- Applied patch to fix CVE-2009-0163 (bug #490596).

- Applied patch to fix CVE-2009-0164 (bug #490597).
2009-04-17 16:34:28 +00:00 · 2009-04-17 16:34:28 +00:00 · 046ffba366
commit 046ffba366
parent ec68565eae
4 changed files with 726 additions and 51 deletions
--- a/cups-CVE-2009-0163.patch
+++ b/cups-CVE-2009-0163.patch
@ -0,0 +1,14 @@
+diff -up cups-1.4b2-svn8404/filter/image-private.h.CVE-2009-0163 cups-1.4b2-svn8404/filter/image-private.h
+--- cups-1.4b2-svn8404/filter/image-private.h.CVE-2009-0163	2009-02-17 17:45:27.000000000 +0000
+++ cups-1.4b2-svn8404/filter/image-private.h	2009-04-17 16:21:52.000000000 +0100
+@@ -40,8 +40,8 @@
+ 
+ #  define CUPS_IMAGE_MAX_WIDTH	0x07ffffff
+ 					/* 2^27-1 to allow for 15-channel data */
+-#  define CUPS_IMAGE_MAX_HEIGHT	0x7fffffff
+-					/* 2^31-1 */
+#  define CUPS_IMAGE_MAX_HEIGHT	0x3fffffff
+					/* 2^30-1 */
+ 
+ #  define CUPS_TILE_SIZE	256	/* 256x256 pixel tiles */
+ #  define CUPS_TILE_MINIMUM	10	/* Minimum number of tiles */
--- a/cups-CVE-2009-0164.patch
+++ b/cups-CVE-2009-0164.patch
@ -0,0 +1,653 @@
+diff -up cups-1.4b2-svn8404/CHANGES-1.3.txt.CVE-2009-0164 cups-1.4b2-svn8404/CHANGES-1.3.txt
+--- cups-1.4b2-svn8404/CHANGES-1.3.txt.CVE-2009-0164	2009-03-05 10:54:00.000000000 +0000
+++ cups-1.4b2-svn8404/CHANGES-1.3.txt	2009-04-17 16:47:18.000000000 +0100
+@@ -69,11 +69,6 @@ CHANGES IN CUPS V1.3.10
+ 	- The scheduler now rejects ATTR: messages with empty values.
+ 	- The scheduler could consume all CPU handling closed connections
+ 	  (STR #2988)
+-	- The scheduler now protects against DNS rebinding attacks on
+-	  localhost.
+-	- SECURITY: The PNG image reading code did not validate the
+-	  image size properly, leading to a potential buffer overflow
+-	  (STR #2974)
+ 	- Fixed some configure script bugs with rc/xinetd directories
+ 	  (STR #2970)
+ 	- The Epson sample driver PPDs contained errors (STR #2979)
+diff -up cups-1.4b2-svn8404/cups/http-addr.c.CVE-2009-0164 cups-1.4b2-svn8404/cups/http-addr.c
+--- cups-1.4b2-svn8404/cups/http-addr.c.CVE-2009-0164	2009-02-17 17:45:27.000000000 +0000
+++ cups-1.4b2-svn8404/cups/http-addr.c	2009-04-17 16:47:18.000000000 +0100
+@@ -154,7 +154,7 @@ httpAddrLocalhost(
+ #endif /* AF_LOCAL */
+ 
+   if (addr->addr.sa_family == AF_INET &&
+-      ntohl(addr->ipv4.sin_addr.s_addr) == 0x7f000001)
+      (ntohl(addr->ipv4.sin_addr.s_addr) & 0xff000000) == 0x7f000000)
+     return (1);
+ 
+   return (0);
+diff -up cups-1.4b2-svn8404/cups/http.c.CVE-2009-0164 cups-1.4b2-svn8404/cups/http.c
+--- cups-1.4b2-svn8404/cups/http.c.CVE-2009-0164	2009-04-17 16:47:18.000000000 +0100
+++ cups-1.4b2-svn8404/cups/http.c	2009-04-17 16:47:18.000000000 +0100
+@@ -1842,18 +1842,35 @@ httpSetField(http_t       *http,	/* I - 
+ 
+   strlcpy(http->fields[field], value, HTTP_MAX_VALUE);
+ 
+- /*
+-  * Special case for Authorization: as its contents can be
+-  * longer than HTTP_MAX_VALUE
+-  */
+-
+   if (field == HTTP_FIELD_AUTHORIZATION)
+   {
+   /*
+    * Special case for Authorization: as its contents can be
+    * longer than HTTP_MAX_VALUE
+    */
+
+     if (http->field_authorization)
+       free(http->field_authorization);
+ 
+     http->field_authorization = strdup(value);
+   }
+  else if (field == HTTP_FIELD_HOST)
+  {
+   /*
+    * Special-case for Host: as we don't want a trailing "." on the hostname.
+    */
+
+    char *ptr = http->fields[HTTP_FIELD_HOST];
+					/* Pointer into Host: field */
+
+    if (*ptr)
+    {
+      ptr += strlen(ptr) - 1;
+
+      if (*ptr == '.')
+        *ptr = '\0';
+    }
+  }
+ }
+ 
+ 
+diff -up cups-1.4b2-svn8404/man/cupsd.conf.man.in.CVE-2009-0164 cups-1.4b2-svn8404/man/cupsd.conf.man.in
+--- cups-1.4b2-svn8404/man/cupsd.conf.man.in.CVE-2009-0164	2009-02-17 17:45:27.000000000 +0000
+++ cups-1.4b2-svn8404/man/cupsd.conf.man.in	2009-04-17 16:47:18.000000000 +0100
+@@ -617,6 +617,11 @@ ServerAdmin user@domain.com
+ .br
+ Specifies the email address of the server administrator.
+ .TP 5
+ServerAlias hostname
+.br
+Specifies an alternate name that the server is known by. The special name "*"
+allows any name to be used.
+.TP 5
+ ServerBin directory
+ .br
+ Specifies the directory where backends, CGIs, daemons, and filters may
+diff -up cups-1.4b2-svn8404/scheduler/client.c.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/client.c
+--- cups-1.4b2-svn8404/scheduler/client.c.CVE-2009-0164	2009-03-05 10:54:00.000000000 +0000
+++ cups-1.4b2-svn8404/scheduler/client.c	2009-04-17 16:47:48.000000000 +0100
+@@ -39,6 +39,7 @@
+  *   is_path_absolute()      - Is a path absolute and free of relative elements.
+  *   make_certificate()      - Make a self-signed SSL/TLS certificate.
+  *   pipe_command()          - Pipe the output of a command to the remote client.
+ *   valid_host()            - Is the Host: field valid?
+  *   write_file()            - Send a file via HTTP.
+  *   write_pipe()            - Flag that data is available on the CGI pipe.
+  */
+@@ -108,6 +109,7 @@ static int		make_certificate(cupsd_clien
+ #endif /* HAVE_SSL */
+ static int		pipe_command(cupsd_client_t *con, int infile, int *outfile,
+ 			             char *command, char *options, int root);
+static int		valid_host(cupsd_client_t *con);
+ static int		write_file(cupsd_client_t *con, http_status_t code,
+ 		        	   char *filename, char *type,
+ 				   struct stat *filestats);
+@@ -1129,13 +1131,7 @@ cupsdReadClient(cupsd_client_t *con)	/* 
+ 	return;
+       }
+     }
+-    else if (httpAddrLocalhost(con->http.hostaddr) &&
+-             strcasecmp(con->http.fields[HTTP_FIELD_HOST], "localhost") &&
+-	     strncasecmp(con->http.fields[HTTP_FIELD_HOST], "localhost:", 10) &&
+-	     strcmp(con->http.fields[HTTP_FIELD_HOST], "127.0.0.1") &&
+-	     strncmp(con->http.fields[HTTP_FIELD_HOST], "127.0.0.1:", 10) &&
+-	     strcmp(con->http.fields[HTTP_FIELD_HOST], "[::1]") &&
+-	     strncmp(con->http.fields[HTTP_FIELD_HOST], "[::1]:", 6))
+    else if (!valid_host(con))
+     {
+      /*
+       * Access to localhost must use "localhost" or the corresponding IPv4
+@@ -3278,6 +3274,10 @@ get_cdsa_certificate(cupsd_client_t *con
+   ssl_options.ServerName = con->servername;
+   ssl_options.ServerNameLen = strlen(con->servername);
+ 
+  cupsdLogMessage(CUPSD_LOG_DEBUG,
+                  "get_cdsa_certificate: Looking for certs for \"%s\"...",
+		  con->servername);
+
+   options.Data = (uint8 *)&ssl_options;
+   options.Length = sizeof(ssl_options);
+ 
+@@ -3970,7 +3970,7 @@ make_certificate(cupsd_client_t *con)	/*
+     envp[envc]   = NULL;
+ 
+     if (!cupsdStartProcess(command, argv, envp, -1, -1, -1, -1, -1, 1, NULL, 0,
+-                           &pid))
+                           NULL, &pid))
+     {
+       unlink(seedfile);
+       return (0);
+@@ -4862,6 +4862,165 @@ pipe_command(cupsd_client_t *con,	/* I -
+ 
+ 
+ /*
+ * 'valid_host()' - Is the Host: field valid?
+ */
+
+static int				/* O - 1 if valid, 0 if not */
+valid_host(cupsd_client_t *con)		/* I - Client connection */
+{
+  cupsd_alias_t	*a;			/* Current alias */
+  cupsd_netif_t	*netif;			/* Current network interface */
+  const char	*host,			/* Host field */
+		*end;			/* End character */
+
+
+  host = con->http.fields[HTTP_FIELD_HOST];
+
+  if (httpAddrLocalhost(con->http.hostaddr))
+  {
+   /*
+    * Only allow "localhost" or the equivalent IPv4 or IPv6 numerical
+    * addresses when accessing CUPS via the loopback interface...
+    */
+
+    return (!strcasecmp(host, "localhost") ||
+            !strncasecmp(host, "localhost:", 10) ||
+	    !strcasecmp(host, "localhost.") ||
+            !strncasecmp(host, "localhost.:", 11) ||
+#ifdef __linux
+	    !strcasecmp(host, "localhost.localdomain") ||
+            !strncasecmp(host, "localhost.localdomain:", 22) ||
+#endif /* __linux */
+            !strcmp(host, "127.0.0.1") ||
+	    !strncmp(host, "127.0.0.1:", 10) ||
+	    !strcmp(host, "[::1]") ||
+	    !strncmp(host, "[::1]:", 6));
+  }
+
+#ifdef HAVE_DNSSD
+ /*
+  * Check if the hostname is something.local (Bonjour); if so, allow it.
+  */
+
+  if ((end = strrchr(host, '.')) != NULL &&
+      (!strcasecmp(end, ".local") || !strncasecmp(end, ".local:", 7) ||
+       !strcasecmp(end, ".local.") || !strncasecmp(end, ".local.:", 8)))
+    return (1);
+#endif /* HAVE_DNSSD */
+
+ /*
+  * Check if the hostname is an IP address...
+  */
+
+  if (isdigit(*host & 255) || *host == '[')
+  {
+   /*
+    * Possible IPv4/IPv6 address...
+    */
+
+    char	temp[1024],		/* Temporary string */
+		*ptr;			/* Pointer into temporary string */
+    http_addrlist_t *addrlist;		/* List of addresses */
+
+
+    strlcpy(temp, host, sizeof(temp));
+    if ((ptr = strrchr(temp, ':')) != NULL && !strchr(ptr, ']'))
+      *ptr = '\0';			/* Strip :port from host value */
+
+    if ((addrlist = httpAddrGetList(temp, AF_UNSPEC, NULL)) != NULL)
+    {
+     /*
+      * Good IPv4/IPv6 address...
+      */
+
+      httpAddrFreeList(addrlist);
+      return (1);
+    }
+  }
+
+ /*
+  * Check for (alias) name matches...
+  */
+
+  for (a = (cupsd_alias_t *)cupsArrayFirst(ServerAlias);
+       a;
+       a = (cupsd_alias_t *)cupsArrayNext(ServerAlias))
+  {
+   /*
+    * "ServerAlias *" allows all host values through...
+    */
+
+    if (!strcmp(a->name, "*"))
+      return (1);
+
+    if (!strncasecmp(host, a->name, a->namelen))
+    {
+     /*
+      * Prefix matches; check the character at the end - it must be ":", ".",
+      * ".:", or nul...
+      */
+
+      end = host + a->namelen;
+
+      if (!*end || *end == ':' || (*end == '.' && (!end[1] || end[1] == ':')))
+        return (1);
+    }
+  }
+
+#ifdef HAVE_DNSSD
+  for (a = (cupsd_alias_t *)cupsArrayFirst(DNSSDAlias);
+       a;
+       a = (cupsd_alias_t *)cupsArrayNext(DNSSDAlias))
+  {
+   /*
+    * "ServerAlias *" allows all host values through...
+    */
+
+    if (!strcmp(a->name, "*"))
+      return (1);
+
+    if (!strncasecmp(host, a->name, a->namelen))
+    {
+     /*
+      * Prefix matches; check the character at the end - it must be ":", ".",
+      * ".:", or nul...
+      */
+
+      end = host + a->namelen;
+
+      if (!*end || *end == ':' || (*end == '.' && (!end[1] || end[1] == ':')))
+        return (1);
+    }
+  }
+#endif /* HAVE_DNSSD */
+
+ /*
+  * Check for interface hostname matches...
+  */
+
+  for (netif = (cupsd_netif_t *)cupsArrayFirst(NetIFList);
+       netif;
+       netif = (cupsd_netif_t *)cupsArrayNext(NetIFList))
+  {
+    if (!strncasecmp(host, netif->hostname, netif->hostlen))
+    {
+     /*
+      * Prefix matches; check the character at the end - it must be ":", ".",
+      * ".:", or nul...
+      */
+
+      end = host + netif->hostlen;
+
+      if (!*end || *end == ':' || (*end == '.' && (!end[1] || end[1] == ':')))
+        return (1);
+    }
+  }
+
+  return (0);
+}
+
+
+/*
+  * 'write_file()' - Send a file via HTTP.
+  */
+ 
+diff -up cups-1.4b2-svn8404/scheduler/conf.c.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/conf.c
+--- cups-1.4b2-svn8404/scheduler/conf.c.CVE-2009-0164	2009-04-17 16:47:18.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/conf.c	2009-04-17 16:47:18.000000000 +0100
+@@ -14,13 +14,15 @@
+  *
+  * Contents:
+  *
+ *   cupsdAddAlias()          - Add a host alias.
+  *   cupsdCheckPermissions()  - Fix the mode and ownership of a file or
+  *                              directory.
+ *   cupsdFreeAliases()       - Free all of the alias entries.
+  *   cupsdReadConfiguration() - Read the cupsd.conf file.
+  *   get_address()            - Get an address + port number from a line.
+  *   get_addr_and_mask()      - Get an IP address and netmask.
+- *   parse_aaa()              - Parse authentication, authorization, and
+- *                              access control lines.
+ *   parse_aaa()              - Parse authentication, authorization, and access
+ *                              control lines.
+  *   parse_fatal_errors()     - Parse FatalErrors values in a string.
+  *   parse_groups()           - Parse system group names in a string.
+  *   parse_protocols()        - Parse browse protocols in a string.
+@@ -197,6 +199,7 @@ static const unsigned	zeros[4] =
+ /*
+  * Local functions...
+  */
+
+ static http_addrlist_t	*get_address(const char *value, int defport);
+ static int		get_addr_and_mask(const char *value, unsigned *ip,
+ 			                  unsigned *mask);
+@@ -211,6 +214,30 @@ static int		read_policy(cups_file_t *fp,
+ 
+ 
+ /*
+ * 'cupsdAddAlias()' - Add a host alias.
+ */
+
+void
+cupsdAddAlias(cups_array_t *aliases,	/* I - Array of aliases */
+              const char   *name)	/* I - Name to add */
+{
+  cupsd_alias_t	*a;			/*  New alias */
+  size_t	namelen;		/* Length of name */
+
+
+  namelen = strlen(name);
+
+  if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
+    return;
+
+  a->namelen = namelen;
+  strcpy(a->name, name);		/* OK since a->name is allocated */
+
+  cupsArrayAdd(aliases, a);
+}
+
+
+/*
+  * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
+  */
+ 
+@@ -362,6 +389,25 @@ cupsdCheckPermissions(
+ 
+ 
+ /*
+ * 'cupsdFreeAliases()' - Free all of the alias entries.
+ */
+
+void
+cupsdFreeAliases(cups_array_t *aliases)	/* I - Array of aliases */
+{
+  cupsd_alias_t	*a;			/* Current alias */
+
+
+  for (a = (cupsd_alias_t *)cupsArrayFirst(ServerAlias);
+       a;
+       a = (cupsd_alias_t *)cupsArrayNext(ServerAlias))
+    free(a);
+
+  cupsArrayDelete(aliases);
+}
+
+
+/*
+  * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
+  */
+ 
+@@ -433,6 +479,9 @@ cupsdReadConfiguration(void)
+   * String options...
+   */
+ 
+  cupsdFreeAliases(ServerAlias);
+  ServerAlias = NULL;
+
+   cupsdClearString(&ServerName);
+   cupsdClearString(&ServerAdmin);
+   cupsdSetString(&ServerBin, CUPS_SERVERBIN);
+@@ -674,9 +723,7 @@ cupsdReadConfiguration(void)
+ 
+   if (!ServerName)
+   {
+-    if (HostNameLookups || RemoteAccessEnabled)
+-      httpGetHostname(NULL, temp, sizeof(temp));
+-    else if (gethostname(temp, sizeof(temp)))
+    if (gethostname(temp, sizeof(temp)))
+     {
+       cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
+                       strerror(errno));
+@@ -684,6 +731,50 @@ cupsdReadConfiguration(void)
+     }
+ 
+     cupsdSetString(&ServerName, temp);
+
+    if (!ServerAlias)
+      ServerAlias = cupsArrayNew(NULL, NULL);
+
+    cupsdAddAlias(ServerAlias, temp);
+    cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
+
+    if (HostNameLookups || RemoteAccessEnabled)
+    {
+      struct hostent	*host;		/* Host entry to get FQDN */
+
+      if ((host = gethostbyname(temp)) != NULL)
+      {
+        if (strcasecmp(temp, host->h_name))
+        {
+	  cupsdSetString(&ServerName, host->h_name);
+	  cupsdAddAlias(ServerAlias, host->h_name);
+          cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
+	                  host->h_name);
+	}
+
+        if (host->h_aliases)
+	{
+          for (i = 0; host->h_aliases[i]; i ++)
+	    if (strcasecmp(temp, host->h_aliases[i]))
+	    {
+	      cupsdAddAlias(ServerAlias, host->h_aliases[i]);
+	      cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
+	                      host->h_aliases[i]);
+	    }
+	}
+      }
+    }
+
+   /*
+    * Make sure we have the base hostname added as an alias, too!
+    */
+
+    if ((slash = strchr(temp, '.')) != NULL)
+    {
+      *slash = '\0';
+      cupsdAddAlias(ServerAlias, temp);
+      cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
+    }
+   }
+ 
+   for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
+@@ -3278,6 +3369,13 @@ read_configuration(cups_file_t *fp)	/* I
+ 	    break;
+       }
+     }
+    else if (!strcasecmp(line, "ServerAlias") && value)
+    {
+      if (!ServerAlias)
+        ServerAlias = cupsArrayNew(NULL, NULL);
+
+      cupsdAddAlias(ServerAlias, value);
+    }
+     else if (!strcasecmp(line, "SetEnv") && value)
+     {
+      /*
+diff -up cups-1.4b2-svn8404/scheduler/conf.h.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/conf.h
+--- cups-1.4b2-svn8404/scheduler/conf.h.CVE-2009-0164	2009-04-17 16:47:18.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/conf.h	2009-04-17 16:47:18.000000000 +0100
+@@ -82,6 +82,17 @@ typedef enum
+ 
+ 
+ /*
+ * ServerAlias data...
+ */
+
+typedef struct
+{
+  size_t	namelen;		/* Length of alias name */
+  char		name[1];		/* Alias name */
+} cupsd_alias_t;
+
+
+/*
+  * Globals...
+  */
+ 
+@@ -105,6 +116,8 @@ VAR char		*ConfigurationFile	VALUE(NULL)
+ 					/* Directory for request files */
+ 			*DocumentRoot		VALUE(NULL);
+ 					/* Root directory for documents */
+VAR cups_array_t	*ServerAlias		VALUE(NULL);
+					/* Alias names for server */
+ VAR int			RemoteAccessEnabled	VALUE(0),
+ 					/* Are we listening on non-local addresses? */
+ 			ServerNameIsIP		VALUE(0);
+@@ -269,10 +282,12 @@ VAR char		*SystemGroupAuthKey	VALUE(NULL
+  * Prototypes...
+  */
+ 
+extern void	cupsdAddAlias(cups_array_t *aliases, const char *name);
+ extern int	cupsdCheckPermissions(const char *filename,
+ 		                      const char *suffix, int mode,
+ 	 			      int user, int group, int is_dir,
+ 				      int create_dir);
+extern void	cupsdFreeAliases(cups_array_t *aliases);
+ extern char	*cupsdGetDateTime(struct timeval *t, cupsd_time_t format);
+ #ifdef HAVE_GSSAPI
+ extern int	cupsdLogGSSMessage(int level, int major_status,
+diff -up cups-1.4b2-svn8404/scheduler/dirsvc.c.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/dirsvc.c
+--- cups-1.4b2-svn8404/scheduler/dirsvc.c.CVE-2009-0164	2009-04-17 16:47:18.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/dirsvc.c	2009-04-17 16:47:18.000000000 +0100
+@@ -38,6 +38,7 @@
+  *   cupsdUpdateLDAPBrowse()    - Scan for new printers via LDAP...
+  *   cupsdUpdateSLPBrowse()     - Get browsing information via SLP.
+  *   dequote()                  - Remote quotes from a string.
+ *   dnssdAddAlias()            - Add a DNS-SD alias name.
+  *   dnssdBuildTxtRecord()      - Build a TXT record from printer info.
+  *   dnssdComparePrinters()     - Compare the registered names of two printers.
+  *   dnssdDeregisterPrinter()   - Stop sending broadcast information for a
+@@ -155,6 +156,10 @@ static void	update_smb(int onoff);
+ 
+ 
+ #ifdef HAVE_DNSSD
+#  ifdef HAVE_COREFOUNDATION
+static void	dnssdAddAlias(const void *key, const void *value,
+		              void *context);
+#  endif /* HAVE_COREFOUNDATION */
+ static char	*dnssdBuildTxtRecord(int *txt_len, cupsd_printer_t *p,
+ 		                     int for_lpd);
+ static int	dnssdComparePrinters(cupsd_printer_t *a, cupsd_printer_t *b);
+@@ -2199,6 +2204,38 @@ dequote(char       *d,			/* I - Destinat
+ 
+ 
+ #ifdef HAVE_DNSSD
+#  ifdef HAVE_COREFOUNDATION
+/*
+ * 'dnssdAddAlias()' - Add a DNS-SD alias name.
+ */
+
+static void
+dnssdAddAlias(const void *key,		/* I - Key */
+              const void *value,	/* I - Value (domain) */
+	      void       *context)	/* I - Unused */
+{
+  char	valueStr[1024],			/* Domain string */
+	hostname[1024];			/* Complete hostname */
+
+
+  (void)context;
+
+  if (CFGetTypeID((CFStringRef)value) == CFStringGetTypeID() &&
+      CFStringGetCString((CFStringRef)value, valueStr, sizeof(valueStr),
+                         kCFStringEncodingUTF8))
+  {
+    snprintf(hostname, sizeof(hostname), "%s.%s", DNSSDName, valueStr);
+    if (!DNSSDAlias)
+      DNSSDAlias = cupsArrayNew(NULL, NULL);
+
+    cupsdAddAlias(DNSSDAlias, hostname);
+    cupsdLogMessage(CUPSD_LOG_DEBUG, "Added Back to My Mac ServerAlias %s",
+		    hostname);
+  }
+}
+#  endif /* HAVE_COREFOUNDATION */
+
+
+ /*
+  * 'dnssdBuildTxtRecord()' - Build a TXT record from printer info.
+  */
+diff -up cups-1.4b2-svn8404/scheduler/dirsvc.h.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/dirsvc.h
+--- cups-1.4b2-svn8404/scheduler/dirsvc.h.CVE-2009-0164	2009-02-17 17:45:27.000000000 +0000
+++ cups-1.4b2-svn8404/scheduler/dirsvc.h	2009-04-17 16:47:18.000000000 +0100
+@@ -4,7 +4,7 @@
+  *   Directory services definitions for the Common UNIX Printing System
+  *   (CUPS) scheduler.
+  *
+- *   Copyright 2007-2008 by Apple Inc.
+ *   Copyright 2007-2009 by Apple Inc.
+  *   Copyright 1997-2007 by Easy Software Products, all rights reserved.
+  *
+  *   These coded instructions, statements, and computer programs are the
+@@ -135,6 +135,8 @@ VAR cupsd_statbuf_t	*PollStatusBuffer VA
+ #ifdef HAVE_DNSSD
+ VAR char		*DNSSDName	VALUE(NULL);
+ 					/* Computer/server name */
+VAR cups_array_t	*DNSSDAlias	VALUE(NULL);
+					/* List of dynamic ServerAlias's */
+ VAR int			DNSSDPort	VALUE(0);
+ 					/* Port number to register */
+ VAR cups_array_t	*DNSSDPrinters	VALUE(NULL);
+diff -up cups-1.4b2-svn8404/scheduler/network.c.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/network.c
+--- cups-1.4b2-svn8404/scheduler/network.c.CVE-2009-0164	2009-02-05 10:57:28.000000000 +0000
+++ cups-1.4b2-svn8404/scheduler/network.c	2009-04-17 16:47:18.000000000 +0100
+@@ -101,6 +101,7 @@ cupsdNetIFUpdate(void)
+   struct ifaddrs	*addrs,		/* Interface address list */
+ 			*addr;		/* Current interface address */
+   char			hostname[1024];	/* Hostname for address */
+  size_t		hostlen;	/* Length of hostname */
+ 
+ 
+  /*
+@@ -176,8 +177,8 @@ cupsdNetIFUpdate(void)
+     * Create a new address element...
+     */
+ 
+-    if ((temp = calloc(1, sizeof(cupsd_netif_t) +
+-                          strlen(hostname))) == NULL)
+    hostlen = strlen(hostname);
+    if ((temp = calloc(1, sizeof(cupsd_netif_t) + hostlen)) == NULL)
+       break;
+ 
+    /*
+@@ -185,6 +186,7 @@ cupsdNetIFUpdate(void)
+     */
+ 
+     strlcpy(temp->name, addr->ifa_name, sizeof(temp->name));
+    temp->hostlen = hostlen;
+     strcpy(temp->hostname, hostname);	/* Safe because hostname is allocated */
+ 
+     if (addr->ifa_addr->sa_family == AF_INET)
+diff -up cups-1.4b2-svn8404/scheduler/network.h.CVE-2009-0164 cups-1.4b2-svn8404/scheduler/network.h
+--- cups-1.4b2-svn8404/scheduler/network.h.CVE-2009-0164	2008-12-03 15:39:53.000000000 +0000
+++ cups-1.4b2-svn8404/scheduler/network.h	2009-04-17 16:47:18.000000000 +0100
+@@ -4,7 +4,7 @@
+  *   Network interface definitions for the Common UNIX Printing System
+  *   (CUPS) scheduler.
+  *
+- *   Copyright 2007 by Apple Inc.
+ *   Copyright 2007-2009 by Apple Inc.
+  *   Copyright 1997-2006 by Easy Software Products, all rights reserved.
+  *
+  *   These coded instructions, statements, and computer programs are the
+@@ -25,6 +25,7 @@ typedef struct cupsd_netif_s		/**** Netw
+   http_addr_t		address,	/* Network address */
+ 			mask,		/* Network mask */
+ 			broadcast;	/* Broadcast address */
+  size_t		hostlen;	/* Length of hostname */
+   char			name[32],	/* Network interface name */
+ 			hostname[1];	/* Hostname associated with interface */
+ } cupsd_netif_t;
--- a/cups-lspp.patch
+++ b/cups-lspp.patch
@ -1,6 +1,6 @@
 diff -up cups-1.4b2-svn8404/config.h.in.lspp cups-1.4b2-svn8404/config.h.in
--- cups-1.4b2-svn8404/config.h.in.lspp	2009-03-05 11:40:03.000000000 +0000
-+++ cups-1.4b2-svn8404/config.h.in	2009-03-05 11:40:03.000000000 +0000
+--- cups-1.4b2-svn8404/config.h.in.lspp	2009-04-17 16:48:02.000000000 +0100
+++ cups-1.4b2-svn8404/config.h.in	2009-04-17 16:48:03.000000000 +0100
@@ -626,6 +626,13 @@
 #undef HAVE_TCPD_H
 
@ -16,8 +16,8 @@ diff -up cups-1.4b2-svn8404/config.h.in.lspp cups-1.4b2-svn8404/config.h.in
 
 /*
 diff -up /dev/null cups-1.4b2-svn8404/config-scripts/cups-lspp.m4
--- /dev/null	2009-03-05 08:48:03.067001897 +0000
-+++ cups-1.4b2-svn8404/config-scripts/cups-lspp.m4	2009-03-05 11:40:03.000000000 +0000
+--- /dev/null	2009-04-17 08:56:26.038189487 +0100
+++ cups-1.4b2-svn8404/config-scripts/cups-lspp.m4	2009-04-17 16:48:03.000000000 +0100
@@ -0,0 +1,36 @@
 +dnl
 +dnl   LSPP code for the Common UNIX Printing System (CUPS).
@ -57,7 +57,7 @@ diff -up /dev/null cups-1.4b2-svn8404/config-scripts/cups-lspp.m4
 +fi
 diff -up cups-1.4b2-svn8404/configure.in.lspp cups-1.4b2-svn8404/configure.in
 --- cups-1.4b2-svn8404/configure.in.lspp	2009-02-17 17:45:27.000000000 +0000
-+++ cups-1.4b2-svn8404/configure.in	2009-03-05 11:40:03.000000000 +0000
+++ cups-1.4b2-svn8404/configure.in	2009-04-17 16:48:03.000000000 +0100
@@ -42,6 +42,8 @@ sinclude(config-scripts/cups-pap.m4)
 sinclude(config-scripts/cups-pdf.m4)
 sinclude(config-scripts/cups-scripting.m4)
@ -69,7 +69,7 @@ diff -up cups-1.4b2-svn8404/configure.in.lspp cups-1.4b2-svn8404/configure.in
 LANGFILES=""
 diff -up cups-1.4b2-svn8404/cups/cups.h.lspp cups-1.4b2-svn8404/cups/cups.h
 --- cups-1.4b2-svn8404/cups/cups.h.lspp	2009-03-05 10:54:00.000000000 +0000
-+++ cups-1.4b2-svn8404/cups/cups.h	2009-03-05 11:40:03.000000000 +0000
+++ cups-1.4b2-svn8404/cups/cups.h	2009-04-17 16:48:03.000000000 +0100
@@ -15,6 +15,9 @@
  *   This file is subject to the Apple OS-Developed Software exception.
  */
@ -95,7 +95,7 @@ diff -up cups-1.4b2-svn8404/cups/cups.h.lspp cups-1.4b2-svn8404/cups/cups.h
  */
 diff -up cups-1.4b2-svn8404/data/Makefile.lspp cups-1.4b2-svn8404/data/Makefile
 --- cups-1.4b2-svn8404/data/Makefile.lspp	2009-02-17 17:45:27.000000000 +0000
-+++ cups-1.4b2-svn8404/data/Makefile	2009-03-05 11:40:03.000000000 +0000
+++ cups-1.4b2-svn8404/data/Makefile	2009-04-17 16:48:03.000000000 +0100
@@ -25,7 +25,10 @@ BANNERS	=	\
 		secret \
 		standard \
@ -109,8 +109,8 @@ diff -up cups-1.4b2-svn8404/data/Makefile.lspp cups-1.4b2-svn8404/data/Makefile
 CHARMAPS =	\
 		euc-cn.txt \
 diff -up /dev/null cups-1.4b2-svn8404/data/mls
--- /dev/null	2009-03-05 08:48:03.067001897 +0000
-+++ cups-1.4b2-svn8404/data/mls	2009-03-05 11:40:03.000000000 +0000
+--- /dev/null	2009-04-17 08:56:26.038189487 +0100
+++ cups-1.4b2-svn8404/data/mls	2009-04-17 16:48:03.000000000 +0100
@@ -0,0 +1,261 @@
 +%!PS-Adobe-3.0
 +%%BoundingBox: 0 0 612 792
@ -374,8 +374,8 @@ diff -up /dev/null cups-1.4b2-svn8404/data/mls
 +%
 +%%EOF
 diff -up /dev/null cups-1.4b2-svn8404/data/selinux
--- /dev/null	2009-03-05 08:48:03.067001897 +0000
-+++ cups-1.4b2-svn8404/data/selinux	2009-03-05 11:40:03.000000000 +0000
+--- /dev/null	2009-04-17 08:56:26.038189487 +0100
+++ cups-1.4b2-svn8404/data/selinux	2009-04-17 16:48:03.000000000 +0100
@@ -0,0 +1,261 @@
 +%!PS-Adobe-3.0
 +%%BoundingBox: 0 0 612 792
@ -639,8 +639,8 @@ diff -up /dev/null cups-1.4b2-svn8404/data/selinux
 +%
 +%%EOF
 diff -up /dev/null cups-1.4b2-svn8404/data/te
--- /dev/null	2009-03-05 08:48:03.067001897 +0000
-+++ cups-1.4b2-svn8404/data/te	2009-03-05 11:40:03.000000000 +0000
+--- /dev/null	2009-04-17 08:56:26.038189487 +0100
+++ cups-1.4b2-svn8404/data/te	2009-04-17 16:48:03.000000000 +0100
@@ -0,0 +1,261 @@
 +%!PS-Adobe-3.0
 +%%BoundingBox: 0 0 612 792
@ -905,7 +905,7 @@ diff -up /dev/null cups-1.4b2-svn8404/data/te
 +%%EOF
 diff -up cups-1.4b2-svn8404/filter/common.c.lspp cups-1.4b2-svn8404/filter/common.c
 --- cups-1.4b2-svn8404/filter/common.c.lspp	2008-12-03 15:39:53.000000000 +0000
-+++ cups-1.4b2-svn8404/filter/common.c	2009-03-05 11:40:03.000000000 +0000
+++ cups-1.4b2-svn8404/filter/common.c	2009-04-17 16:48:03.000000000 +0100
@@ -30,6 +30,12 @@
  * Include necessary headers...
  */
@ -1075,8 +1075,8 @@ diff -up cups-1.4b2-svn8404/filter/common.c.lspp cups-1.4b2-svn8404/filter/commo
 
 /*
 diff -up cups-1.4b2-svn8404/filter/pstops.c.lspp cups-1.4b2-svn8404/filter/pstops.c
--- cups-1.4b2-svn8404/filter/pstops.c.lspp	2009-03-05 11:40:03.000000000 +0000
-+++ cups-1.4b2-svn8404/filter/pstops.c	2009-03-05 11:40:03.000000000 +0000
+--- cups-1.4b2-svn8404/filter/pstops.c.lspp	2009-04-17 16:48:02.000000000 +0100
+++ cups-1.4b2-svn8404/filter/pstops.c	2009-04-17 16:48:03.000000000 +0100
@@ -3239,6 +3239,18 @@ write_label_prolog(pstops_doc_t *doc,	/*
 {
   const char	*classification;	/* CLASSIFICATION environment variable */
@ -1233,8 +1233,8 @@ diff -up cups-1.4b2-svn8404/filter/pstops.c.lspp cups-1.4b2-svn8404/filter/pstop
 
 /*
 diff -up cups-1.4b2-svn8404/Makedefs.in.lspp cups-1.4b2-svn8404/Makedefs.in
--- cups-1.4b2-svn8404/Makedefs.in.lspp	2009-03-05 11:40:03.000000000 +0000
-+++ cups-1.4b2-svn8404/Makedefs.in	2009-03-05 11:40:03.000000000 +0000
+--- cups-1.4b2-svn8404/Makedefs.in.lspp	2009-04-17 16:48:02.000000000 +0100
+++ cups-1.4b2-svn8404/Makedefs.in	2009-04-17 16:48:03.000000000 +0100
@@ -146,7 +146,7 @@ LIBCUPSORDER	=	@LIBCUPSORDER@
 LIBCUPSIMAGEORDER =	@LIBCUPSIMAGEORDER@
 LINKCUPS	=	@LINKCUPS@ $(SSLLIBS) $(DNSSDLIBS)
@ -1254,17 +1254,17 @@ diff -up cups-1.4b2-svn8404/Makedefs.in.lspp cups-1.4b2-svn8404/Makedefs.in
 
 .c.o:
 diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler/client.c
--- cups-1.4b2-svn8404/scheduler/client.c.lspp	2009-03-05 10:54:00.000000000 +0000
-+++ cups-1.4b2-svn8404/scheduler/client.c	2009-03-05 11:40:03.000000000 +0000
-@@ -41,6 +41,7 @@
-  *   pipe_command()          - Pipe the output of a command to the remote client.
+--- cups-1.4b2-svn8404/scheduler/client.c.lspp	2009-04-17 16:48:03.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/client.c	2009-04-17 16:48:25.000000000 +0100
+@@ -42,6 +42,7 @@
+  *   valid_host()            - Is the Host: field valid?
  *   write_file()            - Send a file via HTTP.
  *   write_pipe()            - Flag that data is available on the CGI pipe.
 + *   client_pid_to_auid()    - Get the audit login uid of the client.
  */
 
 /*
-@@ -49,6 +50,7 @@
+@@ -50,6 +51,7 @@
 
 #include "cupsd.h"
 
@ -1272,7 +1272,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
 #ifdef HAVE_CDSASSL
 #  include <Security/Security.h>
 #  ifdef HAVE_SECIDENTITYSEARCHPRIV_H
-@@ -81,6 +83,12 @@ extern const char *cssmErrorString(int e
+@@ -82,6 +84,12 @@ extern const char *cssmErrorString(int e
 #  include <tcpd.h>
 #endif /* HAVE_TCPD_H */
 
@ -1285,7 +1285,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
 
 /*
  * Local functions...
-@@ -381,6 +389,57 @@ cupsdAcceptClient(cupsd_listener_t *lis)
+@@ -383,6 +391,57 @@ cupsdAcceptClient(cupsd_listener_t *lis)
   }
 #endif /* HAVE_TCPD_H */
 
@ -1343,7 +1343,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
 #ifdef AF_INET6
   if (con->http.hostaddr->addr.sa_family == AF_INET6)
     cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: %d from %s:%d (IPv6)",
-@@ -772,6 +831,13 @@ cupsdReadClient(cupsd_client_t *con)	/* 
+@@ -774,6 +833,13 @@ cupsdReadClient(cupsd_client_t *con)	/* 
   mime_type_t		*type;		/* MIME type of file */
   cupsd_printer_t	*p;		/* Printer */
   static unsigned	request_id = 0;	/* Request ID for temp files */
@ -1357,7 +1357,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
 
 
   status = HTTP_CONTINUE;
-@@ -2054,6 +2120,67 @@ cupsdReadClient(cupsd_client_t *con)	/* 
+@@ -2050,6 +2116,67 @@ cupsdReadClient(cupsd_client_t *con)	/* 
 	    fchmod(con->file, 0640);
 	    fchown(con->file, RunUser, Group);
             fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
@ -1478,7 +1478,7 @@ diff -up cups-1.4b2-svn8404/scheduler/client.c.lspp cups-1.4b2-svn8404/scheduler
  */
 diff -up cups-1.4b2-svn8404/scheduler/client.h.lspp cups-1.4b2-svn8404/scheduler/client.h
 --- cups-1.4b2-svn8404/scheduler/client.h.lspp	2009-02-17 17:45:27.000000000 +0000
-+++ cups-1.4b2-svn8404/scheduler/client.h	2009-03-05 11:40:03.000000000 +0000
+++ cups-1.4b2-svn8404/scheduler/client.h	2009-04-17 16:48:03.000000000 +0100
@@ -18,6 +18,13 @@
 #endif /* HAVE_AUTHORIZATION_H */
 
@ -1515,9 +1515,9 @@ diff -up cups-1.4b2-svn8404/scheduler/client.h.lspp cups-1.4b2-svn8404/scheduler
 
 /*
 diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/conf.c
--- cups-1.4b2-svn8404/scheduler/conf.c.lspp	2009-03-05 11:40:03.000000000 +0000
-+++ cups-1.4b2-svn8404/scheduler/conf.c	2009-03-05 11:40:03.000000000 +0000
-@@ -27,6 +27,7 @@
+--- cups-1.4b2-svn8404/scheduler/conf.c.lspp	2009-04-17 16:48:03.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/conf.c	2009-04-17 16:48:03.000000000 +0100
+@@ -29,6 +29,7 @@
  *   read_configuration()     - Read a configuration file.
  *   read_location()          - Read a <Location path> definition.
  *   read_policy()            - Read a <Policy name> definition.
@ -1525,7 +1525,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
  */
 
 /*
-@@ -48,6 +49,9 @@
+@@ -50,6 +51,9 @@
 #  define INADDR_NONE	0xffffffff
 #endif /* !INADDR_NONE */
 
@ -1535,7 +1535,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
 
 /*
  * Configuration variable structure...
-@@ -169,6 +173,10 @@ static const cupsd_var_t	variables[] =
+@@ -171,6 +175,10 @@ static const cupsd_var_t	variables[] =
 #  if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
   { "ServerKey",		&ServerKey,		CUPSD_VARTYPE_PATHNAME },
 #  endif /* HAVE_LIBSSL || HAVE_GNUTLS */
@ -1546,7 +1546,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
 #endif /* HAVE_SSL */
   { "ServerName",		&ServerName,		CUPSD_VARTYPE_STRING },
   { "ServerRoot",		&ServerRoot,		CUPSD_VARTYPE_PATHNAME },
-@@ -382,6 +390,9 @@ cupsdReadConfiguration(void)
+@@ -428,6 +436,9 @@ cupsdReadConfiguration(void)
   const char	*tmpdir;		/* TMPDIR environment variable */
   struct stat	tmpinfo;		/* Temporary directory info */
   cupsd_policy_t *p;			/* Policy */
@ -1556,7 +1556,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
 
 
  /*
-@@ -665,6 +676,25 @@ cupsdReadConfiguration(void)
+@@ -714,6 +725,25 @@ cupsdReadConfiguration(void)
 
   RunUser = getuid();
 
@ -1582,7 +1582,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
   cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
                   RemoteAccessEnabled ? "enabled" : "disabled");
 
-@@ -981,11 +1011,23 @@ cupsdReadConfiguration(void)
+@@ -1072,11 +1102,23 @@ cupsdReadConfiguration(void)
   * Update classification setting as needed...
   */
 
@ -1607,7 +1607,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
 
  /*
   * Check the MaxClients setting, and then allocate memory for it...
-@@ -3536,6 +3578,18 @@ read_location(cups_file_t *fp,		/* I - C
+@@ -3634,6 +3676,18 @@ read_location(cups_file_t *fp,		/* I - C
   return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
 }
 
@ -1627,9 +1627,9 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.c.lspp cups-1.4b2-svn8404/scheduler/c
 /*
  * 'read_policy()' - Read a <Policy name> definition.
 diff -up cups-1.4b2-svn8404/scheduler/conf.h.lspp cups-1.4b2-svn8404/scheduler/conf.h
--- cups-1.4b2-svn8404/scheduler/conf.h.lspp	2009-03-05 11:40:03.000000000 +0000
-+++ cups-1.4b2-svn8404/scheduler/conf.h	2009-03-05 11:40:03.000000000 +0000
-@@ -246,6 +246,12 @@ VAR char		*ServerKey		VALUE(NULL);
+--- cups-1.4b2-svn8404/scheduler/conf.h.lspp	2009-04-17 16:48:03.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/conf.h	2009-04-17 16:48:03.000000000 +0100
+@@ -259,6 +259,12 @@ VAR char		*ServerKey		VALUE(NULL);
 VAR int			SSLOptions		VALUE(CUPSD_SSL_NONE);
 					/* SSL/TLS options */
 #endif /* HAVE_SSL */
@ -1642,7 +1642,7 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.h.lspp cups-1.4b2-svn8404/scheduler/c
 
 #ifdef HAVE_LAUNCHD
 VAR int			LaunchdTimeout		VALUE(DEFAULT_KEEPALIVE);
-@@ -264,6 +270,9 @@ VAR char		*SystemGroupAuthKey	VALUE(NULL
+@@ -277,6 +283,9 @@ VAR char		*SystemGroupAuthKey	VALUE(NULL
 					/* System group auth key */
 #endif /* HAVE_AUTHORIZATION_H */
 
@ -1653,8 +1653,8 @@ diff -up cups-1.4b2-svn8404/scheduler/conf.h.lspp cups-1.4b2-svn8404/scheduler/c
 /*
  * Prototypes...
 diff -up cups-1.4b2-svn8404/scheduler/ipp.c.lspp cups-1.4b2-svn8404/scheduler/ipp.c
--- cups-1.4b2-svn8404/scheduler/ipp.c.lspp	2009-03-05 11:40:03.000000000 +0000
-+++ cups-1.4b2-svn8404/scheduler/ipp.c	2009-03-05 11:40:03.000000000 +0000
+--- cups-1.4b2-svn8404/scheduler/ipp.c.lspp	2009-04-17 16:48:02.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/ipp.c	2009-04-17 16:48:03.000000000 +0100
@@ -41,6 +41,7 @@
  *   cancel_all_jobs()           - Cancel all print jobs.
  *   cancel_job()                - Cancel a print job.
@ -2247,8 +2247,8 @@ diff -up cups-1.4b2-svn8404/scheduler/ipp.c.lspp cups-1.4b2-svn8404/scheduler/ip
   * Check the username against the owner...
   */
 diff -up cups-1.4b2-svn8404/scheduler/job.c.lspp cups-1.4b2-svn8404/scheduler/job.c
--- cups-1.4b2-svn8404/scheduler/job.c.lspp	2009-03-05 11:40:03.000000000 +0000
-+++ cups-1.4b2-svn8404/scheduler/job.c	2009-03-05 12:07:09.000000000 +0000
+--- cups-1.4b2-svn8404/scheduler/job.c.lspp	2009-04-17 16:48:02.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/job.c	2009-04-17 16:48:03.000000000 +0100
@@ -65,6 +65,9 @@
  *   update_job_attrs()         - Update the job-printer-* attributes.
  */
@ -2643,7 +2643,7 @@ diff -up cups-1.4b2-svn8404/scheduler/job.c.lspp cups-1.4b2-svn8404/scheduler/jo
   */
 diff -up cups-1.4b2-svn8404/scheduler/job.h.lspp cups-1.4b2-svn8404/scheduler/job.h
 --- cups-1.4b2-svn8404/scheduler/job.h.lspp	2009-03-05 10:54:00.000000000 +0000
-+++ cups-1.4b2-svn8404/scheduler/job.h	2009-03-05 11:40:03.000000000 +0000
+++ cups-1.4b2-svn8404/scheduler/job.h	2009-04-17 16:48:03.000000000 +0100
@@ -13,6 +13,13 @@
  *   file is missing or damaged, see the license at "http://www.cups.org/".
  */
@ -2670,8 +2670,8 @@ diff -up cups-1.4b2-svn8404/scheduler/job.h.lspp cups-1.4b2-svn8404/scheduler/jo
 
 
 diff -up cups-1.4b2-svn8404/scheduler/main.c.lspp cups-1.4b2-svn8404/scheduler/main.c
--- cups-1.4b2-svn8404/scheduler/main.c.lspp	2009-03-05 11:40:03.000000000 +0000
-+++ cups-1.4b2-svn8404/scheduler/main.c	2009-03-05 11:40:03.000000000 +0000
+--- cups-1.4b2-svn8404/scheduler/main.c.lspp	2009-04-17 16:48:02.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/main.c	2009-04-17 16:48:03.000000000 +0100
@@ -35,6 +35,8 @@
  *   usage()                   - Show scheduler usage.
  */
@ -2740,8 +2740,8 @@ diff -up cups-1.4b2-svn8404/scheduler/main.c.lspp cups-1.4b2-svn8404/scheduler/m
 }
 
 diff -up cups-1.4b2-svn8404/scheduler/printers.c.lspp cups-1.4b2-svn8404/scheduler/printers.c
--- cups-1.4b2-svn8404/scheduler/printers.c.lspp	2009-03-05 11:40:03.000000000 +0000
-+++ cups-1.4b2-svn8404/scheduler/printers.c	2009-03-05 11:40:03.000000000 +0000
+--- cups-1.4b2-svn8404/scheduler/printers.c.lspp	2009-04-17 16:48:02.000000000 +0100
+++ cups-1.4b2-svn8404/scheduler/printers.c	2009-04-17 16:48:03.000000000 +0100
@@ -58,6 +58,8 @@
  *   write_xml_string()         - Write a string with XML escaping.
  */
--- a/cups.spec
+++ b/cups.spec
@ -8,7 +8,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4
-Release: 0.%{pre}.13%{?dist}
+Release: 0.%{pre}.14%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?pre}%{?svn}-source.tar.bz2
@ -49,6 +49,8 @@ Patch22: cups-build.patch
 Patch23: cups-res_init.patch
 Patch26: cups-avahi.patch
 Patch27: cups-missing-devices.patch
+Patch28: cups-CVE-2009-0163.patch
+Patch29: cups-CVE-2009-0164.patch
 Patch100: cups-lspp.patch
 Epoch: 1
 Url: http://www.cups.org/
@ -191,6 +193,8 @@ module.
 %patch23 -p1 -b .res_init
 %patch26 -p1 -b .avahi
 %patch27 -p1 -b .missing-devices
+%patch28 -p1 -b .CVE-2009-0163
+%patch29 -p1 -b .CVE-2009-0164

 %if %lspp
 %patch100 -p1 -b .lspp
@ -472,6 +476,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/php/modules/*.so

 %changelog
+* Fri Apr 17 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.b2.14
+- Applied patch to fix CVE-2009-0163 (bug #490596).
+- Applied patch to fix CVE-2009-0164 (bug #490597).
+
 * Thu Apr  2 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.b2.13
 - Don't verify MD5 sum, file size, or mtime for several config files:
  cupsd.conf, client.conf, classes.conf, printers.conf, snmp.conf,