From 230343e540f420dc9e2d37f36adcc99a8f021f17 Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@redhat.com>
Date: Aug 18 2011 15:36:49 +0000
Subject: Another fix for CVE-2011-2924 (bug #726426).


---

diff --git a/foomatic-filters-CVE-2011-2924.patch b/foomatic-filters-CVE-2011-2924.patch
index 236b2c9..f5fb659 100644
--- a/foomatic-filters-CVE-2011-2924.patch
+++ b/foomatic-filters-CVE-2011-2924.patch
@@ -1,6 +1,26 @@
+diff -up foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924 foomatic-filters-4.0.8/foomaticrip.c
+--- foomatic-filters-4.0.8/foomaticrip.c.CVE-2011-2924	2011-08-18 16:27:57.277636643 +0100
++++ foomatic-filters-4.0.8/foomaticrip.c	2011-08-18 16:33:37.680136675 +0100
+@@ -1188,9 +1188,13 @@ int main(int argc, char** argv)
+     if (arglist_remove_flag(arglist, "--debug"))
+         debug = 1;
+ 
+-    if (debug)
+-        logh = fopen(LOG_FILE ".log", "w"); /* insecure, use for debugging only */
+-    else if (quiet && !verbose)
++    if (debug) {
++	int fd = mkstemp (LOG_FILE "-XXXXXX.log");
++	if (fd != -1)
++	    logh = fdopen(fd, "w");
++	else
++	    logh = stderr;
++    } else if (quiet && !verbose)
+         logh = NULL; /* Quiet mode, do not log */
+     else
+         logh = stderr; /* Default: log to stderr */
 diff -up foomatic-filters-4.0.8/renderer.c.CVE-2011-2924 foomatic-filters-4.0.8/renderer.c
 --- foomatic-filters-4.0.8/renderer.c.CVE-2011-2924	2011-07-25 10:50:57.000000000 +0100
-+++ foomatic-filters-4.0.8/renderer.c	2011-08-18 12:12:36.758458765 +0100
++++ foomatic-filters-4.0.8/renderer.c	2011-08-18 14:36:14.120153309 +0100
 @@ -434,7 +434,7 @@ int exec_kid3(FILE *in, FILE *out, void 
          }
  
diff --git a/foomatic.spec b/foomatic.spec
index 700a904..921dcec 100644
--- a/foomatic.spec
+++ b/foomatic.spec
@@ -4,7 +4,7 @@
 Summary: Tools for using the foomatic database of printers and printer drivers
 Name:       foomatic
 Version:    %{enginever}
-Release:    2%{?dist}
+Release:    3%{?dist}
 License:    GPLv2+
 Group: System Environment/Libraries
 
@@ -184,6 +184,9 @@ rm -fr %buildroot $RPM_BUILD_DIR/%{name}
 %{_mandir}/man1/foomatic-rip.1*
 
 %changelog
+* Tue Aug 18 2011 Tim Waugh <twaugh@redhat.com> - 4.0.8-3
+- Another fix for CVE-2011-2924 (bug #726426).
+
 * Tue Aug 18 2011 Tim Waugh <twaugh@redhat.com> - 4.0.8-2
 - Use mktemp when creating debug log file in foomatic-rip
   (CVE-2011-2924, bug #726426).