CVE-2008-3640 (STR #2919, bug #464713) and CVE-2008-3641 (STR #2911, bug #464716). - No longer need str2892 or res_init patches.
This commit is contained in:
parent
d9669961e9
commit
f5608b99a9
@ -33,3 +33,4 @@ cups-1.3.5-source.tar.bz2
|
||||
cups-1.3.6-source.tar.bz2
|
||||
cups-1.3.7-source.tar.bz2
|
||||
cups-1.3.8-source.tar.bz2
|
||||
cups-1.3.9-source.tar.bz2
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up cups-1.3.8/berkeley/lpr.c.getnameddest cups-1.3.8/berkeley/lpr.c
|
||||
--- cups-1.3.8/berkeley/lpr.c.getnameddest 2008-07-28 16:28:24.000000000 +0100
|
||||
+++ cups-1.3.8/berkeley/lpr.c 2008-07-28 16:28:24.000000000 +0100
|
||||
diff -up cups-1.3.9/berkeley/lpr.c.getnameddest cups-1.3.9/berkeley/lpr.c
|
||||
--- cups-1.3.9/berkeley/lpr.c.getnameddest 2008-10-10 09:35:05.000000000 +0100
|
||||
+++ cups-1.3.9/berkeley/lpr.c 2008-10-10 09:35:05.000000000 +0100
|
||||
@@ -92,9 +92,7 @@ main(int argc, /* I - Number of comm
|
||||
int num_copies; /* Number of copies per file */
|
||||
int num_files; /* Number of files to print */
|
||||
@ -55,9 +55,9 @@ diff -up cups-1.3.8/berkeley/lpr.c.getnameddest cups-1.3.8/berkeley/lpr.c
|
||||
_cupsLangPrintf(stderr,
|
||||
_("%s: Error - %s environment variable names "
|
||||
"non-existent destination \"%s\"!\n"),
|
||||
diff -up cups-1.3.8/cups/cups.h.getnameddest cups-1.3.8/cups/cups.h
|
||||
--- cups-1.3.8/cups/cups.h.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
||||
+++ cups-1.3.8/cups/cups.h 2008-07-28 16:28:24.000000000 +0100
|
||||
diff -up cups-1.3.9/cups/cups.h.getnameddest cups-1.3.9/cups/cups.h
|
||||
--- cups-1.3.9/cups/cups.h.getnameddest 2008-07-23 01:06:46.000000000 +0100
|
||||
+++ cups-1.3.9/cups/cups.h 2008-10-10 09:35:05.000000000 +0100
|
||||
@@ -248,6 +248,9 @@ extern void cupsSetDefaultDest(const ch
|
||||
int num_dests,
|
||||
cups_dest_t *dests);
|
||||
@ -68,9 +68,9 @@ diff -up cups-1.3.8/cups/cups.h.getnameddest cups-1.3.8/cups/cups.h
|
||||
|
||||
# ifdef __cplusplus
|
||||
}
|
||||
diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
--- cups-1.3.8/cups/dest.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
||||
+++ cups-1.3.8/cups/dest.c 2008-07-28 16:28:24.000000000 +0100
|
||||
diff -up cups-1.3.9/cups/dest.c.getnameddest cups-1.3.9/cups/dest.c
|
||||
--- cups-1.3.9/cups/dest.c.getnameddest 2008-09-17 00:37:56.000000000 +0100
|
||||
+++ cups-1.3.9/cups/dest.c 2008-10-10 09:36:02.000000000 +0100
|
||||
@@ -25,6 +25,7 @@
|
||||
* server.
|
||||
* cupsGetDests2() - Get the list of destinations from the
|
||||
@ -128,18 +128,19 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
|
||||
return (num_dests);
|
||||
}
|
||||
@@ -330,8 +333,8 @@ cupsGetDests2(http_t *http, /* I -
|
||||
@@ -330,9 +333,9 @@ cupsGetDests2(http_t *http, /* I -
|
||||
* Grab the printers and classes...
|
||||
*/
|
||||
|
||||
- num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, num_dests, dests);
|
||||
- num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, num_dests, dests);
|
||||
+ num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, NULL, num_dests, dests);
|
||||
if (cupsLastError() < IPP_REDIRECTION_OTHER_SITE)
|
||||
- num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, num_dests, dests);
|
||||
+ num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, NULL, num_dests, dests);
|
||||
|
||||
/*
|
||||
* Make a copy of the "real" queues for a later sanity check...
|
||||
@@ -390,7 +393,7 @@ cupsGetDests2(http_t *http, /* I -
|
||||
if (cupsLastError() >= IPP_REDIRECTION_OTHER_SITE)
|
||||
{
|
||||
@@ -398,7 +401,7 @@ cupsGetDests2(http_t *http, /* I -
|
||||
*/
|
||||
|
||||
snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
|
||||
@ -148,7 +149,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
|
||||
if ((home = getenv("HOME")) != NULL)
|
||||
{
|
||||
@@ -398,7 +401,7 @@ cupsGetDests2(http_t *http, /* I -
|
||||
@@ -406,7 +409,7 @@ cupsGetDests2(http_t *http, /* I -
|
||||
if (access(filename, 0))
|
||||
snprintf(filename, sizeof(filename), "%s/.lpoptions", home);
|
||||
|
||||
@ -157,7 +158,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -452,6 +455,136 @@ cupsGetDests2(http_t *http, /* I -
|
||||
@@ -460,6 +463,136 @@ cupsGetDests2(http_t *http, /* I -
|
||||
|
||||
|
||||
/*
|
||||
@ -294,7 +295,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
* 'cupsRemoveDest()' - Remove a destination from the destination list.
|
||||
*
|
||||
* Removing a destination/instance does not delete the class or printer
|
||||
@@ -548,19 +681,17 @@ void
|
||||
@@ -556,19 +689,17 @@ void
|
||||
cupsSetDests(int num_dests, /* I - Number of destinations */
|
||||
cups_dest_t *dests) /* I - Destinations */
|
||||
{
|
||||
@ -318,7 +319,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
}
|
||||
|
||||
|
||||
@@ -606,8 +737,8 @@ cupsSetDests2(http_t *http, /* I -
|
||||
@@ -614,8 +745,8 @@ cupsSetDests2(http_t *http, /* I -
|
||||
* Get the server destinations...
|
||||
*/
|
||||
|
||||
@ -329,7 +330,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
|
||||
/*
|
||||
* Figure out which file to write to...
|
||||
@@ -622,7 +753,7 @@ cupsSetDests2(http_t *http, /* I -
|
||||
@@ -630,7 +761,7 @@ cupsSetDests2(http_t *http, /* I -
|
||||
* Merge in server defaults...
|
||||
*/
|
||||
|
||||
@ -338,7 +339,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
|
||||
/*
|
||||
* Point to user defaults...
|
||||
@@ -789,24 +920,88 @@ cupsSetDests2(http_t *http, /* I -
|
||||
@@ -797,24 +928,88 @@ cupsSetDests2(http_t *http, /* I -
|
||||
|
||||
|
||||
/*
|
||||
@ -428,7 +429,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
/*
|
||||
* Check environment variables...
|
||||
*/
|
||||
@@ -816,12 +1011,8 @@ cups_get_dests(const char *filename, /*
|
||||
@@ -824,12 +1019,8 @@ cups_get_dests(const char *filename, /*
|
||||
if (strcmp(printer, "lp") == 0)
|
||||
printer = NULL;
|
||||
|
||||
@ -443,7 +444,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
|
||||
/*
|
||||
* Read each printer; each line looks like:
|
||||
@@ -830,28 +1021,22 @@ cups_get_dests(const char *filename, /*
|
||||
@@ -838,28 +1029,22 @@ cups_get_dests(const char *filename, /*
|
||||
* Default name[/instance] options
|
||||
*/
|
||||
|
||||
@ -481,7 +482,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
|
||||
name = lineptr;
|
||||
|
||||
@@ -862,9 +1047,6 @@ cups_get_dests(const char *filename, /*
|
||||
@@ -870,9 +1055,6 @@ cups_get_dests(const char *filename, /*
|
||||
while (!isspace(*lineptr & 255) && *lineptr && *lineptr != '/')
|
||||
lineptr ++;
|
||||
|
||||
@ -491,7 +492,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
if (*lineptr == '/')
|
||||
{
|
||||
/*
|
||||
@@ -884,30 +1066,49 @@ cups_get_dests(const char *filename, /*
|
||||
@@ -892,30 +1074,49 @@ cups_get_dests(const char *filename, /*
|
||||
else
|
||||
instance = NULL;
|
||||
|
||||
@ -554,7 +555,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -918,11 +1119,20 @@ cups_get_dests(const char *filename, /*
|
||||
@@ -926,11 +1127,20 @@ cups_get_dests(const char *filename, /*
|
||||
&(dest->options));
|
||||
|
||||
/*
|
||||
@ -576,7 +577,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
for (i = 0; i < num_dests; i ++)
|
||||
(*dests)[i].is_default = 0;
|
||||
|
||||
@@ -934,7 +1144,7 @@ cups_get_dests(const char *filename, /*
|
||||
@@ -942,7 +1152,7 @@ cups_get_dests(const char *filename, /*
|
||||
* Close the file and return...
|
||||
*/
|
||||
|
||||
@ -585,7 +586,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
|
||||
return (num_dests);
|
||||
}
|
||||
@@ -946,7 +1156,8 @@ cups_get_dests(const char *filename, /*
|
||||
@@ -954,7 +1164,8 @@ cups_get_dests(const char *filename, /*
|
||||
|
||||
static int /* O - Number of destinations */
|
||||
cups_get_sdests(http_t *http, /* I - HTTP connection */
|
||||
@ -595,7 +596,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
int num_dests, /* I - Number of destinations */
|
||||
cups_dest_t **dests) /* IO - Destinations */
|
||||
{
|
||||
@@ -963,8 +1174,9 @@ cups_get_sdests(http_t *http, /* I
|
||||
@@ -971,8 +1182,9 @@ cups_get_sdests(http_t *http, /* I
|
||||
const char *info, /* printer-info attribute */
|
||||
*location, /* printer-location attribute */
|
||||
*make_model, /* printer-make-and-model attribute */
|
||||
@ -607,7 +608,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
auth_info_req[1024], /* auth-info-required attribute */
|
||||
reasons[1024]; /* printer-state-reasons attribute */
|
||||
int num_options; /* Number of options */
|
||||
@@ -1008,6 +1220,14 @@ cups_get_sdests(http_t *http, /* I
|
||||
@@ -1016,6 +1228,14 @@ cups_get_sdests(http_t *http, /* I
|
||||
ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
|
||||
"requesting-user-name", NULL, cupsUser());
|
||||
|
||||
@ -622,7 +623,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
/*
|
||||
* Do the request and get back a response...
|
||||
*/
|
||||
@@ -1030,17 +1250,17 @@ cups_get_sdests(http_t *http, /* I
|
||||
@@ -1038,17 +1258,17 @@ cups_get_sdests(http_t *http, /* I
|
||||
* Pull the needed attributes from this printer...
|
||||
*/
|
||||
|
||||
@ -651,7 +652,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
|
||||
auth_info_req[0] = '\0';
|
||||
job_sheets[0] = '\0';
|
||||
@@ -1091,7 +1311,7 @@ cups_get_sdests(http_t *http, /* I
|
||||
@@ -1099,7 +1319,7 @@ cups_get_sdests(http_t *http, /* I
|
||||
make_model = attr->values[0].string.text;
|
||||
else if (!strcmp(attr->name, "printer-name") &&
|
||||
attr->value_tag == IPP_TAG_NAME)
|
||||
@ -660,7 +661,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
else if (!strcmp(attr->name, "printer-state") &&
|
||||
attr->value_tag == IPP_TAG_ENUM)
|
||||
state = attr->values[0].integer;
|
||||
@@ -1196,7 +1416,7 @@ cups_get_sdests(http_t *http, /* I
|
||||
@@ -1204,7 +1424,7 @@ cups_get_sdests(http_t *http, /* I
|
||||
* See if we have everything needed...
|
||||
*/
|
||||
|
||||
@ -669,7 +670,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
{
|
||||
cupsFreeOptions(num_options, options);
|
||||
|
||||
@@ -1206,9 +1426,9 @@ cups_get_sdests(http_t *http, /* I
|
||||
@@ -1214,9 +1434,9 @@ cups_get_sdests(http_t *http, /* I
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -681,9 +682,9 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
|
||||
{
|
||||
dest->num_options = num_options;
|
||||
dest->options = options;
|
||||
diff -up cups-1.3.8/cups/libcups.exp.getnameddest cups-1.3.8/cups/libcups.exp
|
||||
--- cups-1.3.8/cups/libcups.exp.getnameddest 2008-04-09 04:39:40.000000000 +0100
|
||||
+++ cups-1.3.8/cups/libcups.exp 2008-07-28 16:28:24.000000000 +0100
|
||||
diff -up cups-1.3.9/cups/libcups.exp.getnameddest cups-1.3.9/cups/libcups.exp
|
||||
--- cups-1.3.9/cups/libcups.exp.getnameddest 2008-04-09 04:39:40.000000000 +0100
|
||||
+++ cups-1.3.9/cups/libcups.exp 2008-10-10 09:35:05.000000000 +0100
|
||||
@@ -114,6 +114,7 @@ _cupsGetFd
|
||||
_cupsGetFile
|
||||
_cupsGetJobs
|
||||
@ -692,9 +693,9 @@ diff -up cups-1.3.8/cups/libcups.exp.getnameddest cups-1.3.8/cups/libcups.exp
|
||||
_cupsGetOption
|
||||
_cupsGetPassword
|
||||
_cupsGetPPD
|
||||
diff -up cups-1.3.8/cups/Makefile.getnameddest cups-1.3.8/cups/Makefile
|
||||
--- cups-1.3.8/cups/Makefile.getnameddest 2008-02-20 20:18:33.000000000 +0000
|
||||
+++ cups-1.3.8/cups/Makefile 2008-07-28 16:28:24.000000000 +0100
|
||||
diff -up cups-1.3.9/cups/Makefile.getnameddest cups-1.3.9/cups/Makefile
|
||||
--- cups-1.3.9/cups/Makefile.getnameddest 2008-09-06 01:30:39.000000000 +0100
|
||||
+++ cups-1.3.9/cups/Makefile 2008-10-10 09:35:05.000000000 +0100
|
||||
@@ -263,7 +263,7 @@ libcups.so.2 libcups.sl.2: $(LIBOBJS)
|
||||
# libcups.2.dylib
|
||||
#
|
||||
@ -704,9 +705,9 @@ diff -up cups-1.3.8/cups/Makefile.getnameddest cups-1.3.8/cups/Makefile
|
||||
echo Linking $@...
|
||||
$(DSO) $(ARCHFLAGS) $(DSOFLAGS) -o $@ \
|
||||
-install_name $(libdir)/$@ \
|
||||
diff -up cups-1.3.8/cups/testcups.c.getnameddest cups-1.3.8/cups/testcups.c
|
||||
--- cups-1.3.8/cups/testcups.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
||||
+++ cups-1.3.8/cups/testcups.c 2008-07-28 16:37:24.000000000 +0100
|
||||
diff -up cups-1.3.9/cups/testcups.c.getnameddest cups-1.3.9/cups/testcups.c
|
||||
--- cups-1.3.9/cups/testcups.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
||||
+++ cups-1.3.9/cups/testcups.c 2008-10-10 09:35:05.000000000 +0100
|
||||
@@ -16,7 +16,8 @@
|
||||
*
|
||||
* Contents:
|
||||
@ -947,9 +948,9 @@ diff -up cups-1.3.8/cups/testcups.c.getnameddest cups-1.3.8/cups/testcups.c
|
||||
+/*
|
||||
* End of "$Id: testcups.c 7721 2008-07-11 22:48:49Z mike $".
|
||||
*/
|
||||
diff -up cups-1.3.8/systemv/lp.c.getnameddest cups-1.3.8/systemv/lp.c
|
||||
--- cups-1.3.8/systemv/lp.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
||||
+++ cups-1.3.8/systemv/lp.c 2008-07-28 16:28:24.000000000 +0100
|
||||
diff -up cups-1.3.9/systemv/lp.c.getnameddest cups-1.3.9/systemv/lp.c
|
||||
--- cups-1.3.9/systemv/lp.c.getnameddest 2008-07-11 23:48:49.000000000 +0100
|
||||
+++ cups-1.3.9/systemv/lp.c 2008-10-10 09:35:05.000000000 +0100
|
||||
@@ -73,9 +73,7 @@ main(int argc, /* I - Number of comm
|
||||
int num_copies; /* Number of copies per file */
|
||||
int num_files; /* Number of files to print */
|
||||
|
@ -1,146 +0,0 @@
|
||||
diff -up cups-1.3.8/config.h.in.res_init cups-1.3.8/config.h.in
|
||||
--- cups-1.3.8/config.h.in.res_init 2008-09-03 15:34:23.000000000 +0100
|
||||
+++ cups-1.3.8/config.h.in 2008-09-03 15:34:52.000000000 +0100
|
||||
@@ -365,6 +365,13 @@
|
||||
|
||||
|
||||
/*
|
||||
+ * Do we have __res_init()?
|
||||
+ */
|
||||
+
|
||||
+#undef HAVE_RES_INIT
|
||||
+
|
||||
+
|
||||
+/*
|
||||
* Do we have hstrerror()?
|
||||
*/
|
||||
|
||||
diff -up cups-1.3.8/config-scripts/cups-network.m4.res_init cups-1.3.8/config-scripts/cups-network.m4
|
||||
--- cups-1.3.8/config-scripts/cups-network.m4.res_init 2007-12-19 01:47:57.000000000 +0000
|
||||
+++ cups-1.3.8/config-scripts/cups-network.m4 2008-09-03 15:34:14.000000000 +0100
|
||||
@@ -18,6 +18,7 @@ AC_SEARCH_LIBS(gethostbyaddr, nsl)
|
||||
AC_SEARCH_LIBS(getifaddrs, nsl, AC_DEFINE(HAVE_GETIFADDRS))
|
||||
AC_SEARCH_LIBS(hstrerror, nsl socket resolv, AC_DEFINE(HAVE_HSTRERROR))
|
||||
AC_SEARCH_LIBS(rresvport_af, nsl, AC_DEFINE(HAVE_RRESVPORT_AF))
|
||||
+AC_SEARCH_LIBS(__res_init, resolv bind, AC_DEFINE(HAVE_RES_INIT))
|
||||
|
||||
# Tru64 5.1b leaks file descriptors with these functions; disable until
|
||||
# we can come up with a test for this...
|
||||
diff -up cups-1.3.8/configure.res_init cups-1.3.8/configure
|
||||
--- cups-1.3.8/configure.res_init 2008-09-03 15:34:14.000000000 +0100
|
||||
+++ cups-1.3.8/configure 2008-09-03 15:34:14.000000000 +0100
|
||||
@@ -12189,6 +12189,92 @@ _ACEOF
|
||||
|
||||
fi
|
||||
|
||||
+{ echo "$as_me:$LINENO: checking for library containing __res_init" >&5
|
||||
+echo $ECHO_N "checking for library containing __res_init... $ECHO_C" >&6; }
|
||||
+if test "${ac_cv_search___res_init+set}" = set; then
|
||||
+ echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
+else
|
||||
+ ac_func_search_save_LIBS=$LIBS
|
||||
+cat >conftest.$ac_ext <<_ACEOF
|
||||
+/* confdefs.h. */
|
||||
+_ACEOF
|
||||
+cat confdefs.h >>conftest.$ac_ext
|
||||
+cat >>conftest.$ac_ext <<_ACEOF
|
||||
+/* end confdefs.h. */
|
||||
+
|
||||
+/* Override any GCC internal prototype to avoid an error.
|
||||
+ Use char because int might match the return type of a GCC
|
||||
+ builtin and then its argument prototype would still apply. */
|
||||
+#ifdef __cplusplus
|
||||
+extern "C"
|
||||
+#endif
|
||||
+char __res_init ();
|
||||
+int
|
||||
+main ()
|
||||
+{
|
||||
+return __res_init ();
|
||||
+ ;
|
||||
+ return 0;
|
||||
+}
|
||||
+_ACEOF
|
||||
+for ac_lib in '' resolv bind; do
|
||||
+ if test -z "$ac_lib"; then
|
||||
+ ac_res="none required"
|
||||
+ else
|
||||
+ ac_res=-l$ac_lib
|
||||
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
|
||||
+ fi
|
||||
+ rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
+if { (ac_try="$ac_link"
|
||||
+case "(($ac_try" in
|
||||
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
|
||||
+ *) ac_try_echo=$ac_try;;
|
||||
+esac
|
||||
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
|
||||
+ (eval "$ac_link") 2>conftest.er1
|
||||
+ ac_status=$?
|
||||
+ grep -v '^ *+' conftest.er1 >conftest.err
|
||||
+ rm -f conftest.er1
|
||||
+ cat conftest.err >&5
|
||||
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
+ (exit $ac_status); } && {
|
||||
+ test -z "$ac_c_werror_flag" ||
|
||||
+ test ! -s conftest.err
|
||||
+ } && test -s conftest$ac_exeext &&
|
||||
+ $as_test_x conftest$ac_exeext; then
|
||||
+ ac_cv_search___res_init=$ac_res
|
||||
+else
|
||||
+ echo "$as_me: failed program was:" >&5
|
||||
+sed 's/^/| /' conftest.$ac_ext >&5
|
||||
+
|
||||
+
|
||||
+fi
|
||||
+
|
||||
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
|
||||
+ conftest$ac_exeext
|
||||
+ if test "${ac_cv_search___res_init+set}" = set; then
|
||||
+ break
|
||||
+fi
|
||||
+done
|
||||
+if test "${ac_cv_search___res_init+set}" = set; then
|
||||
+ :
|
||||
+else
|
||||
+ ac_cv_search___res_init=no
|
||||
+fi
|
||||
+rm conftest.$ac_ext
|
||||
+LIBS=$ac_func_search_save_LIBS
|
||||
+fi
|
||||
+{ echo "$as_me:$LINENO: result: $ac_cv_search___res_init" >&5
|
||||
+echo "${ECHO_T}$ac_cv_search___res_init" >&6; }
|
||||
+ac_res=$ac_cv_search___res_init
|
||||
+if test "$ac_res" != no; then
|
||||
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
|
||||
+ cat >>confdefs.h <<\_ACEOF
|
||||
+#define HAVE_RES_INIT 1
|
||||
+_ACEOF
|
||||
+
|
||||
+fi
|
||||
+
|
||||
|
||||
# Tru64 5.1b leaks file descriptors with these functions; disable until
|
||||
# we can come up with a test for this...
|
||||
diff -up cups-1.3.8/scheduler/cups-polld.c.res_init cups-1.3.8/scheduler/cups-polld.c
|
||||
--- cups-1.3.8/scheduler/cups-polld.c.res_init 2008-01-08 00:16:30.000000000 +0000
|
||||
+++ cups-1.3.8/scheduler/cups-polld.c 2008-09-03 15:34:14.000000000 +0100
|
||||
@@ -155,6 +155,18 @@ main(int argc, /* I - Number of comm
|
||||
restart_polling = 0;
|
||||
httpClose(http);
|
||||
|
||||
+#ifdef HAVE_RES_INIT
|
||||
+ if (!http)
|
||||
+ {
|
||||
+ /*
|
||||
+ * Reinit the resolver so that it doesn't cache a previous
|
||||
+ * hostname lookup failure. This fixes the situation where a
|
||||
+ * network interface becomes available after polling starts.
|
||||
+ */
|
||||
+ __res_init ();
|
||||
+ }
|
||||
+#endif /* HAVE_RES_INIT */
|
||||
+
|
||||
if ((http = httpConnectEncrypt(argv[1], atoi(argv[2]),
|
||||
cupsEncryption())) == NULL)
|
||||
{
|
@ -1,86 +0,0 @@
|
||||
diff -up cups-1.3.8/scheduler/client.c.str2892 cups-1.3.8/scheduler/client.c
|
||||
--- cups-1.3.8/scheduler/client.c.str2892 2008-07-11 23:48:49.000000000 +0100
|
||||
+++ cups-1.3.8/scheduler/client.c 2008-08-03 11:42:35.000000000 +0100
|
||||
@@ -28,6 +28,7 @@
|
||||
* cupsdUpdateCGI() - Read status messages from CGI scripts and programs.
|
||||
* cupsdWriteClient() - Write data to a client as needed.
|
||||
* check_if_modified() - Decode an "If-Modified-Since" line.
|
||||
+ * data_ready() - Check whether data is available from a client.
|
||||
* encrypt_client() - Enable encryption for the client...
|
||||
* get_cdsa_certificate() - Convert a keychain name into the CFArrayRef
|
||||
* required by SSLSetCertificate.
|
||||
@@ -83,6 +84,7 @@ extern const char *cssmErrorString(int e
|
||||
|
||||
static int check_if_modified(cupsd_client_t *con,
|
||||
struct stat *filestats);
|
||||
+static int data_ready(cupsd_client_t *con);
|
||||
#ifdef HAVE_SSL
|
||||
static int encrypt_client(cupsd_client_t *con);
|
||||
#endif /* HAVE_SSL */
|
||||
@@ -989,8 +991,7 @@ cupsdReadClient(cupsd_client_t *con) /*
|
||||
*/
|
||||
|
||||
while ((status = httpUpdate(HTTP(con))) == HTTP_CONTINUE)
|
||||
- if (con->http.used == 0 ||
|
||||
- !memchr(con->http.buffer, '\n', con->http.used))
|
||||
+ if (!data_ready(con))
|
||||
break;
|
||||
|
||||
if (status != HTTP_OK && status != HTTP_CONTINUE)
|
||||
@@ -1889,7 +1890,7 @@ cupsdReadClient(cupsd_client_t *con) /*
|
||||
}
|
||||
}
|
||||
}
|
||||
- while (con->http.state == HTTP_PUT_RECV && con->http.used > 0);
|
||||
+ while (con->http.state == HTTP_PUT_RECV && data_ready(con));
|
||||
|
||||
if (con->http.state == HTTP_WAITING)
|
||||
{
|
||||
@@ -2064,7 +2065,7 @@ cupsdReadClient(cupsd_client_t *con) /*
|
||||
}
|
||||
}
|
||||
}
|
||||
- while (con->http.state == HTTP_POST_RECV && con->http.used > 0);
|
||||
+ while (con->http.state == HTTP_POST_RECV && data_ready(con));
|
||||
|
||||
if (con->http.state == HTTP_POST_SEND)
|
||||
{
|
||||
@@ -2914,6 +2915,38 @@ check_if_modified(
|
||||
}
|
||||
|
||||
|
||||
+/*
|
||||
+ * 'data_ready()' - Check whether data is available from a client.
|
||||
+ */
|
||||
+
|
||||
+static int /* O - 1 if data is ready, 0 otherwise */
|
||||
+data_ready(cupsd_client_t *con) /* I - Client */
|
||||
+{
|
||||
+ if (con->http.used > 0)
|
||||
+ return (1);
|
||||
+#ifdef HAVE_SSL
|
||||
+ else if (con->http.tls)
|
||||
+ {
|
||||
+# ifdef HAVE_LIBSSL
|
||||
+ if (SSL_pending((SSL *)(con->http.tls)))
|
||||
+ return (1);
|
||||
+# elif defined(HAVE_GNUTLS)
|
||||
+ if (gnutls_record_check_pending(((http_tls_t *)(con->http.tls))->session))
|
||||
+ return (1);
|
||||
+# elif defined(HAVE_CDSASSL)
|
||||
+ size_t bytes; /* Bytes that are available */
|
||||
+
|
||||
+ if (!SSLGetBufferedReadSize(((http_tls_t *)(con->http.tls))->session,
|
||||
+ &bytes) && bytes > 0)
|
||||
+ return (1);
|
||||
+# endif /* HAVE_LIBSSL */
|
||||
+ }
|
||||
+#endif /* HAVE_SSL */
|
||||
+
|
||||
+ return (0);
|
||||
+}
|
||||
+
|
||||
+
|
||||
#ifdef HAVE_SSL
|
||||
/*
|
||||
* 'encrypt_client()' - Enable encryption for the client...
|
22
cups.spec
22
cups.spec
@ -6,8 +6,8 @@
|
||||
|
||||
Summary: Common Unix Printing System
|
||||
Name: cups
|
||||
Version: 1.3.8
|
||||
Release: 6%{?svn:.svn%{svn}}%{?dist}
|
||||
Version: 1.3.9
|
||||
Release: 1%{?svn:.svn%{svn}}%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Daemons
|
||||
Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.bz2
|
||||
@ -47,10 +47,8 @@ Patch19: cups-strict-ppd-line-length.patch
|
||||
Patch20: cups-logrotate.patch
|
||||
Patch21: cups-usb-paperout.patch
|
||||
Patch22: cups-getnameddest.patch
|
||||
Patch23: cups-str2892.patch
|
||||
Patch24: cups-str2101.patch
|
||||
Patch25: cups-res_init.patch
|
||||
Patch26: cups-str2536.patch
|
||||
Patch23: cups-str2101.patch
|
||||
Patch24: cups-str2536.patch
|
||||
Patch100: cups-lspp.patch
|
||||
Epoch: 1
|
||||
Url: http://www.cups.org/
|
||||
@ -186,10 +184,8 @@ module.
|
||||
%patch20 -p1 -b .logrotate
|
||||
%patch21 -p1 -b .usb-paperout
|
||||
%patch22 -p1 -b .getnameddest
|
||||
%patch23 -p1 -b .str2892
|
||||
%patch24 -p1 -b .str2101
|
||||
%patch25 -p1 -b .res_init
|
||||
%patch26 -p1 -b .str2536
|
||||
%patch23 -p1 -b .str2101
|
||||
%patch24 -p1 -b .str2536
|
||||
|
||||
%if %lspp
|
||||
%patch100 -p1 -b .lspp
|
||||
@ -481,6 +477,12 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/php/modules/*.so
|
||||
|
||||
%changelog
|
||||
* Fri Oct 10 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.9-1
|
||||
- 1.3.9, including fixes for CVE-2008-3639 (STR #2918, bug #464710),
|
||||
CVE-2008-3640 (STR #2919, bug #464713) and CVE-2008-3641 (STR #2911,
|
||||
bug #464716).
|
||||
- No longer need str2892 or res_init patches.
|
||||
|
||||
* Wed Sep 10 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.8-6
|
||||
- Backported patch for FatalErrors configuration directive
|
||||
(bug #314941, STR #2536).
|
||||
|
Loading…
Reference in New Issue
Block a user