Revbumps fixing security issue CVE-2011-2896. Remove old.

(Portage version: 2.2.0_alpha51/cvs/Linux x86_64)
author: Timo Gurr <tgurr@gentoo.org> 2011-08-25 01:02:49 +0000
committer: Timo Gurr <tgurr@gentoo.org> 2011-08-25 01:02:49 +0000
commit: 44e6df3efcf4df9dd1b73f98230ee9f17cddfe38 (patch)
tree: b5496cbc44cf3a477fc74a5610b2a6b25c47934c /net-print/cups
parent: Version bump (diff)
download: gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.tar.gz
gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.tar.bz2
gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.zip
5 files changed, 69 insertions, 47 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index 2994faeb25bc..d0a39b73103c 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-print/cups
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.427 2011/08/17 20:28:56 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.428 2011/08/25 01:02:49 tgurr Exp $
+
+*cups-1.5.0-r1 (25 Aug 2011)
+*cups-1.4.8-r21 (25 Aug 2011)
+*cups-1.4.8-r1 (25 Aug 2011)
+
+  25 Aug 2011; Timo Gurr <tgurr@gentoo.org> -cups-1.4.6-r21.ebuild,
+  -cups-1.4.8.ebuild, +cups-1.4.8-r1.ebuild, +cups-1.4.8-r21.ebuild,
+  +files/cups-1.4.8-CVE-2011-2896.patch, -cups-1.5.0.ebuild,
+  +cups-1.5.0-r1.ebuild:
+  Revbumps fixing security issue CVE-2011-2896. Remove old.
 
 *cups-1.5.0 (17 Aug 2011)
 *cups-1.4.8 (17 Aug 2011)
diff --git a/net-print/cups/cups-1.4.6-r21.ebuild b/net-print/cups/cups-1.4.8-r1.ebuild
index 6d4343ac78cf..8a6f59700875 100644
--- a/net-print/cups/cups-1.4.6-r21.ebuild
+++ b/net-print/cups/cups-1.4.8-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.6-r21.ebuild,v 1.2 2011/06/06 21:54:07 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.8-r1.ebuild,v 1.1 2011/08/25 01:02:49 tgurr Exp $
 
 EAPI=3
 
@@ -17,7 +17,7 @@ SRC_URI="mirror://easysw/${PN}/${PV}/${MY_P}-source.tar.bz2"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
-IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static-libs +threads +tiff usb X xinetd"
+IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static-libs +threads +tiff X xinetd"
 
 LANGS="da de es eu fi fr id it ja ko nl no pl pt pt_BR ru sv zh zh_TW"
 for X in ${LANGS} ; do
@@ -50,7 +50,6 @@ RDEPEND="
 		!gnutls? ( >=dev-libs/openssl-0.9.8g )
 	)
 	tiff? ( >=media-libs/tiff-3.5.5 )
-	usb? ( virtual/libusb:0 )
 	X? ( x11-misc/xdg-utils )
 	xinetd? ( sys-apps/xinetd )
 	!net-print/cupsddk
@@ -81,49 +80,21 @@ pkg_setup() {
 		python_pkg_setup
 	fi
 
-	if use usb; then
-		elog "You are going to use new libusb backed to access your usb printer."
-		elog "This interface has quite few known issues and does not report all"
-		elog "issues and just refuses to print."
-		elog "Please consider disabling usb useflag if you are having issues."
-		elog
-		elog "Please note that if you disable the usb useflag your device will be"
-		elog "still working using kernel usblp interface instead of libusb."
-		echo
-	fi
-
 	linux-info_pkg_setup
 	if  ! linux_config_exists; then
 		ewarn "Can't check the linux kernel configuration."
 		ewarn "You might have some incompatible options enabled."
 	else
-		# recheck that we don't have usblp to collide with libusb
-		if use usb; then
-			if linux_chkconfig_present USB_PRINTER; then
-				eerror "Your usb printers will be managed via libusb which collides with kernel module."
-				eerror "${P} requires the USB_PRINTER support disabled."
-				eerror "Please disable it:"
-				eerror "    CONFIG_USB_PRINTER=n"
-				eerror "in /usr/src/linux/.config or"
-				eerror "    Device Drivers --->"
-				eerror "        USB support  --->"
-				eerror "            [ ] USB Printer support"
-				eerror "Alternatively, just disable the usb useflag for cups (your printer will still work)."
-				die "USB_PRINTER module enabled"
-			fi
-		else
-			#here we should warn user that he should enable it so he can print
-			if ! linux_chkconfig_present USB_PRINTER; then
-				ewarn "If you plan to use USB printers you should enable the USB_PRINTER"
-				ewarn "support in your kernel."
-				ewarn "Please enable it:"
-				ewarn "    CONFIG_USB_PRINTER=y"
-				ewarn "in /usr/src/linux/.config or"
-				ewarn "    Device Drivers --->"
-				ewarn "        USB support  --->"
-				ewarn "            [*] USB Printer support"
-				ewarn "Alternatively, enable the usb useflag for cups and use the new, less-tested libusb code."
-			fi
+		#here we should warn user that he should enable it so he can print
+		if ! linux_chkconfig_present USB_PRINTER; then
+			ewarn "If you plan to use USB printers you should enable the USB_PRINTER"
+			ewarn "support in your kernel."
+			ewarn "Please enable it:"
+			ewarn "    CONFIG_USB_PRINTER=y"
+			ewarn "in /usr/src/linux/.config or"
+			ewarn "    Device Drivers --->"
+			ewarn "        USB support  --->"
+			ewarn "            [*] USB Printer support"
 		fi
 	fi
 }
@@ -139,8 +110,8 @@ src_prepare() {
 	epatch "${FILESDIR}/${PN}-1.4.4-perl-includes.patch"
 	epatch "${FILESDIR}/${PN}-1.4.6-force-gnutls.patch"
 	epatch "${FILESDIR}/${PN}-1.4.6-serialize-gnutls.patch"
-	# interface hangs using some browsers, bug #325871
-	epatch "${FILESDIR}/${PN}-1.4.6-web-hang.patch"
+	# security fixes
+	epatch "${FILESDIR}/${PN}-1.4.8-CVE-2011-2896.patch"
 
 	AT_M4DIR=config-scripts eaclocal
 	eautoconf
@@ -199,13 +170,13 @@ src_configure() {
 		$(use_enable slp) \
 		$(use_enable static-libs static) \
 		$(use_enable tiff) \
-		$(use_enable usb libusb) \
 		$(use_with java) \
 		$(use_with perl) \
 		$(use_with php) \
 		$(use_with python) \
 		$(use_with xinetd xinetd /etc/xinetd.d) \
 		--enable-libpaper \
+		--disable-libusb \
 		--disable-dnssd \
 		${myconf}
 
diff --git a/net-print/cups/cups-1.4.8.ebuild b/net-print/cups/cups-1.4.8-r21.ebuild
index c781a10b3356..a0c72859940b 100644
--- a/net-print/cups/cups-1.4.8.ebuild
+++ b/net-print/cups/cups-1.4.8-r21.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.8.ebuild,v 1.1 2011/08/17 20:28:56 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.8-r21.ebuild,v 1.1 2011/08/25 01:02:49 tgurr Exp $
 
 EAPI=3
 
@@ -139,6 +139,8 @@ src_prepare() {
 	epatch "${FILESDIR}/${PN}-1.4.4-perl-includes.patch"
 	epatch "${FILESDIR}/${PN}-1.4.6-force-gnutls.patch"
 	epatch "${FILESDIR}/${PN}-1.4.6-serialize-gnutls.patch"
+	# security fixes
+	epatch "${FILESDIR}/${PN}-1.4.8-CVE-2011-2896.patch"
 
 	AT_M4DIR=config-scripts eaclocal
 	eautoconf
diff --git a/net-print/cups/cups-1.5.0.ebuild b/net-print/cups/cups-1.5.0-r1.ebuild
index 0714534d62b7..8f33d42a6464 100644
--- a/net-print/cups/cups-1.5.0.ebuild
+++ b/net-print/cups/cups-1.5.0-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.5.0.ebuild,v 1.1 2011/08/17 20:28:56 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.5.0-r1.ebuild,v 1.1 2011/08/25 01:02:49 tgurr Exp $
 
 #
 # See http://git.overlays.gentoo.org/gitweb/?p=dev/dilfridge.git;a=blob;f=net-print/cups/notes.txt;hb=HEAD
@@ -141,6 +141,8 @@ src_prepare() {
 	epatch "${FILESDIR}/${PN}-1.4.4-nostrip.patch"
 	epatch "${FILESDIR}/${PN}-1.4.4-php-destdir.patch"
 	epatch "${FILESDIR}/${PN}-1.4.4-perl-includes.patch"
+	# security fixes
+	epatch "${FILESDIR}/${PN}-1.4.8-CVE-2011-2896.patch"
 
 	AT_M4DIR=config-scripts eaclocal
 	eautoconf
diff --git a/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch
new file mode 100644
index 000000000000..843456f2eebd
--- /dev/null
+++ b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch
@@ -0,0 +1,37 @@
+Source: Upstream http://cups.org/str.php?L3914
+Reason: Avoid GIF reader loop (CVE-2011-2896)
+Upstream: Fixed in trunk
+
+diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c
+--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896	2011-06-20 21:37:51.000000000 +0100
++++ cups-1.4.8/filter/image-gif.c	2011-08-19 11:33:37.547911212 +0100
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+ 
+     if (code == max_code)
+     {
+-      *sp++ = firstcode;
+-      code  = oldcode;
++      if (sp < (stack + 8192))
++	*sp++ = firstcode;
++
++      code = oldcode;
+     }
+ 
+-    while (code >= clear_code)
++    while (code >= clear_code && sp < (stack + 8192))
+     {
+       *sp++ = table[1][code];
+       if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+       code = table[0][code];
+     }
+ 
+-    *sp++ = firstcode = table[1][code];
+-    code  = max_code;
++    if (sp < (stack + 8192))
++      *sp++ = firstcode = table[1][code];
++
++    code = max_code;
+ 
+     if (code < 4096)
+     {
author	Timo Gurr <tgurr@gentoo.org>	2011-08-25 01:02:49 +0000
committer	Timo Gurr <tgurr@gentoo.org>	2011-08-25 01:02:49 +0000
commit	44e6df3efcf4df9dd1b73f98230ee9f17cddfe38 (patch)
tree	b5496cbc44cf3a477fc74a5610b2a6b25c47934c /net-print/cups
parent	Version bump (diff)
download	gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.tar.gz gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.tar.bz2 gentoo-2-44e6df3efcf4df9dd1b73f98230ee9f17cddfe38.zip