rpms/cups/F-12 cups-CVE-2010-0302.patch, NONE, 1.1 cups.spec, 1.578, 1.579
Tim Waugh
twaugh at fedoraproject.org
Fri Mar 5 10:53:16 UTC 2010
Author: twaugh
Update of /cvs/pkgs/rpms/cups/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10833
Modified Files:
cups.spec
Added Files:
cups-CVE-2010-0302.patch
Log Message:
* Fri Mar 5 2010 Tim Waugh <twaugh at redhat.com> - 1:1.4.2-28
- Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553,
bug #557775).
cups-CVE-2010-0302.patch:
select.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- NEW FILE cups-CVE-2010-0302.patch ---
diff -up cups-1.4.2/scheduler/select.c.CVE-2010-0302 cups-1.4.2/scheduler/select.c
--- cups-1.4.2/scheduler/select.c.CVE-2010-0302 2010-03-05 10:37:49.990476887 +0000
+++ cups-1.4.2/scheduler/select.c 2010-03-05 10:38:01.803478081 +0000
@@ -454,7 +454,8 @@ cupsdDoSelect(long timeout) /* I - Time
if (fdptr->read_cb && event->filter == EVFILT_READ)
(*(fdptr->read_cb))(fdptr->data);
- if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+ if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE &&
+ !cupsArrayFind(cupsd_inactive_fds, fdptr))
(*(fdptr->write_cb))(fdptr->data);
release_fd(fdptr);
@@ -499,7 +500,9 @@ cupsdDoSelect(long timeout) /* I - Time
if (fdptr->read_cb && (event->events & (EPOLLIN | EPOLLERR | EPOLLHUP)))
(*(fdptr->read_cb))(fdptr->data);
- if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ if (fdptr->use > 1 && fdptr->write_cb &&
+ (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)) &&
+ !cupsArrayFind(cupsd_inactive_fds, fdptr))
(*(fdptr->write_cb))(fdptr->data);
release_fd(fdptr);
Index: cups.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cups/F-12/cups.spec,v
retrieving revision 1.578
retrieving revision 1.579
diff -u -p -r1.578 -r1.579
--- cups.spec 2 Mar 2010 12:59:48 -0000 1.578
+++ cups.spec 5 Mar 2010 10:53:16 -0000 1.579
@@ -8,7 +8,7 @@
Summary: Common Unix Printing System
Name: cups
Version: 1.4.2
-Release: 27%{?dist}
+Release: 28%{?dist}
License: GPLv2
Group: System Environment/Daemons
Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -82,6 +82,7 @@ Patch54: cups-str3505.patch
Patch100: cups-lspp.patch
## SECURITY PATCHES:
+Patch200: cups-CVE-2010-0302.patch
Epoch: 1
@@ -268,6 +269,7 @@ module.
%endif
# SECURITY PATCHES:
+%patch200 -p1 -b .CVE-2010-0302
sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
@@ -560,6 +562,10 @@ rm -rf $RPM_BUILD_ROOT
%{php_extdir}/phpcups.so
%changelog
+* Fri Mar 5 2010 Tim Waugh <twaugh at redhat.com> - 1:1.4.2-28
+- Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553,
+ bug #557775).
+
* Tue Mar 2 2010 Tim Waugh <twaugh at redhat.com> - 1:1.4.2-27
- Don't own filesystem locale directories (bug #569403).
- Don't apply gcrypt threading patch (bug #553834).
More information about the scm-commits
mailing list