[Pkg-cups-devel] Bug#506702: Bug#506702: cups: SSL compatibility problems w/FF3 (amongst others)

Mon Jan 26 11:13:21 UTC 2009

On Mon, Jan 26, 2009 at 11:21:59AM +0100, Martin Pitt wrote:
> You uploaded to unstable against 1.3.8, though.

Ups. Here is the other version.

Bastian

-- 
Respect is a rational process
		-- McCoy, "The Galileo Seven", stardate 2822.3
-------------- next part --------------
diff -u cups-1.3.8/debian/changelog cups-1.3.8/debian/changelog

--- cups-1.3.8/debian/changelog
+++ cups-1.3.8/debian/changelog
@@ -1,3 +1,11 @@
+cups (1.3.8-1lenny4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Apply upstream patch to fix client request loop for large request over
+    SSL. (closes: #506702)
+
+ -- Bastian Blank <waldi at debian.org>  Tue, 13 Jan 2009 17:03:55 +0100
+
 cups (1.3.8-1lenny4) unstable; urgency=high
 
   * High urgency due to security bug fix.
diff -u cups-1.3.8/debian/patches/00list cups-1.3.8/debian/patches/00list
--- cups-1.3.8/debian/patches/00list
+++ cups-1.3.8/debian/patches/00list
@@ -11,6 +11,7 @@
 hpgl-regression.dpatch
 runloop-backchannel-eof-spin.dpatch
 png-image-int-overflow.dpatch
+client-ssl-hang.dpatch
 
 # patches sent upstream
 pidfile.dpatch
only in patch2:
unchanged:
--- cups-1.3.8.orig/debian/patches/client-ssl-hang.dpatch
+++ cups-1.3.8/debian/patches/client-ssl-hang.dpatch
@@ -0,0 +1,90 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## DP: Fix client loop for SSL connections.
+
+--- a/scheduler/client.c	(revision 7820)
++++ b/scheduler/client.c	(working copy)
+@@ -28,6 +28,7 @@
+  *   cupsdUpdateCGI()        - Read status messages from CGI scripts and programs.
+  *   cupsdWriteClient()      - Write data to a client as needed.
+  *   check_if_modified()     - Decode an "If-Modified-Since" line.
++ *   data_ready()            - Check whether data is available from a client.
+  *   encrypt_client()        - Enable encryption for the client...
+  *   get_cdsa_certificate()  - Convert a keychain name into the CFArrayRef
+  *			       required by SSLSetCertificate.
+@@ -83,6 +84,7 @@
+ 
+ static int		check_if_modified(cupsd_client_t *con,
+ 			                  struct stat *filestats);
++static int		data_ready(cupsd_client_t *con);
+ #ifdef HAVE_SSL
+ static int		encrypt_client(cupsd_client_t *con);
+ #endif /* HAVE_SSL */
+@@ -989,8 +991,7 @@
+ 	*/
+ 
+         while ((status = httpUpdate(HTTP(con))) == HTTP_CONTINUE)
+-	  if (con->http.used == 0 ||
+-	      !memchr(con->http.buffer, '\n', con->http.used))
++	  if (!data_ready(con))
+ 	    break;
+ 
+ 	if (status != HTTP_OK && status != HTTP_CONTINUE)
+@@ -1889,7 +1890,7 @@
+ 	    }
+ 	  }
+         }
+-	while (con->http.state == HTTP_PUT_RECV && con->http.used > 0);
++	while (con->http.state == HTTP_PUT_RECV && data_ready(con));
+ 
+         if (con->http.state == HTTP_WAITING)
+ 	{
+@@ -2064,7 +2065,7 @@
+ 	    }
+ 	  }
+         }
+-	while (con->http.state == HTTP_POST_RECV && con->http.used > 0);
++	while (con->http.state == HTTP_POST_RECV && data_ready(con));
+ 
+ 	if (con->http.state == HTTP_POST_SEND)
+ 	{
+@@ -2914,7 +2915,39 @@
+ }
+ 
+ 
++/*
++ * 'data_ready()' - Check whether data is available from a client.
++ */
++
++static int				/* O - 1 if data is ready, 0 otherwise */
++data_ready(cupsd_client_t *con)		/* I - Client */
++{
++  if (con->http.used > 0)
++    return (1);
+ #ifdef HAVE_SSL
++  else if (con->http.tls)
++  {
++#  ifdef HAVE_LIBSSL
++    if (SSL_pending((SSL *)(con->http.tls)))
++      return (1);
++#  elif defined(HAVE_GNUTLS)
++    if (gnutls_record_check_pending(((http_tls_t *)(con->http.tls))->session))
++      return (1);
++#  elif defined(HAVE_CDSASSL)
++    size_t bytes;			/* Bytes that are available */
++
++    if (!SSLGetBufferedReadSize(((http_tls_t *)(con->http.tls))->session,
++                                &bytes) && bytes > 0)
++      return (1);
++#  endif /* HAVE_LIBSSL */
++  }
++#endif /* HAVE_SSL */
++
++  return (0);
++}
++
++
++#ifdef HAVE_SSL
+ /*
+  * 'encrypt_client()' - Enable encryption for the client...
+  */
