From 8c7fca9523c82123310edeaef45067106fad465d Mon Sep 17 00:00:00 2001
From: Tim Waugh <twaugh@fedoraproject.org>
Date: Dec 03 2009 11:10:41 +0000
Subject: - Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).


---

diff --git a/cups-CVE-2009-3553.patch b/cups-CVE-2009-3553.patch
new file mode 100644
index 0000000..a4f2562
--- /dev/null
+++ b/cups-CVE-2009-3553.patch
@@ -0,0 +1,39 @@
+diff -up cups-1.3.11/scheduler/select.c.CVE-2009-3553 cups-1.3.11/scheduler/select.c
+--- cups-1.3.11/scheduler/select.c.CVE-2009-3553	2008-07-11 23:48:49.000000000 +0100
++++ cups-1.3.11/scheduler/select.c	2009-12-03 10:50:45.928460205 +0000
+@@ -483,7 +483,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+       (*(fdptr->read_cb))(fdptr->data);
+     }
+ 
+-    if (fdptr->write_cb && event->filter == EVFILT_WRITE)
++    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+     {
+       cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	              fdptr->fd);
+@@ -543,7 +543,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+ 	  (*(fdptr->read_cb))(fdptr->data);
+ 	}
+ 
+-	if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
++	if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ 	{
+ 	  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	        	  fdptr->fd);
+@@ -655,7 +655,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+         (*(fdptr->read_cb))(fdptr->data);
+       }
+ 
+-      if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
++      if (fdptr->use > 1 && fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
+       {
+         cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	                fdptr->fd);
+@@ -725,7 +725,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+         (*(fdptr->read_cb))(fdptr->data);
+       }
+ 
+-      if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
++      if (fdptr->use > 1 && fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
+       {
+         cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	                fdptr->fd);
diff --git a/cups.spec b/cups.spec
index 650687c..140e610 100644
--- a/cups.spec
+++ b/cups.spec
@@ -7,7 +7,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.3.11
-Release: 3%{?svn:.svn%{svn}}%{?dist}
+Release: 4%{?svn:.svn%{svn}}%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: ftp://ftp.easysw.com/pub/cups/test//cups-%{version}%{?svn:svn-r%{svn}}-source.tar.gz
@@ -55,6 +55,7 @@ Patch100: cups-lspp.patch
 
 # SECURITY PATCHES:
 Patch200: cups-CVE-2009-2820.patch
+Patch201: cups-CVE-2009-3553.patch
 
 Epoch: 1
 Url: http://www.cups.org/
@@ -198,6 +199,7 @@ module.
 %endif
 
 %patch200 -p1 -b .CVE-2009-2820
+%patch201 -p1 -b .CVE-2009-3553
 
 sed -i -e '1iMaxLogSize 0' conf/cupsd.conf.in
 
@@ -514,6 +516,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/php/modules/*.so
 
 %changelog
+* Thu Dec  3 2009 Tim Waugh <twaugh@redhat.com> - 1:1.3.11-4
+- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).
+
 * Wed Nov 11 2009 Jiri Popelka <jpopelka@redhat.com> 1:1.3.11-3
 - Fixed lspp-patch to avoid memory leak (bug #536741).