From f5608b99a91a01b599c774b2c87ce2c5ec9b1d41 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Fri, 10 Oct 2008 09:44:33 +0000 Subject: [PATCH] - 1.3.9, including fixes for CVE-2008-3639 (STR #2918, bug #464710), CVE-2008-3640 (STR #2919, bug #464713) and CVE-2008-3641 (STR #2911, bug #464716). - No longer need str2892 or res_init patches. --- .cvsignore | 1 + cups-getnameddest.patch | 93 ++++++++++++------------- cups-res_init.patch | 146 ---------------------------------------- cups-str2892.patch | 86 ----------------------- cups.spec | 22 +++--- sources | 2 +- 6 files changed, 61 insertions(+), 289 deletions(-) delete mode 100644 cups-res_init.patch delete mode 100644 cups-str2892.patch diff --git a/.cvsignore b/.cvsignore index 1231b87..acb57a9 100644 --- a/.cvsignore +++ b/.cvsignore @@ -33,3 +33,4 @@ cups-1.3.5-source.tar.bz2 cups-1.3.6-source.tar.bz2 cups-1.3.7-source.tar.bz2 cups-1.3.8-source.tar.bz2 +cups-1.3.9-source.tar.bz2 diff --git a/cups-getnameddest.patch b/cups-getnameddest.patch index ca5ad1d..262395d 100644 --- a/cups-getnameddest.patch +++ b/cups-getnameddest.patch @@ -1,6 +1,6 @@ -diff -up cups-1.3.8/berkeley/lpr.c.getnameddest cups-1.3.8/berkeley/lpr.c ---- cups-1.3.8/berkeley/lpr.c.getnameddest 2008-07-28 16:28:24.000000000 +0100 -+++ cups-1.3.8/berkeley/lpr.c 2008-07-28 16:28:24.000000000 +0100 +diff -up cups-1.3.9/berkeley/lpr.c.getnameddest cups-1.3.9/berkeley/lpr.c +--- cups-1.3.9/berkeley/lpr.c.getnameddest 2008-10-10 09:35:05.000000000 +0100 ++++ cups-1.3.9/berkeley/lpr.c 2008-10-10 09:35:05.000000000 +0100 @@ -92,9 +92,7 @@ main(int argc, /* I - Number of comm int num_copies; /* Number of copies per file */ int num_files; /* Number of files to print */ @@ -55,9 +55,9 @@ diff -up cups-1.3.8/berkeley/lpr.c.getnameddest cups-1.3.8/berkeley/lpr.c _cupsLangPrintf(stderr, _("%s: Error - %s environment variable names " "non-existent destination \"%s\"!\n"), -diff -up cups-1.3.8/cups/cups.h.getnameddest cups-1.3.8/cups/cups.h ---- cups-1.3.8/cups/cups.h.getnameddest 2008-07-11 23:48:49.000000000 +0100 -+++ cups-1.3.8/cups/cups.h 2008-07-28 16:28:24.000000000 +0100 +diff -up cups-1.3.9/cups/cups.h.getnameddest cups-1.3.9/cups/cups.h +--- cups-1.3.9/cups/cups.h.getnameddest 2008-07-23 01:06:46.000000000 +0100 ++++ cups-1.3.9/cups/cups.h 2008-10-10 09:35:05.000000000 +0100 @@ -248,6 +248,9 @@ extern void cupsSetDefaultDest(const ch int num_dests, cups_dest_t *dests); @@ -68,9 +68,9 @@ diff -up cups-1.3.8/cups/cups.h.getnameddest cups-1.3.8/cups/cups.h # ifdef __cplusplus } -diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c ---- cups-1.3.8/cups/dest.c.getnameddest 2008-07-11 23:48:49.000000000 +0100 -+++ cups-1.3.8/cups/dest.c 2008-07-28 16:28:24.000000000 +0100 +diff -up cups-1.3.9/cups/dest.c.getnameddest cups-1.3.9/cups/dest.c +--- cups-1.3.9/cups/dest.c.getnameddest 2008-09-17 00:37:56.000000000 +0100 ++++ cups-1.3.9/cups/dest.c 2008-10-10 09:36:02.000000000 +0100 @@ -25,6 +25,7 @@ * server. * cupsGetDests2() - Get the list of destinations from the @@ -128,18 +128,19 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c return (num_dests); } -@@ -330,8 +333,8 @@ cupsGetDests2(http_t *http, /* I - +@@ -330,9 +333,9 @@ cupsGetDests2(http_t *http, /* I - * Grab the printers and classes... */ - num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, num_dests, dests); -- num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, num_dests, dests); + num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, NULL, num_dests, dests); -+ num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, NULL, num_dests, dests); + if (cupsLastError() < IPP_REDIRECTION_OTHER_SITE) +- num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, num_dests, dests); ++ num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, NULL, num_dests, dests); - /* - * Make a copy of the "real" queues for a later sanity check... -@@ -390,7 +393,7 @@ cupsGetDests2(http_t *http, /* I - + if (cupsLastError() >= IPP_REDIRECTION_OTHER_SITE) + { +@@ -398,7 +401,7 @@ cupsGetDests2(http_t *http, /* I - */ snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot); @@ -148,7 +149,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c if ((home = getenv("HOME")) != NULL) { -@@ -398,7 +401,7 @@ cupsGetDests2(http_t *http, /* I - +@@ -406,7 +409,7 @@ cupsGetDests2(http_t *http, /* I - if (access(filename, 0)) snprintf(filename, sizeof(filename), "%s/.lpoptions", home); @@ -157,7 +158,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c } /* -@@ -452,6 +455,136 @@ cupsGetDests2(http_t *http, /* I - +@@ -460,6 +463,136 @@ cupsGetDests2(http_t *http, /* I - /* @@ -294,7 +295,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c * 'cupsRemoveDest()' - Remove a destination from the destination list. * * Removing a destination/instance does not delete the class or printer -@@ -548,19 +681,17 @@ void +@@ -556,19 +689,17 @@ void cupsSetDests(int num_dests, /* I - Number of destinations */ cups_dest_t *dests) /* I - Destinations */ { @@ -318,7 +319,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c } -@@ -606,8 +737,8 @@ cupsSetDests2(http_t *http, /* I - +@@ -614,8 +745,8 @@ cupsSetDests2(http_t *http, /* I - * Get the server destinations... */ @@ -329,7 +330,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c /* * Figure out which file to write to... -@@ -622,7 +753,7 @@ cupsSetDests2(http_t *http, /* I - +@@ -630,7 +761,7 @@ cupsSetDests2(http_t *http, /* I - * Merge in server defaults... */ @@ -338,7 +339,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c /* * Point to user defaults... -@@ -789,24 +920,88 @@ cupsSetDests2(http_t *http, /* I - +@@ -797,24 +928,88 @@ cupsSetDests2(http_t *http, /* I - /* @@ -428,7 +429,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c /* * Check environment variables... */ -@@ -816,12 +1011,8 @@ cups_get_dests(const char *filename, /* +@@ -824,12 +1019,8 @@ cups_get_dests(const char *filename, /* if (strcmp(printer, "lp") == 0) printer = NULL; @@ -443,7 +444,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c /* * Read each printer; each line looks like: -@@ -830,28 +1021,22 @@ cups_get_dests(const char *filename, /* +@@ -838,28 +1029,22 @@ cups_get_dests(const char *filename, /* * Default name[/instance] options */ @@ -481,7 +482,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c name = lineptr; -@@ -862,9 +1047,6 @@ cups_get_dests(const char *filename, /* +@@ -870,9 +1055,6 @@ cups_get_dests(const char *filename, /* while (!isspace(*lineptr & 255) && *lineptr && *lineptr != '/') lineptr ++; @@ -491,7 +492,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c if (*lineptr == '/') { /* -@@ -884,30 +1066,49 @@ cups_get_dests(const char *filename, /* +@@ -892,30 +1074,49 @@ cups_get_dests(const char *filename, /* else instance = NULL; @@ -554,7 +555,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c } /* -@@ -918,11 +1119,20 @@ cups_get_dests(const char *filename, /* +@@ -926,11 +1127,20 @@ cups_get_dests(const char *filename, /* &(dest->options)); /* @@ -576,7 +577,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c for (i = 0; i < num_dests; i ++) (*dests)[i].is_default = 0; -@@ -934,7 +1144,7 @@ cups_get_dests(const char *filename, /* +@@ -942,7 +1152,7 @@ cups_get_dests(const char *filename, /* * Close the file and return... */ @@ -585,7 +586,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c return (num_dests); } -@@ -946,7 +1156,8 @@ cups_get_dests(const char *filename, /* +@@ -954,7 +1164,8 @@ cups_get_dests(const char *filename, /* static int /* O - Number of destinations */ cups_get_sdests(http_t *http, /* I - HTTP connection */ @@ -595,7 +596,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c int num_dests, /* I - Number of destinations */ cups_dest_t **dests) /* IO - Destinations */ { -@@ -963,8 +1174,9 @@ cups_get_sdests(http_t *http, /* I +@@ -971,8 +1182,9 @@ cups_get_sdests(http_t *http, /* I const char *info, /* printer-info attribute */ *location, /* printer-location attribute */ *make_model, /* printer-make-and-model attribute */ @@ -607,7 +608,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c auth_info_req[1024], /* auth-info-required attribute */ reasons[1024]; /* printer-state-reasons attribute */ int num_options; /* Number of options */ -@@ -1008,6 +1220,14 @@ cups_get_sdests(http_t *http, /* I +@@ -1016,6 +1228,14 @@ cups_get_sdests(http_t *http, /* I ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", NULL, cupsUser()); @@ -622,7 +623,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c /* * Do the request and get back a response... */ -@@ -1030,17 +1250,17 @@ cups_get_sdests(http_t *http, /* I +@@ -1038,17 +1258,17 @@ cups_get_sdests(http_t *http, /* I * Pull the needed attributes from this printer... */ @@ -651,7 +652,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c auth_info_req[0] = '\0'; job_sheets[0] = '\0'; -@@ -1091,7 +1311,7 @@ cups_get_sdests(http_t *http, /* I +@@ -1099,7 +1319,7 @@ cups_get_sdests(http_t *http, /* I make_model = attr->values[0].string.text; else if (!strcmp(attr->name, "printer-name") && attr->value_tag == IPP_TAG_NAME) @@ -660,7 +661,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c else if (!strcmp(attr->name, "printer-state") && attr->value_tag == IPP_TAG_ENUM) state = attr->values[0].integer; -@@ -1196,7 +1416,7 @@ cups_get_sdests(http_t *http, /* I +@@ -1204,7 +1424,7 @@ cups_get_sdests(http_t *http, /* I * See if we have everything needed... */ @@ -669,7 +670,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c { cupsFreeOptions(num_options, options); -@@ -1206,9 +1426,9 @@ cups_get_sdests(http_t *http, /* I +@@ -1214,9 +1434,9 @@ cups_get_sdests(http_t *http, /* I continue; } @@ -681,9 +682,9 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c { dest->num_options = num_options; dest->options = options; -diff -up cups-1.3.8/cups/libcups.exp.getnameddest cups-1.3.8/cups/libcups.exp ---- cups-1.3.8/cups/libcups.exp.getnameddest 2008-04-09 04:39:40.000000000 +0100 -+++ cups-1.3.8/cups/libcups.exp 2008-07-28 16:28:24.000000000 +0100 +diff -up cups-1.3.9/cups/libcups.exp.getnameddest cups-1.3.9/cups/libcups.exp +--- cups-1.3.9/cups/libcups.exp.getnameddest 2008-04-09 04:39:40.000000000 +0100 ++++ cups-1.3.9/cups/libcups.exp 2008-10-10 09:35:05.000000000 +0100 @@ -114,6 +114,7 @@ _cupsGetFd _cupsGetFile _cupsGetJobs @@ -692,9 +693,9 @@ diff -up cups-1.3.8/cups/libcups.exp.getnameddest cups-1.3.8/cups/libcups.exp _cupsGetOption _cupsGetPassword _cupsGetPPD -diff -up cups-1.3.8/cups/Makefile.getnameddest cups-1.3.8/cups/Makefile ---- cups-1.3.8/cups/Makefile.getnameddest 2008-02-20 20:18:33.000000000 +0000 -+++ cups-1.3.8/cups/Makefile 2008-07-28 16:28:24.000000000 +0100 +diff -up cups-1.3.9/cups/Makefile.getnameddest cups-1.3.9/cups/Makefile +--- cups-1.3.9/cups/Makefile.getnameddest 2008-09-06 01:30:39.000000000 +0100 ++++ cups-1.3.9/cups/Makefile 2008-10-10 09:35:05.000000000 +0100 @@ -263,7 +263,7 @@ libcups.so.2 libcups.sl.2: $(LIBOBJS) # libcups.2.dylib # @@ -704,9 +705,9 @@ diff -up cups-1.3.8/cups/Makefile.getnameddest cups-1.3.8/cups/Makefile echo Linking $@... $(DSO) $(ARCHFLAGS) $(DSOFLAGS) -o $@ \ -install_name $(libdir)/$@ \ -diff -up cups-1.3.8/cups/testcups.c.getnameddest cups-1.3.8/cups/testcups.c ---- cups-1.3.8/cups/testcups.c.getnameddest 2008-07-11 23:48:49.000000000 +0100 -+++ cups-1.3.8/cups/testcups.c 2008-07-28 16:37:24.000000000 +0100 +diff -up cups-1.3.9/cups/testcups.c.getnameddest cups-1.3.9/cups/testcups.c +--- cups-1.3.9/cups/testcups.c.getnameddest 2008-07-11 23:48:49.000000000 +0100 ++++ cups-1.3.9/cups/testcups.c 2008-10-10 09:35:05.000000000 +0100 @@ -16,7 +16,8 @@ * * Contents: @@ -947,9 +948,9 @@ diff -up cups-1.3.8/cups/testcups.c.getnameddest cups-1.3.8/cups/testcups.c +/* * End of "$Id: testcups.c 7721 2008-07-11 22:48:49Z mike $". */ -diff -up cups-1.3.8/systemv/lp.c.getnameddest cups-1.3.8/systemv/lp.c ---- cups-1.3.8/systemv/lp.c.getnameddest 2008-07-11 23:48:49.000000000 +0100 -+++ cups-1.3.8/systemv/lp.c 2008-07-28 16:28:24.000000000 +0100 +diff -up cups-1.3.9/systemv/lp.c.getnameddest cups-1.3.9/systemv/lp.c +--- cups-1.3.9/systemv/lp.c.getnameddest 2008-07-11 23:48:49.000000000 +0100 ++++ cups-1.3.9/systemv/lp.c 2008-10-10 09:35:05.000000000 +0100 @@ -73,9 +73,7 @@ main(int argc, /* I - Number of comm int num_copies; /* Number of copies per file */ int num_files; /* Number of files to print */ diff --git a/cups-res_init.patch b/cups-res_init.patch deleted file mode 100644 index d449e0a..0000000 --- a/cups-res_init.patch +++ /dev/null @@ -1,146 +0,0 @@ -diff -up cups-1.3.8/config.h.in.res_init cups-1.3.8/config.h.in ---- cups-1.3.8/config.h.in.res_init 2008-09-03 15:34:23.000000000 +0100 -+++ cups-1.3.8/config.h.in 2008-09-03 15:34:52.000000000 +0100 -@@ -365,6 +365,13 @@ - - - /* -+ * Do we have __res_init()? -+ */ -+ -+#undef HAVE_RES_INIT -+ -+ -+/* - * Do we have hstrerror()? - */ - -diff -up cups-1.3.8/config-scripts/cups-network.m4.res_init cups-1.3.8/config-scripts/cups-network.m4 ---- cups-1.3.8/config-scripts/cups-network.m4.res_init 2007-12-19 01:47:57.000000000 +0000 -+++ cups-1.3.8/config-scripts/cups-network.m4 2008-09-03 15:34:14.000000000 +0100 -@@ -18,6 +18,7 @@ AC_SEARCH_LIBS(gethostbyaddr, nsl) - AC_SEARCH_LIBS(getifaddrs, nsl, AC_DEFINE(HAVE_GETIFADDRS)) - AC_SEARCH_LIBS(hstrerror, nsl socket resolv, AC_DEFINE(HAVE_HSTRERROR)) - AC_SEARCH_LIBS(rresvport_af, nsl, AC_DEFINE(HAVE_RRESVPORT_AF)) -+AC_SEARCH_LIBS(__res_init, resolv bind, AC_DEFINE(HAVE_RES_INIT)) - - # Tru64 5.1b leaks file descriptors with these functions; disable until - # we can come up with a test for this... -diff -up cups-1.3.8/configure.res_init cups-1.3.8/configure ---- cups-1.3.8/configure.res_init 2008-09-03 15:34:14.000000000 +0100 -+++ cups-1.3.8/configure 2008-09-03 15:34:14.000000000 +0100 -@@ -12189,6 +12189,92 @@ _ACEOF - - fi - -+{ echo "$as_me:$LINENO: checking for library containing __res_init" >&5 -+echo $ECHO_N "checking for library containing __res_init... $ECHO_C" >&6; } -+if test "${ac_cv_search___res_init+set}" = set; then -+ echo $ECHO_N "(cached) $ECHO_C" >&6 -+else -+ ac_func_search_save_LIBS=$LIBS -+cat >conftest.$ac_ext <<_ACEOF -+/* confdefs.h. */ -+_ACEOF -+cat confdefs.h >>conftest.$ac_ext -+cat >>conftest.$ac_ext <<_ACEOF -+/* end confdefs.h. */ -+ -+/* Override any GCC internal prototype to avoid an error. -+ Use char because int might match the return type of a GCC -+ builtin and then its argument prototype would still apply. */ -+#ifdef __cplusplus -+extern "C" -+#endif -+char __res_init (); -+int -+main () -+{ -+return __res_init (); -+ ; -+ return 0; -+} -+_ACEOF -+for ac_lib in '' resolv bind; do -+ if test -z "$ac_lib"; then -+ ac_res="none required" -+ else -+ ac_res=-l$ac_lib -+ LIBS="-l$ac_lib $ac_func_search_save_LIBS" -+ fi -+ rm -f conftest.$ac_objext conftest$ac_exeext -+if { (ac_try="$ac_link" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 -+ (eval "$ac_link") 2>conftest.er1 -+ ac_status=$? -+ grep -v '^ *+' conftest.er1 >conftest.err -+ rm -f conftest.er1 -+ cat conftest.err >&5 -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); } && { -+ test -z "$ac_c_werror_flag" || -+ test ! -s conftest.err -+ } && test -s conftest$ac_exeext && -+ $as_test_x conftest$ac_exeext; then -+ ac_cv_search___res_init=$ac_res -+else -+ echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ -+fi -+ -+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ -+ conftest$ac_exeext -+ if test "${ac_cv_search___res_init+set}" = set; then -+ break -+fi -+done -+if test "${ac_cv_search___res_init+set}" = set; then -+ : -+else -+ ac_cv_search___res_init=no -+fi -+rm conftest.$ac_ext -+LIBS=$ac_func_search_save_LIBS -+fi -+{ echo "$as_me:$LINENO: result: $ac_cv_search___res_init" >&5 -+echo "${ECHO_T}$ac_cv_search___res_init" >&6; } -+ac_res=$ac_cv_search___res_init -+if test "$ac_res" != no; then -+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" -+ cat >>confdefs.h <<\_ACEOF -+#define HAVE_RES_INIT 1 -+_ACEOF -+ -+fi -+ - - # Tru64 5.1b leaks file descriptors with these functions; disable until - # we can come up with a test for this... -diff -up cups-1.3.8/scheduler/cups-polld.c.res_init cups-1.3.8/scheduler/cups-polld.c ---- cups-1.3.8/scheduler/cups-polld.c.res_init 2008-01-08 00:16:30.000000000 +0000 -+++ cups-1.3.8/scheduler/cups-polld.c 2008-09-03 15:34:14.000000000 +0100 -@@ -155,6 +155,18 @@ main(int argc, /* I - Number of comm - restart_polling = 0; - httpClose(http); - -+#ifdef HAVE_RES_INIT -+ if (!http) -+ { -+ /* -+ * Reinit the resolver so that it doesn't cache a previous -+ * hostname lookup failure. This fixes the situation where a -+ * network interface becomes available after polling starts. -+ */ -+ __res_init (); -+ } -+#endif /* HAVE_RES_INIT */ -+ - if ((http = httpConnectEncrypt(argv[1], atoi(argv[2]), - cupsEncryption())) == NULL) - { diff --git a/cups-str2892.patch b/cups-str2892.patch deleted file mode 100644 index 2010efc..0000000 --- a/cups-str2892.patch +++ /dev/null @@ -1,86 +0,0 @@ -diff -up cups-1.3.8/scheduler/client.c.str2892 cups-1.3.8/scheduler/client.c ---- cups-1.3.8/scheduler/client.c.str2892 2008-07-11 23:48:49.000000000 +0100 -+++ cups-1.3.8/scheduler/client.c 2008-08-03 11:42:35.000000000 +0100 -@@ -28,6 +28,7 @@ - * cupsdUpdateCGI() - Read status messages from CGI scripts and programs. - * cupsdWriteClient() - Write data to a client as needed. - * check_if_modified() - Decode an "If-Modified-Since" line. -+ * data_ready() - Check whether data is available from a client. - * encrypt_client() - Enable encryption for the client... - * get_cdsa_certificate() - Convert a keychain name into the CFArrayRef - * required by SSLSetCertificate. -@@ -83,6 +84,7 @@ extern const char *cssmErrorString(int e - - static int check_if_modified(cupsd_client_t *con, - struct stat *filestats); -+static int data_ready(cupsd_client_t *con); - #ifdef HAVE_SSL - static int encrypt_client(cupsd_client_t *con); - #endif /* HAVE_SSL */ -@@ -989,8 +991,7 @@ cupsdReadClient(cupsd_client_t *con) /* - */ - - while ((status = httpUpdate(HTTP(con))) == HTTP_CONTINUE) -- if (con->http.used == 0 || -- !memchr(con->http.buffer, '\n', con->http.used)) -+ if (!data_ready(con)) - break; - - if (status != HTTP_OK && status != HTTP_CONTINUE) -@@ -1889,7 +1890,7 @@ cupsdReadClient(cupsd_client_t *con) /* - } - } - } -- while (con->http.state == HTTP_PUT_RECV && con->http.used > 0); -+ while (con->http.state == HTTP_PUT_RECV && data_ready(con)); - - if (con->http.state == HTTP_WAITING) - { -@@ -2064,7 +2065,7 @@ cupsdReadClient(cupsd_client_t *con) /* - } - } - } -- while (con->http.state == HTTP_POST_RECV && con->http.used > 0); -+ while (con->http.state == HTTP_POST_RECV && data_ready(con)); - - if (con->http.state == HTTP_POST_SEND) - { -@@ -2914,6 +2915,38 @@ check_if_modified( - } - - -+/* -+ * 'data_ready()' - Check whether data is available from a client. -+ */ -+ -+static int /* O - 1 if data is ready, 0 otherwise */ -+data_ready(cupsd_client_t *con) /* I - Client */ -+{ -+ if (con->http.used > 0) -+ return (1); -+#ifdef HAVE_SSL -+ else if (con->http.tls) -+ { -+# ifdef HAVE_LIBSSL -+ if (SSL_pending((SSL *)(con->http.tls))) -+ return (1); -+# elif defined(HAVE_GNUTLS) -+ if (gnutls_record_check_pending(((http_tls_t *)(con->http.tls))->session)) -+ return (1); -+# elif defined(HAVE_CDSASSL) -+ size_t bytes; /* Bytes that are available */ -+ -+ if (!SSLGetBufferedReadSize(((http_tls_t *)(con->http.tls))->session, -+ &bytes) && bytes > 0) -+ return (1); -+# endif /* HAVE_LIBSSL */ -+ } -+#endif /* HAVE_SSL */ -+ -+ return (0); -+} -+ -+ - #ifdef HAVE_SSL - /* - * 'encrypt_client()' - Enable encryption for the client... diff --git a/cups.spec b/cups.spec index bf03114..da17cd2 100644 --- a/cups.spec +++ b/cups.spec @@ -6,8 +6,8 @@ Summary: Common Unix Printing System Name: cups -Version: 1.3.8 -Release: 6%{?svn:.svn%{svn}}%{?dist} +Version: 1.3.9 +Release: 1%{?svn:.svn%{svn}}%{?dist} License: GPLv2 Group: System Environment/Daemons Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.bz2 @@ -47,10 +47,8 @@ Patch19: cups-strict-ppd-line-length.patch Patch20: cups-logrotate.patch Patch21: cups-usb-paperout.patch Patch22: cups-getnameddest.patch -Patch23: cups-str2892.patch -Patch24: cups-str2101.patch -Patch25: cups-res_init.patch -Patch26: cups-str2536.patch +Patch23: cups-str2101.patch +Patch24: cups-str2536.patch Patch100: cups-lspp.patch Epoch: 1 Url: http://www.cups.org/ @@ -186,10 +184,8 @@ module. %patch20 -p1 -b .logrotate %patch21 -p1 -b .usb-paperout %patch22 -p1 -b .getnameddest -%patch23 -p1 -b .str2892 -%patch24 -p1 -b .str2101 -%patch25 -p1 -b .res_init -%patch26 -p1 -b .str2536 +%patch23 -p1 -b .str2101 +%patch24 -p1 -b .str2536 %if %lspp %patch100 -p1 -b .lspp @@ -481,6 +477,12 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/php/modules/*.so %changelog +* Fri Oct 10 2008 Tim Waugh 1:1.3.9-1 +- 1.3.9, including fixes for CVE-2008-3639 (STR #2918, bug #464710), + CVE-2008-3640 (STR #2919, bug #464713) and CVE-2008-3641 (STR #2911, + bug #464716). +- No longer need str2892 or res_init patches. + * Wed Sep 10 2008 Tim Waugh 1:1.3.8-6 - Backported patch for FatalErrors configuration directive (bug #314941, STR #2536). diff --git a/sources b/sources index b08d800..c625209 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ b0bb017098e8e76b8a25e666c41ce540 postscript.ppd.gz -84e09577d673b212f605dd09caee456c cups-1.3.8-source.tar.bz2 +cf63f451c356e6cabb08972d4d11c365 cups-1.3.9-source.tar.bz2