diff options
| author |   Timo Gurr <tgurr@gentoo.org> | 2008-04-14 20:47:45 +0000 |
|---|---|---|
| committer | Timo Gurr <tgurr@gentoo.org> | 2008-04-14 20:47:45 +0000 |
| commit | a64fef38bdc22023a10b88056451917026bd76f9 (patch) | |
| tree | cbc977b3dd622c86f56c34069ce7e37276dae2fc /net-print | |
| parent | x86 stable, security bug #217603 (diff) | |
| download | historical-a64fef38bdc22023a10b88056451917026bd76f9.tar.gz historical-a64fef38bdc22023a10b88056451917026bd76f9.tar.bz2 historical-a64fef38bdc22023a10b88056451917026bd76f9.zip | |
Security bump, see bug #217232. Also fixes bug #217293.
Package-Manager: portage-2.1.5_rc3
Diffstat (limited to 'net-print')
| -rw-r--r-- | net-print/cups/ChangeLog | 13 | ||||
| -rw-r--r-- | net-print/cups/Manifest | 11 | ||||
| -rw-r--r-- | net-print/cups/cups-1.2.12-r8.ebuild (renamed from net-print/cups/cups-1.3.6-r3.ebuild) | 198 | ||||
| -rw-r--r-- | net-print/cups/cups-1.3.7-r1.ebuild (renamed from net-print/cups/cups-1.3.7.ebuild) | 10 | ||||
| -rw-r--r-- | net-print/cups/files/cups-1.2.12-CVE-2008-1722.patch | 62 | ||||
| -rw-r--r-- | net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch | 23 | ||||
| -rw-r--r-- | net-print/cups/files/cups-1.3.7-CVE-2008-1722.patch | 71 | ||||
| -rw-r--r-- | net-print/cups/files/cups-1.3.7-backend-https.patch | 11 |
8 files changed, 246 insertions, 153 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog index 7ef21a4b94a4..060056ec53d8 100644 --- a/net-print/cups/ChangeLog +++ b/net-print/cups/ChangeLog @@ -1,6 +1,17 @@ # ChangeLog for net-print/cups # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.299 2008/04/05 14:15:20 tgurr Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.300 2008/04/14 20:47:45 tgurr Exp $ + +*cups-1.3.7-r1 (14 Apr 2008) +*cups-1.2.12-r8 (14 Apr 2008) + + 14 Apr 2008; Timo Gurr <tgurr@gentoo.org> + +files/cups-1.2.12-CVE-2008-1722.patch, + -files/cups-1.3.6-CVE-2008-1373.patch, + +files/cups-1.3.7-CVE-2008-1722.patch, + +files/cups-1.3.7-backend-https.patch, +cups-1.2.12-r8.ebuild, + -cups-1.3.6-r3.ebuild, -cups-1.3.7.ebuild, +cups-1.3.7-r1.ebuild: + Security bump, see bug #217232. Also fixes bug #217293. *cups-1.3.7 (05 Apr 2008) diff --git a/net-print/cups/Manifest b/net-print/cups/Manifest index 46007a7f9217..4d6aa14f7921 100644 --- a/net-print/cups/Manifest +++ b/net-print/cups/Manifest @@ -6,17 +6,18 @@ AUX cups-1.2.12-CVE-2008-0047.patch 495 RMD160 860037881672352969caca5a12c9a2592 AUX cups-1.2.12-CVE-2008-0053.patch 1509 RMD160 f8aa4d6f9722b4adf78d5546005d757e4abf1501 SHA1 e6ff84536f371f9d2b59c5f8fdb773b81a9e4b30 SHA256 7164d26aa572ae759644059ff3a2d1ff4e4f67515bcb57eb54bc358a87c649fe AUX cups-1.2.12-CVE-2008-0882.patch 1090 RMD160 f6de4e0a4ebcb70f4969cbcb2cba38e5a98366c5 SHA1 3c834957b3fb625cdde4a0c21e5916c6a8c1667f SHA256 9168456e294e1ca30868580028ab79d68d31aaf208687f80699e3e30f3ad77e6 AUX cups-1.2.12-CVE-2008-1373.patch 581 RMD160 04990465c98c38a90fec6daf7abe86f09b6abab3 SHA1 1f8813397ceaee5331e7200e61aecc1113a73c7a SHA256 a939de93c6e0206d939fb3e441062d3fb90b96b644c11a8ae0712db482dc9a64 +AUX cups-1.2.12-CVE-2008-1722.patch 1457 RMD160 5c887ad9b824c1e41f7a4894f757d03f5c76a585 SHA1 6d4a18b4845b492ac57f66be87c6d8871b959e36 SHA256 128a24d748df573dd8e92b8cf54b78ec217e40ad60b5a52411de731290d14e98 AUX cups-1.3.0-configure.patch 651 RMD160 e4c7f45d7ddc28157433bf025c7f946c7e3b6d6a SHA1 101bf1893b56640d9fa82078e29319fbbd1449c7 SHA256 d6e5e60a982a3c093c0d0f89cf865e2b4c36290f5b1e188b7bf305d210070736 -AUX cups-1.3.6-CVE-2008-1373.patch 551 RMD160 d6ab331dff7a80aa9e37040ed88b895578adc2a7 SHA1 210e0880e588f1290962eeb833078c8c061e7843 SHA256 0b9bff5fa3c1ee572fdb3d2f1f43e1c54e15819186fa486a8e1a85a460a9d6e7 +AUX cups-1.3.7-CVE-2008-1722.patch 1752 RMD160 25dd7948f4a3c8ac0f39b33387e79195b104bf1d SHA1 309d26918fc11619a97b3f560662478437d97a54 SHA256 d372a4595f52ccd88deb5545f64b70c3dbf8a6e9bec7524b6ac32c59cb131749 +AUX cups-1.3.7-backend-https.patch 450 RMD160 9a1ad48d2be40c89510ccc512649f0a2eb5543b0 SHA1 d3dd55fcdee47855d6b7c1443adb6c2b3d8c9cdb SHA256 060f929ae3eae5dc411ce6352a0d50c3296b013974f034fc2ad8d6bb0c81b45a AUX cupsd.init 288 RMD160 9bd676af5b43a97ba08ca51f70cefb445faeb8b8 SHA1 922868e1a6acb81b83e87a3c6905149789f16503 SHA256 008eeadc4979ad0e1f05e8ce5d22449eb798375e75ffc3176cbef138a53de4f9 AUX cupsd.init.d 293 RMD160 19fbef21cee7e472e7028f3101b680baa0089c54 SHA1 e6b27b2638fec258fe2f55c926c2530e909ca3d2 SHA256 b4268a6bae95e96b6af21c3716ecc905073736ce7dc33be1489d574a447f3c48 AUX pdftops-1.20.gentoo 10412 RMD160 16e229662c47e03af1d1f4cb5764a76d17a66642 SHA1 6afb8a655b6ff013a2c8c8cbfb615ba1e561503b SHA256 ac5fa01ca776d75bd7cef62eef9f6b0c3945ee87e8950b40ca9f9f3ff46a16c1 DIST cups-1.2.12-source.tar.bz2 3788301 RMD160 598270e37ff8a9b9ff1e667066d6f7e120493e32 SHA1 11a540f76a1d3164b6636bf8ba47928803ad9356 SHA256 b4ff8e934da7db32d5654360ea9068faa0ed5a00fde02161ae53c2052510d00f -DIST cups-1.3.6-source.tar.bz2 4079258 RMD160 1da6420f473562eba27e1e997e13d60e0ea101a8 SHA1 4f7ed1c2b16db46f945ab113beab8aeaecbca0b9 SHA256 b4003862daffd6887a52cf66a67a21854c1ecda15698bf44b2fe1fc12a833695 DIST cups-1.3.7-source.tar.bz2 3895825 RMD160 7d3bd9dbe91e787f7032b770e576ab31cfcf6588 SHA1 4267822cdad2fdad44ff0885587132250bcf8dff SHA256 1c8bb310131498934657651fb0ea3e44b4f6d0243ba2ad252644a8f039dda0fe EBUILD cups-1.2.12-r4.ebuild 7115 RMD160 fee0f16a1e8c129ad1cd0eafb08c35c595ab112d SHA1 5752c8fe45c5f84d1eafefbe9712d97a7f08ece3 SHA256 e993502e69638bbdba36333217416d1787430b4313f8d9fa4cd3771fe2de6f07 EBUILD cups-1.2.12-r7.ebuild 7258 RMD160 e958afeffea6e9091ca95a5a71c268684d554a80 SHA1 df11df1295526ff2ba1976393cda1102bfcf8b6d SHA256 764fac899e31568ea09db6fc0457049659fc5e3e72978cafab709056223b8e96 -EBUILD cups-1.3.6-r3.ebuild 8302 RMD160 33d4b0a936001e0933d9d60a9aa34d4d8c73b7f4 SHA1 222533213c55f971d23e8e6ec1cde0d66fb782b1 SHA256 718a0ed72a9f5997b8d88fd8fefc30ccd49e04fe7273f4f412fa5242249af2c9 -EBUILD cups-1.3.7.ebuild 8061 RMD160 b4d2db64e7d145be6ecf136a5a20561691a78376 SHA1 b20b84bde593c673303156663b2b467ef2d59a7e SHA256 39de5771754d82cdb60e0af7ab7bae8043c55635d3afd2329fbe84cbd6b893b6 -MISC ChangeLog 43708 RMD160 0c59b97b0184c4d2f291cbfb88a6a8dfcf6b47a8 SHA1 9d5dc021b4a558bead616f9e908ad117e06756b5 SHA256 946b0421a2f05cd884e8a6fb067c8fdd4f53aa5943c2b012f50db95a42697cea +EBUILD cups-1.2.12-r8.ebuild 7366 RMD160 bf9c55bf31cc32d9c8380fe167067b845c19bb19 SHA1 e0633d80a192b107abff8e3370519b02842b9be8 SHA256 7d16c652c634058e78c540fe0c5ef8fca95119dc492f3b3a7659fe0a812ede81 +EBUILD cups-1.3.7-r1.ebuild 8291 RMD160 bf3f92f485d6dddbd05c804c6db3b78bd06388c5 SHA1 b744049458ca789c0ee3028857c8aa951b6b3b53 SHA256 daea74ca5911cb4268f26abc1161b5db364088328ac228f235da1fb94438dd0e +MISC ChangeLog 44128 RMD160 77f8587f9fab6376dba9997792293c2d799d935e SHA1 b0b719a27e93bec135107c4e068d8d879c332d7f SHA256 9fa0eea2c67f08a18223753fef10bcc57349f461cdb14b1bf5315d9b9233573c MISC metadata.xml 161 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 SHA1 209c6a46e4cdd891980115e42ba419e3799f8088 SHA256 7c85e6739a71f5bb23e8de36c88677d772946e61f7285892f7554e37bd2bca76 diff --git a/net-print/cups/cups-1.3.6-r3.ebuild b/net-print/cups/cups-1.2.12-r8.ebuild index cee40edf6faf..79fe11854f97 100644 --- a/net-print/cups/cups-1.3.6-r3.ebuild +++ b/net-print/cups/cups-1.2.12-r8.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.6-r3.ebuild,v 1.2 2008/04/05 13:42:26 genstef Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r8.ebuild,v 1.1 2008/04/14 20:47:45 tgurr Exp $ inherit autotools eutils flag-o-matic multilib pam @@ -13,37 +13,27 @@ SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2" LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" -IUSE="acl avahi dbus java jpeg kerberos ldap nls pam perl php png ppds python samba slp ssl static tiff X zeroconf" +IUSE="ldap ssl slp pam php samba nls dbus tiff png ppds jpeg X" -COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) ) - avahi? ( net-dns/avahi ) - dbus? ( sys-apps/dbus ) - java? ( >=virtual/jre-1.4 ) - jpeg? ( >=media-libs/jpeg-6b ) - kerberos? ( virtual/krb5 ) +DEP="pam? ( virtual/pam ) + ssl? ( net-libs/gnutls ) + slp? ( >=net-libs/openslp-1.0.4 ) ldap? ( net-nds/openldap ) - pam? ( virtual/pam ) - perl? ( dev-lang/perl ) - php? ( dev-lang/php ) + dbus? ( sys-apps/dbus ) png? ( >=media-libs/libpng-1.2.1 ) - python? ( dev-lang/python ) - slp? ( >=net-libs/openslp-1.0.4 ) - ssl? ( net-libs/gnutls ) tiff? ( >=media-libs/tiff-3.5.5 ) - zeroconf? ( !avahi? ( net-misc/mDNSResponder ) ) - app-text/libpaper - dev-libs/libgcrypt" - -DEPEND="${COMMON_DEPEND} + jpeg? ( >=media-libs/jpeg-6b ) + php? ( dev-lang/php ) + app-text/libpaper" +DEPEND="${DEP} !<net-print/foomatic-filters-ppds-20070501 !<net-print/hplip-1.7.4a-r1 nls? ( sys-devel/gettext )" - -RDEPEND="${COMMON_DEPEND} - !virtual/lpr +RDEPEND="${DEP} nls? ( virtual/libintl ) - X? ( x11-misc/xdg-utils ) - >=app-text/poppler-0.4.3-r1" + !virtual/lpr + >=app-text/poppler-0.4.3-r1 + X? ( x11-misc/xdg-utils )" PDEPEND=" ppds? ( || ( @@ -60,7 +50,6 @@ PDEPEND=" ) ) samba? ( >=net-fs/samba-3.0.8 ) virtual/ghostscript" - PROVIDE="virtual/lpr" # upstream includes an interactive test which is a nono for gentoo. @@ -70,18 +59,14 @@ RESTRICT="test" S="${WORKDIR}/${MY_P}" -LANGS="de en es et fr he it ja pl sv zh_TW" -for X in ${LANGS} ; do - IUSE="${IUSE} linguas_${X}" -done - pkg_setup() { - if use avahi && ! built_with_use net-dns/avahi mdnsresponder-compat ; then - echo - eerror "In order to have cups working with avahi zeroconf support, you need" - eerror "to have net-dns/avahi emerged with 'mdnsresponder-compat' in your USE" - eerror "flag. Please add that flag, re-emerge avahi, and then emerge cups again." - die "net-dns/avahi is missing the mdnsresponder-compat feature." + if use x86 && [ -d "/usr/lib64" ] + then + eerror "You are running an x86 system, but /usr/lib64 exists, cups will install all library objects into this directory!" + eerror "You should remove /usr/lib64, but before you do, you should check for existing objects, and re-compile all affected packages." + eerror "You can use qfile (emerge portage-utils to install qfile) to get a list of the affected ebuilds:" + eerror "# qfile -qC /usr/lib64" + die "lib64 on x86 detected" fi enewgroup lp @@ -94,13 +79,20 @@ src_unpack() { unpack ${A} cd "${S}" - # disable configure automagic for acl/attr, upstream bug STR #2723. - epatch "${FILESDIR}/${PN}-1.3.0-configure.patch" - + # CVE-2007-4351 security patch, bug #196736 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4351.patch + # CVE-2007-5849 security patch, bug #201570 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-5849.patch # CVE-2008-0047 security patch, bug #212364 - epatch "${FILESDIR}/${PN}-1.2.12-CVE-2008-0047.patch" + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0047.patch + # CVE-2008-0053 security patch, bug #214068 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0053.patch + # CVE-2008-0882 security patch, bug #211449 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0882.patch # CVE-2008-1373 security patch, bug #214068 - epatch "${FILESDIR}/${P}-CVE-2008-1373.patch" + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-1373.patch + # CVE-2008-1722 security patch, bug #217232 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-1722.patch # cups does not use autotools "the usual way" and ship a static config.h.in eaclocal @@ -108,62 +100,38 @@ src_unpack() { } src_compile() { - - # locale support - strip-linguas ${LANGS} - - if [ -z "${LINGUAS}" ] ; then - export LINGUAS=all - fi - export DSOFLAGS="${LDFLAGS}" - if use ldap ; then + if use ldap; then append-flags -DLDAP_DEPRECATED fi - local myconf - - if use avahi || use zeroconf ; then - myconf="${myconf} --enable-dnssd" - else - myconf="${myconf} --disable-dnssd" - fi - econf \ - --libdir=/usr/$(get_libdir) \ - --localstatedir=/var \ --with-cups-user=lp \ --with-cups-group=lp \ - --with-docdir=/usr/share/cups/html \ - --with-languages=${LINGUAS} \ --with-system-groups=lpadmin \ - $(use_enable acl) \ - $(use_enable dbus) \ - $(use_enable jpeg) \ - $(use_enable kerberos gssapi) \ - $(use_enable ldap) \ - $(use_enable nls) \ + --localstatedir=/var \ + --with-docdir=/usr/share/cups/html \ $(use_enable pam) \ - $(use_enable png) \ - $(use_enable slp) \ $(use_enable ssl) \ - $(use_enable static) \ + --enable-gnutls \ + $(use_enable slp) \ + $(use_enable nls) \ + $(use_enable dbus) \ + $(use_enable png) \ + $(use_enable jpeg) \ $(use_enable tiff) \ - $(use_with java) \ - $(use_with perl) \ $(use_with php) \ - $(use_with python) \ - --enable-gnutls \ + $(use_enable ldap) \ --enable-libpaper \ --enable-threads \ + --enable-static \ --disable-pdftops \ - ${myconf} \ || die "econf failed" - # install in /usr/libexec always, instead of using /usr/lib/cups, as that + # Install in /usr/libexec always, instead of using /usr/lib/cups, as that # makes more sense when facing multilib support. - sed -i -e 's:SERVERBIN.*:SERVERBIN = "$(BUILDROOT)"/usr/libexec/cups:' Makedefs + sed -i -e 's:SERVERBIN.*:SERVERBIN = $(BUILDROOT)/usr/libexec/cups:' Makedefs sed -i -e 's:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN "/usr/libexec/cups":' config.h sed -i -e 's:cups_serverbin=.*:cups_serverbin=/usr/libexec/cups:' cups-config @@ -172,20 +140,12 @@ src_compile() { src_install() { emake BUILDROOT="${D}" install || die "emake install failed" - dodoc {CHANGES{,-1.{0,1}},CREDITS,README}.txt || die "dodoc install failed" + dodoc {CHANGES{,-1.{0,1}},CREDITS,LICENSE,README}.txt # clean out cups init scripts rm -rf "${D}"/etc/{init.d/cups,rc*,pam.d/cups} - - # install our init script - local neededservices - use avahi && neededservices="$neededservices avahi-daemon" - use dbus && neededservices="$neededservices dbus" - use zeroconf && ! use avahi && neededservices="$neededservices mDNSResponderPosix" - [[ -n ${neededservices} ]] && neededservices="need${neededservices}" - sed -e "s/@neededservices@/$neededservices/" "${FILESDIR}"/cupsd.init.d > "${T}"/cupsd - doinitd "${T}"/cupsd - + # install our init scripts + newinitd "${FILESDIR}"/cupsd.init cupsd # install our pam script pamd_mimic_system cups auth account @@ -200,80 +160,74 @@ src_install() { newexe "${FILESDIR}"/pdftops-1.20.gentoo pdftops # only for gs-esp this is correct, see bug 163897 - if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu ; then + if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu; then sed -i -e "s:#application/vnd.cups-postscript:application/vnd.cups-postscript:" "${D}"/etc/cups/mime.convs fi keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \ /var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl - # .desktop handling. X useflag. xdg-open from freedesktop is preferred, upstream bug STR #2724. - if use X ; then + # .desktop handling. X useflag. xdg-open from freedesktop is preferred + if use X; then sed -i -e "s:htmlview:xdg-open:" "${D}"/usr/share/applications/cups.desktop else rm -r "${D}"/usr/share/applications fi - # fix a symlink collision, see bug #172341 + # Fix a symlink collision, see bug #172341 dodir /usr/share/ppd dosym /usr/share/ppd /usr/share/cups/model/foomatic-ppds - - # create RSS feed directory - diropts -m 0740 -o lp -g lp - dodir /var/cache/cups/rss - - # create /etc/cups/client.conf, bug #196967 - echo "ServerName localhost" >> "${D}"/etc/cups/client.conf } pkg_preinst() { # cleanups - [ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/"${PN}"-* + [ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/${PN}-* } pkg_postinst() { echo - elog "For information about installing a printer and general cups setup" - elog "take a look at: http://www.gentoo.org/doc/en/printing-howto.xml" + elog "Remote printing: change " + elog "Listen localhost:631" + elog "to" + elog "Listen *:631" + elog "in /etc/cups/cupsd.conf" + echo + elog "For more information about installing a printer take a look at:" + elog "http://www.gentoo.org/doc/en/printing-howto.xml." echo local good_gs=false - for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp ; do - if has_version ${x} && built_with_use ${x} cups ; then + for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp; do + if has_version ${x} && built_with_use ${x} cups; then good_gs=true break fi done; if ! ${good_gs}; then - echo + ewarn ewarn "You need to emerge ghostscript with the \"cups\" USE flag turned on" - echo fi - - if has_version =net-print/cups-1.1* ; then - echo - ewarn "The configuration changed with cups-1.3, you may want to save the old" + if has_version =net-print/cups-1.1*; then + ewarn + ewarn "The configuration changed with cups-1.2, you may want to save the old" ewarn "one and start from scratch:" ewarn "# mv /etc/cups /etc/cups.orig; emerge -va1 cups" - echo - ewarn "You need to rebuild kdelibs for kdeprinter to work with cups-1.3" - echo + ewarn + ewarn "You need to rebuild kdelibs for kdeprinter to work with cups-1.2" fi - - if [ -e "${ROOT}"/usr/lib/cups ] ; then - echo + if [ -e "${ROOT}"/usr/lib/cups ]; then + ewarn ewarn "/usr/lib/cups exists - You need to remerge every ebuild that" ewarn "installed into /usr/lib/cups and /etc/cups, qfile is in portage-utils:" ewarn "# FEATURES=-collision-protect emerge -va1 \$(qfile -qC /usr/lib/cups /etc/cups | sed \"s:net-print/cups$::\")" - echo + ewarn ewarn "FEATURES=-collision-protect is needed to overwrite the compatibility" - ewarn "symlinks installed by this package, it won't be needed on later merges." + ewarn "symlinks installed by this package, it wont be needed on later merges." ewarn "You should also run revdep-rebuild" - echo # place symlinks to make the update smoothless - for i in "${ROOT}"/usr/lib/cups/{backend,filter}/* ; do - if [ "${i/\*}" == "${i}" ] && ! [ -e ${i/lib/libexec} ] ; then + for i in "${ROOT}"/usr/lib/cups/{backend,filter}/*; do + if [ "${i/\*}" == "${i}" ] && ! [ -e ${i/lib/libexec} ]; then ln -s ${i} ${i/lib/libexec} fi done diff --git a/net-print/cups/cups-1.3.7.ebuild b/net-print/cups/cups-1.3.7-r1.ebuild index 4e7cbabaae26..ce98307f0474 100644 --- a/net-print/cups/cups-1.3.7.ebuild +++ b/net-print/cups/cups-1.3.7-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.7.ebuild,v 1.1 2008/04/05 14:15:20 tgurr Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.7-r1.ebuild,v 1.1 2008/04/14 20:47:45 tgurr Exp $ inherit autotools eutils flag-o-matic multilib pam @@ -94,9 +94,15 @@ src_unpack() { unpack ${A} cd "${S}" - # disable configure automagic for acl/attr, upstream bug STR #2723. + # disable configure automagic for acl/attr, upstream bug STR #2723 epatch "${FILESDIR}/${PN}-1.3.0-configure.patch" + # create a missing symlink to allow https printing via IPP, bug #217293 + epatch "${FILESDIR}/${PN}-1.3.7-backend-https.patch" + + # CVE-2008-1722 security patch, bug #217232 + epatch "${FILESDIR}/${PN}-1.3.7-CVE-2008-1722.patch" + # cups does not use autotools "the usual way" and ship a static config.h.in eaclocal eautoconf diff --git a/net-print/cups/files/cups-1.2.12-CVE-2008-1722.patch b/net-print/cups/files/cups-1.2.12-CVE-2008-1722.patch new file mode 100644 index 000000000000..dad7dd083aea --- /dev/null +++ b/net-print/cups/files/cups-1.2.12-CVE-2008-1722.patch @@ -0,0 +1,62 @@ +diff -Naur cups-1.2.12/filter/image-png.c cups-1.2.12.new/filter/image-png.c +--- cups-1.2.12/filter/image-png.c 2006-05-11 13:41:36.000000000 +0200 ++++ cups-1.2.12.new/filter/image-png.c 2008-04-14 15:46:35.665695675 +0200 +@@ -179,16 +179,56 @@ + * Interlaced images must be loaded all at once... + */ + ++ size_t bufsize; /* Size of buffer */ ++ ++ + if (color_type == PNG_COLOR_TYPE_GRAY || + color_type == PNG_COLOR_TYPE_GRAY_ALPHA) +- in = malloc(img->xsize * img->ysize); ++ { ++ bufsize = img->xsize * img->ysize; ++ ++ if ((bufsize / img->ysize) != img->xsize) ++ { ++ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", ++ (unsigned)width, (unsigned)height); ++ fclose(fp); ++ return (1); ++ } ++ } + else +- in = malloc(img->xsize * img->ysize * 3); ++ { ++ bufsize = img->xsize * img->ysize * 3; ++ ++ if ((bufsize / (img->ysize * 3)) != img->xsize) ++ { ++ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", ++ (unsigned)width, (unsigned)height); ++ fclose(fp); ++ return (1); ++ } ++ } ++ ++ in = malloc(bufsize); + } + + bpp = cupsImageGetDepth(img); + out = malloc(img->xsize * bpp); + ++ if (!in || !out) ++ { ++ fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr); ++ ++ if (in) ++ free(in); ++ ++ if (out) ++ free(out); ++ ++ fclose(fp); ++ ++ return (1); ++ } ++ + /* + * Read the image, interlacing as needed... + */ diff --git a/net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch b/net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch deleted file mode 100644 index 8a7383f4e096..000000000000 --- a/net-print/cups/files/cups-1.3.6-CVE-2008-1373.patch +++ /dev/null @@ -1,23 +0,0 @@ -Index: cups-1.3.6/filter/image-gif.c -=================================================================== ---- cups-1.3.6.orig/filter/image-gif.c -+++ cups-1.3.6/filter/image-gif.c -@@ -38,6 +38,8 @@ - #define GIF_INTERLACE 0x40 - #define GIF_COLORMAP 0x80 - -+#define MAX_LWZ_BITS 12 -+ - typedef cups_ib_t gif_cmap_t[256][4]; - typedef short gif_table_t[4096]; - -@@ -462,6 +464,9 @@ gif_read_image(FILE *fp, /* I - - pass = 0; - code_size = getc(fp); - -+ if (code_size > MAX_LWZ_BITS) -+ return (-1); -+ - if (!pixels) - return (-1); - diff --git a/net-print/cups/files/cups-1.3.7-CVE-2008-1722.patch b/net-print/cups/files/cups-1.3.7-CVE-2008-1722.patch new file mode 100644 index 000000000000..908134c47ee4 --- /dev/null +++ b/net-print/cups/files/cups-1.3.7-CVE-2008-1722.patch @@ -0,0 +1,71 @@ +diff -Naur cups-1.3.7/filter/image-png.c cups-1.3.7.new/filter/image-png.c +--- cups-1.3.7/filter/image-png.c 2007-07-11 23:46:42.000000000 +0200 ++++ cups-1.3.7.new/filter/image-png.c 2008-04-14 15:48:56.641188980 +0200 +@@ -3,7 +3,7 @@ + * + * PNG image routines for the Common UNIX Printing System (CUPS). + * +- * Copyright 2007 by Apple Inc. ++ * Copyright 2007-2008 by Apple Inc. + * Copyright 1993-2007 by Easy Software Products. + * + * These coded instructions, statements, and computer programs are the +@@ -170,16 +170,56 @@ + * Interlaced images must be loaded all at once... + */ + ++ size_t bufsize; /* Size of buffer */ ++ ++ + if (color_type == PNG_COLOR_TYPE_GRAY || + color_type == PNG_COLOR_TYPE_GRAY_ALPHA) +- in = malloc(img->xsize * img->ysize); ++ { ++ bufsize = img->xsize * img->ysize; ++ ++ if ((bufsize / img->ysize) != img->xsize) ++ { ++ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", ++ (unsigned)width, (unsigned)height); ++ fclose(fp); ++ return (1); ++ } ++ } + else +- in = malloc(img->xsize * img->ysize * 3); ++ { ++ bufsize = img->xsize * img->ysize * 3; ++ ++ if ((bufsize / (img->ysize * 3)) != img->xsize) ++ { ++ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", ++ (unsigned)width, (unsigned)height); ++ fclose(fp); ++ return (1); ++ } ++ } ++ ++ in = malloc(bufsize); + } + + bpp = cupsImageGetDepth(img); + out = malloc(img->xsize * bpp); + ++ if (!in || !out) ++ { ++ fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr); ++ ++ if (in) ++ free(in); ++ ++ if (out) ++ free(out); ++ ++ fclose(fp); ++ ++ return (1); ++ } ++ + /* + * Read the image, interlacing as needed... + */ diff --git a/net-print/cups/files/cups-1.3.7-backend-https.patch b/net-print/cups/files/cups-1.3.7-backend-https.patch new file mode 100644 index 000000000000..44706b3e4a24 --- /dev/null +++ b/net-print/cups/files/cups-1.3.7-backend-https.patch @@ -0,0 +1,11 @@ +diff -Naur cups-1.3.7/backend/Makefile cups-1.3.7.new/backend/Makefile +--- cups-1.3.7/backend/Makefile 2007-08-08 21:27:51.000000000 +0200 ++++ cups-1.3.7.new/backend/Makefile 2008-04-14 16:42:18.106785330 +0200 +@@ -62,6 +62,7 @@ + done + $(RM) $(SERVERBIN)/backend/http + $(LN) ipp $(SERVERBIN)/backend/http ++ $(LN) ipp $(SERVERBIN)/backend/https + if test "x$(SYMROOT)" != "x"; then \ + $(INSTALL_DIR) $(SYMROOT); \ + for file in $(TARGETS); do \ |