1 |
commit: 9e452ad1d49b71d242e05b8fe1fdb06e04879416 |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Apr 28 09:58:50 2020 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Apr 28 09:59:10 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e452ad1 |
7 |
|
8 |
net-print/cups: Security bump to version 2.3.3 |
9 |
|
10 |
CVE-2019-8842 and CVE-2020-3898 |
11 |
|
12 |
Bug: https://bugs.gentoo.org/719048 |
13 |
Package-Manager: Portage-2.3.99, Repoman-2.3.22 |
14 |
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> |
15 |
|
16 |
net-print/cups/Manifest | 1 + |
17 |
net-print/cups/cups-2.3.3.ebuild | 336 +++++++++++++++++++++++++++++++++++++++ |
18 |
2 files changed, 337 insertions(+) |
19 |
|
20 |
diff --git a/net-print/cups/Manifest b/net-print/cups/Manifest |
21 |
index 4030d034627..4bfec785e98 100644 |
22 |
--- a/net-print/cups/Manifest |
23 |
+++ b/net-print/cups/Manifest |
24 |
@@ -1,2 +1,3 @@ |
25 |
DIST cups-2.2.13-source.tar.gz 10410121 BLAKE2B 662ad7fe95a9cb82748a6035cf61bad8a823656522259fc8eafe4426cc57541beb29da9116174f9d6750ec207eacb83ab4e314021506d6a342577f03ff25b0cd SHA512 dc323bdcec86f11ec98e4881c540aa8be24f82d289c8a4f866e42bfd6f107b686346f1418b6347b3794dabac3c23d6e604e212aa8e169879c58b746fb1bc490d |
26 |
DIST cups-2.3.1-source.tar.gz 8135891 BLAKE2B fab46dfeb8a1846c4d8c8a1c166b465e72928ecc5b52dedd9d6a6328619f6eda822a85da9545c405b7bc7375acd2f2677497b94ab00735979487417537438831 SHA512 e3f3ad9e78c1c723d46cc2276957ac67495483882f639421203d9dad227eacbb1259717a92489e710995fdc89e2d575202e4b43117aff08ff1230dcf06674376 |
27 |
+DIST cups-2.3.3-source.tar.gz 8140741 BLAKE2B 427e6ee3602aec33ac336d9b2c6c8eb270f2996371f0edd3d69e411b94b2e93fc58a0032ba9f6d048f2c58a1c6b48f742671b4011cd725b882adfcc06ed7fd8a SHA512 7d6f4a01794c5599cc71525778ea785fd17271c31ac146a56e8fc374a88f99e4035d018dae48e37e541455e9cc93b302e892b2e93ec558c1b4bfc46dad68c92d |
28 |
|
29 |
diff --git a/net-print/cups/cups-2.3.3.ebuild b/net-print/cups/cups-2.3.3.ebuild |
30 |
new file mode 100644 |
31 |
index 00000000000..241cb46e426 |
32 |
--- /dev/null |
33 |
+++ b/net-print/cups/cups-2.3.3.ebuild |
34 |
@@ -0,0 +1,336 @@ |
35 |
+# Copyright 1999-2020 Gentoo Authors |
36 |
+# Distributed under the terms of the GNU General Public License v2 |
37 |
+ |
38 |
+EAPI=7 |
39 |
+ |
40 |
+PYTHON_COMPAT=( python2_7 ) |
41 |
+ |
42 |
+inherit autotools flag-o-matic linux-info xdg multilib-minimal pam user systemd toolchain-funcs |
43 |
+ |
44 |
+MY_PV="${PV/_rc/rc}" |
45 |
+MY_PV="${MY_PV/_beta/b}" |
46 |
+MY_P="${PN}-${MY_PV}" |
47 |
+ |
48 |
+if [[ ${PV} == *9999 ]]; then |
49 |
+ inherit git-r3 |
50 |
+ EGIT_REPO_URI="https://github.com/apple/cups.git" |
51 |
+ if [[ ${PV} != 9999 ]]; then |
52 |
+ EGIT_BRANCH=branch-${PV/.9999} |
53 |
+ fi |
54 |
+else |
55 |
+ #SRC_URI="https://github.com/apple/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" |
56 |
+ SRC_URI="https://github.com/apple/cups/releases/download/v${MY_PV}/${MY_P}-source.tar.gz" |
57 |
+ if [[ "${PV}" != *_beta* ]] && [[ "${PV}" != *_rc* ]] ; then |
58 |
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~m68k-mint" |
59 |
+ fi |
60 |
+fi |
61 |
+ |
62 |
+DESCRIPTION="The Common Unix Printing System" |
63 |
+HOMEPAGE="https://www.cups.org/" |
64 |
+ |
65 |
+LICENSE="Apache-2.0" |
66 |
+SLOT="0" |
67 |
+IUSE="acl dbus debug kerberos lprng-compat pam selinux +ssl static-libs systemd +threads usb X xinetd zeroconf" |
68 |
+ |
69 |
+CDEPEND=" |
70 |
+ app-text/libpaper |
71 |
+ sys-libs/zlib |
72 |
+ acl? ( |
73 |
+ kernel_linux? ( |
74 |
+ sys-apps/acl |
75 |
+ sys-apps/attr |
76 |
+ ) |
77 |
+ ) |
78 |
+ dbus? ( >=sys-apps/dbus-1.6.18-r1[${MULTILIB_USEDEP}] ) |
79 |
+ kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) |
80 |
+ !lprng-compat? ( !net-print/lprng ) |
81 |
+ pam? ( sys-libs/pam ) |
82 |
+ ssl? ( >=net-libs/gnutls-2.12.23-r6:0=[${MULTILIB_USEDEP}] ) |
83 |
+ systemd? ( sys-apps/systemd ) |
84 |
+ usb? ( virtual/libusb:1 ) |
85 |
+ X? ( x11-misc/xdg-utils ) |
86 |
+ xinetd? ( sys-apps/xinetd ) |
87 |
+ zeroconf? ( >=net-dns/avahi-0.6.31-r2[${MULTILIB_USEDEP}] ) |
88 |
+" |
89 |
+ |
90 |
+DEPEND="${CDEPEND}" |
91 |
+BDEPEND=" |
92 |
+ acct-group/lp |
93 |
+ >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] |
94 |
+" |
95 |
+ |
96 |
+RDEPEND="${CDEPEND} |
97 |
+ acct-group/lp |
98 |
+ selinux? ( sec-policy/selinux-cups ) |
99 |
+" |
100 |
+ |
101 |
+PDEPEND=">=net-print/cups-filters-1.0.43" |
102 |
+ |
103 |
+REQUIRED_USE=" |
104 |
+ usb? ( threads ) |
105 |
+" |
106 |
+ |
107 |
+# upstream includes an interactive test which is a nono for gentoo |
108 |
+RESTRICT="test" |
109 |
+ |
110 |
+# systemd-socket.patch from Fedora |
111 |
+PATCHES=( |
112 |
+ "${FILESDIR}/${PN}-2.2.6-fix-install-perms.patch" |
113 |
+ "${FILESDIR}/${PN}-1.4.4-nostrip.patch" |
114 |
+ "${FILESDIR}/${PN}-2.0.2-rename-systemd-service-files.patch" |
115 |
+ "${FILESDIR}/${PN}-2.0.1-xinetd-installation-fix.patch" |
116 |
+) |
117 |
+ |
118 |
+MULTILIB_CHOST_TOOLS=( |
119 |
+ /usr/bin/cups-config |
120 |
+) |
121 |
+ |
122 |
+S="${WORKDIR}/${MY_P}" |
123 |
+ |
124 |
+pkg_setup() { |
125 |
+ #enewgroup lp -> acct-group/lp |
126 |
+ enewuser lp -1 -1 -1 lp |
127 |
+ enewgroup lpadmin 106 |
128 |
+ |
129 |
+ if use kernel_linux; then |
130 |
+ linux-info_pkg_setup |
131 |
+ if ! linux_config_exists; then |
132 |
+ ewarn "Can't check the linux kernel configuration." |
133 |
+ ewarn "You might have some incompatible options enabled." |
134 |
+ else |
135 |
+ # recheck that we don't have usblp to collide with libusb; this should now work in most cases (bug 501122) |
136 |
+ if use usb; then |
137 |
+ if linux_chkconfig_present USB_PRINTER; then |
138 |
+ elog "Your USB printers will be managed via libusb. In case you run into problems, " |
139 |
+ elog "please try disabling USB_PRINTER support in your kernel or blacklisting the" |
140 |
+ elog "usblp kernel module." |
141 |
+ elog "Alternatively, just disable the usb useflag for cups (your printer will still work)." |
142 |
+ fi |
143 |
+ else |
144 |
+ #here we should warn user that he should enable it so he can print |
145 |
+ if ! linux_chkconfig_present USB_PRINTER; then |
146 |
+ ewarn "If you plan to use USB printers you should enable the USB_PRINTER" |
147 |
+ ewarn "support in your kernel." |
148 |
+ ewarn "Please enable it:" |
149 |
+ ewarn " CONFIG_USB_PRINTER=y" |
150 |
+ ewarn "in /usr/src/linux/.config or" |
151 |
+ ewarn " Device Drivers --->" |
152 |
+ ewarn " USB support --->" |
153 |
+ ewarn " [*] USB Printer support" |
154 |
+ ewarn "Alternatively, enable the usb useflag for cups and use the libusb code." |
155 |
+ fi |
156 |
+ fi |
157 |
+ fi |
158 |
+ fi |
159 |
+} |
160 |
+ |
161 |
+src_prepare() { |
162 |
+ default |
163 |
+ |
164 |
+ # Remove ".SILENT" rule for verbose output (bug 524338). |
165 |
+ sed 's#^.SILENT:##g' -i "${S}"/Makedefs.in || die "sed failed" |
166 |
+ |
167 |
+ # Fix install-sh, posix sh does not have 'function'. |
168 |
+ sed 's#function gzipcp#gzipcp()#g' -i "${S}/install-sh" |
169 |
+ |
170 |
+ # Do not add -Werror even for live ebuilds |
171 |
+ sed '/WARNING_OPTIONS/s@-Werror@@' \ |
172 |
+ -i config-scripts/cups-compiler.m4 || die |
173 |
+ |
174 |
+ AT_M4DIR=config-scripts eaclocal |
175 |
+ eautoconf |
176 |
+ |
177 |
+ # custom Makefiles |
178 |
+ multilib_copy_sources |
179 |
+} |
180 |
+ |
181 |
+multilib_src_configure() { |
182 |
+ export DSOFLAGS="${LDFLAGS}" |
183 |
+ |
184 |
+ einfo LINGUAS=\"${LINGUAS}\" |
185 |
+ |
186 |
+ # explicitly specify compiler wrt bug 524340 |
187 |
+ # |
188 |
+ # need to override KRB5CONFIG for proper flags |
189 |
+ # https://github.com/apple/cups/issues/4423 |
190 |
+ local myeconfargs=( |
191 |
+ CC="$(tc-getCC)" |
192 |
+ CXX="$(tc-getCXX)" |
193 |
+ KRB5CONFIG="${EPREFIX}"/usr/bin/${CHOST}-krb5-config |
194 |
+ --libdir="${EPREFIX}"/usr/$(get_libdir) |
195 |
+ --localstatedir="${EPREFIX}"/var |
196 |
+ --with-exe-file-perm=755 |
197 |
+ --with-rundir="${EPREFIX}"/run/cups |
198 |
+ --with-cups-user=lp |
199 |
+ --with-cups-group=lp |
200 |
+ --with-docdir="${EPREFIX}"/usr/share/cups/html |
201 |
+ --with-languages="${LINGUAS}" |
202 |
+ --with-system-groups=lpadmin |
203 |
+ --with-xinetd="${EPREFIX}"/etc/xinetd.d |
204 |
+ $(multilib_native_use_enable acl) |
205 |
+ $(use_enable dbus) |
206 |
+ $(use_enable debug) |
207 |
+ $(use_enable debug debug-guards) |
208 |
+ $(use_enable debug debug-printfs) |
209 |
+ $(use_enable kerberos gssapi) |
210 |
+ $(multilib_native_use_enable pam) |
211 |
+ $(use_enable static-libs static) |
212 |
+ $(use_enable threads) |
213 |
+ $(use_enable ssl gnutls) |
214 |
+ $(use_enable systemd) |
215 |
+ $(multilib_native_use_enable usb libusb) |
216 |
+ $(use_enable zeroconf avahi) |
217 |
+ --disable-dnssd |
218 |
+ $(multilib_is_native_abi && echo --enable-libpaper || echo --disable-libpaper) |
219 |
+ ) |
220 |
+ |
221 |
+ if tc-is-static-only; then |
222 |
+ myeconfargs+=( |
223 |
+ --disable-shared |
224 |
+ ) |
225 |
+ fi |
226 |
+ |
227 |
+ econf "${myeconfargs[@]}" |
228 |
+ |
229 |
+ # install in /usr/libexec always, instead of using /usr/lib/cups, as that |
230 |
+ # makes more sense when facing multilib support. |
231 |
+ sed -i -e "s:SERVERBIN.*:SERVERBIN = \"\$\(BUILDROOT\)${EPREFIX}/usr/libexec/cups\":" Makedefs || die |
232 |
+ sed -i -e "s:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN \"${EPREFIX}/usr/libexec/cups\":" config.h || die |
233 |
+ sed -i -e "s:cups_serverbin=.*:cups_serverbin=\"${EPREFIX}/usr/libexec/cups\":" cups-config || die |
234 |
+ |
235 |
+ # additional path corrections needed for prefix, see bug 597728 |
236 |
+ sed \ |
237 |
+ -e "s:ICONDIR.*:ICONDIR = ${EPREFIX}/usr/share/icons:" \ |
238 |
+ -e "s:INITDIR.*:INITDIR = ${EPREFIX}/etc:" \ |
239 |
+ -e "s:DBUSDIR.*:DBUSDIR = ${EPREFIX}/etc/dbus-1:" \ |
240 |
+ -e "s:MENUDIR.*:MENUDIR = ${EPREFIX}/usr/share/applications:" \ |
241 |
+ -i Makedefs || die |
242 |
+} |
243 |
+ |
244 |
+multilib_src_compile() { |
245 |
+ if multilib_is_native_abi; then |
246 |
+ default |
247 |
+ else |
248 |
+ emake libs |
249 |
+ fi |
250 |
+} |
251 |
+ |
252 |
+multilib_src_test() { |
253 |
+ multilib_is_native_abi && default |
254 |
+} |
255 |
+ |
256 |
+multilib_src_install() { |
257 |
+ if multilib_is_native_abi; then |
258 |
+ emake BUILDROOT="${D}" install |
259 |
+ else |
260 |
+ emake BUILDROOT="${D}" install-libs install-headers |
261 |
+ dobin cups-config |
262 |
+ fi |
263 |
+} |
264 |
+ |
265 |
+multilib_src_install_all() { |
266 |
+ dodoc {CHANGES,CREDITS,README}.md |
267 |
+ |
268 |
+ # move the default config file to docs |
269 |
+ dodoc "${ED}"/etc/cups/cupsd.conf.default |
270 |
+ rm -f "${ED}"/etc/cups/cupsd.conf.default |
271 |
+ |
272 |
+ # clean out cups init scripts |
273 |
+ rm -rf "${ED}"/etc/{init.d/cups,rc*,pam.d/cups} |
274 |
+ |
275 |
+ # install our init script |
276 |
+ local neededservices=( |
277 |
+ $(usex zeroconf avahi-daemon '') |
278 |
+ $(usex dbus dbus '') |
279 |
+ ) |
280 |
+ [[ -n ${neededservices[@]} ]] && neededservices="need ${neededservices[@]}" |
281 |
+ cp "${FILESDIR}"/cupsd.init.d-r3 "${T}"/cupsd || die |
282 |
+ sed -i \ |
283 |
+ -e "s/@neededservices@/${neededservices}/" \ |
284 |
+ "${T}"/cupsd || die |
285 |
+ doinitd "${T}"/cupsd |
286 |
+ |
287 |
+ # install our pam script |
288 |
+ pamd_mimic_system cups auth account |
289 |
+ |
290 |
+ if use xinetd ; then |
291 |
+ # correct path |
292 |
+ sed -i \ |
293 |
+ -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" \ |
294 |
+ "${ED}"/etc/xinetd.d/cups-lpd || die |
295 |
+ # it is safer to disable this by default, bug #137130 |
296 |
+ grep -w 'disable' "${ED}"/etc/xinetd.d/cups-lpd || \ |
297 |
+ { sed -i -e "s:}:\tdisable = yes\n}:" "${ED}"/etc/xinetd.d/cups-lpd || die ; } |
298 |
+ # write permission for file owner (root), bug #296221 |
299 |
+ fperms u+w /etc/xinetd.d/cups-lpd |
300 |
+ else |
301 |
+ # always configure with --with-xinetd= and clean up later, |
302 |
+ # bug #525604 |
303 |
+ rm -rf "${ED}"/etc/xinetd.d |
304 |
+ fi |
305 |
+ |
306 |
+ keepdir /usr/libexec/cups/driver /usr/share/cups/{model,profiles} \ |
307 |
+ /var/log/cups /var/spool/cups/tmp |
308 |
+ |
309 |
+ keepdir /etc/cups/{interfaces,ppd,ssl} |
310 |
+ |
311 |
+ if ! use X ; then |
312 |
+ rm -r "${ED}"/usr/share/applications || die |
313 |
+ fi |
314 |
+ |
315 |
+ # create /etc/cups/client.conf, bug #196967 and #266678 |
316 |
+ echo "ServerName ${EPREFIX}/run/cups/cups.sock" >> "${ED}"/etc/cups/client.conf |
317 |
+ |
318 |
+ # the following file is now provided by cups-filters: |
319 |
+ rm -r "${ED}"/usr/share/cups/banners || die |
320 |
+ |
321 |
+ # the following are created by the init script |
322 |
+ rm -r "${ED}"/var/cache/cups || die |
323 |
+ rm -r "${ED}"/run || die |
324 |
+ |
325 |
+ # for the special case of running lprng and cups together, bug 467226 |
326 |
+ if use lprng-compat ; then |
327 |
+ rm -fv "${ED}"/usr/bin/{lp*,cancel} |
328 |
+ rm -fv "${ED}"/usr/sbin/lp* |
329 |
+ rm -fv "${ED}"/usr/share/man/man1/{lp*,cancel*} |
330 |
+ rm -fv "${ED}"/usr/share/man/man8/lp* |
331 |
+ ewarn "Not installing lp... binaries, since the lprng-compat useflag is set." |
332 |
+ ewarn "Unless you plan to install an exotic server setup, you most likely" |
333 |
+ ewarn "do not want this. Disable the useflag then and all will be fine." |
334 |
+ fi |
335 |
+} |
336 |
+ |
337 |
+pkg_preinst() { |
338 |
+ xdg_pkg_preinst |
339 |
+} |
340 |
+ |
341 |
+pkg_postinst() { |
342 |
+ # Update desktop file database and gtk icon cache (bug 370059) |
343 |
+ xdg_pkg_postinst |
344 |
+ |
345 |
+ local v |
346 |
+ |
347 |
+ for v in ${REPLACING_VERSIONS}; do |
348 |
+ if ! ver_test ${v} -ge 2.2.2-r2 ; then |
349 |
+ echo |
350 |
+ ewarn "The cupsd init script switched to using pidfiles. Shutting down" |
351 |
+ ewarn "cupsd will fail the next time. To fix this, please run once as root" |
352 |
+ ewarn " killall cupsd ; /etc/init.d/cupsd zap ; /etc/init.d/cupsd start" |
353 |
+ echo |
354 |
+ break |
355 |
+ fi |
356 |
+ done |
357 |
+ |
358 |
+ for v in ${REPLACING_VERSIONS}; do |
359 |
+ echo |
360 |
+ elog "For information about installing a printer and general cups setup" |
361 |
+ elog "take a look at: https://wiki.gentoo.org/wiki/Printing" |
362 |
+ echo |
363 |
+ break |
364 |
+ done |
365 |
+} |
366 |
+ |
367 |
+pkg_postrm() { |
368 |
+ # Update desktop file database and gtk icon cache (bug 370059) |
369 |
+ xdg_pkg_postrm |
370 |
+} |