From dbbe990b4ba34e7a1c9ca9b1a02d834fd40c446cd7a17d514a7c7ea70d6ff104 Mon Sep 17 00:00:00 2001
From: OBS User buildservice-autocommit <null@suse.de>
Date: Wed, 16 Dec 2009 08:26:05 +0000
Subject: [PATCH] Updating link to change in openSUSE:Factory/cups revision
 67.0

OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=32dd56db818c986297f47c99359c41bc
---
 cups-1.3.9-CVE-2009-3553.patch | 38 ++++++++++++++++++++++++++++++++++
 cups.changes                   |  9 ++++++++
 cups.spec                      | 12 ++++++++---
 3 files changed, 56 insertions(+), 3 deletions(-)
 create mode 100644 cups-1.3.9-CVE-2009-3553.patch

diff --git a/cups-1.3.9-CVE-2009-3553.patch b/cups-1.3.9-CVE-2009-3553.patch
new file mode 100644
index 0000000..9d6d552
--- /dev/null
+++ b/cups-1.3.9-CVE-2009-3553.patch
@@ -0,0 +1,38 @@
+--- scheduler/select.c.orig	2008-07-12 00:48:49.000000000 +0200
++++ scheduler/select.c	2009-11-12 16:32:50.000000000 +0100
+@@ -483,7 +483,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+       (*(fdptr->read_cb))(fdptr->data);
+     }
+ 
+-    if (fdptr->write_cb && event->filter == EVFILT_WRITE)
++    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+     {
+       cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	              fdptr->fd);
+@@ -543,7 +543,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+ 	  (*(fdptr->read_cb))(fdptr->data);
+ 	}
+ 
+-	if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
++	if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ 	{
+ 	  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	        	  fdptr->fd);
+@@ -655,7 +655,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+         (*(fdptr->read_cb))(fdptr->data);
+       }
+ 
+-      if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
++      if (fdptr->use > 1 && fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
+       {
+         cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	                fdptr->fd);
+@@ -725,7 +725,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+         (*(fdptr->read_cb))(fdptr->data);
+       }
+ 
+-      if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
++      if (fdptr->use > 1 && fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
+       {
+         cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	                fdptr->fd);
diff --git a/cups.changes b/cups.changes
index c689ca8..5e462c2 100644
--- a/cups.changes
+++ b/cups.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Dec 15 13:58:13 CET 2009 - jsmeix@suse.de
+
+- Fixed the URL and MD5 sum comments for Source0 in cups.spec.
+- cups-1.3.9-CVE-2009-3553.patch fixes a use-after-free bug
+  in the scheduler which leads to remote denial of service,
+  (CVE-2009-3553, CUPS STR #3200,
+   and Novell/Suse Bugzilla bnc#554861)
+
 -------------------------------------------------------------------
 Wed Nov 11 11:56:12 CET 2009 - jsmeix@suse.de
 
diff --git a/cups.spec b/cups.spec
index 70917a2..d180aab 100644
--- a/cups.spec
+++ b/cups.spec
@@ -30,7 +30,7 @@ License:        GPLv2+
 Group:          Hardware/Printing
 Summary:        The Common UNIX Printing System
 Version:        1.3.11
-Release:        5
+Release:        6
 Requires:       cups-libs = %{version}, cups-client = %{version}
 Requires:       ghostscript_any, ghostscript-fonts-std, foomatic-filters
 Requires:       util-linux /usr/bin/pdftops
@@ -40,8 +40,8 @@ Requires:       pdftools_any
 Suggests:       poppler-tools
 Conflicts:      plp lprold lprng
 Obsoletes:      cups-SUSE-ppds-dat
-# URL for Source0: http://ftp.easysw.com/pub/cups/1.3.10/cups-1.3.10-source.tar.bz2
-# MD5 sum for Source0 on http://www.cups.org/software.php is 84fffe96b8537c81a463faccead80026
+# URL for Source0: http://ftp.easysw.com/pub/cups/1.3.11/cups-1.3.11-source.tar.bz2
+# MD5 sum for Source0 on http://www.cups.org/software.php is 17f3e2bcb3cae3dd9dceb65a2bfd295f
 Source0:        cups-%{version}-source.tar.bz2
 Source1:        poll_ppd_base.c
 Source2:        lphelp.c
@@ -118,6 +118,9 @@ Patch30:        cups-1.3.11-CVE-2009-2820.patch
 # now adding a class via web interface fails with 'Unknown operation "{op}"'
 # (Novell/Suse Bugzilla bnc#548317 starting at comment #24):
 Patch31:        cups-1.3.11-CVE-2009-2820-regression-fix.patch
+# Patch32 fixes a use-after-free bug in the scheduler which leads to remote denial of service,
+# (CVE-2009-3553, CUPS STR #3200, and Novell/Suse Bugzilla bnc#554861):
+Patch32:        cups-1.3.9-CVE-2009-3553.patch
 # Patch100 cups-1.1.23-testpage.patch is finally removed
 # since CUPS 1.3.10 because it was made for CUPS 1.1 and
 # it was no longer applied since CUPS 1.2 in Suse Linux 10.3 and
@@ -235,6 +238,9 @@ Authors:
 # now adding a class via web interface fails with 'Unknown operation "{op}"'
 # (Novell/Suse Bugzilla bnc#548317 starting at comment #24):
 %patch31
+# Patch32 fixes a use-after-free bug in the scheduler which leads to remote denial of service,
+# (CVE-2009-3553, CUPS STR #3200, and Novell/Suse Bugzilla bnc#554861):
+%patch32
 if [ -f /.buildenv ]; then
 	. /.buildenv
 	test -z "$BUILD_DISTRIBUTION_NAME" && BUILD_DISTRIBUTION_NAME="%{?distribution}"