- 1.3.9, including fixes for CVE-2008-3639 (STR #2918, bug #464710),

CVE-2008-3640 (STR #2919, bug #464713) and CVE-2008-3641 (STR #2911, bug #464716). - No longer need str2892 or res_init patches.
2008-10-10 09:44:33 +00:00 · 2008-10-10 09:44:33 +00:00 · f5608b99a9
commit f5608b99a9
parent d9669961e9
6 changed files with 61 additions and 289 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -33,3 +33,4 @@ cups-1.3.5-source.tar.bz2
 cups-1.3.6-source.tar.bz2
 cups-1.3.7-source.tar.bz2
 cups-1.3.8-source.tar.bz2
+cups-1.3.9-source.tar.bz2
--- a/cups-getnameddest.patch
+++ b/cups-getnameddest.patch
@ -1,6 +1,6 @@
-diff -up cups-1.3.8/berkeley/lpr.c.getnameddest cups-1.3.8/berkeley/lpr.c
--- cups-1.3.8/berkeley/lpr.c.getnameddest	2008-07-28 16:28:24.000000000 +0100
-+++ cups-1.3.8/berkeley/lpr.c	2008-07-28 16:28:24.000000000 +0100
+diff -up cups-1.3.9/berkeley/lpr.c.getnameddest cups-1.3.9/berkeley/lpr.c
+--- cups-1.3.9/berkeley/lpr.c.getnameddest	2008-10-10 09:35:05.000000000 +0100
+++ cups-1.3.9/berkeley/lpr.c	2008-10-10 09:35:05.000000000 +0100
@@ -92,9 +92,7 @@ main(int  argc,				/* I - Number of comm
   int		num_copies;		/* Number of copies per file */
   int		num_files;		/* Number of files to print */
@ -55,9 +55,9 @@ diff -up cups-1.3.8/berkeley/lpr.c.getnameddest cups-1.3.8/berkeley/lpr.c
       _cupsLangPrintf(stderr,
                       _("%s: Error - %s environment variable names "
 		        "non-existent destination \"%s\"!\n"),
-diff -up cups-1.3.8/cups/cups.h.getnameddest cups-1.3.8/cups/cups.h
--- cups-1.3.8/cups/cups.h.getnameddest	2008-07-11 23:48:49.000000000 +0100
-+++ cups-1.3.8/cups/cups.h	2008-07-28 16:28:24.000000000 +0100
+diff -up cups-1.3.9/cups/cups.h.getnameddest cups-1.3.9/cups/cups.h
+--- cups-1.3.9/cups/cups.h.getnameddest	2008-07-23 01:06:46.000000000 +0100
+++ cups-1.3.9/cups/cups.h	2008-10-10 09:35:05.000000000 +0100
@@ -248,6 +248,9 @@ extern void		cupsSetDefaultDest(const ch
 					   int num_dests,
 					   cups_dest_t *dests);
@ -68,9 +68,9 @@ diff -up cups-1.3.8/cups/cups.h.getnameddest cups-1.3.8/cups/cups.h
 
 #  ifdef __cplusplus
 }
-diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
--- cups-1.3.8/cups/dest.c.getnameddest	2008-07-11 23:48:49.000000000 +0100
-+++ cups-1.3.8/cups/dest.c	2008-07-28 16:28:24.000000000 +0100
+diff -up cups-1.3.9/cups/dest.c.getnameddest cups-1.3.9/cups/dest.c
+--- cups-1.3.9/cups/dest.c.getnameddest	2008-09-17 00:37:56.000000000 +0100
+++ cups-1.3.9/cups/dest.c	2008-10-10 09:36:02.000000000 +0100
@@ -25,6 +25,7 @@
  *                              server.
  *   cupsGetDests2()          - Get the list of destinations from the
@ -128,18 +128,19 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 
   return (num_dests);
 }
-@@ -330,8 +333,8 @@ cupsGetDests2(http_t      *http,	/* I - 
+@@ -330,9 +333,9 @@ cupsGetDests2(http_t      *http,	/* I - 
   * Grab the printers and classes...
   */
 
 -  num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, num_dests, dests);
-  num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, num_dests, dests);
 +  num_dests = cups_get_sdests(http, CUPS_GET_PRINTERS, NULL, num_dests, dests);
-+  num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, NULL, num_dests, dests);
+   if (cupsLastError() < IPP_REDIRECTION_OTHER_SITE)
+-    num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, num_dests, dests);
+    num_dests = cups_get_sdests(http, CUPS_GET_CLASSES, NULL, num_dests, dests);
 
-  /*
-   * Make a copy of the "real" queues for a later sanity check...
-@@ -390,7 +393,7 @@ cupsGetDests2(http_t      *http,	/* I - 
+   if (cupsLastError() >= IPP_REDIRECTION_OTHER_SITE)
+   {
+@@ -398,7 +401,7 @@ cupsGetDests2(http_t      *http,	/* I - 
   */
 
   snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
@ -148,7 +149,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 
   if ((home = getenv("HOME")) != NULL)
   {
-@@ -398,7 +401,7 @@ cupsGetDests2(http_t      *http,	/* I - 
+@@ -406,7 +409,7 @@ cupsGetDests2(http_t      *http,	/* I - 
     if (access(filename, 0))
       snprintf(filename, sizeof(filename), "%s/.lpoptions", home);
 
@ -157,7 +158,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
   }
 
  /*
-@@ -452,6 +455,136 @@ cupsGetDests2(http_t      *http,	/* I - 
+@@ -460,6 +463,136 @@ cupsGetDests2(http_t      *http,	/* I - 
 
 
 /*
@ -294,7 +295,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
  * 'cupsRemoveDest()' - Remove a destination from the destination list.
  *
  * Removing a destination/instance does not delete the class or printer
-@@ -548,19 +681,17 @@ void
+@@ -556,19 +689,17 @@ void
 cupsSetDests(int         num_dests,	/* I - Number of destinations */
              cups_dest_t *dests)	/* I - Destinations */
 {
@ -318,7 +319,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 }
 
 
-@@ -606,8 +737,8 @@ cupsSetDests2(http_t      *http,	/* I - 
+@@ -614,8 +745,8 @@ cupsSetDests2(http_t      *http,	/* I - 
   * Get the server destinations...
   */
 
@ -329,7 +330,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 
  /*
   * Figure out which file to write to...
-@@ -622,7 +753,7 @@ cupsSetDests2(http_t      *http,	/* I - 
+@@ -630,7 +761,7 @@ cupsSetDests2(http_t      *http,	/* I - 
     * Merge in server defaults...
     */
 
@ -338,7 +339,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 
    /*
     * Point to user defaults...
-@@ -789,24 +920,88 @@ cupsSetDests2(http_t      *http,	/* I - 
+@@ -797,24 +928,88 @@ cupsSetDests2(http_t      *http,	/* I - 
 
 
 /*
@ -428,7 +429,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
  /*
   * Check environment variables...
   */
-@@ -816,12 +1011,8 @@ cups_get_dests(const char  *filename,	/*
+@@ -824,12 +1019,8 @@ cups_get_dests(const char  *filename,	/*
       if (strcmp(printer, "lp") == 0)
         printer = NULL;
 
@ -443,7 +444,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 
  /*
   * Read each printer; each line looks like:
-@@ -830,28 +1021,22 @@ cups_get_dests(const char  *filename,	/*
+@@ -838,28 +1029,22 @@ cups_get_dests(const char  *filename,	/*
   *    Default name[/instance] options
   */
 
@ -481,7 +482,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 
     name = lineptr;
 
-@@ -862,9 +1047,6 @@ cups_get_dests(const char  *filename,	/*
+@@ -870,9 +1055,6 @@ cups_get_dests(const char  *filename,	/*
     while (!isspace(*lineptr & 255) && *lineptr && *lineptr != '/')
       lineptr ++;
 
@ -491,7 +492,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
     if (*lineptr == '/')
     {
      /*
-@@ -884,30 +1066,49 @@ cups_get_dests(const char  *filename,	/*
+@@ -892,30 +1074,49 @@ cups_get_dests(const char  *filename,	/*
     else
       instance = NULL;
 
@ -554,7 +555,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
     }
 
    /*
-@@ -918,11 +1119,20 @@ cups_get_dests(const char  *filename,	/*
+@@ -926,11 +1127,20 @@ cups_get_dests(const char  *filename,	/*
                                          &(dest->options));
 
    /*
@ -576,7 +577,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
       for (i = 0; i < num_dests; i ++)
         (*dests)[i].is_default = 0;
 
-@@ -934,7 +1144,7 @@ cups_get_dests(const char  *filename,	/*
+@@ -942,7 +1152,7 @@ cups_get_dests(const char  *filename,	/*
   * Close the file and return...
   */
 
@ -585,7 +586,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 
   return (num_dests);
 }
-@@ -946,7 +1156,8 @@ cups_get_dests(const char  *filename,	/*
+@@ -954,7 +1164,8 @@ cups_get_dests(const char  *filename,	/*
 
 static int				/* O - Number of destinations */
 cups_get_sdests(http_t      *http,	/* I - HTTP connection */
@ -595,7 +596,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
                 int         num_dests,	/* I - Number of destinations */
                 cups_dest_t **dests)	/* IO - Destinations */
 {
-@@ -963,8 +1174,9 @@ cups_get_sdests(http_t      *http,	/* I 
+@@ -971,8 +1182,9 @@ cups_get_sdests(http_t      *http,	/* I 
   const char	*info,			/* printer-info attribute */
 		*location,		/* printer-location attribute */
 		*make_model,		/* printer-make-and-model attribute */
@ -607,7 +608,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 		auth_info_req[1024],	/* auth-info-required attribute */
 		reasons[1024];		/* printer-state-reasons attribute */
   int		num_options;		/* Number of options */
-@@ -1008,6 +1220,14 @@ cups_get_sdests(http_t      *http,	/* I 
+@@ -1016,6 +1228,14 @@ cups_get_sdests(http_t      *http,	/* I 
   ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME,
                "requesting-user-name", NULL, cupsUser());
 
@ -622,7 +623,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
  /*
   * Do the request and get back a response...
   */
-@@ -1030,17 +1250,17 @@ cups_get_sdests(http_t      *http,	/* I 
+@@ -1038,17 +1258,17 @@ cups_get_sdests(http_t      *http,	/* I 
       * Pull the needed attributes from this printer...
       */
 
@ -651,7 +652,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 
       auth_info_req[0] = '\0';
       job_sheets[0]    = '\0';
-@@ -1091,7 +1311,7 @@ cups_get_sdests(http_t      *http,	/* I 
+@@ -1099,7 +1319,7 @@ cups_get_sdests(http_t      *http,	/* I 
 	  make_model = attr->values[0].string.text;
         else if (!strcmp(attr->name, "printer-name") &&
 	         attr->value_tag == IPP_TAG_NAME)
@ -660,7 +661,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
 	else if (!strcmp(attr->name, "printer-state") &&
 	         attr->value_tag == IPP_TAG_ENUM)
           state = attr->values[0].integer;
-@@ -1196,7 +1416,7 @@ cups_get_sdests(http_t      *http,	/* I 
+@@ -1204,7 +1424,7 @@ cups_get_sdests(http_t      *http,	/* I 
       * See if we have everything needed...
       */
 
@ -669,7 +670,7 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
       {
         cupsFreeOptions(num_options, options);
 
-@@ -1206,9 +1426,9 @@ cups_get_sdests(http_t      *http,	/* I 
+@@ -1214,9 +1434,9 @@ cups_get_sdests(http_t      *http,	/* I 
           continue;
       }
 
@ -681,9 +682,9 @@ diff -up cups-1.3.8/cups/dest.c.getnameddest cups-1.3.8/cups/dest.c
       {
         dest->num_options = num_options;
 	dest->options     = options;
-diff -up cups-1.3.8/cups/libcups.exp.getnameddest cups-1.3.8/cups/libcups.exp
--- cups-1.3.8/cups/libcups.exp.getnameddest	2008-04-09 04:39:40.000000000 +0100
-+++ cups-1.3.8/cups/libcups.exp	2008-07-28 16:28:24.000000000 +0100
+diff -up cups-1.3.9/cups/libcups.exp.getnameddest cups-1.3.9/cups/libcups.exp
+--- cups-1.3.9/cups/libcups.exp.getnameddest	2008-04-09 04:39:40.000000000 +0100
+++ cups-1.3.9/cups/libcups.exp	2008-10-10 09:35:05.000000000 +0100
@@ -114,6 +114,7 @@ _cupsGetFd
 _cupsGetFile
 _cupsGetJobs
@ -692,9 +693,9 @@ diff -up cups-1.3.8/cups/libcups.exp.getnameddest cups-1.3.8/cups/libcups.exp
 _cupsGetOption
 _cupsGetPassword
 _cupsGetPPD
-diff -up cups-1.3.8/cups/Makefile.getnameddest cups-1.3.8/cups/Makefile
--- cups-1.3.8/cups/Makefile.getnameddest	2008-02-20 20:18:33.000000000 +0000
-+++ cups-1.3.8/cups/Makefile	2008-07-28 16:28:24.000000000 +0100
+diff -up cups-1.3.9/cups/Makefile.getnameddest cups-1.3.9/cups/Makefile
+--- cups-1.3.9/cups/Makefile.getnameddest	2008-09-06 01:30:39.000000000 +0100
+++ cups-1.3.9/cups/Makefile	2008-10-10 09:35:05.000000000 +0100
@@ -263,7 +263,7 @@ libcups.so.2 libcups.sl.2:	$(LIBOBJS)
 # libcups.2.dylib
 #
@ -704,9 +705,9 @@ diff -up cups-1.3.8/cups/Makefile.getnameddest cups-1.3.8/cups/Makefile
 	echo Linking $@...
 	$(DSO) $(ARCHFLAGS) $(DSOFLAGS) -o $@ \
 		-install_name $(libdir)/$@ \
-diff -up cups-1.3.8/cups/testcups.c.getnameddest cups-1.3.8/cups/testcups.c
--- cups-1.3.8/cups/testcups.c.getnameddest	2008-07-11 23:48:49.000000000 +0100
-+++ cups-1.3.8/cups/testcups.c	2008-07-28 16:37:24.000000000 +0100
+diff -up cups-1.3.9/cups/testcups.c.getnameddest cups-1.3.9/cups/testcups.c
+--- cups-1.3.9/cups/testcups.c.getnameddest	2008-07-11 23:48:49.000000000 +0100
+++ cups-1.3.9/cups/testcups.c	2008-10-10 09:35:05.000000000 +0100
@@ -16,7 +16,8 @@
  *
  * Contents:
@ -947,9 +948,9 @@ diff -up cups-1.3.8/cups/testcups.c.getnameddest cups-1.3.8/cups/testcups.c
 +/*
  * End of "$Id: testcups.c 7721 2008-07-11 22:48:49Z mike $".
  */
-diff -up cups-1.3.8/systemv/lp.c.getnameddest cups-1.3.8/systemv/lp.c
--- cups-1.3.8/systemv/lp.c.getnameddest	2008-07-11 23:48:49.000000000 +0100
-+++ cups-1.3.8/systemv/lp.c	2008-07-28 16:28:24.000000000 +0100
+diff -up cups-1.3.9/systemv/lp.c.getnameddest cups-1.3.9/systemv/lp.c
+--- cups-1.3.9/systemv/lp.c.getnameddest	2008-07-11 23:48:49.000000000 +0100
+++ cups-1.3.9/systemv/lp.c	2008-10-10 09:35:05.000000000 +0100
@@ -73,9 +73,7 @@ main(int  argc,				/* I - Number of comm
   int		num_copies;		/* Number of copies per file */
   int		num_files;		/* Number of files to print */
--- a/cups-res_init.patch
+++ b/cups-res_init.patch
@ -1,146 +0,0 @@
-diff -up cups-1.3.8/config.h.in.res_init cups-1.3.8/config.h.in
--- cups-1.3.8/config.h.in.res_init	2008-09-03 15:34:23.000000000 +0100
-+++ cups-1.3.8/config.h.in	2008-09-03 15:34:52.000000000 +0100
-@@ -365,6 +365,13 @@
- 
- 
- /*
-+ * Do we have __res_init()?
-+ */
-+
-+#undef HAVE_RES_INIT
-+
-+
-+/*
-  * Do we have hstrerror()?
-  */
- 
-diff -up cups-1.3.8/config-scripts/cups-network.m4.res_init cups-1.3.8/config-scripts/cups-network.m4
--- cups-1.3.8/config-scripts/cups-network.m4.res_init	2007-12-19 01:47:57.000000000 +0000
-+++ cups-1.3.8/config-scripts/cups-network.m4	2008-09-03 15:34:14.000000000 +0100
-@@ -18,6 +18,7 @@ AC_SEARCH_LIBS(gethostbyaddr, nsl)
- AC_SEARCH_LIBS(getifaddrs, nsl, AC_DEFINE(HAVE_GETIFADDRS))
- AC_SEARCH_LIBS(hstrerror, nsl socket resolv, AC_DEFINE(HAVE_HSTRERROR))
- AC_SEARCH_LIBS(rresvport_af, nsl, AC_DEFINE(HAVE_RRESVPORT_AF))
-+AC_SEARCH_LIBS(__res_init, resolv bind, AC_DEFINE(HAVE_RES_INIT))
- 
- # Tru64 5.1b leaks file descriptors with these functions; disable until
- # we can come up with a test for this...
-diff -up cups-1.3.8/configure.res_init cups-1.3.8/configure
--- cups-1.3.8/configure.res_init	2008-09-03 15:34:14.000000000 +0100
-+++ cups-1.3.8/configure	2008-09-03 15:34:14.000000000 +0100
-@@ -12189,6 +12189,92 @@ _ACEOF
- 
- fi
- 
-+{ echo "$as_me:$LINENO: checking for library containing __res_init" >&5
-+echo $ECHO_N "checking for library containing __res_init... $ECHO_C" >&6; }
-+if test "${ac_cv_search___res_init+set}" = set; then
-+  echo $ECHO_N "(cached) $ECHO_C" >&6
-+else
-+  ac_func_search_save_LIBS=$LIBS
-+cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h.  */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h.  */
-+
-+/* Override any GCC internal prototype to avoid an error.
-+   Use char because int might match the return type of a GCC
-+   builtin and then its argument prototype would still apply.  */
-+#ifdef __cplusplus
-+extern "C"
-+#endif
-+char __res_init ();
-+int
-+main ()
-+{
-+return __res_init ();
-+  ;
-+  return 0;
-+}
-+_ACEOF
-+for ac_lib in '' resolv bind; do
-+  if test -z "$ac_lib"; then
-+    ac_res="none required"
-+  else
-+    ac_res=-l$ac_lib
-+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-+  fi
-+  rm -f conftest.$ac_objext conftest$ac_exeext
-+if { (ac_try="$ac_link"
-+case "(($ac_try" in
-+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-+  *) ac_try_echo=$ac_try;;
-+esac
-+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-+  (eval "$ac_link") 2>conftest.er1
-+  ac_status=$?
-+  grep -v '^ *+' conftest.er1 >conftest.err
-+  rm -f conftest.er1
-+  cat conftest.err >&5
-+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+  (exit $ac_status); } && {
-+	 test -z "$ac_c_werror_flag" ||
-+	 test ! -s conftest.err
-+       } && test -s conftest$ac_exeext &&
-+       $as_test_x conftest$ac_exeext; then
-+  ac_cv_search___res_init=$ac_res
-+else
-+  echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+
-+fi
-+
-+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-+      conftest$ac_exeext
-+  if test "${ac_cv_search___res_init+set}" = set; then
-+  break
-+fi
-+done
-+if test "${ac_cv_search___res_init+set}" = set; then
-+  :
-+else
-+  ac_cv_search___res_init=no
-+fi
-+rm conftest.$ac_ext
-+LIBS=$ac_func_search_save_LIBS
-+fi
-+{ echo "$as_me:$LINENO: result: $ac_cv_search___res_init" >&5
-+echo "${ECHO_T}$ac_cv_search___res_init" >&6; }
-+ac_res=$ac_cv_search___res_init
-+if test "$ac_res" != no; then
-+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-+  cat >>confdefs.h <<\_ACEOF
-+#define HAVE_RES_INIT 1
-+_ACEOF
-+
-+fi
-+
- 
- # Tru64 5.1b leaks file descriptors with these functions; disable until
- # we can come up with a test for this...
-diff -up cups-1.3.8/scheduler/cups-polld.c.res_init cups-1.3.8/scheduler/cups-polld.c
--- cups-1.3.8/scheduler/cups-polld.c.res_init	2008-01-08 00:16:30.000000000 +0000
-+++ cups-1.3.8/scheduler/cups-polld.c	2008-09-03 15:34:14.000000000 +0100
-@@ -155,6 +155,18 @@ main(int  argc,				/* I - Number of comm
-       restart_polling = 0;
-       httpClose(http);
- 
-+#ifdef HAVE_RES_INIT
-+      if (!http)
-+      {
-+       /*
-+	* Reinit the resolver so that it doesn't cache a previous
-+	* hostname lookup failure.  This fixes the situation where a
-+	* network interface becomes available after polling starts.
-+	*/
-+	__res_init ();
-+      }
-+#endif /* HAVE_RES_INIT */
-+
-       if ((http = httpConnectEncrypt(argv[1], atoi(argv[2]),
-                                      cupsEncryption())) == NULL)
-       {
--- a/cups-str2892.patch
+++ b/cups-str2892.patch
@ -1,86 +0,0 @@
-diff -up cups-1.3.8/scheduler/client.c.str2892 cups-1.3.8/scheduler/client.c
--- cups-1.3.8/scheduler/client.c.str2892	2008-07-11 23:48:49.000000000 +0100
-+++ cups-1.3.8/scheduler/client.c	2008-08-03 11:42:35.000000000 +0100
-@@ -28,6 +28,7 @@
-  *   cupsdUpdateCGI()        - Read status messages from CGI scripts and programs.
-  *   cupsdWriteClient()      - Write data to a client as needed.
-  *   check_if_modified()     - Decode an "If-Modified-Since" line.
-+ *   data_ready()            - Check whether data is available from a client.
-  *   encrypt_client()        - Enable encryption for the client...
-  *   get_cdsa_certificate()  - Convert a keychain name into the CFArrayRef
-  *			       required by SSLSetCertificate.
-@@ -83,6 +84,7 @@ extern const char *cssmErrorString(int e
- 
- static int		check_if_modified(cupsd_client_t *con,
- 			                  struct stat *filestats);
-+static int		data_ready(cupsd_client_t *con);
- #ifdef HAVE_SSL
- static int		encrypt_client(cupsd_client_t *con);
- #endif /* HAVE_SSL */
-@@ -989,8 +991,7 @@ cupsdReadClient(cupsd_client_t *con)	/* 
- 	*/
- 
-         while ((status = httpUpdate(HTTP(con))) == HTTP_CONTINUE)
-	  if (con->http.used == 0 ||
-	      !memchr(con->http.buffer, '\n', con->http.used))
-+	  if (!data_ready(con))
- 	    break;
- 
- 	if (status != HTTP_OK && status != HTTP_CONTINUE)
-@@ -1889,7 +1890,7 @@ cupsdReadClient(cupsd_client_t *con)	/* 
- 	    }
- 	  }
-         }
-	while (con->http.state == HTTP_PUT_RECV && con->http.used > 0);
-+	while (con->http.state == HTTP_PUT_RECV && data_ready(con));
- 
-         if (con->http.state == HTTP_WAITING)
- 	{
-@@ -2064,7 +2065,7 @@ cupsdReadClient(cupsd_client_t *con)	/* 
- 	    }
- 	  }
-         }
-	while (con->http.state == HTTP_POST_RECV && con->http.used > 0);
-+	while (con->http.state == HTTP_POST_RECV && data_ready(con));
- 
- 	if (con->http.state == HTTP_POST_SEND)
- 	{
-@@ -2914,6 +2915,38 @@ check_if_modified(
- }
- 
- 
-+/*
-+ * 'data_ready()' - Check whether data is available from a client.
-+ */
-+
-+static int				/* O - 1 if data is ready, 0 otherwise */
-+data_ready(cupsd_client_t *con)		/* I - Client */
-+{
-+  if (con->http.used > 0)
-+    return (1);
-+#ifdef HAVE_SSL
-+  else if (con->http.tls)
-+  {
-+#  ifdef HAVE_LIBSSL
-+    if (SSL_pending((SSL *)(con->http.tls)))
-+      return (1);
-+#  elif defined(HAVE_GNUTLS)
-+    if (gnutls_record_check_pending(((http_tls_t *)(con->http.tls))->session))
-+      return (1);
-+#  elif defined(HAVE_CDSASSL)
-+    size_t bytes;			/* Bytes that are available */
-+
-+    if (!SSLGetBufferedReadSize(((http_tls_t *)(con->http.tls))->session,
-+                                &bytes) && bytes > 0)
-+      return (1);
-+#  endif /* HAVE_LIBSSL */
-+  }
-+#endif /* HAVE_SSL */
-+
-+  return (0);
-+}
-+
-+
- #ifdef HAVE_SSL
- /*
-  * 'encrypt_client()' - Enable encryption for the client...
--- a/cups.spec
+++ b/cups.spec
@ -6,8 +6,8 @@

 Summary: Common Unix Printing System
 Name: cups
-Version: 1.3.8
-Release: 6%{?svn:.svn%{svn}}%{?dist}
+Version: 1.3.9
+Release: 1%{?svn:.svn%{svn}}%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.bz2
@ -47,10 +47,8 @@ Patch19: cups-strict-ppd-line-length.patch
 Patch20: cups-logrotate.patch
 Patch21: cups-usb-paperout.patch
 Patch22: cups-getnameddest.patch
-Patch23: cups-str2892.patch
-Patch24: cups-str2101.patch
-Patch25: cups-res_init.patch
-Patch26: cups-str2536.patch
+Patch23: cups-str2101.patch
+Patch24: cups-str2536.patch
 Patch100: cups-lspp.patch
 Epoch: 1
 Url: http://www.cups.org/
@ -186,10 +184,8 @@ module.
 %patch20 -p1 -b .logrotate
 %patch21 -p1 -b .usb-paperout
 %patch22 -p1 -b .getnameddest
-%patch23 -p1 -b .str2892
-%patch24 -p1 -b .str2101
-%patch25 -p1 -b .res_init
-%patch26 -p1 -b .str2536
+%patch23 -p1 -b .str2101
+%patch24 -p1 -b .str2536

 %if %lspp
 %patch100 -p1 -b .lspp
@ -481,6 +477,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/php/modules/*.so

 %changelog
+* Fri Oct 10 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.9-1
+- 1.3.9, including fixes for CVE-2008-3639 (STR #2918, bug #464710),
+  CVE-2008-3640 (STR #2919, bug #464713) and CVE-2008-3641 (STR #2911,
+  bug #464716).
+- No longer need str2892 or res_init patches.
+
 * Wed Sep 10 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.8-6
 - Backported patch for FatalErrors configuration directive
  (bug #314941, STR #2536).
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 b0bb017098e8e76b8a25e666c41ce540  postscript.ppd.gz
-84e09577d673b212f605dd09caee456c  cups-1.3.8-source.tar.bz2
+cf63f451c356e6cabb08972d4d11c365  cups-1.3.9-source.tar.bz2