Revbumps fixing security issue CVE-2009-3553. Fix linguas handling bug #293217 thanks to Rafał Mużyło, remove zeroconf of cups 1.4 since it's missing an avahi implementation, bug #293295. Remove old.

Package-Manager: portage-2.2_rc54/cvs/Linux x86_64
author: Timo Gurr <tgurr@gentoo.org> 2009-11-30 22:00:56 +0000
committer: Timo Gurr <tgurr@gentoo.org> 2009-11-30 22:00:56 +0000
commit: 31d3ab5af1a3847ab6a0bd81e7ebdbdc51ea6d86 (patch)
tree: 35371f83d6883d511a2280d36d9d82632b8d1f2f /net-print
parent: version bump (diff)
download: historical-31d3ab5af1a3847ab6a0bd81e7ebdbdc51ea6d86.tar.gz
historical-31d3ab5af1a3847ab6a0bd81e7ebdbdc51ea6d86.tar.bz2
historical-31d3ab5af1a3847ab6a0bd81e7ebdbdc51ea6d86.zip
6 files changed, 119 insertions, 15 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index ecbce931b42c..bdde2876f6fb 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for net-print/cups
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.374 2009/11/24 04:02:42 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.375 2009/11/30 22:00:56 tgurr Exp $
+
+*cups-1.4.2-r1 (30 Nov 2009)
+*cups-1.3.11-r2 (30 Nov 2009)
+
+  30 Nov 2009; Timo Gurr <tgurr@gentoo.org> -cups-1.3.10-r2.ebuild,
+  +cups-1.3.11-r2.ebuild, +files/cups-1.3.11-str3200.patch,
+  -cups-1.4.2.ebuild, +cups-1.4.2-r1.ebuild,
+  +files/cups-1.4.2-str3200.patch:
+  Revbumps fixing security issue CVE-2009-3553. Fix linguas handling bug
+  #293217 thanks to Rafał Mużyło, remove zeroconf of cups 1.4 since it's
+  missing an avahi implementation, bug #293295. Remove old.
 
   24 Nov 2009; Jeroen Roovers <jer@gentoo.org> cups-1.3.11-r1.ebuild:
   Stable for HPPA (bug #293865).
diff --git a/net-print/cups/Manifest b/net-print/cups/Manifest
index b3c859c222c5..847b67bdff35 100644
--- a/net-print/cups/Manifest
+++ b/net-print/cups/Manifest
@@ -1,16 +1,17 @@
 AUX cups-1.3.0-configure.patch 651 RMD160 e4c7f45d7ddc28157433bf025c7f946c7e3b6d6a SHA1 101bf1893b56640d9fa82078e29319fbbd1449c7 SHA256 d6e5e60a982a3c093c0d0f89cf865e2b4c36290f5b1e188b7bf305d210070736
 AUX cups-1.3.10-str3178.patch 888 RMD160 ff061fc3500960f441c59896cdfe421d5f47f386 SHA1 fac5361b1172aba167d48988f874faa6faf1554a SHA256 e6550fad17017ac6897e6e9c70a4aafaaec5473c05a19e9e50277293cdc6aac6
+AUX cups-1.3.11-str3200.patch 1782 RMD160 6c9134d1bc90650b882e167a5ae118d0f239b7ae SHA1 adb5b0ef222ad5beb2424bcb93a3c891af6a744e SHA256 2ae6d48ce7071051120740d654787be1bba0258752f4844f55a18f8e03e062e6
 AUX cups-1.3.11-str3367-security-1.3v2.patch 12834 RMD160 e770139528cbdf918f5c9073fbea8b31f30cac0f SHA1 81825028af8021aff2e67a36d8e9aa71cbbb42f4 SHA256 d4d770ce17855293348059451909fecbcc9e968d6731ac73b8d81927e2afe134
 AUX cups-1.3.11-str3401-security-1.3v2-regression.patch 871 RMD160 bb08b55e8d61341e9eeecc8fe99ba743d38500dd SHA1 33a919f4ef5de3c780f6f35e68d096ccf8371718 SHA256 ab9f24c05a422995b9ee274f36ffa0a9a6dca4d55fde4830a31201d1e61bd756
 AUX cups-1.3.7-backend-https.patch 450 RMD160 9a1ad48d2be40c89510ccc512649f0a2eb5543b0 SHA1 d3dd55fcdee47855d6b7c1443adb6c2b3d8c9cdb SHA256 060f929ae3eae5dc411ce6352a0d50c3296b013974f034fc2ad8d6bb0c81b45a
 AUX cups-1.4.0-backend-https.patch 483 RMD160 b338f67ebf0719b5e12eaa8490affbd7a1bb8c0e SHA1 bfeadba67792203d654a64bdec16f3d2a31aeca6 SHA256 9060a5d848d6655db4629822d01fd772a3fbe1a5107109c50cb0ecb4de7a9526
+AUX cups-1.4.2-str3200.patch 1654 RMD160 cc40d26f7e9dbe5a12d9426535d09de10254da26 SHA1 b330108bcfb8ca3ab5d6dd3b48dc3d2937c7bca1 SHA256 8a64f5c72d64ecd95d330fd90630eb02a67865c07921ecb0c010e84b49b537e0
 AUX cupsd.init.d 293 RMD160 19fbef21cee7e472e7028f3101b680baa0089c54 SHA1 e6b27b2638fec258fe2f55c926c2530e909ca3d2 SHA256 b4268a6bae95e96b6af21c3716ecc905073736ce7dc33be1489d574a447f3c48
 AUX pdftops-1.20.gentoo 10412 RMD160 16e229662c47e03af1d1f4cb5764a76d17a66642 SHA1 6afb8a655b6ff013a2c8c8cbfb615ba1e561503b SHA256 ac5fa01ca776d75bd7cef62eef9f6b0c3945ee87e8950b40ca9f9f3ff46a16c1
-DIST cups-1.3.10-source.tar.bz2 3778970 RMD160 9c8f5366f84b5f9087f7a29bace677db309a933f SHA1 48689f07104106216d35198cc90ed56df33faf38 SHA256 9701a545a6a05a991beeb49b41fbb4d450c3bdbb4eb74b132b0d2988640bb566
-DIST cups-1.3.11-source.tar.bz2 3799424 RMD160 aa263fe29350cee307bbd72ef2f5cb061c2476e0 SHA1 c8304ee8d631bb370fc10fc1fffbe8ebae413df2 SHA256 824b7fe5cefa981f2ce20f356983be182a551f716ccab8f5194fe645b1178303
+DIST cups-1.3.11-source.tar.bz2 3799393 RMD160 a0646f2ba29fbd39d211ea5c3fdbd24a00f66a78 SHA1 df5cfb64fb608fc128acadde670dc30af49bdb18 SHA256 5e310fd324a15fae1e1c9721879f5c948d788e04735a5263a40c6146fff607b8
 DIST cups-1.4.2-source.tar.bz2 4450466 RMD160 3848989e3e585e69def0b5ccc9645c1670b0a687 SHA1 84be13b1a83a981cf1f3f9f812d53f3a3ca247cf SHA256 646bc0dbac064d05c0a93735fb556299eda0ae32ce4568506654cb952c719314
-EBUILD cups-1.3.10-r2.ebuild 8319 RMD160 0a37bfa1d47d4c2e52ea2332b11f0bd8c638b5e3 SHA1 b6366c068a19b660af54d096e4883725f32c7799 SHA256 ef0e52aad51833d3937145997eec22b3bb0a0edaa8aad5d77b0be2c8295c4f7f
 EBUILD cups-1.3.11-r1.ebuild 8576 RMD160 5baf2a44ee82136e96c04a721d126aba1d1186a2 SHA1 8ed2cf2f4c3c71213c14ac8f5cb591685b0bd9a5 SHA256 9b60a361efd271537f297808c1f402f0eeba5d5a59bed66979cc25e64eb02d9d
-EBUILD cups-1.4.2.ebuild 5406 RMD160 bac8252dc86b8cb1f401289eb33f8b9891d44b60 SHA1 0c0529d5d57d76c9bcdaa5d2614838448638acbe SHA256 ea0cf5b9f4e3f795e02ab2e44f9b4918610937ae791ff17dd557314a7d64785b
-MISC ChangeLog 55483 RMD160 186d62f9b187633fffc93af8730f400cd4f21c53 SHA1 54f69fb9f43082fd3a7c9130ad9d42117471281a SHA256 5207de5d7e5b005069afd85cb6490c1bc2c600d7ac18e8865546767654da6dd9
+EBUILD cups-1.3.11-r2.ebuild 8785 RMD160 baa141ae98ded52823394d12927b82bc408b96b9 SHA1 106a44143b330462287d3776f86423640af36874 SHA256 ec742de9eb68dd121f8c5fc7d22552799397b10d61936515191abb90f713a7e4
+EBUILD cups-1.4.2-r1.ebuild 5304 RMD160 5d94f77e999e254a6cf1e5e9d267a833d8191093 SHA1 20921aa58f69b118e503f73dc829cb51826eb1e5 SHA256 8451551c5d12858e16a5cf215edd616ceb827aa185ab1b31cef35b0bf1490ce4
+MISC ChangeLog 55963 RMD160 17b2e3cf2a31824b73e664c33ca257316b54cb36 SHA1 f736ab2247f918ede471a7e7e50c69e61d3e0566 SHA256 f6bf42342861031c3b15a10cf01855c58beebe128bd99ce4f7b9bfd792f2d26d
 MISC metadata.xml 161 RMD160 1e5b1e42553c8869b93c4a5448e9a2a2ed9fe525 SHA1 209c6a46e4cdd891980115e42ba419e3799f8088 SHA256 7c85e6739a71f5bb23e8de36c88677d772946e61f7285892f7554e37bd2bca76
diff --git a/net-print/cups/cups-1.3.10-r2.ebuild b/net-print/cups/cups-1.3.11-r2.ebuild
index 1fe361948ede..6d5485cba2d5 100644
--- a/net-print/cups/cups-1.3.10-r2.ebuild
+++ b/net-print/cups/cups-1.3.11-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.10-r2.ebuild,v 1.11 2009/11/21 14:21:41 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.11-r2.ebuild,v 1.1 2009/11/30 22:00:56 tgurr Exp $
 
 inherit autotools eutils flag-o-matic multilib pam
 
@@ -12,7 +12,7 @@ SRC_URI="mirror://easysw/${PN}/${PV}/${MY_P}-source.tar.bz2"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
 IUSE="acl avahi dbus gnutls java jpeg kerberos ldap pam perl php png ppds python samba slp ssl static tiff X xinetd zeroconf"
 
 COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) )
@@ -104,6 +104,14 @@ src_unpack() {
 	# detect recent libgnutls versions, upstream bug STR #3178
 	epatch "${FILESDIR}/${PN}-1.3.10-str3178.patch"
 
+	# CVE-2009-2820: Several XSS flaws in forms processed by CUPS web interface
+	# upstream bug STR #3178 and STR #3401
+	epatch "${FILESDIR}/${PN}-1.3.11-str3367-security-1.3v2.patch"
+	epatch "${FILESDIR}/${PN}-1.3.11-str3401-security-1.3v2-regression.patch"
+	# CVE-2009-3553: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
+	# upstream bug STR #3200
+	epatch "${FILESDIR}/${PN}-1.3.11-str3200.patch"
+
 	# cups does not use autotools "the usual way" and ship a static config.h.in
 	eaclocal
 	eautoconf
diff --git a/net-print/cups/cups-1.4.2.ebuild b/net-print/cups/cups-1.4.2-r1.ebuild
index c8f7250bfee7..c6d5b0720b12 100644
--- a/net-print/cups/cups-1.4.2.ebuild
+++ b/net-print/cups/cups-1.4.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.2.ebuild,v 1.1 2009/11/13 18:53:55 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.2-r1.ebuild,v 1.1 2009/11/30 22:00:56 tgurr Exp $
 
 EAPI="2"
 
@@ -15,7 +15,7 @@ SRC_URI="mirror://easysw/${PN}/${PV}/${MY_P}-source.tar.bz2"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
-IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static +tiff X xinetd zeroconf"
+IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static +tiff X xinetd"
 
 COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) )
 	dbus? ( sys-apps/dbus )
@@ -33,7 +33,6 @@ COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) )
 	ssl? ( !gnutls? ( >=dev-libs/openssl-0.9.8g ) )
 	tiff? ( >=media-libs/tiff-3.5.5 )
 	xinetd? ( sys-apps/xinetd )
-	zeroconf? ( || ( net-dns/avahi[mdnsresponder-compat] net-misc/mDNSResponder ) )
 	app-text/libpaper
 	app-text/poppler-utils
 	dev-libs/libgcrypt
@@ -71,6 +70,11 @@ pkg_setup() {
 src_prepare() {
 	# create a missing symlink to allow https printing via IPP, bug #217293
 	epatch "${FILESDIR}/${PN}-1.4.0-backend-https.patch"
+
+	# CVE-2009-3553: Use-after-free (crash) due improper reference counting
+	# in abstract file descriptors handling interface
+	# upstream bug STR #3200
+	epatch "${FILESDIR}/${PN}-1.4.2-str3200.patch"
 }
 
 src_configure() {
@@ -97,7 +101,7 @@ src_configure() {
 		--with-cups-user=lp \
 		--with-cups-group=lp \
 		--with-docdir=/usr/share/cups/html \
-		--with-languages=${LINGUAS} \
+		--with-languages="${LINGUAS}" \
 		--with-pdftops=pdftops \
 		--with-system-groups=lpadmin \
 		$(use_enable acl) \
@@ -113,7 +117,6 @@ src_configure() {
 		$(use_enable static) \
 		$(use_enable tiff) \
 		$(use_enable xinetd xinetd /etc/xinetd.d) \
-		$(use_enable zeroconf dnssd) \
 		$(use_with java) \
 		$(use_with perl) \
 		$(use_with php) \
@@ -122,6 +125,7 @@ src_configure() {
 		--enable-libusb \
 		--enable-threads \
 		--enable-pdftops \
+		--disable-dnssd \
 		${myconf}
 
 	# install in /usr/libexec always, instead of using /usr/lib/cups, as that
@@ -140,8 +144,6 @@ src_install() {
 
 	# install our init script
 	local neededservices
-	use zeroconf && has_version 'net-dns/avahi' && neededservices="$neededservices avahi-daemon"
-	use zeroconf && has_version 'net-misc/mDNSResponder' && neededservices="$neededservices mDNSResponderPosix"
 	use dbus && neededservices="$neededservices dbus"
 	[[ -n ${neededservices} ]] && neededservices="need${neededservices}"
 	sed -e "s/@neededservices@/$neededservices/" "${FILESDIR}"/cupsd.init.d > "${T}"/cupsd
diff --git a/net-print/cups/files/cups-1.3.11-str3200.patch b/net-print/cups/files/cups-1.3.11-str3200.patch
new file mode 100644
index 000000000000..84cdbd26299f
--- /dev/null
+++ b/net-print/cups/files/cups-1.3.11-str3200.patch
@@ -0,0 +1,39 @@
+diff -up cups-1.3.7/scheduler/select.c.CVE-2009-3553 cups-1.3.7/scheduler/select.c
+--- cups-1.3.7/scheduler/select.c.CVE-2009-3553	2007-11-30 19:29:50.000000000 +0000
++++ cups-1.3.7/scheduler/select.c	2009-11-11 16:36:07.223893886 +0000
+@@ -477,7 +477,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+       (*(fdptr->read_cb))(fdptr->data);
+     }
+ 
+-    if (fdptr->write_cb && event->filter == EVFILT_WRITE)
++    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+     {
+       cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	              fdptr->fd);
+@@ -537,7 +537,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+ 	  (*(fdptr->read_cb))(fdptr->data);
+ 	}
+ 
+-	if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
++	if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ 	{
+ 	  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	        	  fdptr->fd);
+@@ -649,7 +649,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+         (*(fdptr->read_cb))(fdptr->data);
+       }
+ 
+-      if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
++      if (fdptr->use > 1 && fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
+       {
+         cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	                fdptr->fd);
+@@ -719,7 +719,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+         (*(fdptr->read_cb))(fdptr->data);
+       }
+ 
+-      if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
++      if (fdptr->use > 1 && fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
+       {
+         cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	                fdptr->fd);
diff --git a/net-print/cups/files/cups-1.4.2-str3200.patch b/net-print/cups/files/cups-1.4.2-str3200.patch
new file mode 100644
index 000000000000..47d9114ed131
--- /dev/null
+++ b/net-print/cups/files/cups-1.4.2-str3200.patch
@@ -0,0 +1,43 @@
+Index: scheduler/select.c
+===================================================================
+--- scheduler/select.c	(revision 8887)
++++ scheduler/select.c	(working copy)
+@@ -454,7 +454,7 @@
+     if (fdptr->read_cb && event->filter == EVFILT_READ)
+       (*(fdptr->read_cb))(fdptr->data);
+ 
+-    if (fdptr->write_cb && event->filter == EVFILT_WRITE)
++    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+       (*(fdptr->write_cb))(fdptr->data);
+ 
+     release_fd(fdptr);
+@@ -499,7 +499,8 @@
+ 	if (fdptr->read_cb && (event->events & (EPOLLIN | EPOLLERR | EPOLLHUP)))
+ 	  (*(fdptr->read_cb))(fdptr->data);
+ 
+-	if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
++	if (fdptr->use > 1 && fdptr->write_cb &&
++	    (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ 	  (*(fdptr->write_cb))(fdptr->data);
+ 
+ 	release_fd(fdptr);
+@@ -590,7 +591,8 @@
+       if (fdptr->read_cb && (pfd->revents & (POLLIN | POLLERR | POLLHUP)))
+         (*(fdptr->read_cb))(fdptr->data);
+ 
+-      if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
++      if (fdptr->use > 1 && fdptr->write_cb &&
++          (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
+         (*(fdptr->write_cb))(fdptr->data);
+ 
+       release_fd(fdptr);
+@@ -645,7 +647,8 @@
+       if (fdptr->read_cb && FD_ISSET(fdptr->fd, &cupsd_current_input))
+         (*(fdptr->read_cb))(fdptr->data);
+ 
+-      if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
++      if (fdptr->use > 1 && fdptr->write_cb &&
++          FD_ISSET(fdptr->fd, &cupsd_current_output))
+         (*(fdptr->write_cb))(fdptr->data);
+ 
+       release_fd(fdptr);
author	Timo Gurr <tgurr@gentoo.org>	2009-11-30 22:00:56 +0000
committer	Timo Gurr <tgurr@gentoo.org>	2009-11-30 22:00:56 +0000
commit	31d3ab5af1a3847ab6a0bd81e7ebdbdc51ea6d86 (patch)
tree	35371f83d6883d511a2280d36d9d82632b8d1f2f /net-print
parent	version bump (diff)
download	historical-31d3ab5af1a3847ab6a0bd81e7ebdbdc51ea6d86.tar.gz historical-31d3ab5af1a3847ab6a0bd81e7ebdbdc51ea6d86.tar.bz2 historical-31d3ab5af1a3847ab6a0bd81e7ebdbdc51ea6d86.zip