diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2018-12-08 13:26:04 +0100 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2018-12-08 13:27:22 +0100 |
commit | 8fb600024921589ab9b1179523e8eb60057ca9c2 (patch) | |
tree | 9ceb96e92b66fa2ccc94366dccd47b47fd82dff3 /net-print/cups/cups-2.3_beta6.ebuild | |
parent | app-text/unrtf: arm stable wrt bug #604908 (diff) | |
download | gentoo-8fb600024921589ab9b1179523e8eb60057ca9c2.tar.gz gentoo-8fb600024921589ab9b1179523e8eb60057ca9c2.tar.bz2 gentoo-8fb600024921589ab9b1179523e8eb60057ca9c2.zip |
net-print/cups: Security bump to versions 2.2.10 and 2.3_beta6
Fixes for CVE-2018-4700
Removed old beta release.
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'net-print/cups/cups-2.3_beta6.ebuild')
-rw-r--r-- | net-print/cups/cups-2.3_beta6.ebuild | 332 |
1 files changed, 332 insertions, 0 deletions
diff --git a/net-print/cups/cups-2.3_beta6.ebuild b/net-print/cups/cups-2.3_beta6.ebuild new file mode 100644 index 000000000000..4801eaf8b9a0 --- /dev/null +++ b/net-print/cups/cups-2.3_beta6.ebuild @@ -0,0 +1,332 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) + +inherit autotools eapi7-ver gnome2-utils flag-o-matic linux-info xdg-utils multilib multilib-minimal pam user systemd toolchain-funcs + +MY_PV="${PV/_rc/rc}" +MY_PV="${MY_PV/_beta/b}" +MY_P="${PN}-${MY_PV}" + +if [[ ${PV} == *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/apple/cups.git" + if [[ ${PV} != 9999 ]]; then + EGIT_BRANCH=branch-${PV/.9999} + fi +else + #SRC_URI="https://github.com/apple/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + SRC_URI="https://github.com/apple/cups/releases/download/v${MY_PV}/${MY_P}-source.tar.gz" + if [[ "${PV}" != *_beta* ]] && [[ "${PV}" != *_rc* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~m68k-mint" + fi +fi + +DESCRIPTION="The Common Unix Printing System" +HOMEPAGE="https://www.cups.org/" + +LICENSE="Apache-2.0" +SLOT="0" +IUSE="acl dbus debug kerberos lprng-compat pam selinux +ssl static-libs systemd +threads usb X xinetd zeroconf" + +CDEPEND=" + app-text/libpaper + sys-libs/zlib + acl? ( + kernel_linux? ( + sys-apps/acl + sys-apps/attr + ) + ) + dbus? ( >=sys-apps/dbus-1.6.18-r1[${MULTILIB_USEDEP}] ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + !lprng-compat? ( !net-print/lprng ) + pam? ( virtual/pam ) + ssl? ( >=net-libs/gnutls-2.12.23-r6:0=[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd ) + usb? ( virtual/libusb:1 ) + X? ( x11-misc/xdg-utils ) + xinetd? ( sys-apps/xinetd ) + zeroconf? ( >=net-dns/avahi-0.6.31-r2[${MULTILIB_USEDEP}] ) +" + +DEPEND="${CDEPEND} + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] +" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-cups ) +" + +PDEPEND=">=net-print/cups-filters-1.0.43" + +REQUIRED_USE=" + usb? ( threads ) +" + +# upstream includes an interactive test which is a nono for gentoo +RESTRICT="test" + +# systemd-socket.patch from Fedora +PATCHES=( + "${FILESDIR}/${PN}-2.2.0-dont-compress-manpages.patch" + "${FILESDIR}/${PN}-2.2.6-fix-install-perms.patch" + "${FILESDIR}/${PN}-1.4.4-nostrip.patch" + "${FILESDIR}/${PN}-2.0.2-rename-systemd-service-files.patch" + "${FILESDIR}/${PN}-2.0.1-xinetd-installation-fix.patch" + "${FILESDIR}/${P}-usage_argument_fix.patch" +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/cups-config +) + +S="${WORKDIR}/${MY_P}" + +pkg_setup() { + enewgroup lp + enewuser lp -1 -1 -1 lp + enewgroup lpadmin 106 + + if use kernel_linux; then + linux-info_pkg_setup + if ! linux_config_exists; then + ewarn "Can't check the linux kernel configuration." + ewarn "You might have some incompatible options enabled." + else + # recheck that we don't have usblp to collide with libusb; this should now work in most cases (bug 501122) + if use usb; then + if linux_chkconfig_present USB_PRINTER; then + elog "Your USB printers will be managed via libusb. In case you run into problems, " + elog "please try disabling USB_PRINTER support in your kernel or blacklisting the" + elog "usblp kernel module." + elog "Alternatively, just disable the usb useflag for cups (your printer will still work)." + fi + else + #here we should warn user that he should enable it so he can print + if ! linux_chkconfig_present USB_PRINTER; then + ewarn "If you plan to use USB printers you should enable the USB_PRINTER" + ewarn "support in your kernel." + ewarn "Please enable it:" + ewarn " CONFIG_USB_PRINTER=y" + ewarn "in /usr/src/linux/.config or" + ewarn " Device Drivers --->" + ewarn " USB support --->" + ewarn " [*] USB Printer support" + ewarn "Alternatively, enable the usb useflag for cups and use the libusb code." + fi + fi + fi + fi +} + +src_prepare() { + default + + # Remove ".SILENT" rule for verbose output (bug 524338). + sed 's#^.SILENT:##g' -i "${S}"/Makedefs.in || die "sed failed" + + # Fix install-sh, posix sh does not have 'function'. + sed 's#function gzipcp#gzipcp()#g' -i "${S}/install-sh" + + AT_M4DIR=config-scripts eaclocal + eautoconf + + # custom Makefiles + multilib_copy_sources +} + +multilib_src_configure() { + export DSOFLAGS="${LDFLAGS}" + + einfo LINGUAS=\"${LINGUAS}\" + + # explicitly specify compiler wrt bug 524340 + # + # need to override KRB5CONFIG for proper flags + # https://github.com/apple/cups/issues/4423 + local myeconfargs=( + CC="$(tc-getCC)" + CXX="$(tc-getCXX)" + KRB5CONFIG="${EPREFIX}"/usr/bin/${CHOST}-krb5-config + --libdir="${EPREFIX}"/usr/$(get_libdir) + --localstatedir="${EPREFIX}"/var + --with-exe-file-perm=755 + --with-rundir="${EPREFIX}"/run/cups + --with-cups-user=lp + --with-cups-group=lp + --with-docdir="${EPREFIX}"/usr/share/cups/html + --with-languages="${LINGUAS}" + --with-system-groups=lpadmin + --with-xinetd="${EPREFIX}"/etc/xinetd.d + $(multilib_native_use_enable acl) + $(use_enable dbus) + $(use_enable debug) + $(use_enable debug debug-guards) + $(use_enable debug debug-printfs) + $(use_enable kerberos gssapi) + $(multilib_native_use_enable pam) + $(use_enable static-libs static) + $(use_enable threads) + $(use_enable ssl gnutls) + $(use_enable systemd) + $(multilib_native_use_enable usb libusb) + $(use_enable zeroconf avahi) + --disable-dnssd + $(multilib_is_native_abi && echo --enable-libpaper || echo --disable-libpaper) + ) + + if tc-is-static-only; then + myeconfargs+=( + --disable-shared + ) + fi + + econf "${myeconfargs[@]}" + + # install in /usr/libexec always, instead of using /usr/lib/cups, as that + # makes more sense when facing multilib support. + sed -i -e "s:SERVERBIN.*:SERVERBIN = \"\$\(BUILDROOT\)${EPREFIX}/usr/libexec/cups\":" Makedefs || die + sed -i -e "s:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN \"${EPREFIX}/usr/libexec/cups\":" config.h || die + sed -i -e "s:cups_serverbin=.*:cups_serverbin=\"${EPREFIX}/usr/libexec/cups\":" cups-config || die + + # additional path corrections needed for prefix, see bug 597728 + sed \ + -e "s:ICONDIR.*:ICONDIR = ${EPREFIX}/usr/share/icons:" \ + -e "s:INITDIR.*:INITDIR = ${EPREFIX}/etc:" \ + -e "s:DBUSDIR.*:DBUSDIR = ${EPREFIX}/etc/dbus-1:" \ + -e "s:MENUDIR.*:MENUDIR = ${EPREFIX}/usr/share/applications:" \ + -i Makedefs || die +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + else + emake libs + fi +} + +multilib_src_test() { + multilib_is_native_abi && default +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake BUILDROOT="${D}" install + else + emake BUILDROOT="${D}" install-libs install-headers + dobin cups-config + fi +} + +multilib_src_install_all() { + dodoc {CHANGES,CREDITS,README}.md + + # move the default config file to docs + dodoc "${ED%/}"/etc/cups/cupsd.conf.default + rm -f "${ED%/}"/etc/cups/cupsd.conf.default + + # clean out cups init scripts + rm -rf "${ED%/}"/etc/{init.d/cups,rc*,pam.d/cups} + + # install our init script + local neededservices + use zeroconf && neededservices+=" avahi-daemon" + use dbus && neededservices+=" dbus" + [[ -n ${neededservices} ]] && neededservices="need${neededservices}" + cp "${FILESDIR}"/cupsd.init.d-r3 "${T}"/cupsd || die + sed -i \ + -e "s/@neededservices@/${neededservices}/" \ + "${T}"/cupsd || die + doinitd "${T}"/cupsd + + # install our pam script + pamd_mimic_system cups auth account + + if use xinetd ; then + # correct path + sed -i \ + -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" \ + "${ED%/}"/etc/xinetd.d/cups-lpd || die + # it is safer to disable this by default, bug #137130 + grep -w 'disable' "${ED%/}"/etc/xinetd.d/cups-lpd || \ + { sed -i -e "s:}:\tdisable = yes\n}:" "${ED%/}"/etc/xinetd.d/cups-lpd || die ; } + # write permission for file owner (root), bug #296221 + fperms u+w /etc/xinetd.d/cups-lpd || die "fperms failed" + else + # always configure with --with-xinetd= and clean up later, + # bug #525604 + rm -rf "${ED%/}"/etc/xinetd.d + fi + + keepdir /usr/libexec/cups/driver /usr/share/cups/{model,profiles} \ + /var/log/cups /var/spool/cups/tmp + + keepdir /etc/cups/{interfaces,ppd,ssl} + + if ! use X ; then + rm -r "${ED%/}"/usr/share/applications || die + fi + + # create /etc/cups/client.conf, bug #196967 and #266678 + echo "ServerName ${EPREFIX}/run/cups/cups.sock" >> "${ED%/}"/etc/cups/client.conf + + # the following file is now provided by cups-filters: + rm -r "${ED%/}"/usr/share/cups/banners || die + + # the following are created by the init script + rm -r "${ED%/}"/var/cache/cups || die + rm -r "${ED%/}"/run || die + + # for the special case of running lprng and cups together, bug 467226 + if use lprng-compat ; then + rm -fv "${ED%/}"/usr/bin/{lp*,cancel} + rm -fv "${ED%/}"/usr/sbin/lp* + rm -fv "${ED%/}"/usr/share/man/man1/{lp*,cancel*} + rm -fv "${ED%/}"/usr/share/man/man8/lp* + ewarn "Not installing lp... binaries, since the lprng-compat useflag is set." + ewarn "Unless you plan to install an exotic server setup, you most likely" + ewarn "do not want this. Disable the useflag then and all will be fine." + fi +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + # Update desktop file database and gtk icon cache (bug 370059) + gnome2_icon_cache_update + xdg_desktop_database_update + + local v + + for v in ${REPLACING_VERSIONS}; do + if ! ver_test ${v} -ge 2.2.2-r2 ; then + echo + ewarn "The cupsd init script switched to using pidfiles. Shutting down" + ewarn "cupsd will fail the next time. To fix this, please run once as root" + ewarn " killall cupsd ; /etc/init.d/cupsd zap ; /etc/init.d/cupsd start" + echo + break + fi + done + + for v in ${REPLACING_VERSIONS}; do + echo + elog "For information about installing a printer and general cups setup" + elog "take a look at: https://wiki.gentoo.org/wiki/Printing" + echo + break + done +} + +pkg_postrm() { + # Update desktop file database and gtk icon cache (bug 370059) + gnome2_icon_cache_update + xdg_desktop_database_update +} |