rpms/cups/F-12 cups-str3381.patch,NONE,1.1 cups.spec,1.535,1.536

Mon Nov 16 11:18:17 UTC 2009

Author: twaugh

Update of /cvs/pkgs/rpms/cups/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15121

Modified Files:
	cups.spec 
Added Files:
	cups-str3381.patch 
Log Message:
* Mon Nov 16 2009 Tim Waugh <twaugh at redhat.com> 1:1.4.2-4
- Upstream fix for GNU TLS error handling bug (STR #3381).


cups-str3381.patch:
 CHANGES.txt |    7 ++++
 cups/http.c |   89 +++++++++++++++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 79 insertions(+), 17 deletions(-)

--- NEW FILE cups-str3381.patch ---
diff -up cups-1.4.2/CHANGES.txt.str3381 cups-1.4.2/CHANGES.txt
--- cups-1.4.2/CHANGES.txt.str3381	2009-11-09 23:01:17.000000000 +0000
+++ cups-1.4.2/CHANGES.txt	2009-11-16 10:55:21.518666538 +0000
@@ -1,6 +1,11 @@
-CHANGES.txt - 2009-11-09
+CHANGES.txt - 2009-11-13
 ------------------------
 
+CHANGES IN CUPS V1.4.3
+
+	- Fixed a GNU TLS error handling bug (STR #3381)
+
+
 CHANGES IN CUPS V1.4.2
 
 	- SECURITY: The CUPS web interface was vulnerable to several XSS and
diff -up cups-1.4.2/cups/http.c.str3381 cups-1.4.2/cups/http.c
--- cups-1.4.2/cups/http.c.str3381	2009-07-01 16:23:28.000000000 +0100
+++ cups-1.4.2/cups/http.c	2009-11-16 10:55:21.520666380 +0000
@@ -26,7 +26,6 @@
  *   httpClearCookie()    - Clear the cookie value(s).
  *   httpClearFields()    - Clear HTTP request fields.
  *   httpClose()          - Close an HTTP connection...
- *   httpConnect()        - Connect to a HTTP server.
  *   httpConnectEncrypt() - Connect to a HTTP server using encryption.
  *   _httpCreate()        - Create an unconnected HTTP connection.
  *   httpDelete()         - Send a DELETE request to the server.
@@ -721,7 +720,7 @@ httpGetField(http_t       *http,	/* I - 
 {
   if (!http || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX)
     return (NULL);
-  else if (field == HTTP_FIELD_AUTHORIZATION && 
+  else if (field == HTTP_FIELD_AUTHORIZATION &&
 	   http->field_authorization)
   {
    /*
@@ -1137,7 +1136,7 @@ httpGets(char   *line,			/* I - Line to 
       http->activity = time(NULL);
 
       *lineptr = '\0';
-      
+
       DEBUG_printf(("3httpGets: Returning \"%s\"", line));
 
       return (line);
@@ -2283,7 +2282,7 @@ httpWait(http_t *http,			/* I - Connecti
  *
  * @deprecated@
  */
- 
+
 int					/* O - Number of bytes written */
 httpWrite(http_t     *http,		/* I - Connection to server */
           const char *buffer,		/* I - Buffer for data */
@@ -2298,7 +2297,7 @@ httpWrite(http_t     *http,		/* I - Conn
  *
  * @since CUPS 1.2/Mac OS X 10.5@
  */
- 
+
 ssize_t					/* O - Number of bytes written */
 httpWrite2(http_t     *http,		/* I - Connection to server */
            const char *buffer,		/* I - Buffer for data */
@@ -2456,7 +2455,7 @@ _httpWriteCDSA(
   else
   {
     *dataLength = 0;
-  
+
     if (errno == EAGAIN)
       result = errSSLWouldBlock;
     else
@@ -2517,7 +2516,7 @@ http_bio_ctrl(BIO  *h,			/* I - BIO data
 	}
 	else
 	  return (0);
-        
+
     case BIO_CTRL_DUP :
     case BIO_CTRL_FLUSH :
         return (1);
@@ -2719,7 +2718,36 @@ http_read_ssl(http_t *http,		/* I - Conn
   return (SSL_read((SSL *)(http->tls), buf, len));
 
 #  elif defined(HAVE_GNUTLS)
-  return (gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len));
+  ssize_t	result;			/* Return value */
+
+
+  result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
+
+  if (result < 0 && !errno)
+  {
+   /*
+    * Convert GNU TLS error to errno value...
+    */
+
+    switch (result)
+    {
+      case GNUTLS_E_INTERRUPTED :
+	  errno = EINTR;
+	  break;
+
+      case GNUTLS_E_AGAIN :
+          errno = EAGAIN;
+          break;
+
+      default :
+          errno = EPIPE;
+          break;
+    }
+
+    result = -1;
+  }
+
+  return ((int)result);
 
 #  elif defined(HAVE_CDSASSL)
   int		result;			/* Return value */
@@ -2857,7 +2885,7 @@ http_send(http_t       *http,	/* I - Con
       DEBUG_printf(("9http_send: %s: %s", http_fields[i],
                     httpGetField(http, i)));
 
-      if (httpPrintf(http, "%s: %s\r\n", http_fields[i], 
+      if (httpPrintf(http, "%s: %s\r\n", http_fields[i],
 		     httpGetField(http, i)) < 1)
       {
 	http->status = HTTP_ERROR;
@@ -2896,15 +2924,15 @@ http_send(http_t       *http,	/* I - Con
   * The Kerberos and AuthRef authentication strings can only be used once...
   */
 
-  if (http->field_authorization && http->authstring && 
-      (!strncmp(http->authstring, "Negotiate", 9) || 
+  if (http->field_authorization && http->authstring &&
+      (!strncmp(http->authstring, "Negotiate", 9) ||
        !strncmp(http->authstring, "AuthRef", 7)))
   {
     http->_authstring[0] = '\0';
 
     if (http->authstring != http->_authstring)
       free(http->authstring);
-  
+
     http->authstring = http->_authstring;
   }
 
@@ -3220,7 +3248,7 @@ http_upgrade(http_t *http)		/* I - Conne
 /*
  * 'http_write()' - Write a buffer to a HTTP connection.
  */
- 
+
 static int				/* O - Number of bytes written */
 http_write(http_t     *http,		/* I - Connection to server */
            const char *buffer,		/* I - Buffer for data */
@@ -3335,7 +3363,36 @@ http_write_ssl(http_t     *http,	/* I - 
   return (SSL_write((SSL *)(http->tls), buf, len));
 
 #  elif defined(HAVE_GNUTLS)
-  return (gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len));
+  ssize_t	result;			/* Return value */
+
+  result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
+
+  if (result < 0 && !errno)
+  {
+   /*
+    * Convert GNU TLS error to errno value...
+    */
+
+    switch (result)
+    {
+      case GNUTLS_E_INTERRUPTED :
+	  errno = EINTR;
+	  break;
+
+      case GNUTLS_E_AGAIN :
+          errno = EAGAIN;
+          break;
+
+      default :
+          errno = EPIPE;
+          break;
+    }
+
+    result = -1;
+  }
+
+  return ((int)result);
+
 #  elif defined(HAVE_CDSASSL)
   int		result;			/* Return value */
   OSStatus	error;			/* Error info */
@@ -3358,11 +3415,11 @@ http_write_ssl(http_t     *http,	/* I - 
 	else
 	{
 	  result = -1;
-	  errno = EINTR;
+	  errno  = EINTR;
 	}
 	break;
     default :
-	errno = EPIPE;
+	errno  = EPIPE;
 	result = -1;
 	break;
   }


Index: cups.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-12/cups.spec,v
retrieving revision 1.535
retrieving revision 1.536
diff -u -p -r1.535 -r1.536
--- cups.spec	11 Nov 2009 09:52:24 -0000	1.535
+++ cups.spec	16 Nov 2009 11:18:15 -0000	1.536
@@ -9,7 +9,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -54,6 +54,7 @@ Patch26: cups-str3382.patch
 Patch27: cups-str3285_v2.patch
 Patch28: cups-str3390.patch
 Patch29: cups-str3391.patch
+Patch30: cups-str3381.patch
 
 Patch100: cups-lspp.patch
 Epoch: 1
@@ -212,6 +213,7 @@ module. 
 %patch27 -p1 -b .str3285_v2
 %patch28 -p1 -b .str3390
 %patch29 -p1 -b .str3391
+%patch30 -p1 -b .str3381
 
 %if %lspp
 %patch100 -p1 -b .lspp
@@ -509,6 +511,9 @@ rm -rf $RPM_BUILD_ROOT
 %{php_extdir}/phpcups.so
 
 %changelog
+* Mon Nov 16 2009 Tim Waugh <twaugh at redhat.com> 1:1.4.2-4
+- Upstream fix for GNU TLS error handling bug (STR #3381).
+
 * Wed Nov 11 2009 Jiri Popelka <jpopelka at redhat.com> 1:1.4.2-3
 - Fixed lspp-patch to avoid memory leak (bug #536741).
 


