From 7c82df1aee1df34361caa60d123002374bb71089 Mon Sep 17 00:00:00 2001
From: Timo Gurr <tgurr@gentoo.org>
Date: Fri, 16 Nov 2007 20:13:08 +0000
Subject: Revbump adding the patches to fix CVE-2007-4045, see bug #199195.
 Also remove an older vulnerable version. (Portage version: 2.1.3.19)

---
 .../cups/files/cups-1.2.4-CVE-2007-4045.patch      | 58 ++++++++++++++++++++++
 .../cups/files/cups-1.3.4-CVE-2007-4045.patch      | 47 ++++++++++++++++++
 net-print/cups/files/digest-cups-1.2.12-r1         |  3 --
 net-print/cups/files/digest-cups-1.2.12-r3         |  3 ++
 net-print/cups/files/digest-cups-1.3.4-r2          |  3 --
 net-print/cups/files/digest-cups-1.3.4-r3          |  3 ++
 6 files changed, 111 insertions(+), 6 deletions(-)
 create mode 100644 net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch
 create mode 100644 net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch
 delete mode 100644 net-print/cups/files/digest-cups-1.2.12-r1
 create mode 100644 net-print/cups/files/digest-cups-1.2.12-r3
 delete mode 100644 net-print/cups/files/digest-cups-1.3.4-r2
 create mode 100644 net-print/cups/files/digest-cups-1.3.4-r3

(limited to 'net-print/cups/files')

diff --git a/net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch b/net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch
new file mode 100644
index 000000000000..e28a7bb4ff9d
--- /dev/null
+++ b/net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch
@@ -0,0 +1,58 @@
+diff -up cups-1.2.4/scheduler/client.c.CVE-2007-4045 cups-1.2.4/scheduler/client.c
+--- cups-1.2.4/scheduler/client.c.CVE-2007-4045	2007-10-30 09:51:04.000000000 +0000
++++ cups-1.2.4/scheduler/client.c	2007-10-30 10:07:10.000000000 +0000
+@@ -105,6 +105,25 @@ static int		write_file(cupsd_client_t *c
+ 				   struct stat *filestats);
+ 
+ 
++void
++_cupsdFixClientsBIO(void)
++{
++#ifdef HAVE_LIBSSL
++  cupsd_client_t *c;
++  BIO *bio;
++  cupsArraySave (Clients);
++  for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
++       c;
++       c = (cupsd_client_t *)cupsArrayNext(Clients))
++  {
++    bio = SSL_get_wbio(c->http.tls);
++    BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
++  }
++  cupsArrayRestore (Clients);
++#endif
++}
++
++
+ /*
+  * 'cupsdAcceptClient()' - Accept a new client.
+  */
+@@ -438,6 +457,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
+   }
+ 
+   cupsArrayAdd(Clients, con);
++  _cupsdFixClientsBIO();
+ 
+   cupsdLogMessage(CUPSD_LOG_DEBUG2,
+                   "cupsdAcceptClient: %d connected to server on %s:%d",
+@@ -729,6 +749,7 @@ cupsdCloseClient(cupsd_client_t *con)	/*
+     */
+ 
+     cupsArrayRemove(Clients, con);
++    _cupsdFixClientsBIO();
+ 
+     free(con);
+   }
+diff -up cups-1.2.4/scheduler/main.c.CVE-2007-4045 cups-1.2.4/scheduler/main.c
+--- cups-1.2.4/scheduler/main.c.CVE-2007-4045	2007-10-30 09:51:04.000000000 +0000
++++ cups-1.2.4/scheduler/main.c	2007-10-30 09:51:05.000000000 +0000
+@@ -948,7 +948,7 @@ main(int  argc,				/* I - Number of comm
+       * Write data as needed...
+       */
+ 
+-      if (con->pipe_pid && FD_ISSET(con->file, input))
++      if (con->pipe_pid && con->file >= 0 && FD_ISSET(con->file, input))
+       {
+        /*
+         * Keep track of pending input from the file/pipe separately
+
diff --git a/net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch b/net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch
new file mode 100644
index 000000000000..aab1b213d018
--- /dev/null
+++ b/net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch
@@ -0,0 +1,47 @@
+diff -up cups-1.3.4/scheduler/client.c.CVE-2007-4045 cups-1.3.4/scheduler/client.c
+--- cups-1.3.4/scheduler/client.c.CVE-2007-4045	2007-11-07 21:11:58.000000000 +0000
++++ cups-1.3.4/scheduler/client.c	2007-11-07 21:13:26.000000000 +0000
+@@ -114,6 +114,25 @@ static int		write_file(cupsd_client_t *c
+ static void		write_pipe(cupsd_client_t *con);
+ 
+ 
++void
++_cupsdFixClientsBIO(void)
++{
++#ifdef HAVE_LIBSSL
++  cupsd_client_t *c;
++  BIO *bio;
++  cupsArraySave (Clients);
++  for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
++       c;
++       c = (cupsd_client_t *)cupsArrayNext(Clients))
++  {
++    bio = SSL_get_wbio(c->http.tls);
++    BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
++  }
++  cupsArrayRestore (Clients);
++#endif
++}
++
++
+ /*
+  * 'cupsdAcceptClient()' - Accept a new client.
+  */
+@@ -451,6 +470,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
+   }
+ 
+   cupsArrayAdd(Clients, con);
++  _cupsdFixClientsBIO();
+ 
+   cupsdLogMessage(CUPSD_LOG_DEBUG2,
+                   "cupsdAcceptClient: %d connected to server on %s:%d",
+@@ -735,6 +755,7 @@ cupsdCloseClient(cupsd_client_t *con)	/*
+     */
+ 
+     cupsArrayRemove(Clients, con);
++    _cupsdFixClientsBIO();
+ 
+     free(con);
+   }
+diff -up cups-1.3.4/scheduler/main.c.CVE-2007-4045 cups-1.3.4/scheduler/main.c
+
diff --git a/net-print/cups/files/digest-cups-1.2.12-r1 b/net-print/cups/files/digest-cups-1.2.12-r1
deleted file mode 100644
index 8073a9a92cbd..000000000000
--- a/net-print/cups/files/digest-cups-1.2.12-r1
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 d410658468384b5ba5d04a808f6157fe cups-1.2.12-source.tar.bz2 3788301
-RMD160 598270e37ff8a9b9ff1e667066d6f7e120493e32 cups-1.2.12-source.tar.bz2 3788301
-SHA256 b4ff8e934da7db32d5654360ea9068faa0ed5a00fde02161ae53c2052510d00f cups-1.2.12-source.tar.bz2 3788301
diff --git a/net-print/cups/files/digest-cups-1.2.12-r3 b/net-print/cups/files/digest-cups-1.2.12-r3
new file mode 100644
index 000000000000..8073a9a92cbd
--- /dev/null
+++ b/net-print/cups/files/digest-cups-1.2.12-r3
@@ -0,0 +1,3 @@
+MD5 d410658468384b5ba5d04a808f6157fe cups-1.2.12-source.tar.bz2 3788301
+RMD160 598270e37ff8a9b9ff1e667066d6f7e120493e32 cups-1.2.12-source.tar.bz2 3788301
+SHA256 b4ff8e934da7db32d5654360ea9068faa0ed5a00fde02161ae53c2052510d00f cups-1.2.12-source.tar.bz2 3788301
diff --git a/net-print/cups/files/digest-cups-1.3.4-r2 b/net-print/cups/files/digest-cups-1.3.4-r2
deleted file mode 100644
index 991c8b77ff2e..000000000000
--- a/net-print/cups/files/digest-cups-1.3.4-r2
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 4bd20d69bb083b42632346a383b6aefb cups-1.3.4-source.tar.bz2 4082345
-RMD160 30dd2925507a0c83513ee887debecb4bad1ddb53 cups-1.3.4-source.tar.bz2 4082345
-SHA256 91581afc60aa0a6789b1c0373bc204d3b7deec5b608cc3cadc8c07d0ba749154 cups-1.3.4-source.tar.bz2 4082345
diff --git a/net-print/cups/files/digest-cups-1.3.4-r3 b/net-print/cups/files/digest-cups-1.3.4-r3
new file mode 100644
index 000000000000..991c8b77ff2e
--- /dev/null
+++ b/net-print/cups/files/digest-cups-1.3.4-r3
@@ -0,0 +1,3 @@
+MD5 4bd20d69bb083b42632346a383b6aefb cups-1.3.4-source.tar.bz2 4082345
+RMD160 30dd2925507a0c83513ee887debecb4bad1ddb53 cups-1.3.4-source.tar.bz2 4082345
+SHA256 91581afc60aa0a6789b1c0373bc204d3b7deec5b608cc3cadc8c07d0ba749154 cups-1.3.4-source.tar.bz2 4082345
-- 
cgit v1.2.3-65-gdbad