diff options
| author |   Timo Gurr <tgurr@gentoo.org> | 2008-02-28 20:24:49 +0000 |
|---|---|---|
| committer | Timo Gurr <tgurr@gentoo.org> | 2008-02-28 20:24:49 +0000 |
| commit | ad9ceda2def72635c1deeb9cac548f3ee2427ff0 (patch) | |
| tree | 33113435b23d7a7e9d43a0c4b34097bcb80967e9 | |
| parent | Stable on amd64/hppa/ppc for bug #58634. (diff) | |
| download | gentoo-2-ad9ceda2def72635c1deeb9cac548f3ee2427ff0.tar.gz gentoo-2-ad9ceda2def72635c1deeb9cac548f3ee2427ff0.tar.bz2 gentoo-2-ad9ceda2def72635c1deeb9cac548f3ee2427ff0.zip | |
Add cups-1.2.12-r5.ebuild to fix security issue CVE-2008-0882, see bug #211449.Remove older vulnerable versions. Rename patches for better versioning. Minor ebuild cleanups.
(Portage version: 2.1.4.4)
| -rw-r--r-- | net-print/cups/ChangeLog | 17 | ||||
| -rw-r--r-- | net-print/cups/cups-1.2.12-r4.ebuild | 8 | ||||
| -rw-r--r-- | net-print/cups/cups-1.2.12-r5.ebuild (renamed from net-print/cups/cups-1.2.10-r1.ebuild) | 58 | ||||
| -rw-r--r-- | net-print/cups/cups-1.3.5.ebuild | 280 | ||||
| -rw-r--r-- | net-print/cups/cups-1.3.6-r1.ebuild (renamed from net-print/cups/cups-1.3.6.ebuild) | 9 | ||||
| -rw-r--r-- | net-print/cups/files/cups-1.2.12-CVE-2007-4045.patch (renamed from net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch) | 0 | ||||
| -rw-r--r-- | net-print/cups/files/cups-1.2.12-CVE-2007-4351.patch (renamed from net-print/cups/files/cups-1.2-str2561-v2.patch) | 0 | ||||
| -rw-r--r-- | net-print/cups/files/cups-1.2.12-CVE-2008-0882.patch | 28 | ||||
| -rw-r--r-- | net-print/cups/files/cups-1.3.0-bindnow.patch | 47 | ||||
| -rw-r--r-- | net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch | 47 | ||||
| -rw-r--r-- | net-print/cups/files/pdftops.pl | 162 |
11 files changed, 89 insertions, 567 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog index 0f1d73b7720c..ca70056d52bf 100644 --- a/net-print/cups/ChangeLog +++ b/net-print/cups/ChangeLog @@ -1,6 +1,21 @@ # ChangeLog for net-print/cups # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.281 2008/02/22 18:13:58 tgurr Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.282 2008/02/28 20:24:49 tgurr Exp $ + +*cups-1.3.6-r1 (28 Feb 2008) +*cups-1.2.12-r5 (28 Feb 2008) + + 28 Feb 2008; Timo Gurr <tgurr@gentoo.org> + -files/cups-1.2.4-CVE-2007-4045.patch, -files/cups-1.2-str2561-v2.patch, + +files/cups-1.2.12-CVE-2007-4045.patch, + +files/cups-1.2.12-CVE-2007-4351.patch, + +files/cups-1.2.12-CVE-2008-0882.patch, -files/cups-1.3.0-bindnow.patch, + -files/cups-1.3.4-CVE-2007-4045.patch, -files/pdftops.pl, + -cups-1.2.10-r1.ebuild, cups-1.2.12-r4.ebuild, +cups-1.2.12-r5.ebuild, + -cups-1.3.5.ebuild, -cups-1.3.6.ebuild, +cups-1.3.6-r1.ebuild: + Add cups-1.2.12-r5.ebuild to fix security issue CVE-2008-0882, see bug + #211449.Remove older vulnerable versions. Rename patches for better + versioning. Minor ebuild cleanups. *cups-1.3.6 (22 Feb 2008) diff --git a/net-print/cups/cups-1.2.12-r4.ebuild b/net-print/cups/cups-1.2.12-r4.ebuild index 6644a0c27195..d2fa31426923 100644 --- a/net-print/cups/cups-1.2.12-r4.ebuild +++ b/net-print/cups/cups-1.2.12-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r4.ebuild,v 1.3 2008/01/10 09:04:24 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r4.ebuild,v 1.4 2008/02/28 20:24:49 tgurr Exp $ WANT_AUTOMAKE=latest @@ -84,10 +84,10 @@ src_unpack() { # upstream does not acknowledge bindnow as a solution epatch "${FILESDIR}"/cups-1.2.0-bindnow.patch - # CVE-2007-4351 security patch, bug #196736 - epatch "${FILESDIR}"/${PN}-1.2-str2561-v2.patch # CVE-2007-4045 security patch, bug #199195 - epatch "${FILESDIR}"/${PN}-1.2.4-CVE-2007-4045.patch + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4045.patch + # CVE-2007-4351 security patch, bug #196736 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4351.patch # CVE-2007-5849 security patch, bug #201570 epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-5849.patch diff --git a/net-print/cups/cups-1.2.10-r1.ebuild b/net-print/cups/cups-1.2.12-r5.ebuild index 1a26e80e402f..4f3d54165b21 100644 --- a/net-print/cups/cups-1.2.10-r1.ebuild +++ b/net-print/cups/cups-1.2.12-r5.ebuild @@ -1,8 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.10-r1.ebuild,v 1.13 2008/02/22 18:13:58 tgurr Exp $ - -WANT_AUTOMAKE=latest +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r5.ebuild,v 1.1 2008/02/28 20:24:49 tgurr Exp $ inherit autotools eutils flag-o-matic multilib pam @@ -10,12 +8,11 @@ MY_P=${P/_} DESCRIPTION="The Common Unix Printing System" HOMEPAGE="http://www.cups.org/" -SRC_URI="http://ftp.funet.fi/pub/mirrors/ftp.easysw.com/pub/cups/${PV}/${MY_P}-source.tar.bz2" -#ESVN_REPO_URI="http://svn.easysw.com/public/cups/trunk" +SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" IUSE="ldap ssl slp pam php samba nls dbus tiff png ppds jpeg X" DEP="pam? ( virtual/pam ) @@ -60,9 +57,18 @@ PROVIDE="virtual/lpr" # we just leave it out, even if FEATURES=test RESTRICT="test" -S="${WORKDIR}/${MY_P}" +S=${WORKDIR}/${MY_P} pkg_setup() { + if use x86 && [ -d "/usr/lib64" ] + then + eerror "You are running an x86 system, but /usr/lib64 exists, cups will install all library objects into this directory!" + eerror "You should remove /usr/lib64, but before you do, you should check for existing objects, and re-compile all affected packages." + eerror "You can use qfile (emerge portage-utils to install qfile) to get a list of the affected ebuilds:" + eerror "# qfile -qC /usr/lib64" + die "lib64 on x86 detected" + fi + enewgroup lp enewuser lp -1 -1 -1 lp @@ -73,8 +79,14 @@ src_unpack() { unpack ${A} cd "${S}" - # upstream does not acknowledge bindnow as a solution - epatch "${FILESDIR}"/cups-1.2.0-bindnow.patch + # CVE-2007-4045 security patch, bug #199195 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4045.patch + # CVE-2007-4351 security patch, bug #196736 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4351.patch + # CVE-2007-5849 security patch, bug #201570 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-5849.patch + # CVE-2008-0882 security patch, bug #211449 + epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0882.patch # cups does not use autotools "the usual way" and ship a static config.h.in eaclocal @@ -83,13 +95,17 @@ src_unpack() { src_compile() { export DSOFLAGS="${LDFLAGS}" + + if use ldap; then + append-flags -DLDAP_DEPRECATED + fi + econf \ --with-cups-user=lp \ --with-cups-group=lp \ --with-system-groups=lpadmin \ --localstatedir=/var \ --with-docdir=/usr/share/cups/html \ - --with-bindnow=$(bindnow-flags) \ $(use_enable pam) \ $(use_enable ssl) \ --enable-gnutls \ @@ -135,7 +151,7 @@ src_install() { # install pdftops filter exeinto /usr/libexec/cups/filter/ - newexe "${FILESDIR}"/pdftops.pl pdftops + newexe "${FILESDIR}"/pdftops-1.20.gentoo pdftops # only for gs-esp this is correct, see bug 163897 if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu; then @@ -159,18 +175,20 @@ src_install() { pkg_preinst() { # cleanups - [ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/"${PN}"-* + [ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/${PN}-* } pkg_postinst() { - einfo "Remote printing: change " - einfo "Listen localhost:631" - einfo "to" - einfo "Listen *:631" - einfo "in /etc/cups/cupsd.conf" - einfo - einfo "For more information about installing a printer take a look at:" - einfo "http://www.gentoo.org/doc/en/printing-howto.xml." + echo + elog "Remote printing: change " + elog "Listen localhost:631" + elog "to" + elog "Listen *:631" + elog "in /etc/cups/cupsd.conf" + echo + elog "For more information about installing a printer take a look at:" + elog "http://www.gentoo.org/doc/en/printing-howto.xml." + echo local good_gs=false for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp; do diff --git a/net-print/cups/cups-1.3.5.ebuild b/net-print/cups/cups-1.3.5.ebuild deleted file mode 100644 index de35e522d2ab..000000000000 --- a/net-print/cups/cups-1.3.5.ebuild +++ /dev/null @@ -1,280 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.5.ebuild,v 1.2 2007/12/26 16:55:59 cardoe Exp $ - -inherit autotools eutils flag-o-matic multilib pam - -MY_P=${P/_} - -DESCRIPTION="The Common Unix Printing System" -HOMEPAGE="http://www.cups.org/" -SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" -IUSE="acl avahi dbus java jpeg kerberos ldap nls pam perl php png ppds python samba slp ssl static tiff X zeroconf" - -COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) ) - avahi? ( net-dns/avahi ) - dbus? ( sys-apps/dbus ) - java? ( >=virtual/jre-1.4 ) - jpeg? ( >=media-libs/jpeg-6b ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap ) - pam? ( virtual/pam ) - perl? ( dev-lang/perl ) - php? ( dev-lang/php ) - png? ( >=media-libs/libpng-1.2.1 ) - python? ( dev-lang/python ) - slp? ( >=net-libs/openslp-1.0.4 ) - ssl? ( net-libs/gnutls ) - tiff? ( >=media-libs/tiff-3.5.5 ) - zeroconf? ( !avahi? ( net-misc/mDNSResponder ) ) - app-text/libpaper - dev-libs/libgcrypt" - -DEPEND="${COMMON_DEPEND} - !<net-print/foomatic-filters-ppds-20070501 - !<net-print/hplip-1.7.4a-r1 - nls? ( sys-devel/gettext )" - -RDEPEND="${COMMON_DEPEND} - !virtual/lpr - nls? ( virtual/libintl ) - X? ( x11-misc/xdg-utils ) - >=app-text/poppler-0.4.3-r1" - -PDEPEND=" - ppds? ( || ( - ( - net-print/foomatic-filters-ppds - net-print/foomatic-db-ppds - ) - net-print/foomatic-filters-ppds - net-print/foomatic-db-ppds - net-print/hplip - media-gfx/gimp-print - net-print/foo2zjs - net-print/cups-pdf - ) ) - samba? ( >=net-fs/samba-3.0.8 ) - virtual/ghostscript" - -PROVIDE="virtual/lpr" - -# upstream includes an interactive test which is a nono for gentoo. -# therefore, since the printing herd has bigger fish to fry, for now, -# we just leave it out, even if FEATURES=test -RESTRICT="test" - -S="${WORKDIR}/${MY_P}" - -LANGS="de en es et fr he it ja pl sv zh_TW" -for X in ${LANGS} ; do - IUSE="${IUSE} linguas_${X}" -done - -pkg_setup() { - if use avahi && ! built_with_use net-dns/avahi mdnsresponder-compat ; then - echo - eerror "In order to have cups working with avahi zeroconf support, you need" - eerror "to have net-dns/avahi emerged with 'mdnsresponder-compat' in your USE" - eerror "flag. Please add that flag, re-emerge avahi, and then emerge cups again." - die "net-dns/avahi is missing the mdnsresponder-compat feature." - fi - - enewgroup lp - enewuser lp -1 -1 -1 lp - - enewgroup lpadmin 106 -} - -src_unpack() { - unpack ${A} - cd "${S}" - - # upstream does not acknowledge bindnow as a solution - epatch "${FILESDIR}/${PN}-1.3.0-bindnow.patch" - - # disable configure automagic for acl/attr - epatch "${FILESDIR}/${PN}-1.3.0-configure.patch" - - # CVE-2007-4045 security patch, bug #199195 - epatch "${FILESDIR}/${PN}-1.3.4-CVE-2007-4045.patch" - - # cups does not use autotools "the usual way" and ship a static config.h.in - eaclocal - eautoconf -} - -src_compile() { - - # locale support - strip-linguas ${LANGS} - - if [ -z "${LINGUAS}" ] ; then - export LINGUAS=all - fi - - export DSOFLAGS="${LDFLAGS}" - - if use ldap; then - append-flags -DLDAP_DEPRECATED - fi - - local myconf - - if use avahi || use zeroconf ; then - myconf="${myconf} --enable-dnssd" - else - myconf="${myconf} --disable-dnssd" - fi - - econf \ - --libdir=/usr/$(get_libdir) \ - --localstatedir=/var \ - --with-bindnow=$(bindnow-flags) \ - --with-cups-user=lp \ - --with-cups-group=lp \ - --with-docdir=/usr/share/cups/html \ - --with-languages=${LINGUAS} \ - --with-system-groups=lpadmin \ - $(use_enable acl) \ - $(use_enable dbus) \ - $(use_enable jpeg) \ - $(use_enable kerberos gssapi) \ - $(use_enable ldap) \ - $(use_enable nls) \ - $(use_enable pam) \ - $(use_enable png) \ - $(use_enable slp) \ - $(use_enable ssl) \ - $(use_enable static) \ - $(use_enable tiff) \ - $(use_with java) \ - $(use_with perl) \ - $(use_with php) \ - $(use_with python) \ - --enable-gnutls \ - --enable-libpaper \ - --enable-threads \ - --disable-pdftops \ - ${myconf} \ - || die "econf failed" - - # install in /usr/libexec always, instead of using /usr/lib/cups, as that - # makes more sense when facing multilib support. - sed -i -e 's:SERVERBIN.*:SERVERBIN = "$(BUILDROOT)"/usr/libexec/cups:' Makedefs - sed -i -e 's:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN "/usr/libexec/cups":' config.h - sed -i -e 's:cups_serverbin=.*:cups_serverbin=/usr/libexec/cups:' cups-config - - emake || die "emake failed" -} - -src_install() { - emake BUILDROOT="${D}" install || die "emake install failed" - dodoc {CHANGES{,-1.{0,1}},CREDITS,README}.txt || die "dodoc install failed" - - # clean out cups init scripts - rm -rf "${D}"/etc/{init.d/cups,rc*,pam.d/cups} - - # install our init script - local neededservices - use avahi && neededservices="$neededservices avahi-daemon" - use dbus && neededservices="$neededservices dbus" - use zeroconf && ! use avahi && neededservices="$neededservices mDNSResponderPosix" - [[ -n ${neededservices} ]] && neededservices="need${neededservices}" - sed -e "s/@neededservices@/$neededservices/" "${FILESDIR}"/cupsd.init.d > "${T}"/cupsd - doinitd "${T}"/cupsd - - # install our pam script - pamd_mimic_system cups auth account - - # correct path - sed -i -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" "${D}"/etc/xinetd.d/cups-lpd - # it is safer to disable this by default, bug 137130 - grep -w 'disable' "${D}"/etc/xinetd.d/cups-lpd || \ - sed -i -e "s:}:\tdisable = yes\n}:" "${D}"/etc/xinetd.d/cups-lpd - - # install pdftops filter - exeinto /usr/libexec/cups/filter/ - newexe "${FILESDIR}"/pdftops-1.20.gentoo pdftops - - # only for gs-esp this is correct, see bug 163897 - if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu; then - sed -i -e "s:#application/vnd.cups-postscript:application/vnd.cups-postscript:" "${D}"/etc/cups/mime.convs - fi - - keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \ - /var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl - - # .desktop handling. X useflag. xdg-open from freedesktop is preferred - if use X; then - sed -i -e "s:htmlview:xdg-open:" "${D}"/usr/share/applications/cups.desktop - else - rm -r "${D}"/usr/share/applications - fi - - # fix a symlink collision, see bug #172341 - dodir /usr/share/ppd - dosym /usr/share/ppd /usr/share/cups/model/foomatic-ppds - - # create RSS feed directory - diropts -m 0740 -o lp -g lp - dodir /var/cache/cups/rss -} - -pkg_preinst() { - # cleanups - [ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/"${PN}"-* -} - -pkg_postinst() { - echo - elog "For information about installing a printer and general cups setup" - elog "take a look at: http://www.gentoo.org/doc/en/printing-howto.xml" - echo - - local good_gs=false - for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp; do - if has_version ${x} && built_with_use ${x} cups; then - good_gs=true - break - fi - done; - if ! ${good_gs}; then - echo - ewarn "You need to emerge ghostscript with the \"cups\" USE flag turned on" - echo - fi - - if has_version =net-print/cups-1.1*; then - echo - ewarn "The configuration changed with cups-1.3, you may want to save the old" - ewarn "one and start from scratch:" - ewarn "# mv /etc/cups /etc/cups.orig; emerge -va1 cups" - echo - ewarn "You need to rebuild kdelibs for kdeprinter to work with cups-1.3" - echo - fi - - if [ -e "${ROOT}"/usr/lib/cups ]; then - echo - ewarn "/usr/lib/cups exists - You need to remerge every ebuild that" - ewarn "installed into /usr/lib/cups and /etc/cups, qfile is in portage-utils:" - ewarn "# FEATURES=-collision-protect emerge -va1 \$(qfile -qC /usr/lib/cups /etc/cups | sed \"s:net-print/cups$::\")" - echo - ewarn "FEATURES=-collision-protect is needed to overwrite the compatibility" - ewarn "symlinks installed by this package, it won't be needed on later merges." - ewarn "You should also run revdep-rebuild" - echo - - # place symlinks to make the update smoothless - for i in "${ROOT}"/usr/lib/cups/{backend,filter}/*; do - if [ "${i/\*}" == "${i}" ] && ! [ -e ${i/lib/libexec} ]; then - ln -s ${i} ${i/lib/libexec} - fi - done - fi -} diff --git a/net-print/cups/cups-1.3.6.ebuild b/net-print/cups/cups-1.3.6-r1.ebuild index ce8da7d51c5d..39d6d1032242 100644 --- a/net-print/cups/cups-1.3.6.ebuild +++ b/net-print/cups/cups-1.3.6-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.6.ebuild,v 1.1 2008/02/22 18:13:58 tgurr Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.6-r1.ebuild,v 1.1 2008/02/28 20:24:49 tgurr Exp $ inherit autotools eutils flag-o-matic multilib pam @@ -94,12 +94,9 @@ src_unpack() { unpack ${A} cd "${S}" - # disable configure automagic for acl/attr + # disable configure automagic for acl/attr, upstream bug STR #2723. epatch "${FILESDIR}/${PN}-1.3.0-configure.patch" - # CVE-2007-4045 security patch, bug #199195 - epatch "${FILESDIR}/${PN}-1.3.4-CVE-2007-4045.patch" - # cups does not use autotools "the usual way" and ship a static config.h.in eaclocal eautoconf @@ -205,7 +202,7 @@ src_install() { keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \ /var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl - # .desktop handling. X useflag. xdg-open from freedesktop is preferred + # .desktop handling. X useflag. xdg-open from freedesktop is preferred, upstream bug STR #2724. if use X ; then sed -i -e "s:htmlview:xdg-open:" "${D}"/usr/share/applications/cups.desktop else diff --git a/net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch b/net-print/cups/files/cups-1.2.12-CVE-2007-4045.patch index e28a7bb4ff9d..e28a7bb4ff9d 100644 --- a/net-print/cups/files/cups-1.2.4-CVE-2007-4045.patch +++ b/net-print/cups/files/cups-1.2.12-CVE-2007-4045.patch diff --git a/net-print/cups/files/cups-1.2-str2561-v2.patch b/net-print/cups/files/cups-1.2.12-CVE-2007-4351.patch index 5cd70e0a3abe..5cd70e0a3abe 100644 --- a/net-print/cups/files/cups-1.2-str2561-v2.patch +++ b/net-print/cups/files/cups-1.2.12-CVE-2007-4351.patch diff --git a/net-print/cups/files/cups-1.2.12-CVE-2008-0882.patch b/net-print/cups/files/cups-1.2.12-CVE-2008-0882.patch new file mode 100644 index 000000000000..655e70e01bf7 --- /dev/null +++ b/net-print/cups/files/cups-1.2.12-CVE-2008-0882.patch @@ -0,0 +1,28 @@ +diff -up cups-1.2.4/scheduler/dirsvc.c.str2656 cups-1.2.4/scheduler/dirsvc.c +--- cups-1.2.4/scheduler/dirsvc.c.str2656 2008-02-21 13:33:06.000000000 +0000 ++++ cups-1.2.4/scheduler/dirsvc.c 2008-02-21 13:33:49.000000000 +0000 +@@ -1943,9 +1943,9 @@ process_browse_data( + if (hptr && !*hptr) + *hptr = '.'; /* Resource FQDN */ + +- if ((p = cupsdFindClass(name)) == NULL && BrowseShortNames) ++ if ((p = cupsdFindDest(name)) == NULL && BrowseShortNames) + { +- if ((p = cupsdFindClass(resource + 9)) != NULL) ++ if ((p = cupsdFindDest(resource + 9)) != NULL) + { + if (p->hostname && strcasecmp(p->hostname, host)) + { +@@ -2049,9 +2049,9 @@ process_browse_data( + if (hptr && !*hptr) + *hptr = '.'; /* Resource FQDN */ + +- if ((p = cupsdFindPrinter(name)) == NULL && BrowseShortNames) ++ if ((p = cupsdFindDest(name)) == NULL && BrowseShortNames) + { +- if ((p = cupsdFindPrinter(resource + 10)) != NULL) ++ if ((p = cupsdFindDest(resource + 10)) != NULL) + { + if (p->hostname && strcasecmp(p->hostname, host)) + { + diff --git a/net-print/cups/files/cups-1.3.0-bindnow.patch b/net-print/cups/files/cups-1.3.0-bindnow.patch deleted file mode 100644 index aa97cd4e60fe..000000000000 --- a/net-print/cups/files/cups-1.3.0-bindnow.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff -Naur cups-1.3.0/config-scripts/cups-setXid.m4 cups-1.3.0/config-scripts/cups-setXid.m4.new ---- cups-1.3.0/config-scripts/cups-setXid.m4 1970-01-01 01:00:00.000000000 +0100 -+++ cups-1.3.0/config-scripts/cups-setXid.m4.new 2006-05-08 23:50:22.000000000 +0200 -@@ -0,0 +1,9 @@ -+dnl -+dnl Copyright 1999-2007 Gentoo Foundation -+dnl Distributed under the terms of the GNU General Public License v2 -+dnl -+ -+AC_ARG_WITH(bindnow, [ --with-bindnow Set linker flags for force-binding setuid binaries], -+ BINDNOW_FLAGS="$withval", -+ BINDNOW_FLAGS="") -+AC_SUBST(BINDNOW_FLAGS) -diff -Naur cups-1.3.0/configure.in cups-1.3.0/configure.in.new ---- cups-1.3.0/configure.in 2007-07-25 01:47:12.000000000 +0200 -+++ cups-1.3.0/configure.in.new 2007-08-15 10:31:58.896923749 +0200 -@@ -41,6 +41,7 @@ - sinclude(config-scripts/cups-pap.m4) - sinclude(config-scripts/cups-pdf.m4) - sinclude(config-scripts/cups-scripting.m4) -+sinclude(config-scripts/cups-setXid.m4) - - INSTALL_LANGUAGES="" - UNINSTALL_LANGUAGES="" -diff -Naur cups-1.3.0/Makedefs.in cups-1.3.0/Makedefs.in.new ---- cups-1.3.0/Makedefs.in 2007-07-18 21:49:45.000000000 +0200 -+++ cups-1.3.0/Makedefs.in.new 2007-08-15 10:24:56.634342552 +0200 -@@ -132,6 +132,7 @@ - LEGACY_BACKENDS = @LEGACY_BACKENDS@ - LIBCUPSORDER = @LIBCUPSORDER@ - LIBCUPSIMAGEORDER = @LIBCUPSIMAGEORDER@ -+BINDNOW_FLAGS = @BINDNOW_FLAGS@ - LINKCUPS = @LINKCUPS@ $(SSLLIBS) - LINKCUPSIMAGE = @LINKCUPSIMAGE@ - LIBS = $(LINKCUPS) $(COMMONLIBS) -diff -Naur cups-1.3.0/systemv/Makefile cups-1.3.0/systemv/Makefile.new ---- cups-1.3.0/systemv/Makefile 2007-07-11 23:46:42.000000000 +0200 -+++ cups-1.3.0/systemv/Makefile.new 2007-08-15 10:34:29.771906823 +0200 -@@ -212,7 +212,7 @@ - - lppasswd: lppasswd.o ../cups/$(LIBCUPS) - echo Linking $@... -- $(CC) $(LDFLAGS) -o lppasswd lppasswd.o $(LIBZ) $(LIBS) -+ $(CC) $(LDFLAGS) $(BINDNOW_FLAGS) -o lppasswd lppasswd.o $(LIBZ) $(LIBS) - - - # diff --git a/net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch b/net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch deleted file mode 100644 index aab1b213d018..000000000000 --- a/net-print/cups/files/cups-1.3.4-CVE-2007-4045.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff -up cups-1.3.4/scheduler/client.c.CVE-2007-4045 cups-1.3.4/scheduler/client.c ---- cups-1.3.4/scheduler/client.c.CVE-2007-4045 2007-11-07 21:11:58.000000000 +0000 -+++ cups-1.3.4/scheduler/client.c 2007-11-07 21:13:26.000000000 +0000 -@@ -114,6 +114,25 @@ static int write_file(cupsd_client_t *c - static void write_pipe(cupsd_client_t *con); - - -+void -+_cupsdFixClientsBIO(void) -+{ -+#ifdef HAVE_LIBSSL -+ cupsd_client_t *c; -+ BIO *bio; -+ cupsArraySave (Clients); -+ for (c = (cupsd_client_t *)cupsArrayFirst(Clients); -+ c; -+ c = (cupsd_client_t *)cupsArrayNext(Clients)) -+ { -+ bio = SSL_get_wbio(c->http.tls); -+ BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)HTTP(c)); -+ } -+ cupsArrayRestore (Clients); -+#endif -+} -+ -+ - /* - * 'cupsdAcceptClient()' - Accept a new client. - */ -@@ -451,6 +470,7 @@ cupsdAcceptClient(cupsd_listener_t *lis) - } - - cupsArrayAdd(Clients, con); -+ _cupsdFixClientsBIO(); - - cupsdLogMessage(CUPSD_LOG_DEBUG2, - "cupsdAcceptClient: %d connected to server on %s:%d", -@@ -735,6 +755,7 @@ cupsdCloseClient(cupsd_client_t *con) /* - */ - - cupsArrayRemove(Clients, con); -+ _cupsdFixClientsBIO(); - - free(con); - } -diff -up cups-1.3.4/scheduler/main.c.CVE-2007-4045 cups-1.3.4/scheduler/main.c - diff --git a/net-print/cups/files/pdftops.pl b/net-print/cups/files/pdftops.pl deleted file mode 100644 index 36932234bc14..000000000000 --- a/net-print/cups/files/pdftops.pl +++ /dev/null @@ -1,162 +0,0 @@ -#!/usr/bin/perl -w -# pdftops.pl - wrapper script for xpdf's pdftops utility to act as a CUPS filter -# ============================================================================== -# 1.00 - 2004-10-05/Bl -# Initial implementation -# -# Copyright: Helge Blischke / SRZ Berlin 2004 -# This program is free seoftware and governed by the GNU Public License Version 2. -# -# Description: -# ------------ -# This program wraps the pdftops utility from the xpdf 3.00 (and higher) suite -# to behave as a CUPS filter as a replacement for the original pdftops filter. -# -# The main purpose of this approach is to keep the properties of a PDF to be -# printed as undesturbed as possible, especially with respect to page size, -# scaling, and positioning. -# -# The pdftops utility reads a configuration file 'pdftops.conf' in the -# CUPS_SERVERROOT directory, which must exist but may be empty. The sample -# configuration file accompanying this program sets the defaults which -# seem plausible to me with respect to high end production printers. -# -# To give the user highest possible flexibility, this program accepts and -# evaluates a set of job attributes special to this filter, which are -# described below: -# -# pdf-pages=<f>,<l> -# expands to the -f and -l options of pdftops -# to select a page range to process. This is independent -# of the page-ranges attribute and may significantly -# increase throughput when printing page ranges. -# Either of these numbers may be omitted. -# -# pdf-paper=<name> -# pdf-paper=<width>x<height> -# <name> may be one of letter, legal , A4, A3, or match; -# <width> and <height> are the paper width and height -# in printers points (1/72 inch). This expands to -# either the -paper or the -paperh and -paperw options -# of pdftops -# -# pdf-opw=<password> -# pdf-upw=<password> -# expand to the -opw and -upw options of pdftops, -# respectively and permit printing of password -# protected PDFs. -# -# pdf-<option> where <option> is one of -# level1, level1sep, level2, level2sep, level3, level3sep, -# opi, nocrop, expand, noshrink, nocenter. -# See the pdftops manpage for a detailed description of -# the respective options. -# -# All other pdftops commandline options are refused. -# -# When printing from STDIN, the program copies the input to a temporary file -# in TMPDIR, which is deleted on exit. -# -# The return code of the pdftops utility, if nonzero, is used as the exit code -# of this program; error messages of the pdftops utility are only visible -# if 'debug' is specified as LogLevel in cupsd.conf. - -# -# Site specific parameters - modify as needed -# ------------------------------------------------------------------------------ -$pdftops_path = "/usr/bin/pdftops"; # path to the xpdf utility -# ------------------------------------------------------------------------------ - -use File::Copy; - -# -# Check the arguments -# -die ("ERROR: wrong number of arguments\n") if (scalar @ARGV < 5); - -$jobid = $username = $title = $copies = undef; -$jobid = shift; # Job ID -$username = shift; # Job requesting user name -$title = shift; # Job title -$copies = shift; # Number of requested copies -$options = shift; # Textual representation of job attributes -$pdffile = shift; # Pathname of PDF file to process - -# If we are reading from STDIN, we must copy the input to a temporary file -# as the PDF consumer needs a seekable input. - -if (! defined $pdffile) -{ - my $tmpfile = $ENV{TMPDIR} . "pdfin.$$.tmp"; - open (TEMP, ">$tmpfile") || die ("ERROR: pdftops wrapper: $tmpfile: $!\n"); - if (! copy (STDIN, TEMP)) - { - close (TEMP); - unlink $tmpfile; - die ("ERROR: pdftops wrapper: $tmpfile: $!\n"); - } - close (TEMP); - $pdffile = $tmpfile; - $delete_input = 1; # for deleting the temp file after converting -} - -# -# Check the options string for options to modify the bahaviour of the pdftops utility: -# -@optarr = split (/\s+/, $options); -$cmdopt = ""; -# The following are the (parameterless) command line options that may be used to change the -# defaults defiend by pdftops.conf -$simple = 'level1|level1sep|level2|level2sep|level3|level3sep|opi|nocrop|expand|noshrink|nocenter'; -foreach my $option (@optarr) -{ - if ($option =~ /^pdf-(.+)$/) - { # We assume this is an option to evaluate - my $optkey = $1; # possible pdftops option - if ($optkey =~ /^pages=(\d*),(\d*)$/) - { - # We do this hack here to avoid clashes with the page-ranges atrribute - # which is handled by the pstops filter. And we allow one of the numbers - # to be omitted. - my $first = $1; - my $lastp = $2; - $cmdopt .= " -f $1" if ($1); # first page - $cmdopt .= " -l $2" if ($2); # last page - } - elsif ($optkey =~ /^paper=(letter|legal|A4|A3|match)$/) - { - $cmdopt .= " -paper $1"; # paper name - } - elsif ($optkey =~ /^paper=(\d+)x(\d+)$/) - { - $cmdopt .= " -paperw $1 -paperh $2"; # paper dimensions - } - elsif ($optkey =~ /^(o|u)pw=(\S+)$/) - { - $cmdopt .= " $1" . 'pw ' . $2; # owner/user password - } - elsif ($optkey =~ /^($simple)$/) - { - $cmdopt .= ' -' . $1; # allowed simple options - } - else - { - warn ("ERROR: pdftops wrapper: illegal attribute \"pdf-$optkey\"\n"); - } - } - # All other attributes are processed elsewhere -} -# -# Complete the command -# -warn ("ERROR: pdftops-options: $cmdopt\n"); -$rc = system ("$pdftops_path $cmdopt $pdffile -"); -if ($rc) -{ - $ir = $rc & 127; - $rc >>= 8; - warn ("ERROR: pdftops_path exited with ", ($ir) ? "signal $ir, " : " exit code $rc", "\n"); - exit $rc; -} -unlink ($pdffile) if (defined $delete_input); # Delete the temp file if any -exit 0; |