| 1 |
pva 08/04/01 19:03:34 |
| 2 |
|
| 3 |
Modified: ChangeLog |
| 4 |
Added: cups-1.2.12-r7.ebuild |
| 5 |
Log: |
| 6 |
Fixing multiple security vulnerabilities, bug #214068, thank Robert Buchholz and all other developers working on that bug. |
| 7 |
(Portage version: 2.1.4.4, RepoMan options: --force) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.294 net-print/cups/ChangeLog |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-print/cups/ChangeLog?rev=1.294&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-print/cups/ChangeLog?rev=1.294&content-type=text/plain |
| 14 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-print/cups/ChangeLog?r1=1.293&r2=1.294 |
| 15 |
|
| 16 |
Index: ChangeLog |
| 17 |
=================================================================== |
| 18 |
RCS file: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v |
| 19 |
retrieving revision 1.293 |
| 20 |
retrieving revision 1.294 |
| 21 |
diff -u -r1.293 -r1.294 |
| 22 |
--- ChangeLog 23 Mar 2008 11:09:38 -0000 1.293 |
| 23 |
+++ ChangeLog 1 Apr 2008 19:03:34 -0000 1.294 |
| 24 |
@@ -1,6 +1,14 @@ |
| 25 |
# ChangeLog for net-print/cups |
| 26 |
# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 |
| 27 |
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.293 2008/03/23 11:09:38 dertobi123 Exp $ |
| 28 |
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.294 2008/04/01 19:03:34 pva Exp $ |
| 29 |
+ |
| 30 |
+*cups-1.2.12-r7 (01 Apr 2008) |
| 31 |
+ |
| 32 |
+ 01 Apr 2008; Peter Volkov <pva@g.o> |
| 33 |
+ +files/cups-1.2.12-CVE-2008-0053.patch, |
| 34 |
+ +files/cups-1.2.12-CVE-2008-1373.patch, +cups-1.2.12-r7.ebuild: |
| 35 |
+ Fixing multiple security vulnerabilities, bug #214068, thank Robert |
| 36 |
+ Buchholz and all other developers working on that bug. |
| 37 |
|
| 38 |
23 Mar 2008; Tobias Scherbaum <dertobi123@g.o> |
| 39 |
cups-1.2.12-r6.ebuild: |
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
1.1 net-print/cups/cups-1.2.12-r7.ebuild |
| 44 |
|
| 45 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-print/cups/cups-1.2.12-r7.ebuild?rev=1.1&view=markup |
| 46 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-print/cups/cups-1.2.12-r7.ebuild?rev=1.1&content-type=text/plain |
| 47 |
|
| 48 |
Index: cups-1.2.12-r7.ebuild |
| 49 |
=================================================================== |
| 50 |
# Copyright 1999-2008 Gentoo Foundation |
| 51 |
# Distributed under the terms of the GNU General Public License v2 |
| 52 |
# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r7.ebuild,v 1.1 2008/04/01 19:03:34 pva Exp $ |
| 53 |
|
| 54 |
inherit autotools eutils flag-o-matic multilib pam |
| 55 |
|
| 56 |
MY_P=${P/_} |
| 57 |
|
| 58 |
DESCRIPTION="The Common Unix Printing System" |
| 59 |
HOMEPAGE="http://www.cups.org/" |
| 60 |
SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2" |
| 61 |
|
| 62 |
LICENSE="GPL-2" |
| 63 |
SLOT="0" |
| 64 |
KEYWORDS="alpha ~amd64 ~arm hppa ~ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc ~sparc-fbsd x86 ~x86-fbsd" |
| 65 |
IUSE="ldap ssl slp pam php samba nls dbus tiff png ppds jpeg X" |
| 66 |
|
| 67 |
DEP="pam? ( virtual/pam ) |
| 68 |
ssl? ( net-libs/gnutls ) |
| 69 |
slp? ( >=net-libs/openslp-1.0.4 ) |
| 70 |
ldap? ( net-nds/openldap ) |
| 71 |
dbus? ( sys-apps/dbus ) |
| 72 |
png? ( >=media-libs/libpng-1.2.1 ) |
| 73 |
tiff? ( >=media-libs/tiff-3.5.5 ) |
| 74 |
jpeg? ( >=media-libs/jpeg-6b ) |
| 75 |
php? ( dev-lang/php ) |
| 76 |
app-text/libpaper" |
| 77 |
DEPEND="${DEP} |
| 78 |
!<net-print/foomatic-filters-ppds-20070501 |
| 79 |
!<net-print/hplip-1.7.4a-r1 |
| 80 |
nls? ( sys-devel/gettext )" |
| 81 |
RDEPEND="${DEP} |
| 82 |
nls? ( virtual/libintl ) |
| 83 |
!virtual/lpr |
| 84 |
>=app-text/poppler-0.4.3-r1 |
| 85 |
X? ( x11-misc/xdg-utils )" |
| 86 |
|
| 87 |
PDEPEND=" |
| 88 |
ppds? ( || ( |
| 89 |
( |
| 90 |
net-print/foomatic-filters-ppds |
| 91 |
net-print/foomatic-db-ppds |
| 92 |
) |
| 93 |
net-print/foomatic-filters-ppds |
| 94 |
net-print/foomatic-db-ppds |
| 95 |
net-print/hplip |
| 96 |
media-gfx/gimp-print |
| 97 |
net-print/foo2zjs |
| 98 |
net-print/cups-pdf |
| 99 |
) ) |
| 100 |
samba? ( >=net-fs/samba-3.0.8 ) |
| 101 |
virtual/ghostscript" |
| 102 |
PROVIDE="virtual/lpr" |
| 103 |
|
| 104 |
# upstream includes an interactive test which is a nono for gentoo. |
| 105 |
# therefore, since the printing herd has bigger fish to fry, for now, |
| 106 |
# we just leave it out, even if FEATURES=test |
| 107 |
RESTRICT="test" |
| 108 |
|
| 109 |
S=${WORKDIR}/${MY_P} |
| 110 |
|
| 111 |
pkg_setup() { |
| 112 |
if use x86 && [ -d "/usr/lib64" ] |
| 113 |
then |
| 114 |
eerror "You are running an x86 system, but /usr/lib64 exists, cups will install all library objects into this directory!" |
| 115 |
eerror "You should remove /usr/lib64, but before you do, you should check for existing objects, and re-compile all affected packages." |
| 116 |
eerror "You can use qfile (emerge portage-utils to install qfile) to get a list of the affected ebuilds:" |
| 117 |
eerror "# qfile -qC /usr/lib64" |
| 118 |
die "lib64 on x86 detected" |
| 119 |
fi |
| 120 |
|
| 121 |
enewgroup lp |
| 122 |
enewuser lp -1 -1 -1 lp |
| 123 |
|
| 124 |
enewgroup lpadmin 106 |
| 125 |
} |
| 126 |
|
| 127 |
src_unpack() { |
| 128 |
unpack ${A} |
| 129 |
cd "${S}" |
| 130 |
|
| 131 |
# CVE-2007-4351 security patch, bug #196736 |
| 132 |
epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-4351.patch |
| 133 |
# CVE-2007-5849 security patch, bug #201570 |
| 134 |
epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2007-5849.patch |
| 135 |
# CVE-2008-0047 security patch, bug #212364 |
| 136 |
epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0047.patch |
| 137 |
# CVE-2008-0882 security patch, bug #211449 |
| 138 |
epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0882.patch |
| 139 |
# CVE-2008-1373 security patch, bug #214068 |
| 140 |
epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-1373.patch |
| 141 |
# CVE-2008-0053 security patch, bug #214068 |
| 142 |
epatch "${FILESDIR}"/${PN}-1.2.12-CVE-2008-0053.patch |
| 143 |
|
| 144 |
# cups does not use autotools "the usual way" and ship a static config.h.in |
| 145 |
eaclocal |
| 146 |
eautoconf |
| 147 |
} |
| 148 |
|
| 149 |
src_compile() { |
| 150 |
export DSOFLAGS="${LDFLAGS}" |
| 151 |
|
| 152 |
if use ldap; then |
| 153 |
append-flags -DLDAP_DEPRECATED |
| 154 |
fi |
| 155 |
|
| 156 |
econf \ |
| 157 |
--with-cups-user=lp \ |
| 158 |
--with-cups-group=lp \ |
| 159 |
--with-system-groups=lpadmin \ |
| 160 |
--localstatedir=/var \ |
| 161 |
--with-docdir=/usr/share/cups/html \ |
| 162 |
$(use_enable pam) \ |
| 163 |
$(use_enable ssl) \ |
| 164 |
--enable-gnutls \ |
| 165 |
$(use_enable slp) \ |
| 166 |
$(use_enable nls) \ |
| 167 |
$(use_enable dbus) \ |
| 168 |
$(use_enable png) \ |
| 169 |
$(use_enable jpeg) \ |
| 170 |
$(use_enable tiff) \ |
| 171 |
$(use_with php) \ |
| 172 |
$(use_enable ldap) \ |
| 173 |
--enable-libpaper \ |
| 174 |
--enable-threads \ |
| 175 |
--enable-static \ |
| 176 |
--disable-pdftops \ |
| 177 |
|| die "econf failed" |
| 178 |
|
| 179 |
# Install in /usr/libexec always, instead of using /usr/lib/cups, as that |
| 180 |
# makes more sense when facing multilib support. |
| 181 |
sed -i -e 's:SERVERBIN.*:SERVERBIN = $(BUILDROOT)/usr/libexec/cups:' Makedefs |
| 182 |
sed -i -e 's:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN "/usr/libexec/cups":' config.h |
| 183 |
sed -i -e 's:cups_serverbin=.*:cups_serverbin=/usr/libexec/cups:' cups-config |
| 184 |
|
| 185 |
emake || die "emake failed" |
| 186 |
} |
| 187 |
|
| 188 |
src_install() { |
| 189 |
emake BUILDROOT="${D}" install || die "emake install failed" |
| 190 |
dodoc {CHANGES{,-1.{0,1}},CREDITS,LICENSE,README}.txt |
| 191 |
|
| 192 |
# clean out cups init scripts |
| 193 |
rm -rf "${D}"/etc/{init.d/cups,rc*,pam.d/cups} |
| 194 |
# install our init scripts |
| 195 |
newinitd "${FILESDIR}"/cupsd.init cupsd |
| 196 |
# install our pam script |
| 197 |
pamd_mimic_system cups auth account |
| 198 |
|
| 199 |
# correct path |
| 200 |
sed -i -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" "${D}"/etc/xinetd.d/cups-lpd |
| 201 |
# it is safer to disable this by default, bug 137130 |
| 202 |
grep -w 'disable' "${D}"/etc/xinetd.d/cups-lpd || \ |
| 203 |
sed -i -e "s:}:\tdisable = yes\n}:" "${D}"/etc/xinetd.d/cups-lpd |
| 204 |
|
| 205 |
# install pdftops filter |
| 206 |
exeinto /usr/libexec/cups/filter/ |
| 207 |
newexe "${FILESDIR}"/pdftops-1.20.gentoo pdftops |
| 208 |
|
| 209 |
# only for gs-esp this is correct, see bug 163897 |
| 210 |
if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu; then |
| 211 |
sed -i -e "s:#application/vnd.cups-postscript:application/vnd.cups-postscript:" "${D}"/etc/cups/mime.convs |
| 212 |
fi |
| 213 |
|
| 214 |
keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \ |
| 215 |
/var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl |
| 216 |
|
| 217 |
# .desktop handling. X useflag. xdg-open from freedesktop is preferred |
| 218 |
if use X; then |
| 219 |
sed -i -e "s:htmlview:xdg-open:" "${D}"/usr/share/applications/cups.desktop |
| 220 |
else |
| 221 |
rm -r "${D}"/usr/share/applications |
| 222 |
fi |
| 223 |
|
| 224 |
# Fix a symlink collision, see bug #172341 |
| 225 |
dodir /usr/share/ppd |
| 226 |
dosym /usr/share/ppd /usr/share/cups/model/foomatic-ppds |
| 227 |
} |
| 228 |
|
| 229 |
pkg_preinst() { |
| 230 |
# cleanups |
| 231 |
[ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/${PN}-* |
| 232 |
} |
| 233 |
|
| 234 |
pkg_postinst() { |
| 235 |
echo |
| 236 |
elog "Remote printing: change " |
| 237 |
elog "Listen localhost:631" |
| 238 |
elog "to" |
| 239 |
elog "Listen *:631" |
| 240 |
elog "in /etc/cups/cupsd.conf" |
| 241 |
echo |
| 242 |
elog "For more information about installing a printer take a look at:" |
| 243 |
elog "http://www.gentoo.org/doc/en/printing-howto.xml." |
| 244 |
echo |
| 245 |
|
| 246 |
local good_gs=false |
| 247 |
for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp; do |
| 248 |
if has_version ${x} && built_with_use ${x} cups; then |
| 249 |
good_gs=true |
| 250 |
break |
| 251 |
fi |
| 252 |
done; |
| 253 |
if ! ${good_gs}; then |
| 254 |
ewarn |
| 255 |
ewarn "You need to emerge ghostscript with the \"cups\" USE flag turned on" |
| 256 |
fi |
| 257 |
if has_version =net-print/cups-1.1*; then |
| 258 |
ewarn |
| 259 |
ewarn "The configuration changed with cups-1.2, you may want to save the old" |
| 260 |
ewarn "one and start from scratch:" |
| 261 |
ewarn "# mv /etc/cups /etc/cups.orig; emerge -va1 cups" |
| 262 |
ewarn |
| 263 |
ewarn "You need to rebuild kdelibs for kdeprinter to work with cups-1.2" |
| 264 |
fi |
| 265 |
if [ -e "${ROOT}"/usr/lib/cups ]; then |
| 266 |
ewarn |
| 267 |
ewarn "/usr/lib/cups exists - You need to remerge every ebuild that" |
| 268 |
ewarn "installed into /usr/lib/cups and /etc/cups, qfile is in portage-utils:" |
| 269 |
ewarn "# FEATURES=-collision-protect emerge -va1 \$(qfile -qC /usr/lib/cups /etc/cups | sed \"s:net-print/cups$::\")" |
| 270 |
ewarn |
| 271 |
ewarn "FEATURES=-collision-protect is needed to overwrite the compatibility" |
| 272 |
ewarn "symlinks installed by this package, it wont be needed on later merges." |
| 273 |
ewarn "You should also run revdep-rebuild" |
| 274 |
|
| 275 |
# place symlinks to make the update smoothless |
| 276 |
for i in "${ROOT}"/usr/lib/cups/{backend,filter}/*; do |
| 277 |
if [ "${i/\*}" == "${i}" ] && ! [ -e ${i/lib/libexec} ]; then |
| 278 |
ln -s ${i} ${i/lib/libexec} |
| 279 |
fi |
| 280 |
done |
| 281 |
fi |
| 282 |
} |
| 283 |
|
| 284 |
|
| 285 |
|
| 286 |
-- |
| 287 |
gentoo-commits@l.g.o mailing list |
Archives