Revbumps fixing security issue CVE-2009-3553. Fix linguas handling bug #293217 thanks to Rafał Mużyło, remove zeroconf of cups 1.4 since it's missing an avahi implementation, bug #293295. Remove old.

(Portage version: 2.2_rc54/cvs/Linux x86_64)
author: Timo Gurr <tgurr@gentoo.org> 2009-11-30 22:00:56 +0000
committer: Timo Gurr <tgurr@gentoo.org> 2009-11-30 22:00:56 +0000
commit: c1a1fad2ab3e62a6d75b6a812a60260ba2a29cff (patch)
tree: d49e2a97281edb02bff8ee8998626f49192e7b0a /net-print
parent: version bump (diff)
download: gentoo-2-c1a1fad2ab3e62a6d75b6a812a60260ba2a29cff.tar.gz
gentoo-2-c1a1fad2ab3e62a6d75b6a812a60260ba2a29cff.tar.bz2
gentoo-2-c1a1fad2ab3e62a6d75b6a812a60260ba2a29cff.zip
5 files changed, 113 insertions, 10 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index ecbce931b42c..bdde2876f6fb 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for net-print/cups
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.374 2009/11/24 04:02:42 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.375 2009/11/30 22:00:56 tgurr Exp $
+
+*cups-1.4.2-r1 (30 Nov 2009)
+*cups-1.3.11-r2 (30 Nov 2009)
+
+  30 Nov 2009; Timo Gurr <tgurr@gentoo.org> -cups-1.3.10-r2.ebuild,
+  +cups-1.3.11-r2.ebuild, +files/cups-1.3.11-str3200.patch,
+  -cups-1.4.2.ebuild, +cups-1.4.2-r1.ebuild,
+  +files/cups-1.4.2-str3200.patch:
+  Revbumps fixing security issue CVE-2009-3553. Fix linguas handling bug
+  #293217 thanks to Rafał Mużyło, remove zeroconf of cups 1.4 since it's
+  missing an avahi implementation, bug #293295. Remove old.
 
   24 Nov 2009; Jeroen Roovers <jer@gentoo.org> cups-1.3.11-r1.ebuild:
   Stable for HPPA (bug #293865).
diff --git a/net-print/cups/cups-1.3.10-r2.ebuild b/net-print/cups/cups-1.3.11-r2.ebuild
index 1fe361948ede..6d5485cba2d5 100644
--- a/net-print/cups/cups-1.3.10-r2.ebuild
+++ b/net-print/cups/cups-1.3.11-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.10-r2.ebuild,v 1.11 2009/11/21 14:21:41 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.11-r2.ebuild,v 1.1 2009/11/30 22:00:56 tgurr Exp $
 
 inherit autotools eutils flag-o-matic multilib pam
 
@@ -12,7 +12,7 @@ SRC_URI="mirror://easysw/${PN}/${PV}/${MY_P}-source.tar.bz2"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
 IUSE="acl avahi dbus gnutls java jpeg kerberos ldap pam perl php png ppds python samba slp ssl static tiff X xinetd zeroconf"
 
 COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) )
@@ -104,6 +104,14 @@ src_unpack() {
 	# detect recent libgnutls versions, upstream bug STR #3178
 	epatch "${FILESDIR}/${PN}-1.3.10-str3178.patch"
 
+	# CVE-2009-2820: Several XSS flaws in forms processed by CUPS web interface
+	# upstream bug STR #3178 and STR #3401
+	epatch "${FILESDIR}/${PN}-1.3.11-str3367-security-1.3v2.patch"
+	epatch "${FILESDIR}/${PN}-1.3.11-str3401-security-1.3v2-regression.patch"
+	# CVE-2009-3553: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
+	# upstream bug STR #3200
+	epatch "${FILESDIR}/${PN}-1.3.11-str3200.patch"
+
 	# cups does not use autotools "the usual way" and ship a static config.h.in
 	eaclocal
 	eautoconf
diff --git a/net-print/cups/cups-1.4.2.ebuild b/net-print/cups/cups-1.4.2-r1.ebuild
index c8f7250bfee7..c6d5b0720b12 100644
--- a/net-print/cups/cups-1.4.2.ebuild
+++ b/net-print/cups/cups-1.4.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.2.ebuild,v 1.1 2009/11/13 18:53:55 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.2-r1.ebuild,v 1.1 2009/11/30 22:00:56 tgurr Exp $
 
 EAPI="2"
 
@@ -15,7 +15,7 @@ SRC_URI="mirror://easysw/${PN}/${PV}/${MY_P}-source.tar.bz2"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
-IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static +tiff X xinetd zeroconf"
+IUSE="acl dbus debug gnutls java +jpeg kerberos ldap pam perl php +png python samba slp +ssl static +tiff X xinetd"
 
 COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) )
 	dbus? ( sys-apps/dbus )
@@ -33,7 +33,6 @@ COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) )
 	ssl? ( !gnutls? ( >=dev-libs/openssl-0.9.8g ) )
 	tiff? ( >=media-libs/tiff-3.5.5 )
 	xinetd? ( sys-apps/xinetd )
-	zeroconf? ( || ( net-dns/avahi[mdnsresponder-compat] net-misc/mDNSResponder ) )
 	app-text/libpaper
 	app-text/poppler-utils
 	dev-libs/libgcrypt
@@ -71,6 +70,11 @@ pkg_setup() {
 src_prepare() {
 	# create a missing symlink to allow https printing via IPP, bug #217293
 	epatch "${FILESDIR}/${PN}-1.4.0-backend-https.patch"
+
+	# CVE-2009-3553: Use-after-free (crash) due improper reference counting
+	# in abstract file descriptors handling interface
+	# upstream bug STR #3200
+	epatch "${FILESDIR}/${PN}-1.4.2-str3200.patch"
 }
 
 src_configure() {
@@ -97,7 +101,7 @@ src_configure() {
 		--with-cups-user=lp \
 		--with-cups-group=lp \
 		--with-docdir=/usr/share/cups/html \
-		--with-languages=${LINGUAS} \
+		--with-languages="${LINGUAS}" \
 		--with-pdftops=pdftops \
 		--with-system-groups=lpadmin \
 		$(use_enable acl) \
@@ -113,7 +117,6 @@ src_configure() {
 		$(use_enable static) \
 		$(use_enable tiff) \
 		$(use_enable xinetd xinetd /etc/xinetd.d) \
-		$(use_enable zeroconf dnssd) \
 		$(use_with java) \
 		$(use_with perl) \
 		$(use_with php) \
@@ -122,6 +125,7 @@ src_configure() {
 		--enable-libusb \
 		--enable-threads \
 		--enable-pdftops \
+		--disable-dnssd \
 		${myconf}
 
 	# install in /usr/libexec always, instead of using /usr/lib/cups, as that
@@ -140,8 +144,6 @@ src_install() {
 
 	# install our init script
 	local neededservices
-	use zeroconf && has_version 'net-dns/avahi' && neededservices="$neededservices avahi-daemon"
-	use zeroconf && has_version 'net-misc/mDNSResponder' && neededservices="$neededservices mDNSResponderPosix"
 	use dbus && neededservices="$neededservices dbus"
 	[[ -n ${neededservices} ]] && neededservices="need${neededservices}"
 	sed -e "s/@neededservices@/$neededservices/" "${FILESDIR}"/cupsd.init.d > "${T}"/cupsd
diff --git a/net-print/cups/files/cups-1.3.11-str3200.patch b/net-print/cups/files/cups-1.3.11-str3200.patch
new file mode 100644
index 000000000000..84cdbd26299f
--- /dev/null
+++ b/net-print/cups/files/cups-1.3.11-str3200.patch
@@ -0,0 +1,39 @@
+diff -up cups-1.3.7/scheduler/select.c.CVE-2009-3553 cups-1.3.7/scheduler/select.c
+--- cups-1.3.7/scheduler/select.c.CVE-2009-3553	2007-11-30 19:29:50.000000000 +0000
++++ cups-1.3.7/scheduler/select.c	2009-11-11 16:36:07.223893886 +0000
+@@ -477,7 +477,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+       (*(fdptr->read_cb))(fdptr->data);
+     }
+ 
+-    if (fdptr->write_cb && event->filter == EVFILT_WRITE)
++    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+     {
+       cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	              fdptr->fd);
+@@ -537,7 +537,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+ 	  (*(fdptr->read_cb))(fdptr->data);
+ 	}
+ 
+-	if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
++	if (fdptr->use > 1 && fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ 	{
+ 	  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	        	  fdptr->fd);
+@@ -649,7 +649,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+         (*(fdptr->read_cb))(fdptr->data);
+       }
+ 
+-      if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
++      if (fdptr->use > 1 && fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
+       {
+         cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	                fdptr->fd);
+@@ -719,7 +719,7 @@ cupsdDoSelect(long timeout)		/* I - Time
+         (*(fdptr->read_cb))(fdptr->data);
+       }
+ 
+-      if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
++      if (fdptr->use > 1 && fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
+       {
+         cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDoSelect: Write on fd %d...",
+ 	                fdptr->fd);
diff --git a/net-print/cups/files/cups-1.4.2-str3200.patch b/net-print/cups/files/cups-1.4.2-str3200.patch
new file mode 100644
index 000000000000..47d9114ed131
--- /dev/null
+++ b/net-print/cups/files/cups-1.4.2-str3200.patch
@@ -0,0 +1,43 @@
+Index: scheduler/select.c
+===================================================================
+--- scheduler/select.c	(revision 8887)
++++ scheduler/select.c	(working copy)
+@@ -454,7 +454,7 @@
+     if (fdptr->read_cb && event->filter == EVFILT_READ)
+       (*(fdptr->read_cb))(fdptr->data);
+ 
+-    if (fdptr->write_cb && event->filter == EVFILT_WRITE)
++    if (fdptr->use > 1 && fdptr->write_cb && event->filter == EVFILT_WRITE)
+       (*(fdptr->write_cb))(fdptr->data);
+ 
+     release_fd(fdptr);
+@@ -499,7 +499,8 @@
+ 	if (fdptr->read_cb && (event->events & (EPOLLIN | EPOLLERR | EPOLLHUP)))
+ 	  (*(fdptr->read_cb))(fdptr->data);
+ 
+-	if (fdptr->write_cb && (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
++	if (fdptr->use > 1 && fdptr->write_cb &&
++	    (event->events & (EPOLLOUT | EPOLLERR | EPOLLHUP)))
+ 	  (*(fdptr->write_cb))(fdptr->data);
+ 
+ 	release_fd(fdptr);
+@@ -590,7 +591,8 @@
+       if (fdptr->read_cb && (pfd->revents & (POLLIN | POLLERR | POLLHUP)))
+         (*(fdptr->read_cb))(fdptr->data);
+ 
+-      if (fdptr->write_cb && (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
++      if (fdptr->use > 1 && fdptr->write_cb &&
++          (pfd->revents & (POLLOUT | POLLERR | POLLHUP)))
+         (*(fdptr->write_cb))(fdptr->data);
+ 
+       release_fd(fdptr);
+@@ -645,7 +647,8 @@
+       if (fdptr->read_cb && FD_ISSET(fdptr->fd, &cupsd_current_input))
+         (*(fdptr->read_cb))(fdptr->data);
+ 
+-      if (fdptr->write_cb && FD_ISSET(fdptr->fd, &cupsd_current_output))
++      if (fdptr->use > 1 && fdptr->write_cb &&
++          FD_ISSET(fdptr->fd, &cupsd_current_output))
+         (*(fdptr->write_cb))(fdptr->data);
+ 
+       release_fd(fdptr);
author	Timo Gurr <tgurr@gentoo.org>	2009-11-30 22:00:56 +0000
committer	Timo Gurr <tgurr@gentoo.org>	2009-11-30 22:00:56 +0000
commit	c1a1fad2ab3e62a6d75b6a812a60260ba2a29cff (patch)
tree	d49e2a97281edb02bff8ee8998626f49192e7b0a /net-print
parent	version bump (diff)
download	gentoo-2-c1a1fad2ab3e62a6d75b6a812a60260ba2a29cff.tar.gz gentoo-2-c1a1fad2ab3e62a6d75b6a812a60260ba2a29cff.tar.bz2 gentoo-2-c1a1fad2ab3e62a6d75b6a812a60260ba2a29cff.zip