On Mon, Jan 26, 2009 at 11:21:59AM +0100, Martin Pitt wrote:
You uploaded to unstable against 1.3.8, though.
Ups. Here is the other version.
Bastian
--
Respect is a rational process
-- McCoy, The Galileo Seven, stardate 2822.3
diff -u cups-1.3.8/debian/changelog cups-1.3.8/debian/changelog
--- cups-1.3.8/debian/changelog
+++ cups-1.3.8/debian/changelog
@@ -1,3 +1,11 @@
+cups (1.3.8-1lenny4.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply upstream patch to fix client request loop for large request over
+SSL. (closes: #506702)
+
+ -- Bastian Blank wa...@debian.org Tue, 13 Jan 2009 17:03:55 +0100
+
cups (1.3.8-1lenny4) unstable; urgency=high
* High urgency due to security bug fix.
diff -u cups-1.3.8/debian/patches/00list cups-1.3.8/debian/patches/00list
--- cups-1.3.8/debian/patches/00list
+++ cups-1.3.8/debian/patches/00list
@@ -11,6 +11,7 @@
hpgl-regression.dpatch
runloop-backchannel-eof-spin.dpatch
png-image-int-overflow.dpatch
+client-ssl-hang.dpatch
# patches sent upstream
pidfile.dpatch
only in patch2:
unchanged:
--- cups-1.3.8.orig/debian/patches/client-ssl-hang.dpatch
+++ cups-1.3.8/debian/patches/client-ssl-hang.dpatch
@@ -0,0 +1,90 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## DP: Fix client loop for SSL connections.
+
+--- a/scheduler/client.c (revision 7820)
b/scheduler/client.c (working copy)
+@@ -28,6 +28,7 @@
+ * cupsdUpdateCGI()- Read status messages from CGI scripts and
programs.
+ * cupsdWriteClient() - Write data to a client as needed.
+ * check_if_modified() - Decode an If-Modified-Since line.
++ * data_ready()- Check whether data is available from a client.
+ * encrypt_client()- Enable encryption for the client...
+ * get_cdsa_certificate() - Convert a keychain name into the CFArrayRef
+ * required by SSLSetCertificate.
+@@ -83,6 +84,7 @@
+
+ static intcheck_if_modified(cupsd_client_t *con,
+ struct stat *filestats);
++static intdata_ready(cupsd_client_t *con);
+ #ifdef HAVE_SSL
+ static intencrypt_client(cupsd_client_t *con);
+ #endif /* HAVE_SSL */
+@@ -989,8 +991,7 @@
+ */
+
+ while ((status = httpUpdate(HTTP(con))) == HTTP_CONTINUE)
+-if (con-http.used == 0 ||
+-!memchr(con-http.buffer, '\n', con-http.used))
++if (!data_ready(con))
+ break;
+
+ if (status != HTTP_OK status != HTTP_CONTINUE)
+@@ -1889,7 +1890,7 @@
+ }
+ }
+ }
+- while (con-http.state == HTTP_PUT_RECV con-http.used 0);
++ while (con-http.state == HTTP_PUT_RECV data_ready(con));
+
+ if (con-http.state == HTTP_WAITING)
+ {
+@@ -2064,7 +2065,7 @@
+ }
+ }
+ }
+- while (con-http.state == HTTP_POST_RECV con-http.used 0);
++ while (con-http.state == HTTP_POST_RECV data_ready(con));
+
+ if (con-http.state == HTTP_POST_SEND)
+ {
+@@ -2914,7 +2915,39 @@
+ }
+
+
++/*
++ * 'data_ready()' - Check whether data is available from a client.
++ */
++
++static int/* O - 1 if data is ready, 0 otherwise
*/
++data_ready(cupsd_client_t *con) /* I - Client */
++{
++ if (con-http.used 0)
++return (1);
+ #ifdef HAVE_SSL
++ else if (con-http.tls)
++ {
++# ifdef HAVE_LIBSSL
++if (SSL_pending((SSL *)(con-http.tls)))
++ return (1);
++# elif defined(HAVE_GNUTLS)
++if (gnutls_record_check_pending(((http_tls_t *)(con-http.tls))-session))
++ return (1);
++# elif defined(HAVE_CDSASSL)
++size_t bytes; /* Bytes that are available */
++
++if (!SSLGetBufferedReadSize(((http_tls_t *)(con-http.tls))-session,
++bytes) bytes 0)
++ return (1);
++# endif /* HAVE_LIBSSL */
++ }
++#endif /* HAVE_SSL */
++
++ return (0);
++}
++
++
++#ifdef HAVE_SSL
+ /*
+ * 'encrypt_client()' - Enable encryption for the client...
+ */
