CVE-2008-3640 (STR #2919, bug #464713) and CVE-2008-3641 (STR #2911, bug #464716). - No longer need str2892 or res_init patches.
This commit is contained in:
parent
d9669961e9
commit
f5608b99a9
@ -33,3 +33,4 @@ cups-1.3.5-source.tar.bz2
|
|||||||
cups-1.3.6-source.tar.bz2
|
cups-1.3.6-source.tar.bz2
|
||||||
cups-1.3.7-source.tar.bz2
|
cups-1.3.7-source.tar.bz2
|
||||||
cups-1.3.8-source.tar.bz2
|
cups-1.3.8-source.tar.bz2
|
||||||
|
cups-1.3.9-source.tar.bz2
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up cups-1.3.8/berkeley/lpr.c.getnameddest cups-1.3.8/berkeley/lpr.c
|
diff -up cups-1.3.9/berkeley/lpr.c.getnameddest cups-1.3.9/berkeley/lpr.c
|
||||||
--- cups-1.3.8/berkeley/lpr.c.getnameddest 2008-07-28 16:28:24.000000000 +0100
|
--- cups-1.3.9/berkeley/lpr.c.getnameddest 2008-10-10 09:35:05.000000000 +0100
|
||||||
+++ cups-1.3.8/berkeley/lpr.c 2008-07-28 16:28:24.000000000 +0100
|
+++ cups-1.3.9/berkeley/lpr.c 2008-10-10 09:35:05.000000000 +0100
|
||||||
@@ -92,9 +92,7 @@ main(int argc, /* I - Number of comm
|
@@ -92,9 +92,7 @@ main(int argc, /* I - Number of comm
|
||||||
int num_copies; /* Number of copies per file */
|
int num_copies; /* Number of copies per file */
|
||||||
int num_files; /* Number of files to print */
|
int num_files; /* Number of files to print */
|
||||||
@ -55,9 +55,9 @@ diff -up cups-1.3.8/berkeley/lpr.c.getnameddest cups-1.3.8/berkeley/lpr.c
|
|||||||
_cupsLangPrintf(stderr,
|
_cupsLangPrintf(stderr,
|
||||||
_("%s: Error - %s environment variable names "
|
_("%s: Error - %s environment variable names "
|
||||||
"non-existent destination \"%s\"!\n"),
|
"non-existent destination \"%s\"!\n"),
|
||||||
diff -up cups-1.3.8/cups/cups.h.getnameddest cups-1.3.8/cups/cups.h
|
diff -up cups-1.3.9/cups/cups.h.getnameddest cups-1.3.9/cups/cups.h
|
||||||
--- cups-1.3.8/cups/cups.h.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
--- cups-1.3.9/cups/cups.h.getnameddest 2008-07-23 01:06:46.000000000 +0100
|
||||||
+++ cups-1.3.8/cups/cups.h 2008-07-28 16:28:24.000000000 +0100
|
+++ cups-1.3.9/cups/cups.h 2008-10-10 09:35:05.000000000 +0100
|
||||||
@@ -248,6 +248,9 @@ extern void cupsSetDefaultDest(const ch
|
@@ -248,6 +248,9 @@ extern void cupsSetDefaultDest(const ch
|
||||||
int num_dests,
|
int num_dests,
|
||||||
cups_dest_t *dests);
|
cups_dest_t *dests);
|
||||||
@ -68,9 +68,9 @@ diff -up cups-1.3.8/cups/cups.h.getnameddest cups-1.3.8/cups/cups.h
|
|||||||
|
|
||||||
# ifdef __cplusplus
|
# ifdef __cplusplus
|
||||||
}
|
}
|
||||||
diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
diff -up cups-1.3.9/cups/dest.c.getnameddest cups-1.3.9/cups/dest.c
|
||||||
--- cups-1.3.8/cups/dest.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
--- cups-1.3.9/cups/dest.c.getnameddest 2008-09-17 00:37:56.000000000 +0100
|
||||||
+++ cups-1.3.8/cups/dest.c 2008-07-28 16:28:24.000000000 +0100
|
+++ cups-1.3.9/cups/dest.c 2008-10-10 09:36:02.000000000 +0100
|
||||||
@@ -25,6 +25,7 @@
|
@@ -25,6 +25,7 @@
|
||||||
* server.
|
* server.
|
||||||
* cupsGetDests2() - Get the list of destinations from the
|
* cupsGetDests2() - Get the list of destinations from the
|
||||||
@ -128,18 +128,19 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
|
|
||||||
return (num_dests);
|
return (num_dests);
|
||||||
}
|
}
|
||||||
@@ -330,8 +333,8 @@ cupsGetDests2(http_t *http, /* I -
|
@@ -330,9 +333,9 @@ cupsGetDests2(http_t *http, /* I -
|
||||||
* Grab the printers and classes...
|
* Grab the printers and classes...
|
||||||
*/
|
*/
|
||||||
|
|
||||||
- num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, num_dests, dests);
|
- num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, num_dests, dests);
|
||||||
- num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, num_dests, dests);
|
|
||||||
+ num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, NULL, num_dests, dests);
|
+ num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, NULL, num_dests, dests);
|
||||||
|
if (cupsLastError() < IPP_REDIRECTION_OTHER_SITE)
|
||||||
|
- num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, num_dests, dests);
|
||||||
+ num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, NULL, num_dests, dests);
|
+ num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, NULL, num_dests, dests);
|
||||||
|
|
||||||
/*
|
if (cupsLastError() >= IPP_REDIRECTION_OTHER_SITE)
|
||||||
* Make a copy of the "real" queues for a later sanity check...
|
{
|
||||||
@@ -390,7 +393,7 @@ cupsGetDests2(http_t *http, /* I -
|
@@ -398,7 +401,7 @@ cupsGetDests2(http_t *http, /* I -
|
||||||
*/
|
*/
|
||||||
|
|
||||||
snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
|
snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
|
||||||
@ -148,7 +149,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
|
|
||||||
if ((home = getenv("HOME")) != NULL)
|
if ((home = getenv("HOME")) != NULL)
|
||||||
{
|
{
|
||||||
@@ -398,7 +401,7 @@ cupsGetDests2(http_t *http, /* I -
|
@@ -406,7 +409,7 @@ cupsGetDests2(http_t *http, /* I -
|
||||||
if (access(filename, 0))
|
if (access(filename, 0))
|
||||||
snprintf(filename, sizeof(filename), "%s/.lpoptions", home);
|
snprintf(filename, sizeof(filename), "%s/.lpoptions", home);
|
||||||
|
|
||||||
@ -157,7 +158,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -452,6 +455,136 @@ cupsGetDests2(http_t *http, /* I -
|
@@ -460,6 +463,136 @@ cupsGetDests2(http_t *http, /* I -
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -294,7 +295,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
* 'cupsRemoveDest()' - Remove a destination from the destination list.
|
* 'cupsRemoveDest()' - Remove a destination from the destination list.
|
||||||
*
|
*
|
||||||
* Removing a destination/instance does not delete the class or printer
|
* Removing a destination/instance does not delete the class or printer
|
||||||
@@ -548,19 +681,17 @@ void
|
@@ -556,19 +689,17 @@ void
|
||||||
cupsSetDests(int num_dests, /* I - Number of destinations */
|
cupsSetDests(int num_dests, /* I - Number of destinations */
|
||||||
cups_dest_t *dests) /* I - Destinations */
|
cups_dest_t *dests) /* I - Destinations */
|
||||||
{
|
{
|
||||||
@ -318,7 +319,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -606,8 +737,8 @@ cupsSetDests2(http_t *http, /* I -
|
@@ -614,8 +745,8 @@ cupsSetDests2(http_t *http, /* I -
|
||||||
* Get the server destinations...
|
* Get the server destinations...
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -329,7 +330,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Figure out which file to write to...
|
* Figure out which file to write to...
|
||||||
@@ -622,7 +753,7 @@ cupsSetDests2(http_t *http, /* I -
|
@@ -630,7 +761,7 @@ cupsSetDests2(http_t *http, /* I -
|
||||||
* Merge in server defaults...
|
* Merge in server defaults...
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -338,7 +339,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Point to user defaults...
|
* Point to user defaults...
|
||||||
@@ -789,24 +920,88 @@ cupsSetDests2(http_t *http, /* I -
|
@@ -797,24 +928,88 @@ cupsSetDests2(http_t *http, /* I -
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -428,7 +429,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
/*
|
/*
|
||||||
* Check environment variables...
|
* Check environment variables...
|
||||||
*/
|
*/
|
||||||
@@ -816,12 +1011,8 @@ cups_get_dests(const char *filename, /*
|
@@ -824,12 +1019,8 @@ cups_get_dests(const char *filename, /*
|
||||||
if (strcmp(printer, "lp") == 0)
|
if (strcmp(printer, "lp") == 0)
|
||||||
printer = NULL;
|
printer = NULL;
|
||||||
|
|
||||||
@ -443,7 +444,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Read each printer; each line looks like:
|
* Read each printer; each line looks like:
|
||||||
@@ -830,28 +1021,22 @@ cups_get_dests(const char *filename, /*
|
@@ -838,28 +1029,22 @@ cups_get_dests(const char *filename, /*
|
||||||
* Default name[/instance] options
|
* Default name[/instance] options
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -481,7 +482,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
|
|
||||||
name = lineptr;
|
name = lineptr;
|
||||||
|
|
||||||
@@ -862,9 +1047,6 @@ cups_get_dests(const char *filename, /*
|
@@ -870,9 +1055,6 @@ cups_get_dests(const char *filename, /*
|
||||||
while (!isspace(*lineptr & 255) && *lineptr && *lineptr != '/')
|
while (!isspace(*lineptr & 255) && *lineptr && *lineptr != '/')
|
||||||
lineptr ++;
|
lineptr ++;
|
||||||
|
|
||||||
@ -491,7 +492,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
if (*lineptr == '/')
|
if (*lineptr == '/')
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
@@ -884,30 +1066,49 @@ cups_get_dests(const char *filename, /*
|
@@ -892,30 +1074,49 @@ cups_get_dests(const char *filename, /*
|
||||||
else
|
else
|
||||||
instance = NULL;
|
instance = NULL;
|
||||||
|
|
||||||
@ -554,7 +555,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -918,11 +1119,20 @@ cups_get_dests(const char *filename, /*
|
@@ -926,11 +1127,20 @@ cups_get_dests(const char *filename, /*
|
||||||
&(dest->options));
|
&(dest->options));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -576,7 +577,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
for (i = 0; i < num_dests; i ++)
|
for (i = 0; i < num_dests; i ++)
|
||||||
(*dests)[i].is_default = 0;
|
(*dests)[i].is_default = 0;
|
||||||
|
|
||||||
@@ -934,7 +1144,7 @@ cups_get_dests(const char *filename, /*
|
@@ -942,7 +1152,7 @@ cups_get_dests(const char *filename, /*
|
||||||
* Close the file and return...
|
* Close the file and return...
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -585,7 +586,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
|
|
||||||
return (num_dests);
|
return (num_dests);
|
||||||
}
|
}
|
||||||
@@ -946,7 +1156,8 @@ cups_get_dests(const char *filename, /*
|
@@ -954,7 +1164,8 @@ cups_get_dests(const char *filename, /*
|
||||||
|
|
||||||
static int /* O - Number of destinations */
|
static int /* O - Number of destinations */
|
||||||
cups_get_sdests(http_t *http, /* I - HTTP connection */
|
cups_get_sdests(http_t *http, /* I - HTTP connection */
|
||||||
@ -595,7 +596,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
int num_dests, /* I - Number of destinations */
|
int num_dests, /* I - Number of destinations */
|
||||||
cups_dest_t **dests) /* IO - Destinations */
|
cups_dest_t **dests) /* IO - Destinations */
|
||||||
{
|
{
|
||||||
@@ -963,8 +1174,9 @@ cups_get_sdests(http_t *http, /* I
|
@@ -971,8 +1182,9 @@ cups_get_sdests(http_t *http, /* I
|
||||||
const char *info, /* printer-info attribute */
|
const char *info, /* printer-info attribute */
|
||||||
*location, /* printer-location attribute */
|
*location, /* printer-location attribute */
|
||||||
*make_model, /* printer-make-and-model attribute */
|
*make_model, /* printer-make-and-model attribute */
|
||||||
@ -607,7 +608,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
auth_info_req[1024], /* auth-info-required attribute */
|
auth_info_req[1024], /* auth-info-required attribute */
|
||||||
reasons[1024]; /* printer-state-reasons attribute */
|
reasons[1024]; /* printer-state-reasons attribute */
|
||||||
int num_options; /* Number of options */
|
int num_options; /* Number of options */
|
||||||
@@ -1008,6 +1220,14 @@ cups_get_sdests(http_t *http, /* I
|
@@ -1016,6 +1228,14 @@ cups_get_sdests(http_t *http, /* I
|
||||||
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
|
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
|
||||||
"requesting-user-name", NULL, cupsUser());
|
"requesting-user-name", NULL, cupsUser());
|
||||||
|
|
||||||
@ -622,7 +623,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
/*
|
/*
|
||||||
* Do the request and get back a response...
|
* Do the request and get back a response...
|
||||||
*/
|
*/
|
||||||
@@ -1030,17 +1250,17 @@ cups_get_sdests(http_t *http, /* I
|
@@ -1038,17 +1258,17 @@ cups_get_sdests(http_t *http, /* I
|
||||||
* Pull the needed attributes from this printer...
|
* Pull the needed attributes from this printer...
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -651,7 +652,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
|
|
||||||
auth_info_req[0] = '\0';
|
auth_info_req[0] = '\0';
|
||||||
job_sheets[0] = '\0';
|
job_sheets[0] = '\0';
|
||||||
@@ -1091,7 +1311,7 @@ cups_get_sdests(http_t *http, /* I
|
@@ -1099,7 +1319,7 @@ cups_get_sdests(http_t *http, /* I
|
||||||
make_model = attr->values[0].string.text;
|
make_model = attr->values[0].string.text;
|
||||||
else if (!strcmp(attr->name, "printer-name") &&
|
else if (!strcmp(attr->name, "printer-name") &&
|
||||||
attr->value_tag == IPP_TAG_NAME)
|
attr->value_tag == IPP_TAG_NAME)
|
||||||
@ -660,7 +661,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
else if (!strcmp(attr->name, "printer-state") &&
|
else if (!strcmp(attr->name, "printer-state") &&
|
||||||
attr->value_tag == IPP_TAG_ENUM)
|
attr->value_tag == IPP_TAG_ENUM)
|
||||||
state = attr->values[0].integer;
|
state = attr->values[0].integer;
|
||||||
@@ -1196,7 +1416,7 @@ cups_get_sdests(http_t *http, /* I
|
@@ -1204,7 +1424,7 @@ cups_get_sdests(http_t *http, /* I
|
||||||
* See if we have everything needed...
|
* See if we have everything needed...
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -669,7 +670,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
{
|
{
|
||||||
cupsFreeOptions(num_options, options);
|
cupsFreeOptions(num_options, options);
|
||||||
|
|
||||||
@@ -1206,9 +1426,9 @@ cups_get_sdests(http_t *http, /* I
|
@@ -1214,9 +1434,9 @@ cups_get_sdests(http_t *http, /* I
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -681,9 +682,9 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
|||||||
{
|
{
|
||||||
dest->num_options = num_options;
|
dest->num_options = num_options;
|
||||||
dest->options = options;
|
dest->options = options;
|
||||||
diff -up cups-1.3.8/cups/libcups.exp.getnameddest cups-1.3.8/cups/libcups.exp
|
diff -up cups-1.3.9/cups/libcups.exp.getnameddest cups-1.3.9/cups/libcups.exp
|
||||||
--- cups-1.3.8/cups/libcups.exp.getnameddest 2008-04-09 04:39:40.000000000 +0100
|
--- cups-1.3.9/cups/libcups.exp.getnameddest 2008-04-09 04:39:40.000000000 +0100
|
||||||
+++ cups-1.3.8/cups/libcups.exp 2008-07-28 16:28:24.000000000 +0100
|
+++ cups-1.3.9/cups/libcups.exp 2008-10-10 09:35:05.000000000 +0100
|
||||||
@@ -114,6 +114,7 @@ _cupsGetFd
|
@@ -114,6 +114,7 @@ _cupsGetFd
|
||||||
_cupsGetFile
|
_cupsGetFile
|
||||||
_cupsGetJobs
|
_cupsGetJobs
|
||||||
@ -692,9 +693,9 @@ diff -up cups-1.3.8/cups/libcups.exp.getnameddest cups-1.3.8/cups/libcups.exp
|
|||||||
_cupsGetOption
|
_cupsGetOption
|
||||||
_cupsGetPassword
|
_cupsGetPassword
|
||||||
_cupsGetPPD
|
_cupsGetPPD
|
||||||
diff -up cups-1.3.8/cups/Makefile.getnameddest cups-1.3.8/cups/Makefile
|
diff -up cups-1.3.9/cups/Makefile.getnameddest cups-1.3.9/cups/Makefile
|
||||||
--- cups-1.3.8/cups/Makefile.getnameddest 2008-02-20 20:18:33.000000000 +0000
|
--- cups-1.3.9/cups/Makefile.getnameddest 2008-09-06 01:30:39.000000000 +0100
|
||||||
+++ cups-1.3.8/cups/Makefile 2008-07-28 16:28:24.000000000 +0100
|
+++ cups-1.3.9/cups/Makefile 2008-10-10 09:35:05.000000000 +0100
|
||||||
@@ -263,7 +263,7 @@ libcups.so.2 libcups.sl.2: $(LIBOBJS)
|
@@ -263,7 +263,7 @@ libcups.so.2 libcups.sl.2: $(LIBOBJS)
|
||||||
# libcups.2.dylib
|
# libcups.2.dylib
|
||||||
#
|
#
|
||||||
@ -704,9 +705,9 @@ diff -up cups-1.3.8/cups/Makefile.getnameddest cups-1.3.8/cups/Makefile
|
|||||||
echo Linking $@...
|
echo Linking $@...
|
||||||
$(DSO) $(ARCHFLAGS) $(DSOFLAGS) -o $@ \
|
$(DSO) $(ARCHFLAGS) $(DSOFLAGS) -o $@ \
|
||||||
-install_name $(libdir)/$@ \
|
-install_name $(libdir)/$@ \
|
||||||
diff -up cups-1.3.8/cups/testcups.c.getnameddest cups-1.3.8/cups/testcups.c
|
diff -up cups-1.3.9/cups/testcups.c.getnameddest cups-1.3.9/cups/testcups.c
|
||||||
--- cups-1.3.8/cups/testcups.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
--- cups-1.3.9/cups/testcups.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
||||||
+++ cups-1.3.8/cups/testcups.c 2008-07-28 16:37:24.000000000 +0100
|
+++ cups-1.3.9/cups/testcups.c 2008-10-10 09:35:05.000000000 +0100
|
||||||
@@ -16,7 +16,8 @@
|
@@ -16,7 +16,8 @@
|
||||||
*
|
*
|
||||||
* Contents:
|
* Contents:
|
||||||
@ -947,9 +948,9 @@ diff -up cups-1.3.8/cups/testcups.c.getnameddest cups-1.3.8/cups/testcups.c
|
|||||||
+/*
|
+/*
|
||||||
* End of "$Id: testcups.c 7721 2008-07-11 22:48:49Z mike $".
|
* End of "$Id: testcups.c 7721 2008-07-11 22:48:49Z mike $".
|
||||||
*/
|
*/
|
||||||
diff -up cups-1.3.8/systemv/lp.c.getnameddest cups-1.3.8/systemv/lp.c
|
diff -up cups-1.3.9/systemv/lp.c.getnameddest cups-1.3.9/systemv/lp.c
|
||||||
--- cups-1.3.8/systemv/lp.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
--- cups-1.3.9/systemv/lp.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
||||||
+++ cups-1.3.8/systemv/lp.c 2008-07-28 16:28:24.000000000 +0100
|
+++ cups-1.3.9/systemv/lp.c 2008-10-10 09:35:05.000000000 +0100
|
||||||
@@ -73,9 +73,7 @@ main(int argc, /* I - Number of comm
|
@@ -73,9 +73,7 @@ main(int argc, /* I - Number of comm
|
||||||
int num_copies; /* Number of copies per file */
|
int num_copies; /* Number of copies per file */
|
||||||
int num_files; /* Number of files to print */
|
int num_files; /* Number of files to print */
|
||||||
|
@ -1,146 +0,0 @@
|
|||||||
diff -up cups-1.3.8/config.h.in.res_init cups-1.3.8/config.h.in
|
|
||||||
--- cups-1.3.8/config.h.in.res_init 2008-09-03 15:34:23.000000000 +0100
|
|
||||||
+++ cups-1.3.8/config.h.in 2008-09-03 15:34:52.000000000 +0100
|
|
||||||
@@ -365,6 +365,13 @@
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
+ * Do we have __res_init()?
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#undef HAVE_RES_INIT
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
* Do we have hstrerror()?
|
|
||||||
*/
|
|
||||||
|
|
||||||
diff -up cups-1.3.8/config-scripts/cups-network.m4.res_init cups-1.3.8/config-scripts/cups-network.m4
|
|
||||||
--- cups-1.3.8/config-scripts/cups-network.m4.res_init 2007-12-19 01:47:57.000000000 +0000
|
|
||||||
+++ cups-1.3.8/config-scripts/cups-network.m4 2008-09-03 15:34:14.000000000 +0100
|
|
||||||
@@ -18,6 +18,7 @@ AC_SEARCH_LIBS(gethostbyaddr, nsl)
|
|
||||||
AC_SEARCH_LIBS(getifaddrs, nsl, AC_DEFINE(HAVE_GETIFADDRS))
|
|
||||||
AC_SEARCH_LIBS(hstrerror, nsl socket resolv, AC_DEFINE(HAVE_HSTRERROR))
|
|
||||||
AC_SEARCH_LIBS(rresvport_af, nsl, AC_DEFINE(HAVE_RRESVPORT_AF))
|
|
||||||
+AC_SEARCH_LIBS(__res_init, resolv bind, AC_DEFINE(HAVE_RES_INIT))
|
|
||||||
|
|
||||||
# Tru64 5.1b leaks file descriptors with these functions; disable until
|
|
||||||
# we can come up with a test for this...
|
|
||||||
diff -up cups-1.3.8/configure.res_init cups-1.3.8/configure
|
|
||||||
--- cups-1.3.8/configure.res_init 2008-09-03 15:34:14.000000000 +0100
|
|
||||||
+++ cups-1.3.8/configure 2008-09-03 15:34:14.000000000 +0100
|
|
||||||
@@ -12189,6 +12189,92 @@ _ACEOF
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
||||||
+{ echo "$as_me:$LINENO: checking for library containing __res_init" >&5
|
|
||||||
+echo $ECHO_N "checking for library containing __res_init... $ECHO_C" >&6; }
|
|
||||||
+if test "${ac_cv_search___res_init+set}" = set; then
|
|
||||||
+ echo $ECHO_N "(cached) $ECHO_C" >&6
|
|
||||||
+else
|
|
||||||
+ ac_func_search_save_LIBS=$LIBS
|
|
||||||
+cat >conftest.$ac_ext <<_ACEOF
|
|
||||||
+/* confdefs.h. */
|
|
||||||
+_ACEOF
|
|
||||||
+cat confdefs.h >>conftest.$ac_ext
|
|
||||||
+cat >>conftest.$ac_ext <<_ACEOF
|
|
||||||
+/* end confdefs.h. */
|
|
||||||
+
|
|
||||||
+/* Override any GCC internal prototype to avoid an error.
|
|
||||||
+ Use char because int might match the return type of a GCC
|
|
||||||
+ builtin and then its argument prototype would still apply. */
|
|
||||||
+#ifdef __cplusplus
|
|
||||||
+extern "C"
|
|
||||||
+#endif
|
|
||||||
+char __res_init ();
|
|
||||||
+int
|
|
||||||
+main ()
|
|
||||||
+{
|
|
||||||
+return __res_init ();
|
|
||||||
+ ;
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+_ACEOF
|
|
||||||
+for ac_lib in '' resolv bind; do
|
|
||||||
+ if test -z "$ac_lib"; then
|
|
||||||
+ ac_res="none required"
|
|
||||||
+ else
|
|
||||||
+ ac_res=-l$ac_lib
|
|
||||||
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
|
|
||||||
+ fi
|
|
||||||
+ rm -f conftest.$ac_objext conftest$ac_exeext
|
|
||||||
+if { (ac_try="$ac_link"
|
|
||||||
+case "(($ac_try" in
|
|
||||||
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
|
||||||
+ *) ac_try_echo=$ac_try;;
|
|
||||||
+esac
|
|
||||||
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
|
||||||
+ (eval "$ac_link") 2>conftest.er1
|
|
||||||
+ ac_status=$?
|
|
||||||
+ grep -v '^ *+' conftest.er1 >conftest.err
|
|
||||||
+ rm -f conftest.er1
|
|
||||||
+ cat conftest.err >&5
|
|
||||||
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
|
||||||
+ (exit $ac_status); } && {
|
|
||||||
+ test -z "$ac_c_werror_flag" ||
|
|
||||||
+ test ! -s conftest.err
|
|
||||||
+ } && test -s conftest$ac_exeext &&
|
|
||||||
+ $as_test_x conftest$ac_exeext; then
|
|
||||||
+ ac_cv_search___res_init=$ac_res
|
|
||||||
+else
|
|
||||||
+ echo "$as_me: failed program was:" >&5
|
|
||||||
+sed 's/^/| /' conftest.$ac_ext >&5
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+fi
|
|
||||||
+
|
|
||||||
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
|
|
||||||
+ conftest$ac_exeext
|
|
||||||
+ if test "${ac_cv_search___res_init+set}" = set; then
|
|
||||||
+ break
|
|
||||||
+fi
|
|
||||||
+done
|
|
||||||
+if test "${ac_cv_search___res_init+set}" = set; then
|
|
||||||
+ :
|
|
||||||
+else
|
|
||||||
+ ac_cv_search___res_init=no
|
|
||||||
+fi
|
|
||||||
+rm conftest.$ac_ext
|
|
||||||
+LIBS=$ac_func_search_save_LIBS
|
|
||||||
+fi
|
|
||||||
+{ echo "$as_me:$LINENO: result: $ac_cv_search___res_init" >&5
|
|
||||||
+echo "${ECHO_T}$ac_cv_search___res_init" >&6; }
|
|
||||||
+ac_res=$ac_cv_search___res_init
|
|
||||||
+if test "$ac_res" != no; then
|
|
||||||
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
|
|
||||||
+ cat >>confdefs.h <<\_ACEOF
|
|
||||||
+#define HAVE_RES_INIT 1
|
|
||||||
+_ACEOF
|
|
||||||
+
|
|
||||||
+fi
|
|
||||||
+
|
|
||||||
|
|
||||||
# Tru64 5.1b leaks file descriptors with these functions; disable until
|
|
||||||
# we can come up with a test for this...
|
|
||||||
diff -up cups-1.3.8/scheduler/cups-polld.c.res_init cups-1.3.8/scheduler/cups-polld.c
|
|
||||||
--- cups-1.3.8/scheduler/cups-polld.c.res_init 2008-01-08 00:16:30.000000000 +0000
|
|
||||||
+++ cups-1.3.8/scheduler/cups-polld.c 2008-09-03 15:34:14.000000000 +0100
|
|
||||||
@@ -155,6 +155,18 @@ main(int argc, /* I - Number of comm
|
|
||||||
restart_polling = 0;
|
|
||||||
httpClose(http);
|
|
||||||
|
|
||||||
+#ifdef HAVE_RES_INIT
|
|
||||||
+ if (!http)
|
|
||||||
+ {
|
|
||||||
+ /*
|
|
||||||
+ * Reinit the resolver so that it doesn't cache a previous
|
|
||||||
+ * hostname lookup failure. This fixes the situation where a
|
|
||||||
+ * network interface becomes available after polling starts.
|
|
||||||
+ */
|
|
||||||
+ __res_init ();
|
|
||||||
+ }
|
|
||||||
+#endif /* HAVE_RES_INIT */
|
|
||||||
+
|
|
||||||
if ((http = httpConnectEncrypt(argv[1], atoi(argv[2]),
|
|
||||||
cupsEncryption())) == NULL)
|
|
||||||
{
|
|
@ -1,86 +0,0 @@
|
|||||||
diff -up cups-1.3.8/scheduler/client.c.str2892 cups-1.3.8/scheduler/client.c
|
|
||||||
--- cups-1.3.8/scheduler/client.c.str2892 2008-07-11 23:48:49.000000000 +0100
|
|
||||||
+++ cups-1.3.8/scheduler/client.c 2008-08-03 11:42:35.000000000 +0100
|
|
||||||
@@ -28,6 +28,7 @@
|
|
||||||
* cupsdUpdateCGI() - Read status messages from CGI scripts and programs.
|
|
||||||
* cupsdWriteClient() - Write data to a client as needed.
|
|
||||||
* check_if_modified() - Decode an "If-Modified-Since" line.
|
|
||||||
+ * data_ready() - Check whether data is available from a client.
|
|
||||||
* encrypt_client() - Enable encryption for the client...
|
|
||||||
* get_cdsa_certificate() - Convert a keychain name into the CFArrayRef
|
|
||||||
* required by SSLSetCertificate.
|
|
||||||
@@ -83,6 +84,7 @@ extern const char *cssmErrorString(int e
|
|
||||||
|
|
||||||
static int check_if_modified(cupsd_client_t *con,
|
|
||||||
struct stat *filestats);
|
|
||||||
+static int data_ready(cupsd_client_t *con);
|
|
||||||
#ifdef HAVE_SSL
|
|
||||||
static int encrypt_client(cupsd_client_t *con);
|
|
||||||
#endif /* HAVE_SSL */
|
|
||||||
@@ -989,8 +991,7 @@ cupsdReadClient(cupsd_client_t *con) /*
|
|
||||||
*/
|
|
||||||
|
|
||||||
while ((status = httpUpdate(HTTP(con))) == HTTP_CONTINUE)
|
|
||||||
- if (con->http.used == 0 ||
|
|
||||||
- !memchr(con->http.buffer, '\n', con->http.used))
|
|
||||||
+ if (!data_ready(con))
|
|
||||||
break;
|
|
||||||
|
|
||||||
if (status != HTTP_OK && status != HTTP_CONTINUE)
|
|
||||||
@@ -1889,7 +1890,7 @@ cupsdReadClient(cupsd_client_t *con) /*
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- while (con->http.state == HTTP_PUT_RECV && con->http.used > 0);
|
|
||||||
+ while (con->http.state == HTTP_PUT_RECV && data_ready(con));
|
|
||||||
|
|
||||||
if (con->http.state == HTTP_WAITING)
|
|
||||||
{
|
|
||||||
@@ -2064,7 +2065,7 @@ cupsdReadClient(cupsd_client_t *con) /*
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
- while (con->http.state == HTTP_POST_RECV && con->http.used > 0);
|
|
||||||
+ while (con->http.state == HTTP_POST_RECV && data_ready(con));
|
|
||||||
|
|
||||||
if (con->http.state == HTTP_POST_SEND)
|
|
||||||
{
|
|
||||||
@@ -2914,6 +2915,38 @@ check_if_modified(
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * 'data_ready()' - Check whether data is available from a client.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+static int /* O - 1 if data is ready, 0 otherwise */
|
|
||||||
+data_ready(cupsd_client_t *con) /* I - Client */
|
|
||||||
+{
|
|
||||||
+ if (con->http.used > 0)
|
|
||||||
+ return (1);
|
|
||||||
+#ifdef HAVE_SSL
|
|
||||||
+ else if (con->http.tls)
|
|
||||||
+ {
|
|
||||||
+# ifdef HAVE_LIBSSL
|
|
||||||
+ if (SSL_pending((SSL *)(con->http.tls)))
|
|
||||||
+ return (1);
|
|
||||||
+# elif defined(HAVE_GNUTLS)
|
|
||||||
+ if (gnutls_record_check_pending(((http_tls_t *)(con->http.tls))->session))
|
|
||||||
+ return (1);
|
|
||||||
+# elif defined(HAVE_CDSASSL)
|
|
||||||
+ size_t bytes; /* Bytes that are available */
|
|
||||||
+
|
|
||||||
+ if (!SSLGetBufferedReadSize(((http_tls_t *)(con->http.tls))->session,
|
|
||||||
+ &bytes) && bytes > 0)
|
|
||||||
+ return (1);
|
|
||||||
+# endif /* HAVE_LIBSSL */
|
|
||||||
+ }
|
|
||||||
+#endif /* HAVE_SSL */
|
|
||||||
+
|
|
||||||
+ return (0);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+
|
|
||||||
#ifdef HAVE_SSL
|
|
||||||
/*
|
|
||||||
* 'encrypt_client()' - Enable encryption for the client...
|
|
22
cups.spec
22
cups.spec
@ -6,8 +6,8 @@
|
|||||||
|
|
||||||
Summary: Common Unix Printing System
|
Summary: Common Unix Printing System
|
||||||
Name: cups
|
Name: cups
|
||||||
Version: 1.3.8
|
Version: 1.3.9
|
||||||
Release: 6%{?svn:.svn%{svn}}%{?dist}
|
Release: 1%{?svn:.svn%{svn}}%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.bz2
|
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.bz2
|
||||||
@ -47,10 +47,8 @@ Patch19: cups-strict-ppd-line-length.patch
|
|||||||
Patch20: cups-logrotate.patch
|
Patch20: cups-logrotate.patch
|
||||||
Patch21: cups-usb-paperout.patch
|
Patch21: cups-usb-paperout.patch
|
||||||
Patch22: cups-getnameddest.patch
|
Patch22: cups-getnameddest.patch
|
||||||
Patch23: cups-str2892.patch
|
Patch23: cups-str2101.patch
|
||||||
Patch24: cups-str2101.patch
|
Patch24: cups-str2536.patch
|
||||||
Patch25: cups-res_init.patch
|
|
||||||
Patch26: cups-str2536.patch
|
|
||||||
Patch100: cups-lspp.patch
|
Patch100: cups-lspp.patch
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Url: http://www.cups.org/
|
Url: http://www.cups.org/
|
||||||
@ -186,10 +184,8 @@ module.
|
|||||||
%patch20 -p1 -b .logrotate
|
%patch20 -p1 -b .logrotate
|
||||||
%patch21 -p1 -b .usb-paperout
|
%patch21 -p1 -b .usb-paperout
|
||||||
%patch22 -p1 -b .getnameddest
|
%patch22 -p1 -b .getnameddest
|
||||||
%patch23 -p1 -b .str2892
|
%patch23 -p1 -b .str2101
|
||||||
%patch24 -p1 -b .str2101
|
%patch24 -p1 -b .str2536
|
||||||
%patch25 -p1 -b .res_init
|
|
||||||
%patch26 -p1 -b .str2536
|
|
||||||
|
|
||||||
%if %lspp
|
%if %lspp
|
||||||
%patch100 -p1 -b .lspp
|
%patch100 -p1 -b .lspp
|
||||||
@ -481,6 +477,12 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_libdir}/php/modules/*.so
|
%{_libdir}/php/modules/*.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 10 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.9-1
|
||||||
|
- 1.3.9, including fixes for CVE-2008-3639 (STR #2918, bug #464710),
|
||||||
|
CVE-2008-3640 (STR #2919, bug #464713) and CVE-2008-3641 (STR #2911,
|
||||||
|
bug #464716).
|
||||||
|
- No longer need str2892 or res_init patches.
|
||||||
|
|
||||||
* Wed Sep 10 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.8-6
|
* Wed Sep 10 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.8-6
|
||||||
- Backported patch for FatalErrors configuration directive
|
- Backported patch for FatalErrors configuration directive
|
||||||
(bug #314941, STR #2536).
|
(bug #314941, STR #2536).
|
||||||
|
Loading…
Reference in New Issue
Block a user