On Mon, Jan 26, 2009 at 11:21:59AM +0100, Martin Pitt wrote:
> You uploaded to unstable against 1.3.8, though.
Ups. Here is the other version.
Bastian
--
Respect is a rational process
-- McCoy, "The Galileo Seven", stardate 2822.3
diff -u cups-1.3.8/debian/changelog cups-1.3.8/debian/changelog
--- cups-1.3.8/debian/changelog
+++ cups-1.3.8/debian/changelog
@@ -1,3 +1,11 @@
+cups (1.3.8-1lenny4.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply upstream patch to fix client request loop for large request over
+ SSL. (closes: #506702)
+
+ -- Bastian Blank <wa...@debian.org> Tue, 13 Jan 2009 17:03:55 +0100
+
cups (1.3.8-1lenny4) unstable; urgency=high
* High urgency due to security bug fix.
diff -u cups-1.3.8/debian/patches/00list cups-1.3.8/debian/patches/00list
--- cups-1.3.8/debian/patches/00list
+++ cups-1.3.8/debian/patches/00list
@@ -11,6 +11,7 @@
hpgl-regression.dpatch
runloop-backchannel-eof-spin.dpatch
png-image-int-overflow.dpatch
+client-ssl-hang.dpatch
# patches sent upstream
pidfile.dpatch
only in patch2:
unchanged:
--- cups-1.3.8.orig/debian/patches/client-ssl-hang.dpatch
+++ cups-1.3.8/debian/patches/client-ssl-hang.dpatch
@@ -0,0 +1,90 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## DP: Fix client loop for SSL connections.
+
+--- a/scheduler/client.c (revision 7820)
++++ b/scheduler/client.c (working copy)
+@@ -28,6 +28,7 @@
+ * cupsdUpdateCGI() - Read status messages from CGI scripts and
programs.
+ * cupsdWriteClient() - Write data to a client as needed.
+ * check_if_modified() - Decode an "If-Modified-Since" line.
++ * data_ready() - Check whether data is available from a client.
+ * encrypt_client() - Enable encryption for the client...
+ * get_cdsa_certificate() - Convert a keychain name into the CFArrayRef
+ * required by SSLSetCertificate.
+@@ -83,6 +84,7 @@
+
+ static int check_if_modified(cupsd_client_t *con,
+ struct stat *filestats);
++static int data_ready(cupsd_client_t *con);
+ #ifdef HAVE_SSL
+ static int encrypt_client(cupsd_client_t *con);
+ #endif /* HAVE_SSL */
+@@ -989,8 +991,7 @@
+ */
+
+ while ((status = httpUpdate(HTTP(con))) == HTTP_CONTINUE)
+- if (con->http.used == 0 ||
+- !memchr(con->http.buffer, '\n', con->http.used))
++ if (!data_ready(con))
+ break;
+
+ if (status != HTTP_OK && status != HTTP_CONTINUE)
+@@ -1889,7 +1890,7 @@
+ }
+ }
+ }
+- while (con->http.state == HTTP_PUT_RECV && con->http.used > 0);
++ while (con->http.state == HTTP_PUT_RECV && data_ready(con));
+
+ if (con->http.state == HTTP_WAITING)
+ {
+@@ -2064,7 +2065,7 @@
+ }
+ }
+ }
+- while (con->http.state == HTTP_POST_RECV && con->http.used > 0);
++ while (con->http.state == HTTP_POST_RECV && data_ready(con));
+
+ if (con->http.state == HTTP_POST_SEND)
+ {
+@@ -2914,7 +2915,39 @@
+ }
+
+
++/*
++ * 'data_ready()' - Check whether data is available from a client.
++ */
++
++static int /* O - 1 if data is ready, 0 otherwise
*/
++data_ready(cupsd_client_t *con) /* I - Client */
++{
++ if (con->http.used > 0)
++ return (1);
+ #ifdef HAVE_SSL
++ else if (con->http.tls)
++ {
++# ifdef HAVE_LIBSSL
++ if (SSL_pending((SSL *)(con->http.tls)))
++ return (1);
++# elif defined(HAVE_GNUTLS)
++ if (gnutls_record_check_pending(((http_tls_t *)(con->http.tls))->session))
++ return (1);
++# elif defined(HAVE_CDSASSL)
++ size_t bytes; /* Bytes that are available */
++
++ if (!SSLGetBufferedReadSize(((http_tls_t *)(con->http.tls))->session,
++ &bytes) && bytes > 0)
++ return (1);
++# endif /* HAVE_LIBSSL */
++ }
++#endif /* HAVE_SSL */
++
++ return (0);
++}
++
++
++#ifdef HAVE_SSL
+ /*
+ * 'encrypt_client()' - Enable encryption for the client...
+ */
