- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).

2009-11-19 13:29:08 +00:00 · 2009-11-19 13:29:08 +00:00 · f792eb4dd8
commit f792eb4dd8
parent cb55925d57
2 changed files with 45 additions and 1 deletions
--- a/cups-CVE-2009-3553.patch
+++ b/cups-CVE-2009-3553.patch
@ -0,0 +1,39 @@
+diff -up cups-1.4.2/scheduler/select.c.CVE-2009-3553 cups-1.4.2/scheduler/select.c
+--- cups-1.4.2/scheduler/select.c.CVE-2009-3553	2009-07-15 00:07:52.000000000 +0100
+++ cups-1.4.2/scheduler/select.c	2009-11-19 12:30:39.672976150 +0000
+@@ -454,7 +454,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+     if (fdptr->read_cb && event->filter == EVFILT_READ)
+       (*(fdptr->read_cb))(fdptr->data);
+ 
+-    if (fdptr->write_cb && event->filter == EVFILT_WRITE)
+    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+       (*(fdptr->write_cb))(fdptr->data);
+ 
+     release_fd(fdptr);
+@@ -499,7 +499,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+ 	if (fdptr->read_cb && (event->events & (EPOLLIN | EPOLLERR | EPOLLHUP)))
+ 	  (*(fdptr->read_cb))(fdptr->data);
+ 
+-	if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+	if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ 	  (*(fdptr->write_cb))(fdptr->data);
+ 
+ 	release_fd(fdptr);
+@@ -590,7 +590,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+       if (fdptr->read_cb && (pfd->revents & (POLLIN | POLLERR | POLLHUP)))
+         (*(fdptr->read_cb))(fdptr->data);
+ 
+-      if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
+      if (fdptr->use > 1 && fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
+         (*(fdptr->write_cb))(fdptr->data);
+ 
+       release_fd(fdptr);
+@@ -645,7 +645,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+       if (fdptr->read_cb && FD_ISSET(fdptr->fd, &cupsd_current_input))
+         (*(fdptr->read_cb))(fdptr->data);
+ 
+-      if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
+      if (fdptr->use > 1 && fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
+         (*(fdptr->write_cb))(fdptr->data);
+ 
+       release_fd(fdptr);
--- a/cups.spec
+++ b/cups.spec
@ -9,7 +9,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4.2
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -57,6 +57,7 @@ Patch31: cups-str3399.patch
 Patch32: cups-str3403.patch
 Patch33: cups-str3407.patch
 Patch34: cups-str3418.patch
+Patch35: cups-CVE-2009-3553.patch

 Patch100: cups-lspp.patch

@ -224,6 +225,7 @@ module.
 %patch32 -p1 -b .str3403
 %patch33 -p1 -b .str3407
 %patch34 -p1 -b .str3418
+%patch35 -p1 -b .CVE-2009-3553

 %if %lspp
 %patch100 -p1 -b .lspp
@ -516,6 +518,9 @@ rm -rf $RPM_BUILD_ROOT
 %{php_extdir}/phpcups.so

 %changelog
+* Thu Nov 19 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-7
+- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).
+
 * Tue Nov 17 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-6
 - Fixed display of current driver (bug #537182, STR #3418).
 - Fixed out-of-memory handling when loading jobs (bug #538054,