From 6ce98b98207e66e219469ac56a164e532dfc49ad Mon Sep 17 00:00:00 2001 From: Daniel Pielmeier Date: Thu, 20 Jan 2011 18:36:23 +0000 Subject: Revision bump to fix security bug #352085. (Portage version: 2.1.9.25/cvs/Linux i686) --- net-print/hplip/ChangeLog | 8 +- .../hplip/files/hplip-3.10.9-cve-2010-4267.patch | 11 + net-print/hplip/hplip-3.10.9-r1.ebuild | 269 +++++++++++++++++++++ 3 files changed, 287 insertions(+), 1 deletion(-) create mode 100644 net-print/hplip/files/hplip-3.10.9-cve-2010-4267.patch create mode 100644 net-print/hplip/hplip-3.10.9-r1.ebuild (limited to 'net-print/hplip') diff --git a/net-print/hplip/ChangeLog b/net-print/hplip/ChangeLog index 8928f3198ee1..c335b90f493b 100644 --- a/net-print/hplip/ChangeLog +++ b/net-print/hplip/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-print/hplip # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-print/hplip/ChangeLog,v 1.173 2011/01/10 20:43:58 ranger Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-print/hplip/ChangeLog,v 1.174 2011/01/20 18:36:23 billie Exp $ + +*hplip-3.10.9-r1 (20 Jan 2011) + + 20 Jan 2011; Daniel Pielmeier +hplip-3.10.9-r1.ebuild, + +files/hplip-3.10.9-cve-2010-4267.patch: + Revision bump to fix security bug #352085. 10 Jan 2011; Brent Baude hplip-3.10.9.ebuild: stable ppc, bug 345457 diff --git a/net-print/hplip/files/hplip-3.10.9-cve-2010-4267.patch b/net-print/hplip/files/hplip-3.10.9-cve-2010-4267.patch new file mode 100644 index 000000000000..3bf6b84fae84 --- /dev/null +++ b/net-print/hplip/files/hplip-3.10.9-cve-2010-4267.patch @@ -0,0 +1,11 @@ +--- hplip-3.10.2.orig/io/hpmud/pml.c 2010-12-06 13:35:12.046894255 -0500 ++++ hplip-3.10.2.orig/io/hpmud/pml.c 2010-12-06 13:34:35.018894207 -0500 +@@ -504,6 +504,8 @@ enum HPMUD_RESULT hpmud_get_pml(HPMUD_DE + p += 2; /* eat type and length */ + } + ++ if (dLen > buf_size) ++ dLen = buf_size; + memcpy(buf, p, dLen); + *bytes_read = dLen; + *type = dt; diff --git a/net-print/hplip/hplip-3.10.9-r1.ebuild b/net-print/hplip/hplip-3.10.9-r1.ebuild new file mode 100644 index 000000000000..df7c216f0e8a --- /dev/null +++ b/net-print/hplip/hplip-3.10.9-r1.ebuild @@ -0,0 +1,269 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-print/hplip/hplip-3.10.9-r1.ebuild,v 1.1 2011/01/20 18:36:23 billie Exp $ + +EAPI=2 + +PYTHON_DEPEND="!minimal? 2" +PYTHON_USE_WITH="threads xml" +PYTHON_USE_WITH_OPT="!minimal" + +inherit fdo-mime linux-info python autotools + +DESCRIPTION="HP Linux Imaging and Printing System. Includes printer, scanner, fax drivers and service tools." +HOMEPAGE="http://hplipopensource.com/hplip-web/index.html" +SRC_URI="mirror://sourceforge/hplip/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86" + +# zeroconf does not work properly with >=cups-1.4. thus support for it is also disabled in hplip. +IUSE="doc fax +hpcups hpijs kde libnotify minimal parport policykit qt4 scanner snmp static-ppds -udev-acl X" + +COMMON_DEPEND=" + virtual/jpeg + hpijs? ( >=net-print/foomatic-filters-3.0.20080507[cups] ) + udev-acl? ( >=sys-fs/udev-145[extras] ) + snmp? ( + net-analyzer/net-snmp + dev-libs/openssl + ) + !minimal? ( + net-print/cups + virtual/libusb:0 + scanner? ( >=media-gfx/sane-backends-1.0.19-r1 ) + fax? ( sys-apps/dbus ) + )" + +DEPEND="${COMMON_DEPEND} + dev-util/pkgconfig" + +RDEPEND="${COMMON_DEPEND} + >=app-text/ghostscript-gpl-8.71-r3 + !static-ppds? ( || ( >=net-print/cups-1.4.0 net-print/cupsddk ) ) + !minimal? ( + dev-python/pygobject + kernel_linux? ( >=sys-fs/udev-114 ) + scanner? ( + dev-python/imaging + X? ( || ( + kde? ( kde-misc/skanlite ) + media-gfx/xsane + media-gfx/sane-frontends + ) ) + ) + fax? ( + dev-python/reportlab + dev-python/dbus-python + ) + qt4? ( + dev-python/PyQt4[dbus,X] + libnotify? ( + dev-python/notify-python + ) + policykit? ( + sys-auth/polkit + ) + ) + )" + +CONFIG_CHECK="~PARPORT ~PPDEV" +ERROR_PARPORT="Please make sure parallel port support is enabled in your kernel (PARPORT and PPDEV)." + +pkg_setup() { + if ! use minimal; then + python_set_active_version 2 + python_pkg_setup + fi + + ! use qt4 && ewarn "You need USE=qt4 for the hplip GUI." + + use scanner && ! use X && ewarn "You need USE=X for the scanner GUI." + + if ! use hpcups && ! use hpijs ; then + ewarn "Installing neither hpcups (USE=-hpcups) nor hpijs (USE=-hpijs) driver," + ewarn "which is probably not what you want." + ewarn "You will almost certainly not be able to print." + ewarn "Recommended USE flags: USE=\"hpcups -hpijs\")." + fi + + if use minimal ; then + ewarn "Installing driver portions only, make sure you know what you are doing." + ewarn "Depending on the USE flags set for hpcups and/or hpijs the appropiate" + ewarn "drivers are installed." + else + use parport && linux-info_pkg_setup + fi +} + +src_prepare() { + python_convert_shebangs -q -r 2 . + + # Test for Gentoo bug #345725 + #sed -i -e "s|/etc/udev/rules.d|/$(get_libdir)/udev/rules.d|" \ + # $(find ./ -type f -exec grep -l '/etc/udev/rules.d' '{}' '+') \ + # || die "sed udev rules" + + # Do not install desktop files if there is no gui + # Upstream bug: https://bugs.launchpad.net/hplip/+bug/452113 + epatch "${FILESDIR}"/${PN}-3.9.10-desktop.patch + + # Browser detection through xdg-open + # Upstream bug: https://bugs.launchpad.net/hplip/+bug/482674 + epatch "${FILESDIR}"/${PN}-3.9.10-browser.patch + + # Use cups-config when checking for cupsddk + # Upstream bug: https://bugs.launchpad.net/hplip/+bug/483136 + epatch "${FILESDIR}"/${PN}-3.9.12-cupsddk.patch + + # Htmldocs are not installed under docdir/html so enable htmldir configure switch + # Upstream bug: https://bugs.launchpad.net/hplip/+bug/483217 + epatch "${FILESDIR}"/${PN}-3.9.10-htmldir.patch + + # Increase systray check timeout for slower machines + # Upstream bug: https://bugs.launchpad.net/hplip/+bug/335662 + epatch "${FILESDIR}"/${PN}-3.9.12-systray.patch + + # SYSFS deprecated but kept upstream for compatibility reasons + # Upstream bug: https://bugs.launchpad.net/hplip/+bug/346390 + epatch "${FILESDIR}"/${PN}-3.10.5-udev-attrs.patch + + # CVE-2010-4267 SNMP Response Processing Buffer Overflow Vulnerability + # http://secunia.com/advisories/42956/ + # https://bugzilla.redhat.com/show_bug.cgi?id=662740 + epatch "${FILESDIR}"/${P}-cve-2010-4267.patch + + # Force recognition of Gentoo distro by hp-check + sed -i \ + -e "s:file('/etc/issue', 'r').read():'Gentoo':" \ + installer/core_install.py || die + + # Use system foomatic-rip for hpijs driver instead of foomatic-rip-hplip + # The hpcups driver does not use foomatic-rip + local i + for i in ppd/hpijs/*.ppd.gz + do + rm -f ${i}.temp + gunzip -c ${i} | sed 's/foomatic-rip-hplip/foomatic-rip/g' | gzip > ${i}.temp || die + mv ${i}.temp ${i} + done + + eautoreconf +} + +src_configure() { + local gui_build myconf drv_build minimal_build + + if use qt4 ; then + gui_build="--enable-gui-build --enable-qt4 --disable-qt3" + if use policykit ; then + myconf="--enable-policykit" + else + myconf="--disable-policykit" + fi + else + gui_build="--disable-gui-build --disable-qt3 --disable-qt4" + fi + + if use fax || use qt4 ; then + myconf="${myconf} --enable-dbus-build" + else + myconf="${myconf} --disable-dbus-build" + fi + + if use hpcups ; then + drv_build="$(use_enable hpcups hpcups-install)" + if use static-ppds ; then + drv_build="${drv_build} --enable-cups-ppd-install" + drv_build="${drv_build} --disable-cups-drv-install" + else + drv_build="${drv_build} --enable-cups-drv-install" + drv_build="${drv_build} --disable-cups-ppd-install" + fi + else + drv_build="--disable-hpcups-install --disable-cups-drv-install" + drv_build="${drv_build} --disable-cups-ppd-install" + fi + + if use hpijs ; then + drv_build="${drv_build} $(use_enable hpijs hpijs-install)" + if use static-ppds ; then + drv_build="${drv_build} --enable-foomatic-ppd-install" + drv_build="${drv_build} --disable-foomatic-drv-install" + else + drv_build="${drv_build} --enable-foomatic-drv-install" + drv_build="${drv_build} --disable-foomatic-ppd-install" + fi + else + drv_build="${drv_build} --disable-hpijs-install" + drv_build="${drv_build} --disable-foomatic-drv-install" + drv_build="${drv_build} --disable-foomatic-ppd-install" + fi + + if use minimal ; then + if use hpijs ; then + minimal_build="--enable-hpijs-only-build" + else + minimal_build="--disable-hpijs-only-build" + fi + if use hpcups ; then + minimal_build="${minimal_build} --enable-hpcups-only-build" + else + minimal_build="${minimal_build} --disable-hpcups-only-build" + fi + fi + + econf \ + --disable-dependency-tracking \ + --disable-cups11-build \ + --disable-lite-build \ + --disable-foomatic-rip-hplip-install \ + --disable-shadow-build \ + --with-cupsbackenddir=$(cups-config --serverbin)/backend \ + --with-cupsfilterdir=$(cups-config --serverbin)/filter \ + --with-docdir=/usr/share/doc/${PF} \ + --with-htmldir=/usr/share/doc/${PF}/html \ + ${gui_build} \ + ${myconf} \ + ${drv_build} \ + ${minimal_build} \ + $(use_enable doc doc-build) \ + $(use_enable fax fax-build) \ + $(use_enable parport pp-build) \ + $(use_enable scanner scan-build) \ + $(use_enable snmp network-build) \ + $(use_enable udev-acl udev-acl-rules) +} + +src_install() { + emake DESTDIR="${D}" install || die + + # Installed by sane-backends + # Gentoo Bug: #201023 + rm -f "${D}"/etc/sane.d/dll.conf || die +} + +pkg_postinst() { + use !minimal && python_mod_optimize /usr/share/${PN} + fdo-mime_desktop_database_update + + elog "You should run hp-setup as root if you are installing hplip for the first time," + elog "and may also need to run it if you are upgrading from an earlier version." + elog + elog "If your device is connected using USB, users will need to be in the lp group to" + elog "access it." + elog + elog "Starting with versions of hplip >=3.9.8 mDNS is the default network search" + elog "mechanism. To make use of it you need to activate the zeroconf flag on cups." + elog "If you prefer the SLP method you have to choose this when configuring the" + elog "device." + elog "Note: For cups-1.4.x SLP is the only supported method as mDNS (zeroconf) is not" + elog "available here." + +} + +pkg_postrm() { + use !minimal && python_mod_cleanup /usr/share/${PN} + fdo-mime_desktop_database_update +} -- cgit v1.2.3-65-gdbad