pool/cups
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 26600 from Printing

Browse Source 
Copy from Printing/cups based on submit request 26600 from user jsmeix

OBS-URL: https://build.opensuse.org/request/show/26600
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cups?expand=0&rev=67
This commit is contained in:
OBS User autobuild 2009-12-16 08:26:05 +00:00 committed by Git OBS Bridge
commit 1b4999c840
3 changed files with 56 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
cups-1.3.9-CVE-2009-3553.patch Normal file
View File

@ -0,0 +1,38 @@
--- scheduler/select.c.orig 2008-07-12 00:48:49.000000000 +0200
+++ scheduler/select.c 2009-11-12 16:32:50.000000000 +0100
@@ -483,7 +483,7 @@ cupsdDoSelect(long timeout) /* I - Time
(*(fdptr->read_cb))(fdptr->data);
}
- if (fdptr->write_cb && event->filter == EVFILT_WRITE)
+ if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
{
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
fdptr->fd);
@@ -543,7 +543,7 @@ cupsdDoSelect(long timeout) /* I - Time
(*(fdptr->read_cb))(fdptr->data);
}
- if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
{
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
fdptr->fd);
@@ -655,7 +655,7 @@ cupsdDoSelect(long timeout) /* I - Time
(*(fdptr->read_cb))(fdptr->data);
}
- if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
+ if (fdptr->use > 1 && fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
{
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
fdptr->fd);
@@ -725,7 +725,7 @@ cupsdDoSelect(long timeout) /* I - Time
(*(fdptr->read_cb))(fdptr->data);
}
- if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
+ if (fdptr->use > 1 && fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
{
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
fdptr->fd);

9
cups.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Tue Dec 15 13:58:13 CET 2009 - jsmeix@suse.de
- Fixed the URL and MD5 sum comments for Source0 in cups.spec.
- cups-1.3.9-CVE-2009-3553.patch fixes a use-after-free bug
in the scheduler which leads to remote denial of service,
(CVE-2009-3553, CUPS STR #3200,
and Novell/Suse Bugzilla bnc#554861)
-------------------------------------------------------------------
Wed Nov 11 11:56:12 CET 2009 - jsmeix@suse.de

12
cups.spec
View File

@ -30,7 +30,7 @@ License: GPLv2+
Group: Hardware/Printing
Summary: The Common UNIX Printing System
Version: 1.3.11
Release: 5
Release: 6
Requires: cups-libs = %{version}, cups-client = %{version}
Requires: ghostscript_any, ghostscript-fonts-std, foomatic-filters
Requires: util-linux /usr/bin/pdftops
@ -40,8 +40,8 @@ Requires: pdftools_any
Suggests: poppler-tools
Conflicts: plp lprold lprng
Obsoletes: cups-SUSE-ppds-dat
# URL for Source0: http://ftp.easysw.com/pub/cups/1.3.10/cups-1.3.10-source.tar.bz2
# MD5 sum for Source0 on http://www.cups.org/software.php is 84fffe96b8537c81a463faccead80026
# URL for Source0: http://ftp.easysw.com/pub/cups/1.3.11/cups-1.3.11-source.tar.bz2
# MD5 sum for Source0 on http://www.cups.org/software.php is 17f3e2bcb3cae3dd9dceb65a2bfd295f
Source0: cups-%{version}-source.tar.bz2
Source1: poll_ppd_base.c
Source2: lphelp.c
@ -118,6 +118,9 @@ Patch30: cups-1.3.11-CVE-2009-2820.patch
# now adding a class via web interface fails with 'Unknown operation "{op}"'
# (Novell/Suse Bugzilla bnc#548317 starting at comment #24):
Patch31: cups-1.3.11-CVE-2009-2820-regression-fix.patch
# Patch32 fixes a use-after-free bug in the scheduler which leads to remote denial of service,
# (CVE-2009-3553, CUPS STR #3200, and Novell/Suse Bugzilla bnc#554861):
Patch32: cups-1.3.9-CVE-2009-3553.patch
# Patch100 cups-1.1.23-testpage.patch is finally removed
# since CUPS 1.3.10 because it was made for CUPS 1.1 and
# it was no longer applied since CUPS 1.2 in Suse Linux 10.3 and
@ -235,6 +238,9 @@ Authors:
# now adding a class via web interface fails with 'Unknown operation "{op}"'
# (Novell/Suse Bugzilla bnc#548317 starting at comment #24):
%patch31
# Patch32 fixes a use-after-free bug in the scheduler which leads to remote denial of service,
# (CVE-2009-3553, CUPS STR #3200, and Novell/Suse Bugzilla bnc#554861):
%patch32
if [ -f /.buildenv ]; then
. /.buildenv
test -z "$BUILD_DISTRIBUTION_NAME" && BUILD_DISTRIBUTION_NAME="%{?distribution}"