summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Gurr <tgurr@gentoo.org>2011-08-25 01:02:49 +0000
committerTimo Gurr <tgurr@gentoo.org>2011-08-25 01:02:49 +0000
commit44e6df3efcf4df9dd1b73f98230ee9f17cddfe38 (patch)
treeb5496cbc44cf3a477fc74a5610b2a6b25c47934c /net-print
parentVersion bump (diff)
downloadgentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.tar.gz
gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.tar.bz2
gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.zip
Revbumps fixing security issue CVE-2011-2896. Remove old.
(Portage version: 2.2.0_alpha51/cvs/Linux x86_64)
Diffstat (limited to 'net-print')
-rw-r--r--net-print/cups/ChangeLog12
-rw-r--r--net-print/cups/cups-1.4.8-r1.ebuild (renamed from net-print/cups/cups-1.4.6-r21.ebuild)59
-rw-r--r--net-print/cups/cups-1.4.8-r21.ebuild (renamed from net-print/cups/cups-1.4.8.ebuild)4
-rw-r--r--net-print/cups/cups-1.5.0-r1.ebuild (renamed from net-print/cups/cups-1.5.0.ebuild)4
-rw-r--r--net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch37
5 files changed, 69 insertions, 47 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index 2994faeb25bc..d0a39b73103c 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for net-print/cups
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.427 2011/08/17 20:28:56 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.428 2011/08/25 01:02:49 tgurr Exp $
+
+*cups-1.5.0-r1 (25 Aug 2011)
+*cups-1.4.8-r21 (25 Aug 2011)
+*cups-1.4.8-r1 (25 Aug 2011)
+
+ 25 Aug 2011; Timo Gurr <tgurr@gentoo.org> -cups-1.4.6-r21.ebuild,
+ -cups-1.4.8.ebuild, +cups-1.4.8-r1.ebuild, +cups-1.4.8-r21.ebuild,
+ +files/cups-1.4.8-CVE-2011-2896.patch, -cups-1.5.0.ebuild,
+ +cups-1.5.0-r1.ebuild:
+ Revbumps fixing security issue CVE-2011-2896. Remove old.
*cups-1.5.0 (17 Aug 2011)
*cups-1.4.8 (17 Aug 2011)
diff --git a/net-print/cups/cups-1.4.6-r21.ebuild b/net-print/cups/cups-1.4.8-r1.ebuild
index 6d4343ac78cf..8a6f59700875 100644
--- a/net-print/cups/cups-1.4.6-r21.ebuild
+++ b/net-print/cups/cups-1.4.8-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.6-r21.ebuild,v 1.2 2011/06/06 21:54:07 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.8-r1.ebuild,v 1.1 2011/08/25 01:02:49 tgurr Exp $
EAPI=3
@@ -17,7 +17,7 @@ SRC_URI="mirror://easysw/${PN}/${PV}/${MY_P}-source.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
-IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static-libs +threads +tiff usb X xinetd"
+IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static-libs +threads +tiff X xinetd"
LANGS="da de es eu fi fr id it ja ko nl no pl pt pt_BR ru sv zh zh_TW"
for X in ${LANGS} ; do
@@ -50,7 +50,6 @@ RDEPEND="
!gnutls? ( >=dev-libs/openssl-0.9.8g )
)
tiff? ( >=media-libs/tiff-3.5.5 )
- usb? ( virtual/libusb:0 )
X? ( x11-misc/xdg-utils )
xinetd? ( sys-apps/xinetd )
!net-print/cupsddk
@@ -81,49 +80,21 @@ pkg_setup() {
python_pkg_setup
fi
- if use usb; then
- elog "You are going to use new libusb backed to access your usb printer."
- elog "This interface has quite few known issues and does not report all"
- elog "issues and just refuses to print."
- elog "Please consider disabling usb useflag if you are having issues."
- elog
- elog "Please note that if you disable the usb useflag your device will be"
- elog "still working using kernel usblp interface instead of libusb."
- echo
- fi
-
linux-info_pkg_setup
if ! linux_config_exists; then
ewarn "Can't check the linux kernel configuration."
ewarn "You might have some incompatible options enabled."
else
- # recheck that we don't have usblp to collide with libusb
- if use usb; then
- if linux_chkconfig_present USB_PRINTER; then
- eerror "Your usb printers will be managed via libusb which collides with kernel module."
- eerror "${P} requires the USB_PRINTER support disabled."
- eerror "Please disable it:"
- eerror " CONFIG_USB_PRINTER=n"
- eerror "in /usr/src/linux/.config or"
- eerror " Device Drivers --->"
- eerror " USB support --->"
- eerror " [ ] USB Printer support"
- eerror "Alternatively, just disable the usb useflag for cups (your printer will still work)."
- die "USB_PRINTER module enabled"
- fi
- else
- #here we should warn user that he should enable it so he can print
- if ! linux_chkconfig_present USB_PRINTER; then
- ewarn "If you plan to use USB printers you should enable the USB_PRINTER"
- ewarn "support in your kernel."
- ewarn "Please enable it:"
- ewarn " CONFIG_USB_PRINTER=y"
- ewarn "in /usr/src/linux/.config or"
- ewarn " Device Drivers --->"
- ewarn " USB support --->"
- ewarn " [*] USB Printer support"
- ewarn "Alternatively, enable the usb useflag for cups and use the new, less-tested libusb code."
- fi
+ #here we should warn user that he should enable it so he can print
+ if ! linux_chkconfig_present USB_PRINTER; then
+ ewarn "If you plan to use USB printers you should enable the USB_PRINTER"
+ ewarn "support in your kernel."
+ ewarn "Please enable it:"
+ ewarn " CONFIG_USB_PRINTER=y"
+ ewarn "in /usr/src/linux/.config or"
+ ewarn " Device Drivers --->"
+ ewarn " USB support --->"
+ ewarn " [*] USB Printer support"
fi
fi
}
@@ -139,8 +110,8 @@ src_prepare() {
epatch "${FILESDIR}/${PN}-1.4.4-perl-includes.patch"
epatch "${FILESDIR}/${PN}-1.4.6-force-gnutls.patch"
epatch "${FILESDIR}/${PN}-1.4.6-serialize-gnutls.patch"
- # interface hangs using some browsers, bug #325871
- epatch "${FILESDIR}/${PN}-1.4.6-web-hang.patch"
+ # security fixes
+ epatch "${FILESDIR}/${PN}-1.4.8-CVE-2011-2896.patch"
AT_M4DIR=config-scripts eaclocal
eautoconf
@@ -199,13 +170,13 @@ src_configure() {
$(use_enable slp) \
$(use_enable static-libs static) \
$(use_enable tiff) \
- $(use_enable usb libusb) \
$(use_with java) \
$(use_with perl) \
$(use_with php) \
$(use_with python) \
$(use_with xinetd xinetd /etc/xinetd.d) \
--enable-libpaper \
+ --disable-libusb \
--disable-dnssd \
${myconf}
diff --git a/net-print/cups/cups-1.4.8.ebuild b/net-print/cups/cups-1.4.8-r21.ebuild
index c781a10b3356..a0c72859940b 100644
--- a/net-print/cups/cups-1.4.8.ebuild
+++ b/net-print/cups/cups-1.4.8-r21.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.8.ebuild,v 1.1 2011/08/17 20:28:56 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.8-r21.ebuild,v 1.1 2011/08/25 01:02:49 tgurr Exp $
EAPI=3
@@ -139,6 +139,8 @@ src_prepare() {
epatch "${FILESDIR}/${PN}-1.4.4-perl-includes.patch"
epatch "${FILESDIR}/${PN}-1.4.6-force-gnutls.patch"
epatch "${FILESDIR}/${PN}-1.4.6-serialize-gnutls.patch"
+ # security fixes
+ epatch "${FILESDIR}/${PN}-1.4.8-CVE-2011-2896.patch"
AT_M4DIR=config-scripts eaclocal
eautoconf
diff --git a/net-print/cups/cups-1.5.0.ebuild b/net-print/cups/cups-1.5.0-r1.ebuild
index 0714534d62b7..8f33d42a6464 100644
--- a/net-print/cups/cups-1.5.0.ebuild
+++ b/net-print/cups/cups-1.5.0-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.5.0.ebuild,v 1.1 2011/08/17 20:28:56 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.5.0-r1.ebuild,v 1.1 2011/08/25 01:02:49 tgurr Exp $
#
# See http://git.overlays.gentoo.org/gitweb/?p=dev/dilfridge.git;a=blob;f=net-print/cups/notes.txt;hb=HEAD
@@ -141,6 +141,8 @@ src_prepare() {
epatch "${FILESDIR}/${PN}-1.4.4-nostrip.patch"
epatch "${FILESDIR}/${PN}-1.4.4-php-destdir.patch"
epatch "${FILESDIR}/${PN}-1.4.4-perl-includes.patch"
+ # security fixes
+ epatch "${FILESDIR}/${PN}-1.4.8-CVE-2011-2896.patch"
AT_M4DIR=config-scripts eaclocal
eautoconf
diff --git a/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch
new file mode 100644
index 000000000000..843456f2eebd
--- /dev/null
+++ b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch
@@ -0,0 +1,37 @@
+Source: Upstream http://cups.org/str.php?L3914
+Reason: Avoid GIF reader loop (CVE-2011-2896)
+Upstream: Fixed in trunk
+
+diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c
+--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896 2011-06-20 21:37:51.000000000 +0100
++++ cups-1.4.8/filter/image-gif.c 2011-08-19 11:33:37.547911212 +0100
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp, /* I - File to
+
+ if (code == max_code)
+ {
+- *sp++ = firstcode;
+- code = oldcode;
++ if (sp < (stack + 8192))
++ *sp++ = firstcode;
++
++ code = oldcode;
+ }
+
+- while (code >= clear_code)
++ while (code >= clear_code && sp < (stack + 8192))
+ {
+ *sp++ = table[1][code];
+ if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp, /* I - File to
+ code = table[0][code];
+ }
+
+- *sp++ = firstcode = table[1][code];
+- code = max_code;
++ if (sp < (stack + 8192))
++ *sp++ = firstcode = table[1][code];
++
++ code = max_code;
+
+ if (code < 4096)
+ {