diff options
author | Robert Buchholz <rbu@gentoo.org> | 2008-03-19 21:27:16 +0000 |
---|---|---|
committer | Robert Buchholz <rbu@gentoo.org> | 2008-03-19 21:27:16 +0000 |
commit | 09c7fd3ae0e21b48e5ff19a17fc840c9951cd87f (patch) | |
tree | f963e64caa2bb4649956780ff3f9c09e8ca108cd /net-print | |
parent | unmask GGZ 0.0.14.1 (diff) | |
download | gentoo-2-09c7fd3ae0e21b48e5ff19a17fc840c9951cd87f.tar.gz gentoo-2-09c7fd3ae0e21b48e5ff19a17fc840c9951cd87f.tar.bz2 gentoo-2-09c7fd3ae0e21b48e5ff19a17fc840c9951cd87f.zip |
Non-maintainer-commit: Version bump for security bug 212364 (CVE-2008-0047).
Ebuild created by Timo Gurr <tgurr@gentoo.org>.
(Portage version: 2.1.4.4, RepoMan options: --force)
Diffstat (limited to 'net-print')
-rw-r--r-- | net-print/cups/ChangeLog | 11 | ||||
-rw-r--r-- | net-print/cups/cups-1.2.12-r6.ebuild | 231 | ||||
-rw-r--r-- | net-print/cups/cups-1.3.6-r2.ebuild | 279 | ||||
-rw-r--r-- | net-print/cups/files/cups-1.2.12-CVE-2008-0047.patch | 15 |
4 files changed, 535 insertions, 1 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog index be1b352aaba0..81a89bb20bc5 100644 --- a/net-print/cups/ChangeLog +++ b/net-print/cups/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-print/cups # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.289 2008/03/04 20:32:00 dertobi123 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.290 2008/03/19 21:27:15 rbu Exp $ + +*cups-1.3.6-r2 (19 Mar 2008) +*cups-1.2.12-r6 (19 Mar 2008) + + 19 Mar 2008; Robert Buchholz <rbu@gentoo.org> + +files/cups-1.2.12-CVE-2008-0047.patch, +cups-1.2.12-r6.ebuild, + +cups-1.3.6-r2.ebuild: + Non-maintainer-commit: Version bump for security bug 212364 (CVE-2008-0047). + Ebuild created by Timo Gurr <tgurr@gentoo.org>. 04 Mar 2008; Tobias Scherbaum <dertobi123@gentoo.org> cups-1.2.12-r5.ebuild: diff --git a/net-print/cups/cups-1.2.12-r6.ebuild b/net-print/cups/cups-1.2.12-r6.ebuild new file mode 100644 index 000000000000..6ec0f6e07f93 --- /dev/null +++ b/net-print/cups/cups-1.2.12-r6.ebuild @@ -0,0 +1,231 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r6.ebuild,v 1.1 2008/03/19 21:27:15 rbu Exp $ + +inherit autotools eutils flag-o-matic multilib pam + +MY_P=${P/_} + +DESCRIPTION="The Common Unix Printing System" +HOMEPAGE="http://www.cups.org/" +SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh sparc ~sparc-fbsd x86 ~x86-fbsd" +IUSE="ldap ssl slp pam php samba nls dbus tiff png ppds jpeg X" + +DEP="pam? ( virtual/pam ) + ssl? ( net-libs/gnutls ) + slp? ( >=net-libs/openslp-1.0.4 ) + ldap? ( net-nds/openldap ) + dbus? ( sys-apps/dbus ) + png? ( >=media-libs/libpng-1.2.1 ) + tiff? ( >=media-libs/tiff-3.5.5 ) + jpeg? ( >=media-libs/jpeg-6b ) + php? ( dev-lang/php ) + app-text/libpaper" +DEPEND="${DEP} + !<net-print/foomatic-filters-ppds-20070501 + !<net-print/hplip-1.7.4a-r1 + nls? ( sys-devel/gettext )" +RDEPEND="${DEP} + nls? ( virtual/libintl ) + !virtual/lpr + >=app-text/poppler-0.4.3-r1 + X? ( x11-misc/xdg-utils )" + +PDEPEND=" + ppds? ( || ( + ( + net-print/foomatic-filters-ppds + net-print/foomatic-db-ppds + ) + net-print/foomatic-filters-ppds + net-print/foomatic-db-ppds + net-print/hplip + media-gfx/gimp-print + net-print/foo2zjs + net-print/cups-pdf + ) ) + samba? ( >=net-fs/samba-3.0.8 ) + virtual/ghostscript" +PROVIDE="virtual/lpr" + +# upstream includes an interactive test which is a nono for gentoo. +# therefore, since the printing herd has bigger fish to fry, for now, +# we just leave it out, even if FEATURES=test +RESTRICT="test" + +S=${WORKDIR}/${MY_P} + +pkg_setup() { + if use x86 && [ -d "/usr/lib64" ] + then + eerror "You are running an x86 system, but /usr/lib64 exists, cups will install all library objects into this directory!" + eerror "You should remove /usr/lib64, but before you do, you should check for existing objects, and re-compile all affected packages." + eerror "You can use qfile (emerge portage-utils to install qfile) to get a list of the affected ebuilds:" + eerror "# qfile -qC /usr/lib64" + die "lib64 on x86 detected" + fi + + enewgroup lp + enewuser lp -1 -1 -1 lp + + enewgroup lpadmin 106 +} + +src_unpack() { + unpack ${A} + cd "${S}" + + # CVE-2007-4045 security patch, bug #199195 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4045.patch + # CVE-2007-4351 security patch, bug #196736 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4351.patch + # CVE-2007-5849 security patch, bug #201570 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-5849.patch + # CVE-2008-0047 security patch, bug #212364 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0047.patch + # CVE-2008-0882 security patch, bug #211449 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0882.patch + + # cups does not use autotools "the usual way" and ship a static config.h.in + eaclocal + eautoconf +} + +src_compile() { + export DSOFLAGS="${LDFLAGS}" + + if use ldap; then + append-flags -DLDAP_DEPRECATED + fi + + econf \ + --with-cups-user=lp \ + --with-cups-group=lp \ + --with-system-groups=lpadmin \ + --localstatedir=/var \ + --with-docdir=/usr/share/cups/html \ + $(use_enable pam) \ + $(use_enable ssl) \ + --enable-gnutls \ + $(use_enable slp) \ + $(use_enable nls) \ + $(use_enable dbus) \ + $(use_enable png) \ + $(use_enable jpeg) \ + $(use_enable tiff) \ + $(use_with php) \ + $(use_enable ldap) \ + --enable-libpaper \ + --enable-threads \ + --enable-static \ + --disable-pdftops \ + || die "econf failed" + + # Install in /usr/libexec always, instead of using /usr/lib/cups, as that + # makes more sense when facing multilib support. + sed -i -e 's:SERVERBIN.*:SERVERBIN = $(BUILDROOT)/usr/libexec/cups:' Makedefs + sed -i -e 's:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN "/usr/libexec/cups":' config.h + sed -i -e 's:cups_serverbin=.*:cups_serverbin=/usr/libexec/cups:' cups-config + + emake || die "emake failed" +} + +src_install() { + emake BUILDROOT="${D}" install || die "emake install failed" + dodoc {CHANGES{,-1.{0,1}},CREDITS,LICENSE,README}.txt + + # clean out cups init scripts + rm -rf "${D}"/etc/{init.d/cups,rc*,pam.d/cups} + # install our init scripts + newinitd "${FILESDIR}"/cupsd.init cupsd + # install our pam script + pamd_mimic_system cups auth account + + # correct path + sed -i -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" "${D}"/etc/xinetd.d/cups-lpd + # it is safer to disable this by default, bug 137130 + grep -w 'disable' "${D}"/etc/xinetd.d/cups-lpd || \ + sed -i -e "s:}:\tdisable = yes\n}:" "${D}"/etc/xinetd.d/cups-lpd + + # install pdftops filter + exeinto /usr/libexec/cups/filter/ + newexe "${FILESDIR}"/pdftops-1.20.gentoo pdftops + + # only for gs-esp this is correct, see bug 163897 + if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu; then + sed -i -e "s:#application/vnd.cups-postscript:application/vnd.cups-postscript:" "${D}"/etc/cups/mime.convs + fi + + keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \ + /var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl + + # .desktop handling. X useflag. xdg-open from freedesktop is preferred + if use X; then + sed -i -e "s:htmlview:xdg-open:" "${D}"/usr/share/applications/cups.desktop + else + rm -r "${D}"/usr/share/applications + fi + + # Fix a symlink collision, see bug #172341 + dodir /usr/share/ppd + dosym /usr/share/ppd /usr/share/cups/model/foomatic-ppds +} + +pkg_preinst() { + # cleanups + [ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/${PN}-* +} + +pkg_postinst() { + echo + elog "Remote printing: change " + elog "Listen localhost:631" + elog "to" + elog "Listen *:631" + elog "in /etc/cups/cupsd.conf" + echo + elog "For more information about installing a printer take a look at:" + elog "http://www.gentoo.org/doc/en/printing-howto.xml." + echo + + local good_gs=false + for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp; do + if has_version ${x} && built_with_use ${x} cups; then + good_gs=true + break + fi + done; + if ! ${good_gs}; then + ewarn + ewarn "You need to emerge ghostscript with the \"cups\" USE flag turned on" + fi + if has_version =net-print/cups-1.1*; then + ewarn + ewarn "The configuration changed with cups-1.2, you may want to save the old" + ewarn "one and start from scratch:" + ewarn "# mv /etc/cups /etc/cups.orig; emerge -va1 cups" + ewarn + ewarn "You need to rebuild kdelibs for kdeprinter to work with cups-1.2" + fi + if [ -e "${ROOT}"/usr/lib/cups ]; then + ewarn + ewarn "/usr/lib/cups exists - You need to remerge every ebuild that" + ewarn "installed into /usr/lib/cups and /etc/cups, qfile is in portage-utils:" + ewarn "# FEATURES=-collision-protect emerge -va1 \$(qfile -qC /usr/lib/cups /etc/cups | sed \"s:net-print/cups$::\")" + ewarn + ewarn "FEATURES=-collision-protect is needed to overwrite the compatibility" + ewarn "symlinks installed by this package, it wont be needed on later merges." + ewarn "You should also run revdep-rebuild" + + # place symlinks to make the update smoothless + for i in "${ROOT}"/usr/lib/cups/{backend,filter}/*; do + if [ "${i/\*}" == "${i}" ] && ! [ -e ${i/lib/libexec} ]; then + ln -s ${i} ${i/lib/libexec} + fi + done + fi +} diff --git a/net-print/cups/cups-1.3.6-r2.ebuild b/net-print/cups/cups-1.3.6-r2.ebuild new file mode 100644 index 000000000000..330b7973fd50 --- /dev/null +++ b/net-print/cups/cups-1.3.6-r2.ebuild @@ -0,0 +1,279 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.6-r2.ebuild,v 1.1 2008/03/19 21:27:15 rbu Exp $ + +inherit autotools eutils flag-o-matic multilib pam + +MY_P=${P/_} + +DESCRIPTION="The Common Unix Printing System" +HOMEPAGE="http://www.cups.org/" +SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" +IUSE="acl avahi dbus java jpeg kerberos ldap nls pam perl php png ppds python samba slp ssl static tiff X zeroconf" + +COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) ) + avahi? ( net-dns/avahi ) + dbus? ( sys-apps/dbus ) + java? ( >=virtual/jre-1.4 ) + jpeg? ( >=media-libs/jpeg-6b ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap ) + pam? ( virtual/pam ) + perl? ( dev-lang/perl ) + php? ( dev-lang/php ) + png? ( >=media-libs/libpng-1.2.1 ) + python? ( dev-lang/python ) + slp? ( >=net-libs/openslp-1.0.4 ) + ssl? ( net-libs/gnutls ) + tiff? ( >=media-libs/tiff-3.5.5 ) + zeroconf? ( !avahi? ( net-misc/mDNSResponder ) ) + app-text/libpaper + dev-libs/libgcrypt" + +DEPEND="${COMMON_DEPEND} + !<net-print/foomatic-filters-ppds-20070501 + !<net-print/hplip-1.7.4a-r1 + nls? ( sys-devel/gettext )" + +RDEPEND="${COMMON_DEPEND} + !virtual/lpr + nls? ( virtual/libintl ) + X? ( x11-misc/xdg-utils ) + >=app-text/poppler-0.4.3-r1" + +PDEPEND=" + ppds? ( || ( + ( + net-print/foomatic-filters-ppds + net-print/foomatic-db-ppds + ) + net-print/foomatic-filters-ppds + net-print/foomatic-db-ppds + net-print/hplip + media-gfx/gimp-print + net-print/foo2zjs + net-print/cups-pdf + ) ) + samba? ( >=net-fs/samba-3.0.8 ) + virtual/ghostscript" + +PROVIDE="virtual/lpr" + +# upstream includes an interactive test which is a nono for gentoo. +# therefore, since the printing herd has bigger fish to fry, for now, +# we just leave it out, even if FEATURES=test +RESTRICT="test" + +S="${WORKDIR}/${MY_P}" + +LANGS="de en es et fr he it ja pl sv zh_TW" +for X in ${LANGS} ; do + IUSE="${IUSE} linguas_${X}" +done + +pkg_setup() { + if use avahi && ! built_with_use net-dns/avahi mdnsresponder-compat ; then + echo + eerror "In order to have cups working with avahi zeroconf support, you need" + eerror "to have net-dns/avahi emerged with 'mdnsresponder-compat' in your USE" + eerror "flag. Please add that flag, re-emerge avahi, and then emerge cups again." + die "net-dns/avahi is missing the mdnsresponder-compat feature." + fi + + enewgroup lp + enewuser lp -1 -1 -1 lp + + enewgroup lpadmin 106 +} + +src_unpack() { + unpack ${A} + cd "${S}" + + # disable configure automagic for acl/attr, upstream bug STR #2723. + epatch "${FILESDIR}/${PN}-1.3.0-configure.patch" + + # CVE-2008-0047 security patch, bug #212364 + epatch "${FILESDIR}/${PN}-1.2.12-CVE-2008-0047.patch" + + # cups does not use autotools "the usual way" and ship a static config.h.in + eaclocal + eautoconf +} + +src_compile() { + + # locale support + strip-linguas ${LANGS} + + if [ -z "${LINGUAS}" ] ; then + export LINGUAS=all + fi + + export DSOFLAGS="${LDFLAGS}" + + if use ldap ; then + append-flags -DLDAP_DEPRECATED + fi + + local myconf + + if use avahi || use zeroconf ; then + myconf="${myconf} --enable-dnssd" + else + myconf="${myconf} --disable-dnssd" + fi + + econf \ + --libdir=/usr/$(get_libdir) \ + --localstatedir=/var \ + --with-cups-user=lp \ + --with-cups-group=lp \ + --with-docdir=/usr/share/cups/html \ + --with-languages=${LINGUAS} \ + --with-system-groups=lpadmin \ + $(use_enable acl) \ + $(use_enable dbus) \ + $(use_enable jpeg) \ + $(use_enable kerberos gssapi) \ + $(use_enable ldap) \ + $(use_enable nls) \ + $(use_enable pam) \ + $(use_enable png) \ + $(use_enable slp) \ + $(use_enable ssl) \ + $(use_enable static) \ + $(use_enable tiff) \ + $(use_with java) \ + $(use_with perl) \ + $(use_with php) \ + $(use_with python) \ + --enable-gnutls \ + --enable-libpaper \ + --enable-threads \ + --disable-pdftops \ + ${myconf} \ + || die "econf failed" + + # install in /usr/libexec always, instead of using /usr/lib/cups, as that + # makes more sense when facing multilib support. + sed -i -e 's:SERVERBIN.*:SERVERBIN = "$(BUILDROOT)"/usr/libexec/cups:' Makedefs + sed -i -e 's:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN "/usr/libexec/cups":' config.h + sed -i -e 's:cups_serverbin=.*:cups_serverbin=/usr/libexec/cups:' cups-config + + emake || die "emake failed" +} + +src_install() { + emake BUILDROOT="${D}" install || die "emake install failed" + dodoc {CHANGES{,-1.{0,1}},CREDITS,README}.txt || die "dodoc install failed" + + # clean out cups init scripts + rm -rf "${D}"/etc/{init.d/cups,rc*,pam.d/cups} + + # install our init script + local neededservices + use avahi && neededservices="$neededservices avahi-daemon" + use dbus && neededservices="$neededservices dbus" + use zeroconf && ! use avahi && neededservices="$neededservices mDNSResponderPosix" + [[ -n ${neededservices} ]] && neededservices="need${neededservices}" + sed -e "s/@neededservices@/$neededservices/" "${FILESDIR}"/cupsd.init.d > "${T}"/cupsd + doinitd "${T}"/cupsd + + # install our pam script + pamd_mimic_system cups auth account + + # correct path + sed -i -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" "${D}"/etc/xinetd.d/cups-lpd + # it is safer to disable this by default, bug 137130 + grep -w 'disable' "${D}"/etc/xinetd.d/cups-lpd || \ + sed -i -e "s:}:\tdisable = yes\n}:" "${D}"/etc/xinetd.d/cups-lpd + + # install pdftops filter + exeinto /usr/libexec/cups/filter/ + newexe "${FILESDIR}"/pdftops-1.20.gentoo pdftops + + # only for gs-esp this is correct, see bug 163897 + if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu ; then + sed -i -e "s:#application/vnd.cups-postscript:application/vnd.cups-postscript:" "${D}"/etc/cups/mime.convs + fi + + keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \ + /var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl + + # .desktop handling. X useflag. xdg-open from freedesktop is preferred, upstream bug STR #2724. + if use X ; then + sed -i -e "s:htmlview:xdg-open:" "${D}"/usr/share/applications/cups.desktop + else + rm -r "${D}"/usr/share/applications + fi + + # fix a symlink collision, see bug #172341 + dodir /usr/share/ppd + dosym /usr/share/ppd /usr/share/cups/model/foomatic-ppds + + # create RSS feed directory + diropts -m 0740 -o lp -g lp + dodir /var/cache/cups/rss + + # create /etc/cups/client.conf, bug #196967 + echo "ServerName localhost" >> "${D}"/etc/cups/client.conf +} + +pkg_preinst() { + # cleanups + [ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/"${PN}"-* +} + +pkg_postinst() { + echo + elog "For information about installing a printer and general cups setup" + elog "take a look at: http://www.gentoo.org/doc/en/printing-howto.xml" + echo + + local good_gs=false + for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp ; do + if has_version ${x} && built_with_use ${x} cups ; then + good_gs=true + break + fi + done; + if ! ${good_gs}; then + echo + ewarn "You need to emerge ghostscript with the \"cups\" USE flag turned on" + echo + fi + + if has_version =net-print/cups-1.1* ; then + echo + ewarn "The configuration changed with cups-1.3, you may want to save the old" + ewarn "one and start from scratch:" + ewarn "# mv /etc/cups /etc/cups.orig; emerge -va1 cups" + echo + ewarn "You need to rebuild kdelibs for kdeprinter to work with cups-1.3" + echo + fi + + if [ -e "${ROOT}"/usr/lib/cups ] ; then + echo + ewarn "/usr/lib/cups exists - You need to remerge every ebuild that" + ewarn "installed into /usr/lib/cups and /etc/cups, qfile is in portage-utils:" + ewarn "# FEATURES=-collision-protect emerge -va1 \$(qfile -qC /usr/lib/cups /etc/cups | sed \"s:net-print/cups$::\")" + echo + ewarn "FEATURES=-collision-protect is needed to overwrite the compatibility" + ewarn "symlinks installed by this package, it won't be needed on later merges." + ewarn "You should also run revdep-rebuild" + echo + + # place symlinks to make the update smoothless + for i in "${ROOT}"/usr/lib/cups/{backend,filter}/* ; do + if [ "${i/\*}" == "${i}" ] && ! [ -e ${i/lib/libexec} ] ; then + ln -s ${i} ${i/lib/libexec} + fi + done + fi +} diff --git a/net-print/cups/files/cups-1.2.12-CVE-2008-0047.patch b/net-print/cups/files/cups-1.2.12-CVE-2008-0047.patch new file mode 100644 index 000000000000..6eb786ff9eb4 --- /dev/null +++ b/net-print/cups/files/cups-1.2.12-CVE-2008-0047.patch @@ -0,0 +1,15 @@ +Index: cups-1.2.12/cgi-bin/search.c +=================================================================== +--- cups-1.2.12.orig/cgi-bin/search.c ++++ cups-1.2.12/cgi-bin/search.c +@@ -171,7 +171,9 @@ cgiCompileSearch(const char *query) /* I + * string + RE overhead... + */ + +- wlen = (sptr - s) + 4 * wlen + 2 * strlen(prefix) + 4; ++ wlen = (sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11; ++ if (lword) ++ wlen += strlen(lword); + + if (wlen > slen) + { |