From ba644ff0ce843869a9f6fdcf5ffed5f578a650a0 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Nov 12 2007 18:54:03 +0000 Subject: - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. --- diff --git a/cups-CVE-2007-4045.patch b/cups-CVE-2007-4045.patch index 9d65193..55d1300 100644 --- a/cups-CVE-2007-4045.patch +++ b/cups-CVE-2007-4045.patch @@ -16,8 +16,8 @@ diff -up cups-1.3.4/scheduler/client.c.CVE-2007-4045 cups-1.3.4/scheduler/client + c; + c = (cupsd_client_t *)cupsArrayNext(Clients)) + { -+ bio = SSL_get_wbio(c->http.tls); -+ BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c)); ++ if (c->http.tls) ++ BIO_ctrl(SSL_get_wbio(c->http.tls), BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c)); + } + cupsArrayRestore (Clients); +#endif diff --git a/cups.spec b/cups.spec index 7e1c5c8..df495b8 100644 --- a/cups.spec +++ b/cups.spec @@ -6,7 +6,7 @@ Summary: Common Unix Printing System Name: cups Version: 1.3.4 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: System Environment/Daemons Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}-source.tar.bz2 @@ -451,7 +451,9 @@ rm -rf $RPM_BUILD_ROOT %{cups_serverbin}/daemon/cups-lpd %changelog -* Mon Nov 12 2007 Tim Waugh +* Mon Nov 12 2007 Tim Waugh 1:1.3.4-3 +- Fixed CVE-2007-4045 patch; has no effect with shipped packages since they + are linked with gnutls. - Temporarily undo STR #2537 change so that non-UTF-8 requests are not rejected (bug #378211). - LSPP cupsdSetString/ClearString fixes (bug #378451).