Revbumps fixing security issue CVE-2011-2896. Remove old.

Package-Manager: portage-2.2.0_alpha51/cvs/Linux x86_64
author: Timo Gurr <tgurr@gentoo.org> 2011-08-25 01:02:49 +0000
committer: Timo Gurr <tgurr@gentoo.org> 2011-08-25 01:02:49 +0000
commit: b722e08c94490eec6dab991d47b2efd43e910e81 (patch)
tree: 1a2fe874c0c4b3b9919cd2f4e39e255bf17b1764 /net-print
parent: Version bump (diff)
download: historical-b722e08c94490eec6dab991d47b2efd43e910e81.tar.gz
historical-b722e08c94490eec6dab991d47b2efd43e910e81.tar.bz2
historical-b722e08c94490eec6dab991d47b2efd43e910e81.zip
6 files changed, 74 insertions, 71 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index 2994faeb25bc..d0a39b73103c 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-print/cups
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.427 2011/08/17 20:28:56 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.428 2011/08/25 01:02:49 tgurr Exp $
+
+*cups-1.5.0-r1 (25 Aug 2011)
+*cups-1.4.8-r21 (25 Aug 2011)
+*cups-1.4.8-r1 (25 Aug 2011)
+
+  25 Aug 2011; Timo Gurr <tgurr@gentoo.org> -cups-1.4.6-r21.ebuild,
+  -cups-1.4.8.ebuild, +cups-1.4.8-r1.ebuild, +cups-1.4.8-r21.ebuild,
+  +files/cups-1.4.8-CVE-2011-2896.patch, -cups-1.5.0.ebuild,
+  +cups-1.5.0-r1.ebuild:
+  Revbumps fixing security issue CVE-2011-2896. Remove old.
 
 *cups-1.5.0 (17 Aug 2011)
 *cups-1.4.8 (17 Aug 2011)
diff --git a/net-print/cups/Manifest b/net-print/cups/Manifest
index 9ab954be8293..8bf344cb3fb9 100644
--- a/net-print/cups/Manifest
+++ b/net-print/cups/Manifest
@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
 AUX cups-1.3.0-configure.patch 651 RMD160 e4c7f45d7ddc28157433bf025c7f946c7e3b6d6a SHA1 101bf1893b56640d9fa82078e29319fbbd1449c7 SHA256 d6e5e60a982a3c093c0d0f89cf865e2b4c36290f5b1e188b7bf305d210070736
 AUX cups-1.3.10-str3178.patch 888 RMD160 ff061fc3500960f441c59896cdfe421d5f47f386 SHA1 fac5361b1172aba167d48988f874faa6faf1554a SHA256 e6550fad17017ac6897e6e9c70a4aafaaec5473c05a19e9e50277293cdc6aac6
 AUX cups-1.3.11-pdf-m4.patch 1476 RMD160 be4d4ed2b699625282c9725faee08e01edca9b7a SHA1 a8b092b9c155c161c781319a94cb1bb7de734c3f SHA256 191b0c41c142ed31718fc01f55fcefc6c26735fa56165c23450fd7a454818b01
@@ -18,6 +15,7 @@ AUX cups-1.4.4-php-destdir.patch 679 RMD160 1b15d42373a952a608a01cb8c97efbbd3c78
 AUX cups-1.4.6-force-gnutls.patch 3319 RMD160 c6cc024a702305eb81661d5cdadd9857e9a6778e SHA1 5ac62ed3ca20bc7a4541c990c676c433299b2177 SHA256 beb4014eac5218d9f424b81946ac1e209625026bf20a7f4820758e5ee1fe5b66
 AUX cups-1.4.6-serialize-gnutls.patch 3625 RMD160 873b2806cfec732c4a4f3f2981f666a958dd5b0e SHA1 aae046121d0139fbba1cb9147c8742f73b2f1fa0 SHA256 6bc9e16fc6865b2f3e0ee2d1947bdde691e41f90fce32b9839b3661dcea4a827
 AUX cups-1.4.6-web-hang.patch 1749 RMD160 ff8d4cfa10a5de5a911c8672313904f50b13fd0f SHA1 f37a3fb7d71a6d56bbb3e5e7a8cf74ca8cb19276 SHA256 f49cef2ce1f2eecdd8ee07d85f306a19375f6d48510763aa51e96a0c54ad27c5
+AUX cups-1.4.8-CVE-2011-2896.patch 1045 RMD160 9a27eb1ec34ced57da5bbe7c55261d8aa35b01c0 SHA1 6155d7c4b34ff6447a93aa56fa4b5958eb943202 SHA256 c94d49c3ff980b830874dae4158768554f87f429ae400838a605505aae350af6
 AUX cupsd.init.d 293 RMD160 19fbef21cee7e472e7028f3101b680baa0089c54 SHA1 e6b27b2638fec258fe2f55c926c2530e909ca3d2 SHA256 b4268a6bae95e96b6af21c3716ecc905073736ce7dc33be1489d574a447f3c48
 AUX pdftops-1.20.gentoo 10412 RMD160 16e229662c47e03af1d1f4cb5764a76d17a66642 SHA1 6afb8a655b6ff013a2c8c8cbfb615ba1e561503b SHA256 ac5fa01ca776d75bd7cef62eef9f6b0c3945ee87e8950b40ca9f9f3ff46a16c1
 DIST cups-1.3.11-source.tar.bz2 3799393 RMD160 a0646f2ba29fbd39d211ea5c3fdbd24a00f66a78 SHA1 df5cfb64fb608fc128acadde670dc30af49bdb18 SHA256 5e310fd324a15fae1e1c9721879f5c948d788e04735a5263a40c6146fff607b8
@@ -26,25 +24,8 @@ DIST cups-1.4.8-source.tar.bz2 4547162 RMD160 ee80e8d0b56dc0e2edf2a9aa9a43c4b926
 DIST cups-1.5.0-source.tar.bz2 4090210 RMD160 e7be9b6b44428561609c59abaea8fa31a11aefff SHA1 628f549867751e373fc20c7558fec422f9eb942b SHA256 c6f99b68a558f4d626e9a5076d664f38e9925715dc541b07f0328c9aeb02ec33
 EBUILD cups-1.3.11-r4.ebuild 8157 RMD160 8a87f90b96c08a694643df5324e7daab651daed2 SHA1 f1f3d811c3bc989046cca5981a98d3a7e47e22fc SHA256 40fd91ccb98b69279919e10c46a286ae04b839ac77c0b074a8973f0313616d7b
 EBUILD cups-1.4.6-r2.ebuild 7232 RMD160 360accbab201dc540131622d6fc1dcf1df88d1e1 SHA1 ef0640f2bb2a846fc1435de4bb77eebfa82436f5 SHA256 c36d259463de77c8a6395eeb10571853702db0efc90ac4bfddd8144240462974
-EBUILD cups-1.4.6-r21.ebuild 8509 RMD160 6178c8831132937a82ab0c5452c6f46e3b3d1879 SHA1 3f51dd19726a31c71c3fda6def94c112974434b9 SHA256 a10216bb3af633739ac6aefa06d4e89aa88690f774768bdf66a03b7569a09b16
-EBUILD cups-1.4.8.ebuild 8404 RMD160 17e67a21c400d5185bd435bbbc4b2efaaee4d646 SHA1 7873c19731d480300bdef6c2cd6d92455cce1640 SHA256 dc74da1c4def238d6aa17912fc06a2e80ad01241398b7b73a160c97e16af2d7f
-EBUILD cups-1.5.0.ebuild 8261 RMD160 1cfbda3e22ed10a8ccd2278be134a7c2b820958f SHA1 fb53d91b7b7365c4d2bbef3e61680bf24438dbb2 SHA256 782ba8ed046bb219cf78e2c8d81428a8565b71ddcd8c2c6dd47afad3a44e6f99
-MISC ChangeLog 63914 RMD160 ac55c55d1c3c3e0e024340bb9fb5264e69704656 SHA1 5f8a738d1f5e52492e73a534d76a9efdf0971e1d SHA256 8f53589b51e19359f3ddd4aa787a7b420021b41abe99f0d2bd741c10400c1013
+EBUILD cups-1.4.8-r1.ebuild 7201 RMD160 eee066e25d6fe3418d49221bca070e78e402356f SHA1 a712d705ceaaf7479a58706c3efcdec59ca456b3 SHA256 d04103eabce41949c868b86fc2291ea5b1042bbd25509345c14c96e8b3a15767
+EBUILD cups-1.4.8-r21.ebuild 8476 RMD160 36d46c555d5f7f1f3991702b9281eb2f63cc8c6b SHA1 8c8ef9e22606cb98fa93db75dd0901a93c820dfe SHA256 30bd5ab4957184fcea385cea685c775608f01af5c17157db3fd082070cff4f37
+EBUILD cups-1.5.0-r1.ebuild 8332 RMD160 9bef915f7446cb208ad84dc54ff6690f165fbee9 SHA1 01c507453afa2d0ef382a2c3b7aa28ef03257d17 SHA256 4626779073eb5255411b63c5779d04e9d2c179d395b528efad7e84720fc9a45d
+MISC ChangeLog 64283 RMD160 e1196b13405e0e79a4b27a4ffb492623d5724933 SHA1 cb4569ff11046af32bb84822ed379b0c9f9bcaf7 SHA256 2dc82bcef48f8a00c13eadce4607e289e81fe8fd6c98032ec0fcf9a4a9f4c1c6
 MISC metadata.xml 586 RMD160 73a1f1c0096d5035dfa53207b00c125894f6822a SHA1 123501263490cab57af2b99f2336fb70c094d9b0 SHA256 3b729c497ee38452b1ca051b759f43b5f9e117f9c36c0f3b660e4bd8ab7c295b
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
-
-iQIcBAEBCgAGBQJOTCScAAoJENwGBM22xffeSK4P/2xqMBaVDwVwPS9CN1ivGWhF
-VwUu0tQi7eAosNykkxDZj7Fp4w8ckQO/8PMNuvPWkUt0qN+UwYWwbYOLD7r+l9bP
-ZmOXobZbT7ej7EXb9BcyNd4e1mUlKK3kYTlJaoiZHNoG332/CV1OYOPJZgHold3Z
-1h4PNq94Vs9MLzGuFT3vcKkBlA12ToqQ3UZ5PzHjQtX7lB7N0g+wpJLkfhCD3ZWI
-AcezPU4WQf2pih5QNY7pcLgY085hkT5TaekPdQ/79/obvZPKykSvRxCK97jiOZe0
-JasqhJW8siAPgUOzb+NxbYzPqIrFwgQ7EzRwz2xBhJm45c6BzVYt522afxYLOh8Z
-CyzXWkigR3gkeQOEfc3sFoey0d2o3JVDwzOMgE3LGCS656CoQsaq0mCka8qdjj7+
-LeQgJP1fv/hUc2KeWYARkjIWZiNYK8HPXZKqqRgn9DVG9uFaxYTE9FRacQBE9nbi
-xyR3zOc4A7uvbPcia4IyyZaxYivbjPxrmVw6EyfazBMy7KMeE/K4tRW8fbBhyCrQ
-T9QqT/my5VDo0PaR0IHLxVvSE5wkEJmcZ4mRavoxEV6zY7h2s9Tsno5qBhXmvpiw
-jsjFLAWJs07iAWXfBOU3dZCssP8WcUOy5utWptILjwnRr/5KNZZIOBkXxikNam/S
-5XXwRmJ2VLdh9TB9Kr8s
-=qpp9
------END PGP SIGNATURE-----
diff --git a/net-print/cups/cups-1.4.6-r21.ebuild b/net-print/cups/cups-1.4.8-r1.ebuild
index 6d4343ac78cf..8a6f59700875 100644
--- a/net-print/cups/cups-1.4.6-r21.ebuild
+++ b/net-print/cups/cups-1.4.8-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.6-r21.ebuild,v 1.2 2011/06/06 21:54:07 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.8-r1.ebuild,v 1.1 2011/08/25 01:02:49 tgurr Exp $
 
 EAPI=3
 
@@ -17,7 +17,7 @@ SRC_URI="mirror://easysw/${PN}/${PV}/${MY_P}-source.tar.bz2"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
-IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static-libs +threads +tiff usb X xinetd"
+IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static-libs +threads +tiff X xinetd"
 
 LANGS="da de es eu fi fr id it ja ko nl no pl pt pt_BR ru sv zh zh_TW"
 for X in ${LANGS} ; do
@@ -50,7 +50,6 @@ RDEPEND="
 		!gnutls? ( >=dev-libs/openssl-0.9.8g )
 	)
 	tiff? ( >=media-libs/tiff-3.5.5 )
-	usb? ( virtual/libusb:0 )
 	X? ( x11-misc/xdg-utils )
 	xinetd? ( sys-apps/xinetd )
 	!net-print/cupsddk
@@ -81,49 +80,21 @@ pkg_setup() {
 		python_pkg_setup
 	fi
 
-	if use usb; then
-		elog "You are going to use new libusb backed to access your usb printer."
-		elog "This interface has quite few known issues and does not report all"
-		elog "issues and just refuses to print."
-		elog "Please consider disabling usb useflag if you are having issues."
-		elog
-		elog "Please note that if you disable the usb useflag your device will be"
-		elog "still working using kernel usblp interface instead of libusb."
-		echo
-	fi
-
 	linux-info_pkg_setup
 	if  ! linux_config_exists; then
 		ewarn "Can't check the linux kernel configuration."
 		ewarn "You might have some incompatible options enabled."
 	else
-		# recheck that we don't have usblp to collide with libusb
-		if use usb; then
-			if linux_chkconfig_present USB_PRINTER; then
-				eerror "Your usb printers will be managed via libusb which collides with kernel module."
-				eerror "${P} requires the USB_PRINTER support disabled."
-				eerror "Please disable it:"
-				eerror "    CONFIG_USB_PRINTER=n"
-				eerror "in /usr/src/linux/.config or"
-				eerror "    Device Drivers --->"
-				eerror "        USB support  --->"
-				eerror "            [ ] USB Printer support"
-				eerror "Alternatively, just disable the usb useflag for cups (your printer will still work)."
-				die "USB_PRINTER module enabled"
-			fi
-		else
-			#here we should warn user that he should enable it so he can print
-			if ! linux_chkconfig_present USB_PRINTER; then
-				ewarn "If you plan to use USB printers you should enable the USB_PRINTER"
-				ewarn "support in your kernel."
-				ewarn "Please enable it:"
-				ewarn "    CONFIG_USB_PRINTER=y"
-				ewarn "in /usr/src/linux/.config or"
-				ewarn "    Device Drivers --->"
-				ewarn "        USB support  --->"
-				ewarn "            [*] USB Printer support"
-				ewarn "Alternatively, enable the usb useflag for cups and use the new, less-tested libusb code."
-			fi
+		#here we should warn user that he should enable it so he can print
+		if ! linux_chkconfig_present USB_PRINTER; then
+			ewarn "If you plan to use USB printers you should enable the USB_PRINTER"
+			ewarn "support in your kernel."
+			ewarn "Please enable it:"
+			ewarn "    CONFIG_USB_PRINTER=y"
+			ewarn "in /usr/src/linux/.config or"
+			ewarn "    Device Drivers --->"
+			ewarn "        USB support  --->"
+			ewarn "            [*] USB Printer support"
 		fi
 	fi
 }
@@ -139,8 +110,8 @@ src_prepare() {
 	epatch "${FILESDIR}/${PN}-1.4.4-perl-includes.patch"
 	epatch "${FILESDIR}/${PN}-1.4.6-force-gnutls.patch"
 	epatch "${FILESDIR}/${PN}-1.4.6-serialize-gnutls.patch"
-	# interface hangs using some browsers, bug #325871
-	epatch "${FILESDIR}/${PN}-1.4.6-web-hang.patch"
+	# security fixes
+	epatch "${FILESDIR}/${PN}-1.4.8-CVE-2011-2896.patch"
 
 	AT_M4DIR=config-scripts eaclocal
 	eautoconf
@@ -199,13 +170,13 @@ src_configure() {
 		$(use_enable slp) \
 		$(use_enable static-libs static) \
 		$(use_enable tiff) \
-		$(use_enable usb libusb) \
 		$(use_with java) \
 		$(use_with perl) \
 		$(use_with php) \
 		$(use_with python) \
 		$(use_with xinetd xinetd /etc/xinetd.d) \
 		--enable-libpaper \
+		--disable-libusb \
 		--disable-dnssd \
 		${myconf}
 
diff --git a/net-print/cups/cups-1.4.8.ebuild b/net-print/cups/cups-1.4.8-r21.ebuild
index c781a10b3356..a0c72859940b 100644
--- a/net-print/cups/cups-1.4.8.ebuild
+++ b/net-print/cups/cups-1.4.8-r21.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.8.ebuild,v 1.1 2011/08/17 20:28:56 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.8-r21.ebuild,v 1.1 2011/08/25 01:02:49 tgurr Exp $
 
 EAPI=3
 
@@ -139,6 +139,8 @@ src_prepare() {
 	epatch "${FILESDIR}/${PN}-1.4.4-perl-includes.patch"
 	epatch "${FILESDIR}/${PN}-1.4.6-force-gnutls.patch"
 	epatch "${FILESDIR}/${PN}-1.4.6-serialize-gnutls.patch"
+	# security fixes
+	epatch "${FILESDIR}/${PN}-1.4.8-CVE-2011-2896.patch"
 
 	AT_M4DIR=config-scripts eaclocal
 	eautoconf
diff --git a/net-print/cups/cups-1.5.0.ebuild b/net-print/cups/cups-1.5.0-r1.ebuild
index 0714534d62b7..8f33d42a6464 100644
--- a/net-print/cups/cups-1.5.0.ebuild
+++ b/net-print/cups/cups-1.5.0-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.5.0.ebuild,v 1.1 2011/08/17 20:28:56 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.5.0-r1.ebuild,v 1.1 2011/08/25 01:02:49 tgurr Exp $
 
 #
 # See http://git.overlays.gentoo.org/gitweb/?p=dev/dilfridge.git;a=blob;f=net-print/cups/notes.txt;hb=HEAD
@@ -141,6 +141,8 @@ src_prepare() {
 	epatch "${FILESDIR}/${PN}-1.4.4-nostrip.patch"
 	epatch "${FILESDIR}/${PN}-1.4.4-php-destdir.patch"
 	epatch "${FILESDIR}/${PN}-1.4.4-perl-includes.patch"
+	# security fixes
+	epatch "${FILESDIR}/${PN}-1.4.8-CVE-2011-2896.patch"
 
 	AT_M4DIR=config-scripts eaclocal
 	eautoconf
diff --git a/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch
new file mode 100644
index 000000000000..843456f2eebd
--- /dev/null
+++ b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch
@@ -0,0 +1,37 @@
+Source: Upstream http://cups.org/str.php?L3914
+Reason: Avoid GIF reader loop (CVE-2011-2896)
+Upstream: Fixed in trunk
+
+diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c
+--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896	2011-06-20 21:37:51.000000000 +0100
++++ cups-1.4.8/filter/image-gif.c	2011-08-19 11:33:37.547911212 +0100
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+ 
+     if (code == max_code)
+     {
+-      *sp++ = firstcode;
+-      code  = oldcode;
++      if (sp < (stack + 8192))
++	*sp++ = firstcode;
++
++      code = oldcode;
+     }
+ 
+-    while (code >= clear_code)
++    while (code >= clear_code && sp < (stack + 8192))
+     {
+       *sp++ = table[1][code];
+       if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp,			/* I - File to 
+       code = table[0][code];
+     }
+ 
+-    *sp++ = firstcode = table[1][code];
+-    code  = max_code;
++    if (sp < (stack + 8192))
++      *sp++ = firstcode = table[1][code];
++
++    code = max_code;
+ 
+     if (code < 4096)
+     {
author	Timo Gurr <tgurr@gentoo.org>	2011-08-25 01:02:49 +0000
committer	Timo Gurr <tgurr@gentoo.org>	2011-08-25 01:02:49 +0000
commit	b722e08c94490eec6dab991d47b2efd43e910e81 (patch)
tree	1a2fe874c0c4b3b9919cd2f4e39e255bf17b1764 /net-print
parent	Version bump (diff)
download	historical-b722e08c94490eec6dab991d47b2efd43e910e81.tar.gz historical-b722e08c94490eec6dab991d47b2efd43e910e81.tar.bz2 historical-b722e08c94490eec6dab991d47b2efd43e910e81.zip