- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are

not moved in array operations, only pointers to them.
2007-11-30 09:22:14 +00:00 · 2007-11-30 09:22:14 +00:00 · 3caba5fe91
commit 3caba5fe91
parent b0dd15a49e
2 changed files with 4 additions and 48 deletions
--- a/cups-CVE-2007-4045.patch
+++ b/cups-CVE-2007-4045.patch
@ -1,46 +0,0 @@
-diff -up cups-1.3.4/scheduler/client.c.CVE-2007-4045 cups-1.3.4/scheduler/client.c
--- cups-1.3.4/scheduler/client.c.CVE-2007-4045	2007-11-07 21:11:58.000000000 +0000
-+++ cups-1.3.4/scheduler/client.c	2007-11-07 21:13:26.000000000 +0000
-@@ -114,6 +114,25 @@ static int		write_file(cupsd_client_t *c
- static void		write_pipe(cupsd_client_t *con);
- 
- 
-+void
-+_cupsdFixClientsBIO(void)
-+{
-+#ifdef HAVE_LIBSSL
-+  cupsd_client_t *c;
-+  BIO *bio;
-+  cupsArraySave (Clients);
-+  for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
-+       c;
-+       c = (cupsd_client_t *)cupsArrayNext(Clients))
-+  {
-+    if (c->http.tls)
-+      BIO_ctrl(SSL_get_wbio(c->http.tls), BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
-+  }
-+  cupsArrayRestore (Clients);
-+#endif
-+}
-+
-+
- /*
-  * 'cupsdAcceptClient()' - Accept a new client.
-  */
-@@ -451,6 +470,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
-   }
- 
-   cupsArrayAdd(Clients, con);
-+  _cupsdFixClientsBIO();
- 
-   cupsdLogMessage(CUPSD_LOG_DEBUG2,
-                   "cupsdAcceptClient: %d connected to server on %s:%d",
-@@ -735,6 +755,7 @@ cupsdCloseClient(cupsd_client_t *con)	/*
-     */
- 
-     cupsArrayRemove(Clients, con);
-+    _cupsdFixClientsBIO();
- 
-     free(con);
-   }
-diff -up cups-1.3.4/scheduler/main.c.CVE-2007-4045 cups-1.3.4/scheduler/main.c
--- a/cups.spec
+++ b/cups.spec
@ -45,7 +45,6 @@ Patch20: cups-getpass.patch
 Patch21: cups-driverd-timeout.patch
 Patch25: cups-usb-paperout.patch
 Patch26: cups-CVE-2007-4352,5392,5393.patch
-Patch27: cups-CVE-2007-4045.patch
 Patch100: cups-lspp.patch
 Epoch: 1
 Url: http://www.cups.org/
@ -157,7 +156,6 @@ lpd emulation.
 %patch21 -p1 -b .driverd-timeout
 %patch25 -p1 -b .usb-paperout
 %patch26 -p1 -b .CVE-2007-4352,5392,5393
-%patch27 -p1 -b .CVE-2007-4045

 %if %lspp
 %patch100 -p1 -b .lspp
@ -449,6 +447,10 @@ rm -rf $RPM_BUILD_ROOT
 %{cups_serverbin}/daemon/cups-lpd

 %changelog
+* Fri Nov 30 2007 Tim Waugh <twaugh@redhat.com>
+- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are
+  not moved in array operations, only pointers to them.
+
 * Tue Nov 27 2007 Tim Waugh <twaugh@redhat.com>
 - Updated to improved dnssd backend from Till Kamppeter.