Revbump adding the patches to fix CVE-2007-4045, see bug #199195. Also remove an older vulnerable version.

(Portage version: 2.1.3.19)

7 files changed, 127 insertions, 4 deletions

diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index 049d516d98d6..8aaa3659c314 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-print/cups
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.269 2007/11/12 23:36:45 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.270 2007/11/16 20:13:07 tgurr Exp $
+
+*cups-1.3.4-r3 (16 Nov 2007)
+*cups-1.2.12-r3 (16 Nov 2007)
+
+  16 Nov 2007; Timo Gurr <tgurr@gentoo.org>
+  +files/cups-1.2.4-CVE-2007-4045.patch,
+  +files/cups-1.3.4-CVE-2007-4045.patch, -cups-1.2.12-r1.ebuild,
+  +cups-1.2.12-r3.ebuild, -cups-1.3.4-r2.ebuild, +cups-1.3.4-r3.ebuild:
+  Revbump adding the patches to fix CVE-2007-4045, see bug #199195. Also
+  remove an older vulnerable version.
 
 *cups-1.3.4-r2 (12 Nov 2007)
 
diff --git a/net-print/cups/cups-1.2.12-r1.ebuild b/net-print/cups/cups-1.2.12-r3.ebuild
index 69d41afbac47..16890cfd73d3 100644
--- a/net-print/cups/cups-1.2.12-r1.ebuild
+++ b/net-print/cups/cups-1.2.12-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r1.ebuild,v 1.7 2007/10/28 13:36:07 corsair Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r3.ebuild,v 1.1 2007/11/16 20:13:07 tgurr Exp $
 
 WANT_AUTOMAKE=latest
 
@@ -16,7 +16,7 @@ SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc ~sparc-fbsd x86 ~x86-fbsd"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
 IUSE="ldap ssl slp pam php samba nls dbus tiff png ppds jpeg X"
 
 DEP="pam? ( virtual/pam )
@@ -86,6 +86,11 @@ src_unpack() {
 	# upstream does not acknowledge bindnow as a solution
 	epatch "${FILESDIR}"/cups-1.2.0-bindnow.patch
 
+	# CVE-2007-4351 security patch, bug #196736
+	epatch "${FILESDIR}"/${PN}-1.2-str2561-v2.patch
+	# CVE-2007-4045 security patch, bug #199195
+	epatch "${FILESDIR}"/${PN}-1.2.4-CVE-2007-4045.patch
+
 	# cups does not use autotools "the usual way" and ship a static config.h.in
 	eaclocal
 	eautoconf
diff --git a/net-print/cups/cups-1.3.4-r2.ebuild b/net-print/cups/cups-1.3.4-r3.ebuild
index 10b03f55417b..7920e70bfdad 100644
--- a/net-print/cups/cups-1.3.4-r2.ebuild
+++ b/net-print/cups/cups-1.3.4-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.4-r2.ebuild,v 1.1 2007/11/12 23:36:45 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.4-r3.ebuild,v 1.1 2007/11/16 20:13:07 tgurr Exp $
 
 inherit autotools eutils flag-o-matic multilib pam
 
@@ -100,6 +100,9 @@ src_unpack() {
 	# disable configure automagic for acl/attr
 	epatch "${FILESDIR}/${PN}-1.3.0-configure.patch"
 
+	# CVE-2007-4045 security patch, bug #199195
+	epatch "${FILESDIR}/${P}-CVE-2007-4045.patch"
+
 	# cups does not use autotools "the usual way" and ship a static config.h.in
 	eaclocal
 	eautoconf
diff --git a/net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch b/net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch
new file mode 100644
index 000000000000..e28a7bb4ff9d
--- /dev/null
+++ b/net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch
@@ -0,0 +1,58 @@
+diff -up cups-1.2.4/scheduler/client.c.CVE-2007-4045 cups-1.2.4/scheduler/client.c
+--- cups-1.2.4/scheduler/client.c.CVE-2007-4045	2007-10-30 09:51:04.000000000 +0000
++++ cups-1.2.4/scheduler/client.c	2007-10-30 10:07:10.000000000 +0000
+@@ -105,6 +105,25 @@ static int		write_file(cupsd_client_t *c
+ 				   struct stat *filestats);
+ 
+ 
++void
++_cupsdFixClientsBIO(void)
++{
++#ifdef HAVE_LIBSSL
++  cupsd_client_t *c;
++  BIO *bio;
++  cupsArraySave (Clients);
++  for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
++       c;
++       c = (cupsd_client_t *)cupsArrayNext(Clients))
++  {
++    bio = SSL_get_wbio(c->http.tls);
++    BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
++  }
++  cupsArrayRestore (Clients);
++#endif
++}
++
++
+ /*
+  * 'cupsdAcceptClient()' - Accept a new client.
+  */
+@@ -438,6 +457,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
+   }
+ 
+   cupsArrayAdd(Clients, con);
++  _cupsdFixClientsBIO();
+ 
+   cupsdLogMessage(CUPSD_LOG_DEBUG2,
+                   "cupsdAcceptClient: %d connected to server on %s:%d",
+@@ -729,6 +749,7 @@ cupsdCloseClient(cupsd_client_t *con)	/*
+     */
+ 
+     cupsArrayRemove(Clients, con);
++    _cupsdFixClientsBIO();
+ 
+     free(con);
+   }
+diff -up cups-1.2.4/scheduler/main.c.CVE-2007-4045 cups-1.2.4/scheduler/main.c
+--- cups-1.2.4/scheduler/main.c.CVE-2007-4045	2007-10-30 09:51:04.000000000 +0000
++++ cups-1.2.4/scheduler/main.c	2007-10-30 09:51:05.000000000 +0000
+@@ -948,7 +948,7 @@ main(int  argc,				/* I - Number of comm
+       * Write data as needed...
+       */
+ 
+-      if (con->pipe_pid && FD_ISSET(con->file, input))
++      if (con->pipe_pid && con->file >= 0 && FD_ISSET(con->file, input))
+       {
+        /*
+         * Keep track of pending input from the file/pipe separately
+
diff --git a/net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch b/net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch
new file mode 100644
index 000000000000..aab1b213d018
--- /dev/null
+++ b/net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch
@@ -0,0 +1,47 @@
+diff -up cups-1.3.4/scheduler/client.c.CVE-2007-4045 cups-1.3.4/scheduler/client.c
+--- cups-1.3.4/scheduler/client.c.CVE-2007-4045	2007-11-07 21:11:58.000000000 +0000
++++ cups-1.3.4/scheduler/client.c	2007-11-07 21:13:26.000000000 +0000
+@@ -114,6 +114,25 @@ static int		write_file(cupsd_client_t *c
+ static void		write_pipe(cupsd_client_t *con);
+ 
+ 
++void
++_cupsdFixClientsBIO(void)
++{
++#ifdef HAVE_LIBSSL
++  cupsd_client_t *c;
++  BIO *bio;
++  cupsArraySave (Clients);
++  for (c = (cupsd_client_t *)cupsArrayFirst(Clients);
++       c;
++       c = (cupsd_client_t *)cupsArrayNext(Clients))
++  {
++    bio = SSL_get_wbio(c->http.tls);
++    BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c));
++  }
++  cupsArrayRestore (Clients);
++#endif
++}
++
++
+ /*
+  * 'cupsdAcceptClient()' - Accept a new client.
+  */
+@@ -451,6 +470,7 @@ cupsdAcceptClient(cupsd_listener_t *lis)
+   }
+ 
+   cupsArrayAdd(Clients, con);
++  _cupsdFixClientsBIO();
+ 
+   cupsdLogMessage(CUPSD_LOG_DEBUG2,
+                   "cupsdAcceptClient: %d connected to server on %s:%d",
+@@ -735,6 +755,7 @@ cupsdCloseClient(cupsd_client_t *con)	/*
+     */
+ 
+     cupsArrayRemove(Clients, con);
++    _cupsdFixClientsBIO();
+ 
+     free(con);
+   }
+diff -up cups-1.3.4/scheduler/main.c.CVE-2007-4045 cups-1.3.4/scheduler/main.c
+
diff --git a/net-print/cups/files/digest-cups-1.2.12-r1 b/net-print/cups/files/digest-cups-1.2.12-r3
index 8073a9a92cbd..8073a9a92cbd 100644
--- a/net-print/cups/files/digest-cups-1.2.12-r1
+++ b/net-print/cups/files/digest-cups-1.2.12-r3
diff --git a/net-print/cups/files/digest-cups-1.3.4-r2 b/net-print/cups/files/digest-cups-1.3.4-r3
index 991c8b77ff2e..991c8b77ff2e 100644
--- a/net-print/cups/files/digest-cups-1.3.4-r2
+++ b/net-print/cups/files/digest-cups-1.3.4-r3