From 1f529d9f7e4fa4adcba552643b1e7aa076655da1 Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@fedoraproject.org>
Date: Mar 05 2010 10:54:30 +0000
Subject: - Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553, bug

    #557775).
- Added comments for all sources and patches.

---

diff --git a/cups-CVE-2010-0302.patch b/cups-CVE-2010-0302.patch
new file mode 100644
index 0000000..63d2081
--- /dev/null
+++ b/cups-CVE-2010-0302.patch
@@ -0,0 +1,24 @@
+diff -up cups-1.4.2/scheduler/select.c.CVE-2010-0302 cups-1.4.2/scheduler/select.c
+--- cups-1.4.2/scheduler/select.c.CVE-2010-0302	2010-03-05 10:37:49.990476887 +0000
++++ cups-1.4.2/scheduler/select.c	2010-03-05 10:38:01.803478081 +0000
+@@ -454,7 +454,8 @@ cupsdDoSelect(long timeout)		/* I - Time
+     if (fdptr->read_cb && event->filter == EVFILT_READ)
+       (*(fdptr->read_cb))(fdptr->data);
+ 
+-    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
++    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE &&
++        !cupsArrayFind(cupsd_inactive_fds, fdptr))
+       (*(fdptr->write_cb))(fdptr->data);
+ 
+     release_fd(fdptr);
+@@ -499,7 +500,9 @@ cupsdDoSelect(long timeout)		/* I - Time
+ 	if (fdptr->read_cb && (event->events & (EPOLLIN | EPOLLERR | EPOLLHUP)))
+ 	  (*(fdptr->read_cb))(fdptr->data);
+ 
+-	if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
++	if (fdptr->use > 1 && fdptr->write_cb &&
++	    (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)) &&
++	    !cupsArrayFind(cupsd_inactive_fds, fdptr))
+ 	  (*(fdptr->write_cb))(fdptr->data);
+ 
+ 	release_fd(fdptr);
diff --git a/cups.spec b/cups.spec
index 5db275b..0b48ee0 100644
--- a/cups.spec
+++ b/cups.spec
@@ -8,7 +8,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.4.2
-Release: 33%{?dist}
+Release: 34%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@@ -85,6 +85,7 @@ Patch51: cups-0755.patch
 Patch52: cups-str3460.patch
 Patch53: cups-EAI_AGAIN.patch
 Patch54: cups-str3505.patch
+Patch55: cups-CVE-2010-0302.patch
 
 Patch100: cups-lspp.patch
 
@@ -329,8 +330,12 @@ module.
 %patch53 -p1 -b .EAI_AGAIN
 # Update classes.conf when a class member printer is deleted
 %patch54 -p1 -b .str3505
+# Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553,
+# bug #557775).
+%patch55 -p1 -b .CVE-2010-0302
 
 %if %lspp
+# LSPP support.
 %patch100 -p1 -b .lspp
 %endif
 
@@ -619,7 +624,9 @@ rm -rf $RPM_BUILD_ROOT
 %{php_extdir}/phpcups.so
 
 %changelog
-* Tue Mar  2 2010 Tim Waugh <twaugh@redhat.com>
+* Fri Mar  5 2010 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-34
+- Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553,
+  bug #557775).
 - Added comments for all sources and patches.
 
 * Tue Mar  2 2010 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-33