diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2018-12-08 13:26:04 +0100 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2018-12-08 13:27:22 +0100 |
commit | 8fb600024921589ab9b1179523e8eb60057ca9c2 (patch) | |
tree | 9ceb96e92b66fa2ccc94366dccd47b47fd82dff3 /net-print | |
parent | app-text/unrtf: arm stable wrt bug #604908 (diff) | |
download | gentoo-8fb600024921589ab9b1179523e8eb60057ca9c2.tar.gz gentoo-8fb600024921589ab9b1179523e8eb60057ca9c2.tar.bz2 gentoo-8fb600024921589ab9b1179523e8eb60057ca9c2.zip |
net-print/cups: Security bump to versions 2.2.10 and 2.3_beta6
Fixes for CVE-2018-4700
Removed old beta release.
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'net-print')
-rw-r--r-- | net-print/cups/Manifest | 3 | ||||
-rw-r--r-- | net-print/cups/cups-2.2.10.ebuild | 337 | ||||
-rw-r--r-- | net-print/cups/cups-2.3_beta6.ebuild (renamed from net-print/cups/cups-2.3_beta5-r1.ebuild) | 4 | ||||
-rw-r--r-- | net-print/cups/files/cups-2.3_beta5-validation_fixes.patch | 69 | ||||
-rw-r--r-- | net-print/cups/files/cups-2.3_beta6-usage_argument_fix.patch | 38 |
5 files changed, 379 insertions, 72 deletions
diff --git a/net-print/cups/Manifest b/net-print/cups/Manifest index 4a79a3098418..28e73772df41 100644 --- a/net-print/cups/Manifest +++ b/net-print/cups/Manifest @@ -1,4 +1,5 @@ +DIST cups-2.2.10-source.tar.gz 10403568 BLAKE2B 42937088758893772545fff7bbfbf4610ae34764b1e962110b7ea88940ddcba92376e55f4665b9815278de566daec07190ad78e5f2b1e37f905447a7fd17bf4e SHA512 1393987a263ebf20089dd3008ae4ed770a27a1f289032604eb9e18f2e863bd0e4215a70118f5a6d3940875625278b6798fbc9070e791ec559179c6cf7dc7b05f DIST cups-2.2.7-source.tar.gz 10330296 BLAKE2B 015a64758ee8d2559f4259ff36bf702b93dc695a44e2170d4ecf71b80d5691b4d947decf0a84ff9433b43c6d47dc350a8769d1e230ceda276c13add67e5e8a20 SHA512 780a6a484f38967ff678456ec7b532aa8445a9562663e4e4f6f7a24aac6ec9e8eae36459ee3c025dff053d59ad1d9ecfb823e8a832bae9d384db3d1a10d8860e DIST cups-2.2.8-source.tar.gz 10374921 BLAKE2B 3fc4d5cae3848cbb7fb1263b377210254dfa08d70a1218c7f20d5a277d0536791e071c50bac282ab2049e1cffddfe91438216ceb37ec279d7cb0ec7b57a315da SHA512 6ed44c5e6f1c46c85b06691713ce476330c93834243720ad2c04fa983e20cde9f6ebfc2eb2ba8bb3700f11320471b99856d6402d3641038da690f89c49fbd261 DIST cups-2.2.9-source.tar.gz 10402885 BLAKE2B 6736a2f5efa6ee8eadeea6620b5750e16e3be2e1c46d6f5821146d21078d10cda8e993b111ae326863db93d0c36e55c26d1c91140f8a518759111bafc9c93996 SHA512 423d2a215a115d5f78ce73118e8a2e566662e5d7f8acbffea39e1bfefb2f48f94841c8b85d731b0786b682dc579df8dfb5508570225b5205a182fbb2cd6dd2a5 -DIST cups-2.3b5-source.tar.gz 10176856 BLAKE2B beda07a64ef463371e4e1f25b397caa9487f7acdc982fcfa7edee736a41f6a6875747c772e4c59e2d2746c8c508a0cc87f8608227592f5e1d9c8c48d956ab97c SHA512 48d45f090637bf32bdcc83106272efb8462ff609f74fbe4e82add7f851dcb9173126a1df186848c087d02e8c1441f31a70859faf2714b6ddb1f3738ef8dba60d +DIST cups-2.3b6-source.tar.gz 10240934 BLAKE2B 16b7381617d97d5c68e7bdf971b2cbc81c8f33208e408e051fce9770cffebed3a9337296d3e9f95a9f0a4e76cffe3201b99207f83169b8397d11455964178f4f SHA512 f9f79bbc694e4bb4f37906f6dffad7c5067d86e07878ca73953ebf519d2637c23fded18646bd086cbd397e49de6b629fe9323f57ccfb2c9bf912c3bfd20b345e diff --git a/net-print/cups/cups-2.2.10.ebuild b/net-print/cups/cups-2.2.10.ebuild new file mode 100644 index 000000000000..b5fcaa92de95 --- /dev/null +++ b/net-print/cups/cups-2.2.10.ebuild @@ -0,0 +1,337 @@ +# Copyright 1999-2018 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) + +inherit autotools eapi7-ver gnome2-utils flag-o-matic linux-info xdg-utils multilib multilib-minimal pam python-single-r1 user java-pkg-opt-2 systemd toolchain-funcs + +MY_P="${P/_rc/rc}" +MY_P="${MY_P/_beta/b}" +MY_PV="${PV/_rc/rc}" +MY_PV="${MY_PV/_beta/b}" + +if [[ ${PV} == *9999 ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/apple/cups.git" + if [[ ${PV} != 9999 ]]; then + EGIT_BRANCH=branch-${PV/.9999} + fi +else + #SRC_URI="https://github.com/apple/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + SRC_URI="https://github.com/apple/cups/releases/download/v${PV}/${P}-source.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~m68k-mint" +fi + +DESCRIPTION="The Common Unix Printing System" +HOMEPAGE="https://www.cups.org/" + +LICENSE="GPL-2" +SLOT="0" +IUSE="acl dbus debug java kerberos lprng-compat pam python selinux +ssl static-libs systemd +threads usb X xinetd zeroconf" + +CDEPEND=" + app-text/libpaper + sys-libs/zlib + acl? ( + kernel_linux? ( + sys-apps/acl + sys-apps/attr + ) + ) + dbus? ( >=sys-apps/dbus-1.6.18-r1[${MULTILIB_USEDEP}] ) + java? ( >=virtual/jre-1.6:* ) + kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] ) + !lprng-compat? ( !net-print/lprng ) + pam? ( virtual/pam ) + python? ( ${PYTHON_DEPS} ) + ssl? ( >=net-libs/gnutls-2.12.23-r6:0=[${MULTILIB_USEDEP}] ) + systemd? ( sys-apps/systemd ) + usb? ( virtual/libusb:1 ) + X? ( x11-misc/xdg-utils ) + xinetd? ( sys-apps/xinetd ) + zeroconf? ( >=net-dns/avahi-0.6.31-r2[${MULTILIB_USEDEP}] ) +" + +DEPEND="${CDEPEND} + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] +" + +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-cups ) +" + +PDEPEND=">=net-print/cups-filters-1.0.43" + +REQUIRED_USE=" + python? ( ${PYTHON_REQUIRED_USE} ) + usb? ( threads ) +" + +# upstream includes an interactive test which is a nono for gentoo +RESTRICT="test" + +# systemd-socket.patch from Fedora +PATCHES=( + "${FILESDIR}/${PN}-2.2.0-dont-compress-manpages.patch" + "${FILESDIR}/${PN}-2.2.6-fix-install-perms.patch" + "${FILESDIR}/${PN}-1.4.4-nostrip.patch" + "${FILESDIR}/${PN}-2.0.2-rename-systemd-service-files.patch" + "${FILESDIR}/${PN}-2.0.1-xinetd-installation-fix.patch" +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/cups-config +) + +pkg_setup() { + enewgroup lp + enewuser lp -1 -1 -1 lp + enewgroup lpadmin 106 + + use python && python-single-r1_pkg_setup + + if use kernel_linux; then + linux-info_pkg_setup + if ! linux_config_exists; then + ewarn "Can't check the linux kernel configuration." + ewarn "You might have some incompatible options enabled." + else + # recheck that we don't have usblp to collide with libusb; this should now work in most cases (bug 501122) + if use usb; then + if linux_chkconfig_present USB_PRINTER; then + elog "Your USB printers will be managed via libusb. In case you run into problems, " + elog "please try disabling USB_PRINTER support in your kernel or blacklisting the" + elog "usblp kernel module." + elog "Alternatively, just disable the usb useflag for cups (your printer will still work)." + fi + else + #here we should warn user that he should enable it so he can print + if ! linux_chkconfig_present USB_PRINTER; then + ewarn "If you plan to use USB printers you should enable the USB_PRINTER" + ewarn "support in your kernel." + ewarn "Please enable it:" + ewarn " CONFIG_USB_PRINTER=y" + ewarn "in /usr/src/linux/.config or" + ewarn " Device Drivers --->" + ewarn " USB support --->" + ewarn " [*] USB Printer support" + ewarn "Alternatively, enable the usb useflag for cups and use the libusb code." + fi + fi + fi + fi +} + +src_prepare() { + default + + # Remove ".SILENT" rule for verbose output (bug 524338). + sed 's#^.SILENT:##g' -i "${S}"/Makedefs.in || die "sed failed" + + # Fix install-sh, posix sh does not have 'function'. + sed 's#function gzipcp#gzipcp()#g' -i "${S}/install-sh" + + AT_M4DIR=config-scripts eaclocal + eautoconf + + # custom Makefiles + multilib_copy_sources +} + +multilib_src_configure() { + export DSOFLAGS="${LDFLAGS}" + + einfo LINGUAS=\"${LINGUAS}\" + + # explicitly specify compiler wrt bug 524340 + # + # need to override KRB5CONFIG for proper flags + # https://github.com/apple/cups/issues/4423 + local myeconfargs=( + CC="$(tc-getCC)" + CXX="$(tc-getCXX)" + KRB5CONFIG="${EPREFIX}"/usr/bin/${CHOST}-krb5-config + --libdir="${EPREFIX}"/usr/$(get_libdir) + --localstatedir="${EPREFIX}"/var + --with-exe-file-perm=755 + --with-rundir="${EPREFIX}"/run/cups + --with-cups-user=lp + --with-cups-group=lp + --with-docdir="${EPREFIX}"/usr/share/cups/html + --with-languages="${LINGUAS}" + --with-system-groups=lpadmin + --with-xinetd="${EPREFIX}"/etc/xinetd.d + $(multilib_native_use_enable acl) + $(use_enable dbus) + $(use_enable debug) + $(use_enable debug debug-guards) + $(use_enable debug debug-printfs) + $(multilib_native_use_with java) + $(use_enable kerberos gssapi) + $(multilib_native_use_enable pam) + $(multilib_native_use_with python python "${PYTHON}") + $(use_enable static-libs static) + $(use_enable threads) + $(use_enable ssl gnutls) + $(use_enable systemd) + $(multilib_native_use_enable usb libusb) + $(use_enable zeroconf avahi) + --disable-dnssd + --without-perl + --without-php + $(multilib_is_native_abi && echo --enable-libpaper || echo --disable-libpaper) + ) + + if tc-is-static-only; then + myeconfargs+=( + --disable-shared + ) + fi + + econf "${myeconfargs[@]}" + + # install in /usr/libexec always, instead of using /usr/lib/cups, as that + # makes more sense when facing multilib support. + sed -i -e "s:SERVERBIN.*:SERVERBIN = \"\$\(BUILDROOT\)${EPREFIX}/usr/libexec/cups\":" Makedefs || die + sed -i -e "s:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN \"${EPREFIX}/usr/libexec/cups\":" config.h || die + sed -i -e "s:cups_serverbin=.*:cups_serverbin=\"${EPREFIX}/usr/libexec/cups\":" cups-config || die + + # additional path corrections needed for prefix, see bug 597728 + sed \ + -e "s:ICONDIR.*:ICONDIR = ${EPREFIX}/usr/share/icons:" \ + -e "s:INITDIR.*:INITDIR = ${EPREFIX}/etc:" \ + -e "s:DBUSDIR.*:DBUSDIR = ${EPREFIX}/etc/dbus-1:" \ + -e "s:MENUDIR.*:MENUDIR = ${EPREFIX}/usr/share/applications:" \ + -i Makedefs || die +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + else + emake libs + fi +} + +multilib_src_test() { + multilib_is_native_abi && default +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake BUILDROOT="${D}" install + else + emake BUILDROOT="${D}" install-libs install-headers + dobin cups-config + fi +} + +multilib_src_install_all() { + dodoc {CHANGES,CREDITS,README}.md + + # move the default config file to docs + dodoc "${ED%/}"/etc/cups/cupsd.conf.default + rm -f "${ED%/}"/etc/cups/cupsd.conf.default + + # clean out cups init scripts + rm -rf "${ED%/}"/etc/{init.d/cups,rc*,pam.d/cups} + + # install our init script + local neededservices + use zeroconf && neededservices+=" avahi-daemon" + use dbus && neededservices+=" dbus" + [[ -n ${neededservices} ]] && neededservices="need${neededservices}" + cp "${FILESDIR}"/cupsd.init.d-r3 "${T}"/cupsd || die + sed -i \ + -e "s/@neededservices@/${neededservices}/" \ + "${T}"/cupsd || die + doinitd "${T}"/cupsd + + # install our pam script + pamd_mimic_system cups auth account + + if use xinetd ; then + # correct path + sed -i \ + -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" \ + "${ED%/}"/etc/xinetd.d/cups-lpd || die + # it is safer to disable this by default, bug #137130 + grep -w 'disable' "${ED%/}"/etc/xinetd.d/cups-lpd || \ + { sed -i -e "s:}:\tdisable = yes\n}:" "${ED%/}"/etc/xinetd.d/cups-lpd || die ; } + # write permission for file owner (root), bug #296221 + fperms u+w /etc/xinetd.d/cups-lpd || die "fperms failed" + else + # always configure with --with-xinetd= and clean up later, + # bug #525604 + rm -rf "${ED%/}"/etc/xinetd.d + fi + + keepdir /usr/libexec/cups/driver /usr/share/cups/{model,profiles} \ + /var/log/cups /var/spool/cups/tmp + + keepdir /etc/cups/{interfaces,ppd,ssl} + + if ! use X ; then + rm -r "${ED%/}"/usr/share/applications || die + fi + + # create /etc/cups/client.conf, bug #196967 and #266678 + echo "ServerName ${EPREFIX}/run/cups/cups.sock" >> "${ED%/}"/etc/cups/client.conf + + # the following file is now provided by cups-filters: + rm -r "${ED%/}"/usr/share/cups/banners || die + + # the following are created by the init script + rm -r "${ED%/}"/var/cache/cups || die + rm -r "${ED%/}"/run || die + + # for the special case of running lprng and cups together, bug 467226 + if use lprng-compat ; then + rm -fv "${ED%/}"/usr/bin/{lp*,cancel} + rm -fv "${ED%/}"/usr/sbin/lp* + rm -fv "${ED%/}"/usr/share/man/man1/{lp*,cancel*} + rm -fv "${ED%/}"/usr/share/man/man8/lp* + ewarn "Not installing lp... binaries, since the lprng-compat useflag is set." + ewarn "Unless you plan to install an exotic server setup, you most likely" + ewarn "do not want this. Disable the useflag then and all will be fine." + fi +} + +pkg_preinst() { + gnome2_icon_savelist +} + +pkg_postinst() { + # Update desktop file database and gtk icon cache (bug 370059) + gnome2_icon_cache_update + xdg_desktop_database_update + + local v + + for v in ${REPLACING_VERSIONS}; do + if ! ver_test ${v} -ge 2.2.2-r2 ; then + echo + ewarn "The cupsd init script switched to using pidfiles. Shutting down" + ewarn "cupsd will fail the next time. To fix this, please run once as root" + ewarn " killall cupsd ; /etc/init.d/cupsd zap ; /etc/init.d/cupsd start" + echo + break + fi + done + + for v in ${REPLACING_VERSIONS}; do + echo + elog "For information about installing a printer and general cups setup" + elog "take a look at: https://wiki.gentoo.org/wiki/Printing" + echo + break + done +} + +pkg_postrm() { + # Update desktop file database and gtk icon cache (bug 370059) + gnome2_icon_cache_update + xdg_desktop_database_update +} diff --git a/net-print/cups/cups-2.3_beta5-r1.ebuild b/net-print/cups/cups-2.3_beta6.ebuild index f7c6d292faec..4801eaf8b9a0 100644 --- a/net-print/cups/cups-2.3_beta5-r1.ebuild +++ b/net-print/cups/cups-2.3_beta6.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2018 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -77,7 +77,7 @@ PATCHES=( "${FILESDIR}/${PN}-1.4.4-nostrip.patch" "${FILESDIR}/${PN}-2.0.2-rename-systemd-service-files.patch" "${FILESDIR}/${PN}-2.0.1-xinetd-installation-fix.patch" - "${FILESDIR}/${P}-validation_fixes.patch" #657526 + "${FILESDIR}/${P}-usage_argument_fix.patch" ) MULTILIB_CHOST_TOOLS=( diff --git a/net-print/cups/files/cups-2.3_beta5-validation_fixes.patch b/net-print/cups/files/cups-2.3_beta5-validation_fixes.patch deleted file mode 100644 index 29e2533eeb16..000000000000 --- a/net-print/cups/files/cups-2.3_beta5-validation_fixes.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 1d677f11f1e3353524d46c2842188eccfcdcd5a2 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet <michael.r.sweet@gmail.com> -Date: Mon, 11 Jun 2018 09:37:34 -0400 -Subject: [PATCH] Fix regressions in ippValidateAttribute (Issue #5322, Issue - #5330) - -diff --git a/cups/ipp.c b/cups/ipp.c -index 95d53cc44..325de02b9 100644 ---- a/cups/ipp.c -+++ b/cups/ipp.c -@@ -5033,16 +5033,19 @@ ippValidateAttribute( - break; - } - -- if (*ptr < ' ' || *ptr == 0x7f) -- { -- ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad control character (PWG 5100.14 section 8.3)."), attr->name, attr->values[i].string.text); -- return (0); -- } -- else if (*ptr) -- { -- ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.2)."), attr->name, attr->values[i].string.text); -- return (0); -- } -+ if (*ptr) -+ { -+ if (*ptr < ' ' || *ptr == 0x7f) -+ { -+ ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad control character (PWG 5100.14 section 8.3)."), attr->name, attr->values[i].string.text); -+ return (0); -+ } -+ else -+ { -+ ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad text value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.2)."), attr->name, attr->values[i].string.text); -+ return (0); -+ } -+ } - - if ((ptr - attr->values[i].string.text) > (IPP_MAX_TEXT - 1)) - { -@@ -5091,16 +5094,19 @@ ippValidateAttribute( - break; - } - -- if (*ptr < ' ' || *ptr == 0x7f) -- { -- ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad control character (PWG 5100.14 section 8.1)."), attr->name, attr->values[i].string.text); -- return (0); -- } -- else if (*ptr) -+ if (*ptr) - { -- ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.3)."), attr->name, attr->values[i].string.text); -- return (0); -- } -+ if (*ptr < ' ' || *ptr == 0x7f) -+ { -+ ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad control character (PWG 5100.14 section 8.1)."), attr->name, attr->values[i].string.text); -+ return (0); -+ } -+ else -+ { -+ ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad name value \"%s\" - bad UTF-8 sequence (RFC 8011 section 5.1.3)."), attr->name, attr->values[i].string.text); -+ return (0); -+ } -+ } - - if ((ptr - attr->values[i].string.text) > (IPP_MAX_NAME - 1)) - { diff --git a/net-print/cups/files/cups-2.3_beta6-usage_argument_fix.patch b/net-print/cups/files/cups-2.3_beta6-usage_argument_fix.patch new file mode 100644 index 000000000000..f0ba569a0f42 --- /dev/null +++ b/net-print/cups/files/cups-2.3_beta6-usage_argument_fix.patch @@ -0,0 +1,38 @@ +From 7b655b36b349f6db9a7b658d0075c468cff83c2e Mon Sep 17 00:00:00 2001 +From: Lars Wendler <polynomial-c@gentoo.org> +Date: Sat, 8 Dec 2018 13:14:06 +0100 +Subject: [PATCH] Fix call to usage which requires an int argument +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Otherwise compilation fails: + +main.c: In function ‘main’: +main.c:158:7: error: too few arguments to function ‘usage’ + usage(); + ^~~~~ +main.c:73:14: note: declared here + static void usage(int status) _CUPS_NORETURN; + ^~~~~ +make[1]: *** [../Makedefs:270: main.o] Error 1 +--- + scheduler/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scheduler/main.c b/scheduler/main.c +index ce7df89c0..a7df4525f 100644 +--- a/scheduler/main.c ++++ b/scheduler/main.c +@@ -155,7 +155,7 @@ main(int argc, /* I - Number of command-line args */ + for (i = 1; i < argc; i ++) + { + if (!strcmp(argv[i], "--help")) +- usage(); ++ usage(1); + else if (argv[i][0] == '-') + { + for (opt = argv[i] + 1; *opt != '\0'; opt ++) +-- +2.20.0.rc2 + |