rpms/cups
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553, bug

Browse Source 
#557775).
- Added comments for all sources and patches.
This commit is contained in:
Tim Waugh 2010-03-05 10:54:21 +00:00
parent c5bb55a14b
commit 0a206ac418
2 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
cups-CVE-2010-0302.patch Normal file
View File

@ -0,0 +1,24 @@
diff -up cups-1.4.2/scheduler/select.c.CVE-2010-0302 cups-1.4.2/scheduler/select.c
--- cups-1.4.2/scheduler/select.c.CVE-2010-0302 2010-03-05 10:37:49.990476887 +0000
+++ cups-1.4.2/scheduler/select.c 2010-03-05 10:38:01.803478081 +0000
@@ -454,7 +454,8 @@ cupsdDoSelect(long timeout) /* I - Time
if (fdptr->read_cb && event->filter == EVFILT_READ)
(*(fdptr->read_cb))(fdptr->data);
- if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+ if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE &&
+ !cupsArrayFind(cupsd_inactive_fds, fdptr))
(*(fdptr->write_cb))(fdptr->data);
release_fd(fdptr);
@@ -499,7 +500,9 @@ cupsdDoSelect(long timeout) /* I - Time
if (fdptr->read_cb && (event->events & (EPOLLIN | EPOLLERR | EPOLLHUP)))
(*(fdptr->read_cb))(fdptr->data);
- if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ if (fdptr->use > 1 && fdptr->write_cb &&
+ (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)) &&
+ !cupsArrayFind(cupsd_inactive_fds, fdptr))
(*(fdptr->write_cb))(fdptr->data);
release_fd(fdptr);

11
cups.spec
View File

@ -8,7 +8,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.4.2
Release: 33%{?dist}
Release: 34%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -85,6 +85,7 @@ Patch51: cups-0755.patch
Patch52: cups-str3460.patch
Patch53: cups-EAI_AGAIN.patch
Patch54: cups-str3505.patch
Patch55: cups-CVE-2010-0302.patch
Patch100: cups-lspp.patch
@ -329,8 +330,12 @@ module.
%patch53 -p1 -b .EAI_AGAIN
# Update classes.conf when a class member printer is deleted
%patch54 -p1 -b .str3505
# Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553,
# bug #557775).
%patch55 -p1 -b .CVE-2010-0302
%if %lspp
# LSPP support.
%patch100 -p1 -b .lspp
%endif
@ -619,7 +624,9 @@ rm -rf $RPM_BUILD_ROOT
%{php_extdir}/phpcups.so
%changelog
* Tue Mar 2 2010 Tim Waugh <twaugh@redhat.com>
* Fri Mar 5 2010 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-34
- Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553,
bug #557775).
- Added comments for all sources and patches.
* Tue Mar 2 2010 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-33