Revbump adding the patches to fix CVE-2007-4351, see bug #196736. Also add cups-1.3.4.ebuild and remove old version.

(Portage version: 2.1.3.18)
author: Timo Gurr <tgurr@gentoo.org> 2007-11-05 19:11:14 +0000
committer: Timo Gurr <tgurr@gentoo.org> 2007-11-05 19:11:14 +0000
commit: f10de48385c28c0980ca54e26bcca9bcbeb91a6f (patch)
tree: de21fa0e46497dd8139e0b6908bd0fdd77c6ba06 /net-print
parent: Home Page fix (diff)
download: gentoo-2-f10de48385c28c0980ca54e26bcca9bcbeb91a6f.tar.gz
gentoo-2-f10de48385c28c0980ca54e26bcca9bcbeb91a6f.tar.bz2
gentoo-2-f10de48385c28c0980ca54e26bcca9bcbeb91a6f.zip
10 files changed, 740 insertions, 8 deletions
diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index da360681570a..12da60d1d06a 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for net-print/cups
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.255 2007/10/28 13:36:07 corsair Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.256 2007/11/05 19:11:14 tgurr Exp $
+
+*cups-1.3.4 (05 Nov 2007)
+*cups-1.2.12-r2 (05 Nov 2007)
+*cups-1.1.23-r9 (05 Nov 2007)
+
+  05 Nov 2007; Timo Gurr <tgurr@gentoo.org>
+  +files/cups-1.1-str2561-v2.patch, +files/cups-1.2-str2561-v2.patch,
+  +cups-1.1.23-r9.ebuild, +cups-1.2.12-r2.ebuild, -cups-1.3.3.ebuild,
+  +cups-1.3.4.ebuild:
+  Revbump adding the patches to fix CVE-2007-4351, see bug #196736. Also add
+  cups-1.3.4.ebuild and remove old version.
 
   28 Oct 2007; Markus Rothe <corsair@gentoo.org> cups-1.2.12-r1.ebuild:
   Stable on ppc64; bug #195278
diff --git a/net-print/cups/cups-1.1.23-r9.ebuild b/net-print/cups/cups-1.1.23-r9.ebuild
new file mode 100644
index 000000000000..354f2d9ece62
--- /dev/null
+++ b/net-print/cups/cups-1.1.23-r9.ebuild
@@ -0,0 +1,185 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.1.23-r9.ebuild,v 1.1 2007/11/05 19:11:14 tgurr Exp $
+
+WANT_AUTOMAKE=latest
+
+inherit eutils flag-o-matic pam autotools
+
+MY_P=${P/_/}
+
+DESCRIPTION="The Common Unix Printing System"
+HOMEPAGE="http://www.cups.org/"
+SRC_URI="ftp://ftp2.easysw.com/pub/cups/test/${MY_P}-source.tar.bz2
+ftp://ftp.easysw.com/pub/cups/test/${MY_P}-source.tar.bz2
+ftp://ftp.funet.fi/pub/mirrors/ftp.easysw.com/pub/cups/test/${MY_P}-source.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ssl slp pam samba nls gnutls"
+
+DEP="pam? ( virtual/pam )
+	ssl? (
+		!gnutls? ( >=dev-libs/openssl-0.9.6b )
+		gnutls? ( net-libs/gnutls )
+		)
+	slp? ( >=net-libs/openslp-1.0.4 )
+	>=media-libs/libpng-1.2.10
+	>=media-libs/tiff-3.5.5
+	>=media-libs/jpeg-6b"
+DEPEND="${DEP}
+	nls? ( sys-devel/gettext )"
+RDEPEND="${DEP}
+	nls? ( virtual/libintl )
+	!virtual/lpr
+	>=app-text/poppler-0.4.3-r1"
+PDEPEND="samba? ( >=net-fs/samba-3.0.8 )"
+PROVIDE="virtual/lpr"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	enewgroup lp
+	enewuser lp -1 -1 -1 lp
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}"/disable-strip.patch
+	epatch "${FILESDIR}"/cups-gcc4-amd64.patch #79791
+	epatch "${FILESDIR}"/cups-gentooalt.patch
+	epatch "${FILESDIR}"/${P}-bindnow.patch
+	epatch "${FILESDIR}"/cupsaddsmb.patch
+	epatch "${FILESDIR}"/${P}-respectldflags.patch
+	# CVE-2007-4351 security patch, bug #196736
+	epatch "${FILESDIR}"/${PN}-1.1-str2561-v2.patch
+	eautoconf
+
+	# 1.2.10 compat thanks to kojiro in bug 136346
+	epatch "${FILESDIR}"/${P}-image-png.patch
+
+	# disable builtin xpdf
+	sed -i -e "s:pdftops::" Makefile
+}
+
+src_compile() {
+
+	local myconf
+	use amd64 && replace-flags -Os -O2
+
+	use ssl && \
+		myconf="${myconf} $(use_enable gnutls) $(use_enable !gnutls openssl)"
+
+	econf \
+		--with-cups-user=lp \
+		--with-cups-group=lp \
+		--localstatedir=/var \
+		--with-bindnow=$(bindnow-flags) \
+		$(use_enable pam) \
+		$(use_enable ssl) \
+		$(use_enable slp) \
+		$(use_enable nls) \
+		${myconf} \
+		|| die "econf failed"
+
+	emake || die "compile problem"
+}
+
+src_test() {
+	# upstream includes an interactive test which is a nono for gentoo.
+	# therefore, since the printing herd has bigger fish to fry, for now,
+	# we just leave it out, even if FEATURES=test
+	true
+}
+
+src_install() {
+	dodir /var/spool /var/log/cups /etc/cups
+
+	make \
+	LOCALEDIR="${D}"/usr/share/locale \
+	DOCDIR="${D}"/usr/share/cups/docs \
+	REQUESTS="${D}"/var/spool/cups \
+	SERVERBIN="${D}"/usr/$(get_libdir)/cups \
+	DATADIR="${D}"/usr/share/cups \
+	INCLUDEDIR="${D}"/usr/include \
+	AMANDIR="${D}"/usr/share/man \
+	PMANDIR="${D}"/usr/share/man \
+	MANDIR="${D}"/usr/share/man \
+	SERVERROOT="${D}"/etc/cups \
+	LOGDIR="${D}"/var/log/cups \
+	SBINDIR="${D}"/usr/sbin \
+	PAMDIR="${D}"/etc/pam.d \
+	EXEC_PREFIX="${D}"/usr \
+	LIBDIR="${D}"/usr/$(get_libdir) \
+	BINDIR="${D}"/usr/bin \
+	bindir="${D}"/usr/bin \
+	INITDIR="${D}"/etc \
+	PREFIX="${D}" \
+	install || die "install problem"
+
+	dodoc {CHANGES,CREDITS,ENCRYPTION,LICENSE,README}.txt
+	dosym /usr/share/cups/docs /usr/share/doc/${PF}/html
+
+	# cleanups
+	rm -rf "${D}"/etc/init.d "${D}"/etc/pam.d "${D}"/etc/rc* "${D}"/usr/share/man/cat* \
+		"${D}"/etc/cups/{certs,interfaces,ppd} "${D}"/var
+
+	sed -i -e "s:^#\(DocumentRoot\).*:\1 /usr/share/cups/docs:" \
+		-e "s:^#\(SystemGroup\).*:\1 lp:" \
+		-e "s:^#\(User\).*:\1 lp:" \
+		-e "s:^#\(Group\).*:\1 lp:" \
+		-e "/^Port/s|Port 631|Port localhost:631|" \
+		"${D}"/etc/cups/cupsd.conf
+
+	pamd_mimic_system cups auth account
+
+	newinitd "${FILESDIR}"/cupsd.init cupsd
+	insinto /etc/xinetd.d ; newins "${FILESDIR}"/cups.xinetd cups-lpd
+
+	# allow raw printing
+	dosed "s:#application/octet-stream:application/octet-stream:" /etc/cups/mime.types /etc/cups/mime.convs
+
+	# install pdftops filter
+	exeinto /usr/lib/cups/filter/
+	newexe "${FILESDIR}"/pdftops.pl pdftops
+	dosed "s:/usr/local:/usr:" /usr/lib/cups/filter/pdftops
+
+	# allow lppasswd, #107306
+	fowners root /usr/bin/lppasswd
+}
+
+pkg_preinst() {
+	# cleanups
+	[ -n "${PN}" ] && rm -fR /usr/share/doc/${PN}-*
+}
+
+pkg_postinst() {
+	install -d -m0755 "${ROOT}"/var/log/cups
+	install -d -m0755 "${ROOT}"/var/spool
+	install -m0700 -o lp -d "${ROOT}"/var/spool/cups
+	install -m1700 -o lp -d "${ROOT}"/var/spool/cups/tmp
+	install -m0711 -o lp -d "${ROOT}"/etc/cups/certs
+	install -d -m0755 "${ROOT}"/etc/cups/{interfaces,ppd}
+
+	einfo "If you're using a USB printer, \"emerge coldplug; rc-update add"
+	einfo "coldplug boot\" is something you should probably do. This"
+	einfo "will allow any USB kernel modules (if present) to be loaded"
+	einfo "automatically at boot."
+	einfo
+	einfo "For more information about installing a printer take a look at:"
+	einfo "http://www.gentoo.org/doc/en/printing-howto.xml."
+
+	local good_gs=false
+	for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp; do
+		if has_version ${x} && built_with_use ${x} cups; then
+			good_gs=true
+			break
+		fi
+	done;
+	if ! ${good_gs}; then
+		ewarn
+		ewarn "You need to emerge ghostscript with the cups-USEflag turned on"
+	fi
+}
diff --git a/net-print/cups/cups-1.2.12-r2.ebuild b/net-print/cups/cups-1.2.12-r2.ebuild
new file mode 100644
index 000000000000..f1bbd8ba6376
--- /dev/null
+++ b/net-print/cups/cups-1.2.12-r2.ebuild
@@ -0,0 +1,224 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.2.12-r2.ebuild,v 1.1 2007/11/05 19:11:14 tgurr Exp $
+
+WANT_AUTOMAKE=latest
+
+inherit autotools eutils flag-o-matic multilib pam
+
+MY_P=${P/_}
+
+DESCRIPTION="The Common Unix Printing System"
+HOMEPAGE="http://www.cups.org/"
+SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2"
+#http://ftp.funet.fi/pub/mirrors/ftp.easysw.com/pub/cups/${PV}/${MY_P}-source.tar.bz2"
+#ESVN_REPO_URI="http://svn.easysw.com/public/cups/trunk"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+IUSE="ldap ssl slp pam php samba nls dbus tiff png ppds jpeg X"
+
+DEP="pam? ( virtual/pam )
+	ssl? ( net-libs/gnutls )
+	slp? ( >=net-libs/openslp-1.0.4 )
+	ldap? ( net-nds/openldap )
+	dbus? ( sys-apps/dbus )
+	png? ( >=media-libs/libpng-1.2.1 )
+	tiff? ( >=media-libs/tiff-3.5.5 )
+	jpeg? ( >=media-libs/jpeg-6b )
+	php? ( dev-lang/php )
+	app-text/libpaper"
+DEPEND="${DEP}
+	!<net-print/foomatic-filters-ppds-20070501
+	!<net-print/hplip-1.7.4a-r1
+	nls? ( sys-devel/gettext )"
+RDEPEND="${DEP}
+	nls? ( virtual/libintl )
+	!virtual/lpr
+	>=app-text/poppler-0.4.3-r1
+	X? ( x11-misc/xdg-utils )"
+
+PDEPEND="
+	ppds? ( || (
+		(
+			net-print/foomatic-filters-ppds
+			net-print/foomatic-db-ppds
+		)
+		net-print/foomatic-filters-ppds
+		net-print/foomatic-db-ppds
+		net-print/hplip
+		media-gfx/gimp-print
+		net-print/foo2zjs
+		net-print/cups-pdf
+	) )
+	samba? ( >=net-fs/samba-3.0.8 )
+	virtual/ghostscript"
+PROVIDE="virtual/lpr"
+
+# upstream includes an interactive test which is a nono for gentoo.
+# therefore, since the printing herd has bigger fish to fry, for now,
+# we just leave it out, even if FEATURES=test
+RESTRICT="test"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	if use x86 && [ -d "/usr/lib64" ]
+	then
+		eerror "You are running an x86 system, but /usr/lib64 exists, cups will install all library objects into this directory!"
+		eerror "You should remove /usr/lib64, but before you do, you should check for existing objects, and re-compile all affected packages."
+		eerror "You can use qfile (emerge portage-utils to install qfile) to get a list of the affected ebuilds:"
+		eerror "# qfile -qC /usr/lib64"
+		die "lib64 on x86 detected"
+	fi
+
+	enewgroup lp
+	enewuser lp -1 -1 -1 lp
+
+	enewgroup lpadmin 106
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	# upstream does not acknowledge bindnow as a solution
+	epatch "${FILESDIR}"/cups-1.2.0-bindnow.patch
+
+	# CVE-2007-4351 security patch, bug #196736
+	epatch "${FILESDIR}"/${PN}-1.2-str2561-v2.patch
+
+	# cups does not use autotools "the usual way" and ship a static config.h.in
+	eaclocal
+	eautoconf
+}
+
+src_compile() {
+	export DSOFLAGS="${LDFLAGS}"
+	econf \
+		--with-cups-user=lp \
+		--with-cups-group=lp \
+		--with-system-groups=lpadmin \
+		--localstatedir=/var \
+		--with-docdir=/usr/share/cups/html \
+		--with-bindnow=$(bindnow-flags) \
+		$(use_enable pam) \
+		$(use_enable ssl) \
+		--enable-gnutls \
+		$(use_enable slp) \
+		$(use_enable nls) \
+		$(use_enable dbus) \
+		$(use_enable png) \
+		$(use_enable jpeg) \
+		$(use_enable tiff) \
+		$(use_with php) \
+		$(use_enable ldap) \
+		--enable-libpaper \
+		--enable-threads \
+		--enable-static \
+		--disable-pdftops \
+		|| die "econf failed"
+
+	# Install in /usr/libexec always, instead of using /usr/lib/cups, as that
+	# makes more sense when facing multilib support.
+	sed -i -e 's:SERVERBIN.*:SERVERBIN = $(BUILDROOT)/usr/libexec/cups:' Makedefs
+	sed -i -e 's:#define CUPS_SERVERBIN.*:#define CUPS_SERVERBIN "/usr/libexec/cups":' config.h
+	sed -i -e 's:cups_serverbin=.*:cups_serverbin=/usr/libexec/cups:' cups-config
+
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake BUILDROOT="${D}" install || die "emake install failed"
+	dodoc {CHANGES{,-1.{0,1}},CREDITS,LICENSE,README}.txt
+
+	# clean out cups init scripts
+	rm -rf "${D}"/etc/{init.d/cups,rc*,pam.d/cups}
+	# install our init scripts
+	newinitd "${FILESDIR}"/cupsd.init cupsd
+	# install our pam script
+	pamd_mimic_system cups auth account
+
+	# correct path
+	sed -i -e "s:server = .*:server = /usr/libexec/cups/daemon/cups-lpd:" "${D}"/etc/xinetd.d/cups-lpd
+	# it is safer to disable this by default, bug 137130
+	grep -w 'disable' "${D}"/etc/xinetd.d/cups-lpd || \
+		sed -i -e "s:}:\tdisable = yes\n}:" "${D}"/etc/xinetd.d/cups-lpd
+
+	# install pdftops filter
+	exeinto /usr/libexec/cups/filter/
+	newexe "${FILESDIR}"/pdftops.pl pdftops
+
+	# only for gs-esp this is correct, see bug 163897
+	if has_version app-text/ghostscript-gpl || has_version app-text/ghostscript-gnu; then
+		sed -i -e "s:#application/vnd.cups-postscript:application/vnd.cups-postscript:" "${D}"/etc/cups/mime.convs
+	fi
+
+	keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \
+		/var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl
+
+	# .desktop handling. X useflag. xdg-open from freedesktop is preferred
+	if use X; then
+		sed -i -e "s:htmlview:xdg-open:" "${D}"/usr/share/applications/cups.desktop
+	else
+		rm -r "${D}"/usr/share/applications
+	fi
+
+	# Fix a symlink collision, see bug #172341
+	dodir /usr/share/ppd
+	dosym /usr/share/ppd /usr/share/cups/model/foomatic-ppds
+}
+
+pkg_preinst() {
+	# cleanups
+	[ -n "${PN}" ] && rm -fR "${ROOT}"/usr/share/doc/${PN}-*
+}
+
+pkg_postinst() {
+	einfo "Remote printing: change "
+	einfo "Listen localhost:631"
+	einfo "to"
+	einfo "Listen *:631"
+	einfo "in /etc/cups/cupsd.conf"
+	einfo
+	einfo "For more information about installing a printer take a look at:"
+	einfo "http://www.gentoo.org/doc/en/printing-howto.xml."
+
+	local good_gs=false
+	for x in app-text/ghostscript-gpl app-text/ghostscript-gnu app-text/ghostscript-esp; do
+		if has_version ${x} && built_with_use ${x} cups; then
+			good_gs=true
+			break
+		fi
+	done;
+	if ! ${good_gs}; then
+		ewarn
+		ewarn "You need to emerge ghostscript with the \"cups\" USE flag turned on"
+	fi
+	if has_version =net-print/cups-1.1*; then
+		ewarn
+		ewarn "The configuration changed with cups-1.2, you may want to save the old"
+		ewarn "one and start from scratch:"
+		ewarn "# mv /etc/cups /etc/cups.orig; emerge -va1 cups"
+		ewarn
+		ewarn "You need to rebuild kdelibs for kdeprinter to work with cups-1.2"
+	fi
+	if [ -e "${ROOT}"/usr/lib/cups ]; then
+		ewarn
+		ewarn "/usr/lib/cups exists - You need to remerge every ebuild that"
+		ewarn "installed into /usr/lib/cups and /etc/cups, qfile is in portage-utils:"
+		ewarn "# FEATURES=-collision-protect emerge -va1 \$(qfile -qC /usr/lib/cups /etc/cups | sed \"s:net-print/cups$::\")"
+		ewarn
+		ewarn "FEATURES=-collision-protect is needed to overwrite the compatibility"
+		ewarn "symlinks installed by this package, it wont be needed on later merges."
+		ewarn "You should also run revdep-rebuild"
+
+		# place symlinks to make the update smoothless
+		for i in "${ROOT}"/usr/lib/cups/{backend,filter}/*; do
+			if [ "${i/\*}" == "${i}" ] && ! [ -e ${i/lib/libexec} ]; then
+				ln -s ${i} ${i/lib/libexec}
+			fi
+		done
+	fi
+}
diff --git a/net-print/cups/cups-1.3.3.ebuild b/net-print/cups/cups-1.3.4.ebuild
index 8aa2ee031647..7f6d01f5068b 100644
--- a/net-print/cups/cups-1.3.3.ebuild
+++ b/net-print/cups/cups-1.3.4.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.3.ebuild,v 1.1 2007/10/10 21:07:17 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.4.ebuild,v 1.1 2007/11/05 19:11:14 tgurr Exp $
 
 inherit autotools eutils flag-o-matic multilib pam
 
@@ -13,10 +13,10 @@ SRC_URI="mirror://sourceforge/cups/${MY_P}-source.tar.bz2"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
-IUSE="acl bonjour bluetooth dbus java jpeg kerberos ldap nls pam perl php png ppds python samba slp ssl static tiff X"
+IUSE="acl avahi bluetooth dbus java jpeg kerberos ldap nls pam perl php png ppds python samba slp ssl static tiff X"
 
 COMMON_DEPEND="acl? ( kernel_linux? ( sys-apps/acl sys-apps/attr ) )
-	bonjour? ( || ( net-misc/mDNSResponder net-dns/avahi ) )
+	avahi? ( || ( net-misc/mDNSResponder net-dns/avahi ) )
 	dbus? ( sys-apps/dbus )
 	java? ( >=virtual/jre-1.4 )
 	jpeg? ( >=media-libs/jpeg-6b )
@@ -117,7 +117,7 @@ src_compile() {
 		--with-languages=${LINGUAS} \
 		--with-system-groups=lpadmin \
 		$(use_enable acl) \
-		$(use_enable bonjour dnssd) \
+		$(use_enable avahi dnssd) \
 		$(use_enable dbus) \
 		$(use_enable jpeg) \
 		$(use_enable kerberos gssapi) \
diff --git a/net-print/cups/files/cups-1.1-str2561-v2.patch b/net-print/cups/files/cups-1.1-str2561-v2.patch
new file mode 100644
index 000000000000..3db85798f542
--- /dev/null
+++ b/net-print/cups/files/cups-1.1-str2561-v2.patch
@@ -0,0 +1,152 @@
+Index: ipp.c
+===================================================================
+--- cups-1.1.23.orig/cups/ipp.c	(revision 7023)
++++ cups-1.1.23/cups/ipp.c	(working copy)
+@@ -1,5 +1,5 @@
+ /*
+- * "$Id: cups-1.1-str2561-v2.patch,v 1.1 2007/11/05 19:11:14 tgurr Exp $"
++ * "$Id: cups-1.1-str2561-v2.patch,v 1.1 2007/11/05 19:11:14 tgurr Exp $"
+  *
+  *   Internet Printing Protocol support functions for the Common UNIX
+  *   Printing System (CUPS).
+@@ -1119,6 +1119,12 @@
+ 	  {
+ 	    case IPP_TAG_INTEGER :
+ 	    case IPP_TAG_ENUM :
++		if (n != 4)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, buffer, 4) < 4)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to read integer value!");
+@@ -1131,6 +1137,12 @@
+                 value->integer = n;
+ 	        break;
+ 	    case IPP_TAG_BOOLEAN :
++		if (n != 1)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, buffer, 1) < 1)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to read boolean value!");
+@@ -1148,6 +1160,12 @@
+ 	    case IPP_TAG_CHARSET :
+ 	    case IPP_TAG_LANGUAGE :
+ 	    case IPP_TAG_MIMETYPE :
++		if (n >= sizeof(buffer))
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+                 value->string.text = calloc(n + 1, 1);
+ 
+ 	        if ((*cb)(src, (ipp_uchar_t *)value->string.text, n) < n)
+@@ -1160,6 +1178,12 @@
+ 		              value->string.text));
+ 	        break;
+ 	    case IPP_TAG_DATE :
++		if (n != 11)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, value->date, 11) < 11)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to date integer value!");
+@@ -1167,6 +1191,12 @@
+ 		}
+ 	        break;
+ 	    case IPP_TAG_RESOLUTION :
++		if (n != 9)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, buffer, 9) < 9)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to read resolution value!");
+@@ -1183,6 +1213,12 @@
+ 		    (ipp_res_t)buffer[8];
+ 	        break;
+ 	    case IPP_TAG_RANGE :
++		if (n != 8)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, buffer, 8) < 8)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to read range value!");
+@@ -1198,7 +1234,7 @@
+ 	        break;
+ 	    case IPP_TAG_TEXTLANG :
+ 	    case IPP_TAG_NAMELANG :
+-	        if (n > sizeof(buffer) || n < 4)
++	        if (n >= sizeof(buffer) || n < 4)
+ 		{
+ 		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
+ 		  return (IPP_ERROR);
+@@ -1224,18 +1260,28 @@
+ 
+ 		n = (bufptr[0] << 8) | bufptr[1];
+ 
++		if ((bufptr + 2 + n) >= (buffer + sizeof(buffer)))
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+                 value->string.charset = calloc(n + 1, 1);
+ 
+-		memcpy(value->string.charset,
+-		       bufptr + 2, n);
++		memcpy(value->string.charset, bufptr + 2, n);
+ 
+                 bufptr += 2 + n;
+ 		n = (bufptr[0] << 8) | bufptr[1];
+ 
++		if ((bufptr + 2 + n) >= (buffer + sizeof(buffer)))
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+                 value->string.text = calloc(n + 1, 1);
+ 
+-		memcpy(value->string.text,
+-		       bufptr + 2, n);
++		memcpy(value->string.text, bufptr + 2, n);
+ 	        break;
+ 
+             case IPP_TAG_BEGIN_COLLECTION :
+@@ -1287,6 +1333,12 @@
+ 		break;
+ 
+             default : /* Other unsupported values */
++		if (n > sizeof(buffer))
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+                 value->unknown.length = n;
+ 	        if (n > 0)
+ 		{
+@@ -2557,5 +2609,5 @@
+ 
+ 
+ /*
+- * End of "$Id: cups-1.1-str2561-v2.patch,v 1.1 2007/11/05 19:11:14 tgurr Exp $".
++ * End of "$Id: cups-1.1-str2561-v2.patch,v 1.1 2007/11/05 19:11:14 tgurr Exp $".
+  */
+
diff --git a/net-print/cups/files/cups-1.2-str2561-v2.patch b/net-print/cups/files/cups-1.2-str2561-v2.patch
new file mode 100644
index 000000000000..5cd70e0a3abe
--- /dev/null
+++ b/net-print/cups/files/cups-1.2-str2561-v2.patch
@@ -0,0 +1,154 @@
+Index: ipp.c
+===================================================================
+--- cups-1.2.12.orig/cups/ipp.c	(revision 7023)
++++ cups-1.2.12./cups/ipp.c	(working copy)
+@@ -1315,6 +1315,12 @@
+ 	  {
+ 	    case IPP_TAG_INTEGER :
+ 	    case IPP_TAG_ENUM :
++		if (n != 4)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, buffer, 4) < 4)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to read integer value!");
+@@ -1327,6 +1333,12 @@
+                 value->integer = n;
+ 	        break;
+ 	    case IPP_TAG_BOOLEAN :
++		if (n != 1)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, buffer, 1) < 1)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to read boolean value!");
+@@ -1344,6 +1356,12 @@
+ 	    case IPP_TAG_CHARSET :
+ 	    case IPP_TAG_LANGUAGE :
+ 	    case IPP_TAG_MIMETYPE :
++		if (n >= sizeof(buffer))
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 		if ((*cb)(src, buffer, n) < n)
+ 		{
+ 		  DEBUG_puts("ippReadIO: unable to read name!");
+@@ -1356,6 +1374,12 @@
+ 		              value->string.text));
+ 	        break;
+ 	    case IPP_TAG_DATE :
++		if (n != 11)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, value->date, 11) < 11)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to date integer value!");
+@@ -1363,6 +1387,12 @@
+ 		}
+ 	        break;
+ 	    case IPP_TAG_RESOLUTION :
++		if (n != 9)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, buffer, 9) < 9)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to read resolution value!");
+@@ -1379,6 +1409,12 @@
+ 		    (ipp_res_t)buffer[8];
+ 	        break;
+ 	    case IPP_TAG_RANGE :
++		if (n != 8)
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, buffer, 8) < 8)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to read range value!");
+@@ -1394,7 +1430,7 @@
+ 	        break;
+ 	    case IPP_TAG_TEXTLANG :
+ 	    case IPP_TAG_NAMELANG :
+-	        if (n > sizeof(buffer) || n < 4)
++	        if (n >= sizeof(buffer) || n < 4)
+ 		{
+ 		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
+ 		  return (IPP_ERROR);
+@@ -1420,22 +1456,27 @@
+ 
+ 		n = (bufptr[0] << 8) | bufptr[1];
+ 
+-                if (n >= sizeof(string))
++		if ((bufptr + 2 + n) >= (buffer + sizeof(buffer)) ||
++		    n >= sizeof(string))
+ 		{
+-		  memcpy(string, bufptr + 2, sizeof(string) - 1);
+-		  string[sizeof(string) - 1] = '\0';
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
+ 		}
+-		else
+-		{
+-		  memcpy(string, bufptr + 2, n);
+-		  string[n] = '\0';
+-                }
+ 
++		memcpy(string, bufptr + 2, n);
++		string[n] = '\0';
++
+ 		value->string.charset = _cupsStrAlloc((char *)string);
+ 
+                 bufptr += 2 + n;
+ 		n = (bufptr[0] << 8) | bufptr[1];
+ 
++		if ((bufptr + 2 + n) >= (buffer + sizeof(buffer)))
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 		bufptr[2 + n] = '\0';
+                 value->string.text = _cupsStrAlloc((char *)bufptr + 2);
+ 	        break;
+@@ -1477,6 +1518,12 @@
+ 		* we need to carry over...
+ 		*/
+ 
++		if (n >= sizeof(buffer))
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+ 	        if ((*cb)(src, buffer, n) < n)
+ 		{
+ 	          DEBUG_puts("ippReadIO: Unable to read member name value!");
+@@ -1498,6 +1545,12 @@
+ 		break;
+ 
+             default : /* Other unsupported values */
++		if (n > sizeof(buffer))
++		{
++		  DEBUG_printf(("ippReadIO: bad value length %d!\n", n));
++		  return (IPP_ERROR);
++		}
++
+                 value->unknown.length = n;
+ 	        if (n > 0)
+ 		{
+
diff --git a/net-print/cups/files/digest-cups-1.1.23-r9 b/net-print/cups/files/digest-cups-1.1.23-r9
new file mode 100644
index 000000000000..368d38b252b6
--- /dev/null
+++ b/net-print/cups/files/digest-cups-1.1.23-r9
@@ -0,0 +1,3 @@
+MD5 4ce09b1dce09b6b9398af0daae9adf63 cups-1.1.23-source.tar.bz2 8705521
+RMD160 255ec4c22422b14f2367d69f3ec7e590dc46bea5 cups-1.1.23-source.tar.bz2 8705521
+SHA256 87da0f7b1e03236e183045f1e787957132658ead56c4b0f80ac7f86c1574a85e cups-1.1.23-source.tar.bz2 8705521
diff --git a/net-print/cups/files/digest-cups-1.2.12-r2 b/net-print/cups/files/digest-cups-1.2.12-r2
new file mode 100644
index 000000000000..8073a9a92cbd
--- /dev/null
+++ b/net-print/cups/files/digest-cups-1.2.12-r2
@@ -0,0 +1,3 @@
+MD5 d410658468384b5ba5d04a808f6157fe cups-1.2.12-source.tar.bz2 3788301
+RMD160 598270e37ff8a9b9ff1e667066d6f7e120493e32 cups-1.2.12-source.tar.bz2 3788301
+SHA256 b4ff8e934da7db32d5654360ea9068faa0ed5a00fde02161ae53c2052510d00f cups-1.2.12-source.tar.bz2 3788301
diff --git a/net-print/cups/files/digest-cups-1.3.3 b/net-print/cups/files/digest-cups-1.3.3
deleted file mode 100644
index 98548d9fa278..000000000000
--- a/net-print/cups/files/digest-cups-1.3.3
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 d4911e68b6979d16bc7a55f68d16cc53 cups-1.3.3-source.tar.bz2 4077262
-RMD160 b1c34cdcfb79a5b04ffd3174c35d07beea678cb1 cups-1.3.3-source.tar.bz2 4077262
-SHA256 5e9e5670777055293e309cb0cbb2758df9c1275bf648df70478b7389c2d804de cups-1.3.3-source.tar.bz2 4077262
diff --git a/net-print/cups/files/digest-cups-1.3.4 b/net-print/cups/files/digest-cups-1.3.4
new file mode 100644
index 000000000000..991c8b77ff2e
--- /dev/null
+++ b/net-print/cups/files/digest-cups-1.3.4
@@ -0,0 +1,3 @@
+MD5 4bd20d69bb083b42632346a383b6aefb cups-1.3.4-source.tar.bz2 4082345
+RMD160 30dd2925507a0c83513ee887debecb4bad1ddb53 cups-1.3.4-source.tar.bz2 4082345
+SHA256 91581afc60aa0a6789b1c0373bc204d3b7deec5b608cc3cadc8c07d0ba749154 cups-1.3.4-source.tar.bz2 4082345
author	Timo Gurr <tgurr@gentoo.org>	2007-11-05 19:11:14 +0000
committer	Timo Gurr <tgurr@gentoo.org>	2007-11-05 19:11:14 +0000
commit	f10de48385c28c0980ca54e26bcca9bcbeb91a6f (patch)
tree	de21fa0e46497dd8139e0b6908bd0fdd77c6ba06 /net-print
parent	Home Page fix (diff)
download	gentoo-2-f10de48385c28c0980ca54e26bcca9bcbeb91a6f.tar.gz gentoo-2-f10de48385c28c0980ca54e26bcca9bcbeb91a6f.tar.bz2 gentoo-2-f10de48385c28c0980ca54e26bcca9bcbeb91a6f.zip