Hi folks I intend to NMU cups for this problem now. It makes it impossible to add or change printers using a Gecko-based browser. Diff attached. Bastian -- Worlds are conquered, galaxies destroyed -- but a woman is always a woman. -- Kirk, "The Conscience of the King", stardate 2818.9
diff -u cups-1.3.9/debian/changelog cups-1.3.9/debian/changelog --- cups-1.3.9/debian/changelog +++ cups-1.3.9/debian/changelog @@ -1,3 +1,11 @@ +cups (1.3.9-11.1) UNRELEASED; urgency=low + + * Non-maintainer upload. + * Apply upstream patch to fix client request loop for large request over + SSL. (closes: #506702) + + -- Bastian Blank <waldi@debian.org> Tue, 13 Jan 2009 16:36:16 +0100 + cups (1.3.9-11) experimental; urgency=low * debian/local/filters/cpdftocps: Fixed the fix for the number of copies. diff -u cups-1.3.9/debian/patches/00list cups-1.3.9/debian/patches/00list --- cups-1.3.9/debian/patches/00list +++ cups-1.3.9/debian/patches/00list @@ -10,6 +10,7 @@ hpgl-regression.dpatch runloop-backchannel-eof-spin.dpatch png-image-int-overflow.dpatch +client-ssl-hang.patch # patches sent upstream removecvstag.dpatch only in patch2: unchanged: --- cups-1.3.9.orig/debian/patches/client-ssl-hang.patch +++ cups-1.3.9/debian/patches/client-ssl-hang.patch @@ -0,0 +1,92 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## DP: Fix client loop for SSL connections. + +Index: scheduler/client.c +=================================================================== +--- scheduler/client.c (revision 7820) ++++ scheduler/client.c (working copy) +@@ -28,6 +28,7 @@ + * cupsdUpdateCGI() - Read status messages from CGI scripts and programs. + * cupsdWriteClient() - Write data to a client as needed. + * check_if_modified() - Decode an "If-Modified-Since" line. ++ * data_ready() - Check whether data is available from a client. + * encrypt_client() - Enable encryption for the client... + * get_cdsa_certificate() - Convert a keychain name into the CFArrayRef + * required by SSLSetCertificate. +@@ -83,6 +84,7 @@ + + static int check_if_modified(cupsd_client_t *con, + struct stat *filestats); ++static int data_ready(cupsd_client_t *con); + #ifdef HAVE_SSL + static int encrypt_client(cupsd_client_t *con); + #endif /* HAVE_SSL */ +@@ -989,8 +991,7 @@ + */ + + while ((status = httpUpdate(HTTP(con))) == HTTP_CONTINUE) +- if (con->http.used == 0 || +- !memchr(con->http.buffer, '\n', con->http.used)) ++ if (!data_ready(con)) + break; + + if (status != HTTP_OK && status != HTTP_CONTINUE) +@@ -1889,7 +1890,7 @@ + } + } + } +- while (con->http.state == HTTP_PUT_RECV && con->http.used > 0); ++ while (con->http.state == HTTP_PUT_RECV && data_ready(con)); + + if (con->http.state == HTTP_WAITING) + { +@@ -2064,7 +2065,7 @@ + } + } + } +- while (con->http.state == HTTP_POST_RECV && con->http.used > 0); ++ while (con->http.state == HTTP_POST_RECV && data_ready(con)); + + if (con->http.state == HTTP_POST_SEND) + { +@@ -2914,7 +2915,39 @@ + } + + ++/* ++ * 'data_ready()' - Check whether data is available from a client. ++ */ ++ ++static int /* O - 1 if data is ready, 0 otherwise */ ++data_ready(cupsd_client_t *con) /* I - Client */ ++{ ++ if (con->http.used > 0) ++ return (1); + #ifdef HAVE_SSL ++ else if (con->http.tls) ++ { ++# ifdef HAVE_LIBSSL ++ if (SSL_pending((SSL *)(con->http.tls))) ++ return (1); ++# elif defined(HAVE_GNUTLS) ++ if (gnutls_record_check_pending(((http_tls_t *)(con->http.tls))->session)) ++ return (1); ++# elif defined(HAVE_CDSASSL) ++ size_t bytes; /* Bytes that are available */ ++ ++ if (!SSLGetBufferedReadSize(((http_tls_t *)(con->http.tls))->session, ++ &bytes) && bytes > 0) ++ return (1); ++# endif /* HAVE_LIBSSL */ ++ } ++#endif /* HAVE_SSL */ ++ ++ return (0); ++} ++ ++ ++#ifdef HAVE_SSL + /* + * 'encrypt_client()' - Enable encryption for the client... + */
Attachment:
signature.asc
Description: Digital signature