[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

rpms/cups/FC-6 cups-CVE-2007-4045.patch, NONE, 1.1 cups-CVE-2007-4352, 5392, 5393.patch, NONE, 1.1 cups.spec, 1.343, 1.344

From: fedora-cvs-commits redhat com
To: fedora-cvs-commits redhat com
Subject: rpms/cups/FC-6 cups-CVE-2007-4045.patch, NONE, 1.1 cups-CVE-2007-4352, 5392, 5393.patch, NONE, 1.1 cups.spec, 1.343, 1.344
Date: Wed, 7 Nov 2007 16:07:52 -0500

Author: twaugh

Update of /cvs/dist/rpms/cups/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv19535

Modified Files:
	cups.spec 
Added Files:
	cups-CVE-2007-4045.patch cups-CVE-2007-4352,5392,5393.patch 
Log Message:
* Wed Nov  7 2007 Tim Waugh <twaugh redhat com> 1:1.2.12-6
- Applied patch to fix CVE-2007-4045 (bug #250161).
- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and
  CVE-2007-5393 (bug #345101).
- Resolves: rhbz#250161 rhbz#345101


cups-CVE-2007-4045.patch:
 client.c |   21 +++++++++++++++++++++
 main.c   |    2 +-
 2 files changed, 22 insertions(+), 1 deletion(-)

--- NEW FILE cups-CVE-2007-4045.patch ---
diff -up cups-1.2.12/scheduler/client.c.CVE-2007-4045 cups-1.2.12/scheduler/client.c
--- cups-1.2.12/scheduler/client.c.CVE-2007-4045	2007-11-07 21:02:52.000000000 +0000
+++ cups-1.2.12/scheduler/client.c	2007-11-07 21:03:08.000000000 +0000
@@ -121,6 +121,25 @@ static int		write_file(cupsd_client_t *c
 				   struct stat *filestats);
 
 
+void
+_cupsdFixClientsBIO(void)
+{
+#ifdef HAVE_LIBSSL
+  cupsd_client_t *c;
+  BIO *bio;
+  cupsArraySave (Clients);
+  for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
+       c;
+       c = (cupsd_client_t *)cupsArrayNext(Clients))
+  {
+    bio = SSL_get_wbio(c->http.tls);
+    BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
+  }
+  cupsArrayRestore (Clients);
+#endif
+}
+
+
 /*
  * 'cupsdAcceptClient()' - Accept a new client.
  */
@@ -454,6 +473,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
   }
 
   cupsArrayAdd(Clients, con);
+  _cupsdFixClientsBIO();
 
   cupsdLogMessage(CUPSD_LOG_DEBUG2,
                   "cupsdAcceptClient: %d connected to server on %s:%d",
@@ -746,6 +766,7 @@ cupsdCloseClient(cupsd_client_t *con)	/*
     */
 
     cupsArrayRemove(Clients, con);
+    _cupsdFixClientsBIO();
 
     free(con);
   }
diff -up cups-1.2.12/scheduler/main.c.CVE-2007-4045 cups-1.2.12/scheduler/main.c
--- cups-1.2.12/scheduler/main.c.CVE-2007-4045	2007-11-07 21:02:52.000000000 +0000
+++ cups-1.2.12/scheduler/main.c	2007-11-07 21:03:08.000000000 +0000
@@ -957,7 +957,7 @@ main(int  argc,				/* I - Number of comm
       * Write data as needed...
       */
 
-      if (con->pipe_pid && FD_ISSET(con->file, input))
+      if (con->pipe_pid && con->file >= 0 && FD_ISSET(con->file, input))
       {
        /*
         * Keep track of pending input from the file/pipe separately

***** Not enough context to create diffstat for file: cups-CVE-2007-4352,5392,5393.patch,NONE,1.1
***** Not enough context to create diff for file: cups-CVE-2007-4352,5392,5393.patch,NONE,1.1

Index: cups.spec
===================================================================
RCS file: /cvs/dist/rpms/cups/FC-6/cups.spec,v
retrieving revision 1.343
retrieving revision 1.344
diff -u -r1.343 -r1.344
--- cups.spec	1 Nov 2007 14:46:29 -0000	1.343
+++ cups.spec	7 Nov 2007 21:07:50 -0000	1.344
@@ -6,7 +6,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.2.12
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPL
 Group: System Environment/Daemons
 Source: ftp://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -50,6 +50,8 @@
 Patch25: cups-usb-paperout.patch
 Patch26: cups-CVE-2007-3387.patch
 Patch27: cups-CVE-2007-4351.patch
+Patch28: cups-CVE-2007-4352,5392,5393.patch
+Patch29: cups-CVE-2007-4045.patch
 Patch100: cups-lspp.patch
 Epoch: 1
 Url: http://www.cups.org/
@@ -161,6 +163,8 @@
 %patch25 -p1 -b .usb-paperout
 %patch26 -p1 -b .CVE-2007-3387
 %patch27 -p1 -b .CVE-2007-4351
+%patch28 -p1 -b .CVE-2007-4352,5392,5393
+%patch29 -p1 -b .CVE-2007-4045
 
 %if %lspp
 %patch100 -p1 -b .lspp
@@ -445,6 +449,11 @@
 %{cups_serverbin}/daemon/cups-lpd
 
 %changelog
+* Wed Nov  7 2007 Tim Waugh <twaugh redhat com> 1:1.2.12-6
+- Applied patch to fix CVE-2007-4045 (bug #250161).
+- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and
+  CVE-2007-5393 (bug #345101).
+
 * Thu Nov  1 2007 Tim Waugh <twaugh redhat com> 1:1.2.12-5
 - Applied patch to fix CVE-2007-4351 (STR #2561, bug #361671).

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]