rpms/cups/F-11 cups-CVE-2010-0302.patch, NONE, 1.1 cups.spec, 1.568, 1.569

Tim Waugh twaugh at fedoraproject.org
Fri Mar 5 10:51:40 UTC 2010 

Author: twaugh

Update of /cvs/pkgs/rpms/cups/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10473

Modified Files:
	cups.spec 
Added Files:
	cups-CVE-2010-0302.patch 
Log Message:
* Fri Mar  5 2010 Tim Waugh <twaugh at redhat.com> - 1:1.4.2-26
- Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553,
  bug #557775).


cups-CVE-2010-0302.patch:
 select.c |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- NEW FILE cups-CVE-2010-0302.patch ---
diff -up cups-1.4.2/scheduler/select.c.CVE-2010-0302 cups-1.4.2/scheduler/select.c
--- cups-1.4.2/scheduler/select.c.CVE-2010-0302	2010-03-05 10:37:49.990476887 +0000
+++ cups-1.4.2/scheduler/select.c	2010-03-05 10:38:01.803478081 +0000
@@ -454,7 +454,8 @@ cupsdDoSelect(long timeout)		/* I - Time
     if (fdptr->read_cb && event->filter == EVFILT_READ)
       (*(fdptr->read_cb))(fdptr->data);
 
-    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE &&
+        !cupsArrayFind(cupsd_inactive_fds, fdptr))
       (*(fdptr->write_cb))(fdptr->data);
 
     release_fd(fdptr);
@@ -499,7 +500,9 @@ cupsdDoSelect(long timeout)		/* I - Time
 	if (fdptr->read_cb && (event->events & (EPOLLIN | EPOLLERR | EPOLLHUP)))
 	  (*(fdptr->read_cb))(fdptr->data);
 
-	if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+	if (fdptr->use > 1 && fdptr->write_cb &&
+	    (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)) &&
+	    !cupsArrayFind(cupsd_inactive_fds, fdptr))
 	  (*(fdptr->write_cb))(fdptr->data);
 
 	release_fd(fdptr);


Index: cups.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-11/cups.spec,v
retrieving revision 1.568
retrieving revision 1.569
diff -u -p -r1.568 -r1.569
--- cups.spec	2 Mar 2010 12:59:26 -0000	1.568
+++ cups.spec	5 Mar 2010 10:51:40 -0000	1.569
@@ -9,7 +9,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4.2
-Release: 25%{?dist}
+Release: 26%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -79,6 +79,7 @@ Patch63: cups-gnutls-gcrypt-threads.patc
 Patch64: cups-str3458.patch
 Patch65: cups-EAI_AGAIN.patch
 Patch66: cups-str3505.patch
+Patch67: cups-CVE-2010-0302.patch
 
 Patch100: cups-lspp.patch
 Epoch: 1
@@ -262,6 +263,7 @@ module. 
 %patch64 -p1 -b .str3458
 %patch65 -p1 -b .EAI_AGAIN
 %patch66 -p1 -b .str3505
+%patch67 -p1 -b .CVE-2010-0302
 
 %if %lspp
 %patch100 -p1 -b .lspp
@@ -553,6 +555,10 @@ rm -rf $RPM_BUILD_ROOT
 %{php_extdir}/phpcups.so
 
 %changelog
+* Fri Mar  5 2010 Tim Waugh <twaugh at redhat.com> - 1:1.4.2-26
+- Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553,
+  bug #557775).
+
 * Tue Mar  2 2010 Tim Waugh <twaugh at redhat.com> - 1:1.4.2-25
 - Don't own filesystem locale directories (bug #569403).
 - Don't apply gcrypt threading patch (bug #553834).

More information about the scm-commits mailing list