From 36e054f0394b935679b7e33dcc42c36ee3854ff5 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Nov 30 2007 09:23:37 +0000 Subject: - CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are not moved in array operations, only pointers to them. --- diff --git a/cups-CVE-2007-4045.patch b/cups-CVE-2007-4045.patch deleted file mode 100644 index 55d1300..0000000 --- a/cups-CVE-2007-4045.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff -up cups-1.3.4/scheduler/client.c.CVE-2007-4045 cups-1.3.4/scheduler/client.c ---- cups-1.3.4/scheduler/client.c.CVE-2007-4045 2007-11-07 21:11:58.000000000 +0000 -+++ cups-1.3.4/scheduler/client.c 2007-11-07 21:13:26.000000000 +0000 -@@ -114,6 +114,25 @@ static int write_file(cupsd_client_t *c - static void write_pipe(cupsd_client_t *con); - - -+void -+_cupsdFixClientsBIO(void) -+{ -+#ifdef HAVE_LIBSSL -+ cupsd_client_t *c; -+ BIO *bio; -+ cupsArraySave (Clients); -+ for (c = (cupsd_client_t *)cupsArrayFirst(Clients); -+ c; -+ c = (cupsd_client_t *)cupsArrayNext(Clients)) -+ { -+ if (c->http.tls) -+ BIO_ctrl(SSL_get_wbio(c->http.tls), BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c)); -+ } -+ cupsArrayRestore (Clients); -+#endif -+} -+ -+ - /* - * 'cupsdAcceptClient()' - Accept a new client. - */ -@@ -451,6 +470,7 @@ cupsdAcceptClient(cupsd_listener_t *lis) - } - - cupsArrayAdd(Clients, con); -+ _cupsdFixClientsBIO(); - - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdAcceptClient: %d connected to server on %s:%d", -@@ -735,6 +755,7 @@ cupsdCloseClient(cupsd_client_t *con) /* - */ - - cupsArrayRemove(Clients, con); -+ _cupsdFixClientsBIO(); - - free(con); - } -diff -up cups-1.3.4/scheduler/main.c.CVE-2007-4045 cups-1.3.4/scheduler/main.c diff --git a/cups.spec b/cups.spec index b5be009..b5c6b95 100644 --- a/cups.spec +++ b/cups.spec @@ -47,7 +47,6 @@ Patch20: cups-getpass.patch Patch21: cups-driverd-timeout.patch Patch25: cups-usb-paperout.patch Patch26: cups-CVE-2007-4352,5392,5393.patch -Patch27: cups-CVE-2007-4045.patch Patch100: cups-lspp.patch Epoch: 1 Url: http://www.cups.org/ @@ -161,7 +160,6 @@ lpd emulation. %patch21 -p1 -b .driverd-timeout %patch25 -p1 -b .usb-paperout %patch26 -p1 -b .CVE-2007-4352,5392,5393 -%patch27 -p1 -b .CVE-2007-4045 %if %lspp %patch100 -p1 -b .lspp @@ -453,6 +451,10 @@ rm -rf $RPM_BUILD_ROOT %{cups_serverbin}/daemon/cups-lpd %changelog +* Fri Nov 30 2007 Tim Waugh +- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are + not moved in array operations, only pointers to them. + * Tue Nov 27 2007 Tim Waugh - Updated to improved dnssd backend from Till Kamppeter. - Don't undo the util.c parts of STR #2537.