From f792eb4dd8f9008d7d89a3a6766e24f5fa17a1b6 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Thu, 19 Nov 2009 13:29:08 +0000 Subject: [PATCH] - Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200). --- cups-CVE-2009-3553.patch | 39 +++++++++++++++++++++++++++++++++++++++ cups.spec | 7 ++++++- 2 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 cups-CVE-2009-3553.patch diff --git a/cups-CVE-2009-3553.patch b/cups-CVE-2009-3553.patch new file mode 100644 index 0000000..6aadfe4 --- /dev/null +++ b/cups-CVE-2009-3553.patch @@ -0,0 +1,39 @@ +diff -up cups-1.4.2/scheduler/select.c.CVE-2009-3553 cups-1.4.2/scheduler/select.c +--- cups-1.4.2/scheduler/select.c.CVE-2009-3553 2009-07-15 00:07:52.000000000 +0100 ++++ cups-1.4.2/scheduler/select.c 2009-11-19 12:30:39.672976150 +0000 +@@ -454,7 +454,7 @@ cupsdDoSelect(long timeout) /* I - Time + if (fdptr->read_cb && event->filter == EVFILT_READ) + (*(fdptr->read_cb))(fdptr->data); + +- if (fdptr->write_cb && event->filter == EVFILT_WRITE) ++ if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE) + (*(fdptr->write_cb))(fdptr->data); + + release_fd(fdptr); +@@ -499,7 +499,7 @@ cupsdDoSelect(long timeout) /* I - Time + if (fdptr->read_cb && (event->events & (EPOLLIN | EPOLLERR | EPOLLHUP))) + (*(fdptr->read_cb))(fdptr->data); + +- if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP))) ++ if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP))) + (*(fdptr->write_cb))(fdptr->data); + + release_fd(fdptr); +@@ -590,7 +590,7 @@ cupsdDoSelect(long timeout) /* I - Time + if (fdptr->read_cb && (pfd->revents & (POLLIN | POLLERR | POLLHUP))) + (*(fdptr->read_cb))(fdptr->data); + +- if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP))) ++ if (fdptr->use > 1 && fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP))) + (*(fdptr->write_cb))(fdptr->data); + + release_fd(fdptr); +@@ -645,7 +645,7 @@ cupsdDoSelect(long timeout) /* I - Time + if (fdptr->read_cb && FD_ISSET(fdptr->fd, &cupsd_current_input)) + (*(fdptr->read_cb))(fdptr->data); + +- if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output)) ++ if (fdptr->use > 1 && fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output)) + (*(fdptr->write_cb))(fdptr->data); + + release_fd(fdptr); diff --git a/cups.spec b/cups.spec index 7ac326c..5370de6 100644 --- a/cups.spec +++ b/cups.spec @@ -9,7 +9,7 @@ Summary: Common Unix Printing System Name: cups Version: 1.4.2 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2 Group: System Environment/Daemons Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2 @@ -57,6 +57,7 @@ Patch31: cups-str3399.patch Patch32: cups-str3403.patch Patch33: cups-str3407.patch Patch34: cups-str3418.patch +Patch35: cups-CVE-2009-3553.patch Patch100: cups-lspp.patch @@ -224,6 +225,7 @@ module. %patch32 -p1 -b .str3403 %patch33 -p1 -b .str3407 %patch34 -p1 -b .str3418 +%patch35 -p1 -b .CVE-2009-3553 %if %lspp %patch100 -p1 -b .lspp @@ -516,6 +518,9 @@ rm -rf $RPM_BUILD_ROOT %{php_extdir}/phpcups.so %changelog +* Thu Nov 19 2009 Tim Waugh 1:1.4.2-7 +- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200). + * Tue Nov 17 2009 Tim Waugh 1:1.4.2-6 - Fixed display of current driver (bug #537182, STR #3418). - Fixed out-of-memory handling when loading jobs (bug #538054,