summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobert Buchholz <rbu@gentoo.org>2008-03-19 21:27:16 +0000
committerRobert Buchholz <rbu@gentoo.org>2008-03-19 21:27:16 +0000
commit09c7fd3ae0e21b48e5ff19a17fc840c9951cd87f (patch)
treef963e64caa2bb4649956780ff3f9c09e8ca108cd /net-print
parentunmask GGZ 0.0.14.1 (diff)
downloadgentoo-2-09c7fd3ae0e21b48e5ff19a17fc840c9951cd87f.tar.gz
gentoo-2-09c7fd3ae0e21b48e5ff19a17fc840c9951cd87f.tar.bz2
gentoo-2-09c7fd3ae0e21b48e5ff19a17fc840c9951cd87f.zip
Non-maintainer-commit: Version bump for security bug 212364 (CVE-2008-0047).
Ebuild created by Timo Gurr <tgurr@gentoo.org>. (Portage version: 2.1.4.4, RepoMan options: --force)
Diffstat (limited to 'net-print')
-rw-r--r--net-print/cups/ChangeLog11
-rw-r--r--net-print/cups/cups-1.2.12-r6.ebuild231
-rw-r--r--net-print/cups/cups-1.3.6-r2.ebuild279
-rw-r--r--net-print/cups/files/cups-1.2.12-CVE-2008-0047.patch15
4 files changed, 535 insertions, 1 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index be1b352aaba0..81a89bb20bc5 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for net-print/cups
# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.289 2008/03/04 20:32:00 dertobi123 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.290 2008/03/19 21:27:15 rbu Exp $
+
+*cups-1.3.6-r2 (19 Mar 2008)
+*cups-1.2.12-r6 (19 Mar 2008)
+
+ 19 Mar 2008; Robert Buchholz <rbu@gentoo.org>
+ +files/cups-1.2.12-CVE-2008-0047.patch, +cups-1.2.12-r6.ebuild,
+ +cups-1.3.6-r2.ebuild:
+ Non-maintainer-commit: Version bump for security bug 212364 (CVE-2008-0047).
+ Ebuild created by Timo Gurr <tgurr@gentoo.org>.
04 Mar 2008; Tobias Scherbaum <dertobi123@gentoo.org>
cups-1.2.12-r5.ebuild:
diff --git a/net-print/cups/cups-1.2.12-r6.ebuild b/net-print/cups/cups-1.2.12-r6.ebuild
new file mode 100644
index 000000000000..6ec0f6e07f93
--- /dev/null
+++ b/net-print/cups/cups-1.2.12-r6.ebuild
@@ -0,0 +1,231 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r6.ebuild,v 1.1 2008/03/19 21:27:15 rbu Exp $
+
+inherit autotools eutils flag-o-matic multilib pam
+
+MY_P=${P/_}
+
+DESCRIPTION="The Common Unix Printing System"
+HOMEPAGE="http://www.cups.org/"
+SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc ~sparc-fbsd x86 ~x86-fbsd"
+IUSE="ldap ssl slp pam php samba nls dbus tiff png ppds jpeg X"
+
+DEP="pam? ( virtual/pam )
+ ssl? ( net-libs/gnutls )
+ slp? ( >=net-libs/openslp-1.0.4 )
+ ldap? ( net-nds/openldap )
+ dbus? ( sys-apps/dbus )
+ png? ( >=media-libs/libpng-1.2.1 )
+ tiff? ( >=media-libs/tiff-3.5.5 )
+ jpeg? ( >=media-libs/jpeg-6b )
+ php? ( dev-lang/php )
+ app-text/libpaper"
+DEPEND="${DEP}
+ !<net-print/foomatic-filters-ppds-20070501
+ !<net-print/hplip-1.7.4a-r1
+ nls? ( sys-devel/gettext )"
+RDEPEND="${DEP}
+ nls? ( virtual/libintl )
+ !virtual/lpr
+ >=app-text/poppler-0.4.3-r1
+ X? ( x11-misc/xdg-utils )"
+
+PDEPEND="
+ ppds? ( || (
+ (
+ net-print/foomatic-filters-ppds
+ net-print/foomatic-db-ppds
+ )
+ net-print/foomatic-filters-ppds
+ net-print/foomatic-db-ppds
+ net-print/hplip
+ media-gfx/gimp-print
+ net-print/foo2zjs
+ net-print/cups-pdf
+ ) )
+ samba? ( >=net-fs/samba-3.0.8 )
+ virtual/ghostscript"
+PROVIDE="virtual/lpr"
+
+# upstream includes an interactive test which is a nono for gentoo.
+# therefore, since the printing herd has bigger fish to fry, for now,
+# we just leave it out, even if FEATURES=test
+RESTRICT="test"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+ if use x86 && [ -d "/usr/lib64" ]
+ then
+ eerror "You are running an x86 system, but /usr/lib64 exists, cups will install all library objects into this directory!"
+ eerror "You should remove /usr/lib64, but before you do, you should check for existing objects, and re-compile all affected packages."
+ eerror "You can use qfile (emerge portage-utils to install qfile) to get a list of the affected ebuilds:"
+ eerror "# qfile -qC /usr/lib64"
+ die "lib64 on x86 detected"
+ fi
+
+ enewgroup lp
+ enewuser lp -1 -1 -1 lp
+
+ enewgroup lpadmin 106
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ # CVE-2007-4045 security patch, bug #199195
+ epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4045.patch
+ # CVE-2007-4351 security patch, bug #196736
+ epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4351.patch
+ # CVE-2007-5849 security patch, bug #201570
+ epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-5849.patch
+ # CVE-2008-0047 security patch, bug #212364
+ epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0047.patch
+ # CVE-2008-0882 security patch, bug #211449
+ epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0882.patch
+
+ # cups does not use autotools "the usual way" and ship a static config.h.in
+ eaclocal
+ eautoconf
+}
+
+src_compile() {
+ export DSOFLAGS="${LDFLAGS}"
+
+ if use ldap; then
+ append-flags -DLDAP_DEPRECATED
+ fi
+
+ econf \
+ --with-cups-user=lp \
+ --with-cups-group=lp \
+ --with-system-groups=lpadmin \
+ --localstatedir=/var \
+ --with-docdir=/usr/share/cups/html \
+ $(use_enable pam) \
+ $(use_enable ssl) \
+ --enable-gnutls \
+ $(use_enable slp) \
+ $(use_enable nls) \
+ $(use_enable dbus) \
+ $(use_enable png) \
+ $(use_enable jpeg) \
+ $(use_enable tiff) \
+ $(use_with php) \
+ $(use_enable ldap) \
+ --enable-libpaper \
+ --enable-threads \
+ --enable-static \
+ --disable-pdftops \
+ || die "econf failed"
+
+ # Install in /usr/libexec always, instead of using /usr/lib/cups, as that
+ # makes more sense when facing multilib support.
+ sed -i -e 's:SERVERBIN.*:SERVERBIN = $(BUILDROOT)/usr/libexec/cups:' Makedefs
+ sed -i -e 's:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN "/usr/libexec/cups":' config.h
+ sed -i -e 's:cups_serverbin=.*:cups_serverbin=/usr/libexec/cups:' cups-config
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake BUILDROOT="${D}" install || die "emake install failed"
+ dodoc {CHANGES{,-1.{0,1}},CREDITS,LICENSE,README}.txt
+
+ # clean out cups init scripts
+ rm -rf "${D}"/etc/{init.d/cups,rc*,pam.d/cups}
+ # install our init scripts
+ newinitd "${FILESDIR}"/cupsd.init cupsd
+ # install our pam script
+ pamd_mimic_system cups auth account
+
+ # correct path
+ sed -i -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" "${D}"/etc/xinetd.d/cups-lpd
+ # it is safer to disable this by default, bug 137130
+ grep -w 'disable' "${D}"/etc/xinetd.d/cups-lpd || \
+ sed -i -e "s:}:\tdisable = yes\n}:" "${D}"/etc/xinetd.d/cups-lpd
+
+ # install pdftops filter
+ exeinto /usr/libexec/cups/filter/
+ newexe "${FILESDIR}"/pdftops-1.20.gentoo pdftops
+
+ # only for gs-esp this is correct, see bug 163897
+ if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu; then
+ sed -i -e "s:#application/vnd.cups-postscript:application/vnd.cups-postscript:" "${D}"/etc/cups/mime.convs
+ fi
+
+ keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \
+ /var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl
+
+ # .desktop handling. X useflag. xdg-open from freedesktop is preferred
+ if use X; then
+ sed -i -e "s:htmlview:xdg-open:" "${D}"/usr/share/applications/cups.desktop
+ else
+ rm -r "${D}"/usr/share/applications
+ fi
+
+ # Fix a symlink collision, see bug #172341
+ dodir /usr/share/ppd
+ dosym /usr/share/ppd /usr/share/cups/model/foomatic-ppds
+}
+
+pkg_preinst() {
+ # cleanups
+ [ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/${PN}-*
+}
+
+pkg_postinst() {
+ echo
+ elog "Remote printing: change "
+ elog "Listen localhost:631"
+ elog "to"
+ elog "Listen *:631"
+ elog "in /etc/cups/cupsd.conf"
+ echo
+ elog "For more information about installing a printer take a look at:"
+ elog "http://www.gentoo.org/doc/en/printing-howto.xml."
+ echo
+
+ local good_gs=false
+ for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp; do
+ if has_version ${x} && built_with_use ${x} cups; then
+ good_gs=true
+ break
+ fi
+ done;
+ if ! ${good_gs}; then
+ ewarn
+ ewarn "You need to emerge ghostscript with the \"cups\" USE flag turned on"
+ fi
+ if has_version =net-print/cups-1.1*; then
+ ewarn
+ ewarn "The configuration changed with cups-1.2, you may want to save the old"
+ ewarn "one and start from scratch:"
+ ewarn "# mv /etc/cups /etc/cups.orig; emerge -va1 cups"
+ ewarn
+ ewarn "You need to rebuild kdelibs for kdeprinter to work with cups-1.2"
+ fi
+ if [ -e "${ROOT}"/usr/lib/cups ]; then
+ ewarn
+ ewarn "/usr/lib/cups exists - You need to remerge every ebuild that"
+ ewarn "installed into /usr/lib/cups and /etc/cups, qfile is in portage-utils:"
+ ewarn "# FEATURES=-collision-protect emerge -va1 \$(qfile -qC /usr/lib/cups /etc/cups | sed \"s:net-print/cups$::\")"
+ ewarn
+ ewarn "FEATURES=-collision-protect is needed to overwrite the compatibility"
+ ewarn "symlinks installed by this package, it wont be needed on later merges."
+ ewarn "You should also run revdep-rebuild"
+
+ # place symlinks to make the update smoothless
+ for i in "${ROOT}"/usr/lib/cups/{backend,filter}/*; do
+ if [ "${i/\*}" == "${i}" ] && ! [ -e ${i/lib/libexec} ]; then
+ ln -s ${i} ${i/lib/libexec}
+ fi
+ done
+ fi
+}
diff --git a/net-print/cups/cups-1.3.6-r2.ebuild b/net-print/cups/cups-1.3.6-r2.ebuild
new file mode 100644
index 000000000000..330b7973fd50
--- /dev/null
+++ b/net-print/cups/cups-1.3.6-r2.ebuild
@@ -0,0 +1,279 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.6-r2.ebuild,v 1.1 2008/03/19 21:27:15 rbu Exp $
+
+inherit autotools eutils flag-o-matic multilib pam
+
+MY_P=${P/_}
+
+DESCRIPTION="The Common Unix Printing System"
+HOMEPAGE="http://www.cups.org/"
+SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+IUSE="acl avahi dbus java jpeg kerberos ldap nls pam perl php png ppds python samba slp ssl static tiff X zeroconf"
+
+COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) )
+ avahi? ( net-dns/avahi )
+ dbus? ( sys-apps/dbus )
+ java? ( >=virtual/jre-1.4 )
+ jpeg? ( >=media-libs/jpeg-6b )
+ kerberos? ( virtual/krb5 )
+ ldap? ( net-nds/openldap )
+ pam? ( virtual/pam )
+ perl? ( dev-lang/perl )
+ php? ( dev-lang/php )
+ png? ( >=media-libs/libpng-1.2.1 )
+ python? ( dev-lang/python )
+ slp? ( >=net-libs/openslp-1.0.4 )
+ ssl? ( net-libs/gnutls )
+ tiff? ( >=media-libs/tiff-3.5.5 )
+ zeroconf? ( !avahi? ( net-misc/mDNSResponder ) )
+ app-text/libpaper
+ dev-libs/libgcrypt"
+
+DEPEND="${COMMON_DEPEND}
+ !<net-print/foomatic-filters-ppds-20070501
+ !<net-print/hplip-1.7.4a-r1
+ nls? ( sys-devel/gettext )"
+
+RDEPEND="${COMMON_DEPEND}
+ !virtual/lpr
+ nls? ( virtual/libintl )
+ X? ( x11-misc/xdg-utils )
+ >=app-text/poppler-0.4.3-r1"
+
+PDEPEND="
+ ppds? ( || (
+ (
+ net-print/foomatic-filters-ppds
+ net-print/foomatic-db-ppds
+ )
+ net-print/foomatic-filters-ppds
+ net-print/foomatic-db-ppds
+ net-print/hplip
+ media-gfx/gimp-print
+ net-print/foo2zjs
+ net-print/cups-pdf
+ ) )
+ samba? ( >=net-fs/samba-3.0.8 )
+ virtual/ghostscript"
+
+PROVIDE="virtual/lpr"
+
+# upstream includes an interactive test which is a nono for gentoo.
+# therefore, since the printing herd has bigger fish to fry, for now,
+# we just leave it out, even if FEATURES=test
+RESTRICT="test"
+
+S="${WORKDIR}/${MY_P}"
+
+LANGS="de en es et fr he it ja pl sv zh_TW"
+for X in ${LANGS} ; do
+ IUSE="${IUSE} linguas_${X}"
+done
+
+pkg_setup() {
+ if use avahi && ! built_with_use net-dns/avahi mdnsresponder-compat ; then
+ echo
+ eerror "In order to have cups working with avahi zeroconf support, you need"
+ eerror "to have net-dns/avahi emerged with 'mdnsresponder-compat' in your USE"
+ eerror "flag. Please add that flag, re-emerge avahi, and then emerge cups again."
+ die "net-dns/avahi is missing the mdnsresponder-compat feature."
+ fi
+
+ enewgroup lp
+ enewuser lp -1 -1 -1 lp
+
+ enewgroup lpadmin 106
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ # disable configure automagic for acl/attr, upstream bug STR #2723.
+ epatch "${FILESDIR}/${PN}-1.3.0-configure.patch"
+
+ # CVE-2008-0047 security patch, bug #212364
+ epatch "${FILESDIR}/${PN}-1.2.12-CVE-2008-0047.patch"
+
+ # cups does not use autotools "the usual way" and ship a static config.h.in
+ eaclocal
+ eautoconf
+}
+
+src_compile() {
+
+ # locale support
+ strip-linguas ${LANGS}
+
+ if [ -z "${LINGUAS}" ] ; then
+ export LINGUAS=all
+ fi
+
+ export DSOFLAGS="${LDFLAGS}"
+
+ if use ldap ; then
+ append-flags -DLDAP_DEPRECATED
+ fi
+
+ local myconf
+
+ if use avahi || use zeroconf ; then
+ myconf="${myconf} --enable-dnssd"
+ else
+ myconf="${myconf} --disable-dnssd"
+ fi
+
+ econf \
+ --libdir=/usr/$(get_libdir) \
+ --localstatedir=/var \
+ --with-cups-user=lp \
+ --with-cups-group=lp \
+ --with-docdir=/usr/share/cups/html \
+ --with-languages=${LINGUAS} \
+ --with-system-groups=lpadmin \
+ $(use_enable acl) \
+ $(use_enable dbus) \
+ $(use_enable jpeg) \
+ $(use_enable kerberos gssapi) \
+ $(use_enable ldap) \
+ $(use_enable nls) \
+ $(use_enable pam) \
+ $(use_enable png) \
+ $(use_enable slp) \
+ $(use_enable ssl) \
+ $(use_enable static) \
+ $(use_enable tiff) \
+ $(use_with java) \
+ $(use_with perl) \
+ $(use_with php) \
+ $(use_with python) \
+ --enable-gnutls \
+ --enable-libpaper \
+ --enable-threads \
+ --disable-pdftops \
+ ${myconf} \
+ || die "econf failed"
+
+ # install in /usr/libexec always, instead of using /usr/lib/cups, as that
+ # makes more sense when facing multilib support.
+ sed -i -e 's:SERVERBIN.*:SERVERBIN = "$(BUILDROOT)"/usr/libexec/cups:' Makedefs
+ sed -i -e 's:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN "/usr/libexec/cups":' config.h
+ sed -i -e 's:cups_serverbin=.*:cups_serverbin=/usr/libexec/cups:' cups-config
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake BUILDROOT="${D}" install || die "emake install failed"
+ dodoc {CHANGES{,-1.{0,1}},CREDITS,README}.txt || die "dodoc install failed"
+
+ # clean out cups init scripts
+ rm -rf "${D}"/etc/{init.d/cups,rc*,pam.d/cups}
+
+ # install our init script
+ local neededservices
+ use avahi && neededservices="$neededservices avahi-daemon"
+ use dbus && neededservices="$neededservices dbus"
+ use zeroconf && ! use avahi && neededservices="$neededservices mDNSResponderPosix"
+ [[ -n ${neededservices} ]] && neededservices="need${neededservices}"
+ sed -e "s/@neededservices@/$neededservices/" "${FILESDIR}"/cupsd.init.d > "${T}"/cupsd
+ doinitd "${T}"/cupsd
+
+ # install our pam script
+ pamd_mimic_system cups auth account
+
+ # correct path
+ sed -i -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" "${D}"/etc/xinetd.d/cups-lpd
+ # it is safer to disable this by default, bug 137130
+ grep -w 'disable' "${D}"/etc/xinetd.d/cups-lpd || \
+ sed -i -e "s:}:\tdisable = yes\n}:" "${D}"/etc/xinetd.d/cups-lpd
+
+ # install pdftops filter
+ exeinto /usr/libexec/cups/filter/
+ newexe "${FILESDIR}"/pdftops-1.20.gentoo pdftops
+
+ # only for gs-esp this is correct, see bug 163897
+ if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu ; then
+ sed -i -e "s:#application/vnd.cups-postscript:application/vnd.cups-postscript:" "${D}"/etc/cups/mime.convs
+ fi
+
+ keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \
+ /var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl
+
+ # .desktop handling. X useflag. xdg-open from freedesktop is preferred, upstream bug STR #2724.
+ if use X ; then
+ sed -i -e "s:htmlview:xdg-open:" "${D}"/usr/share/applications/cups.desktop
+ else
+ rm -r "${D}"/usr/share/applications
+ fi
+
+ # fix a symlink collision, see bug #172341
+ dodir /usr/share/ppd
+ dosym /usr/share/ppd /usr/share/cups/model/foomatic-ppds
+
+ # create RSS feed directory
+ diropts -m 0740 -o lp -g lp
+ dodir /var/cache/cups/rss
+
+ # create /etc/cups/client.conf, bug #196967
+ echo "ServerName localhost" >> "${D}"/etc/cups/client.conf
+}
+
+pkg_preinst() {
+ # cleanups
+ [ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/"${PN}"-*
+}
+
+pkg_postinst() {
+ echo
+ elog "For information about installing a printer and general cups setup"
+ elog "take a look at: http://www.gentoo.org/doc/en/printing-howto.xml"
+ echo
+
+ local good_gs=false
+ for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp ; do
+ if has_version ${x} && built_with_use ${x} cups ; then
+ good_gs=true
+ break
+ fi
+ done;
+ if ! ${good_gs}; then
+ echo
+ ewarn "You need to emerge ghostscript with the \"cups\" USE flag turned on"
+ echo
+ fi
+
+ if has_version =net-print/cups-1.1* ; then
+ echo
+ ewarn "The configuration changed with cups-1.3, you may want to save the old"
+ ewarn "one and start from scratch:"
+ ewarn "# mv /etc/cups /etc/cups.orig; emerge -va1 cups"
+ echo
+ ewarn "You need to rebuild kdelibs for kdeprinter to work with cups-1.3"
+ echo
+ fi
+
+ if [ -e "${ROOT}"/usr/lib/cups ] ; then
+ echo
+ ewarn "/usr/lib/cups exists - You need to remerge every ebuild that"
+ ewarn "installed into /usr/lib/cups and /etc/cups, qfile is in portage-utils:"
+ ewarn "# FEATURES=-collision-protect emerge -va1 \$(qfile -qC /usr/lib/cups /etc/cups | sed \"s:net-print/cups$::\")"
+ echo
+ ewarn "FEATURES=-collision-protect is needed to overwrite the compatibility"
+ ewarn "symlinks installed by this package, it won't be needed on later merges."
+ ewarn "You should also run revdep-rebuild"
+ echo
+
+ # place symlinks to make the update smoothless
+ for i in "${ROOT}"/usr/lib/cups/{backend,filter}/* ; do
+ if [ "${i/\*}" == "${i}" ] && ! [ -e ${i/lib/libexec} ] ; then
+ ln -s ${i} ${i/lib/libexec}
+ fi
+ done
+ fi
+}
diff --git a/net-print/cups/files/cups-1.2.12-CVE-2008-0047.patch b/net-print/cups/files/cups-1.2.12-CVE-2008-0047.patch
new file mode 100644
index 000000000000..6eb786ff9eb4
--- /dev/null
+++ b/net-print/cups/files/cups-1.2.12-CVE-2008-0047.patch
@@ -0,0 +1,15 @@
+Index: cups-1.2.12/cgi-bin/search.c
+===================================================================
+--- cups-1.2.12.orig/cgi-bin/search.c
++++ cups-1.2.12/cgi-bin/search.c
+@@ -171,7 +171,9 @@ cgiCompileSearch(const char *query) /* I
+ * string + RE overhead...
+ */
+
+- wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4;
++ wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
++ if (lword)
++ wlen += strlen(lword);
+
+ if (wlen > slen)
+ {