4096];
- 
-@@ -465,6 +467,9 @@ gif_read_image(FILE         *fp,	/* I - 
-   if (!pixels)
-     return (-1);
- 
-+  if (code_size > MAX_LWZ_BITS)
-+    return (-1);
-+
-   if (gif_read_lzw(fp, 1, code_size) < 0)
-   {
-     free(pixels);
--- a/cups.spec
+++ b/cups.spec
@ -47,7 +47,6 @@ Patch21: cups-driverd-timeout.patch
 Patch22: cups-strict-ppd-line-length.patch
 Patch23: cups-logrotate.patch
 Patch25: cups-usb-paperout.patch
-Patch29: cups-CVE-2008-1373.patch
 Patch30: cups-CVE-2008-1722.patch
 Patch31: cups-getnameddest.patch
 Patch100: cups-lspp.patch
@ -450,6 +449,7 @@ rm -rf $RPM_BUILD_ROOT

 %changelog
 * Tue Jul 15 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.7-13
+- CVE-2008-1373 patch is no longer needed (applied upstream).
 - Mark HTML files and templates config(noreplace) for site-local
  modifications (bug #441719).
 - The cups-devel package requires zlib-devel (bug #455192).