commit: 514b7f9c5f97a92ad3e9c4321db99e8fc4cd14a2 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Sep 26 21:19:03 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Sep 26 21:20:22 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=514b7f9c
net-print/cups-browsed: add 2.0.1 Also, include a mitigation for CVE-2024-47176 (bug #940311) by copying the effects of upstream commit 1debe6b140c37e0aa928559add4abcc95ce54aa2, i.e. drop 'cups' from --with-browseremoteprotocols=... (Also, while here, change the casing to match the upstream configure script.) Bug: https://bugs.gentoo.org/940312 Bug: https://bugs.gentoo.org/940311 Bug: https://bugs.gentoo.org/940313 Bug: https://bugs.gentoo.org/940314 Bug: https://bugs.gentoo.org/940315 Bug: https://bugs.gentoo.org/940316 Signed-off-by: Sam James <sam <AT> gentoo.org> net-print/cups-browsed/Manifest | 1 + net-print/cups-browsed/cups-browsed-2.0.1.ebuild | 79 ++++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/net-print/cups-browsed/Manifest b/net-print/cups-browsed/Manifest index e9a2ce2398ba..f4b18818f2c7 100644 --- a/net-print/cups-browsed/Manifest +++ b/net-print/cups-browsed/Manifest @@ -1 +1,2 @@ DIST cups-browsed-2.0.0.tar.xz 426132 BLAKE2B e1724c03302d61cf131c8886a95f6ad8f0236b134f1deaadb783fa185141b83cd8ac5c5d993ded37d04c7fd806c5cde157a792a90a2f372075f24a5bd2423dc5 SHA512 592493ef82c65b2418b86b555c4d24bdf352f78516993a021d106240b8c399fd9f4fcc27e396e895d94da889a97f2bbc5e96bfa92c58c8be80802ee8df43db80 +DIST cups-browsed-2.0.1.tar.xz 427060 BLAKE2B 06c9c8f8c50a165b11f029804dbb20db0ebfd7cddc93c274851e1ab849d0a200fcb8e7dfc489656fa1255c7d6540ae5407467161bd51edca3e8ce04e7d02b78f SHA512 9e9a11708daa861ef58b19a3bda636f1e1fccf0cf12ad5880096d61132f1df9bfa8b81f437247064d199e3aa6a5438061ba085a6d6df52c1ba6021f3b32d9d00 diff --git a/net-print/cups-browsed/cups-browsed-2.0.1.ebuild b/net-print/cups-browsed/cups-browsed-2.0.1.ebuild new file mode 100644 index 000000000000..b2dadbc233a5 --- /dev/null +++ b/net-print/cups-browsed/cups-browsed-2.0.1.ebuild @@ -0,0 +1,79 @@ +# Copyright 2023-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit systemd + +DESCRIPTION="helper daemon to browse for remote CUPS queues and IPP network printers" +HOMEPAGE="https://github.com/OpenPrinting/cups-browsed"; +SRC_URI="https://github.com/OpenPrinting/cups-browsed/releases/download/${PV}/${P}.tar.xz"; + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="ldap test zeroconf" + +RDEPEND=" + dev-libs/glib:2 + >=net-print/cups-2 + >=net-print/cups-filters-2.0.0 + ldap? ( net-nds/openldap:= ) + test? ( net-print/cups[zeroconf] ) + zeroconf? ( net-dns/avahi[dbus] ) +" +DEPEND="${RDEPEND}" +BDEPEND=" + dev-util/gdbus-codegen + >=sys-devel/gettext-0.18.3 + virtual/pkgconfig +" + +# The tests are new since the split out of cups-filters. Actually running them +# seems to be challenging. You need: +# - cups tools that are USE-optional +# - running avahi-daemon (as root!) +# - disable portage's pid-sandbox, which interferes with avahi +# - ipptool still fails to connect to port 8xxx +# +# If anything fails, a `while true` loop fails to successfully launch and break +# out of the loop, leading to a hang. Until there's an obvious recipe for +# successfully running the tests, restrict it. +RESTRICT="test" + +src_configure() { + local myeconfargs=( + --localstatedir="${EPREFIX}"/var + # Omit cups here for bug #940311 (CVE-2024-47176 mitigation) + --with-browseremoteprotocols=dnssd + --with-cups-rundir="${EPREFIX}"/run/cups + --with-rcdir=no + + $(use_enable ldap) + $(use_enable zeroconf avahi) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + # Requires avahi running. Hangs forever if not available. + avahi-daemon --check 2>/dev/null || die "no running avahi daemon found, cannot run tests" + + default +} + +src_install() { + default + + cp "${FILESDIR}"/cups-browsed.init.d "${T}"/cups-browsed || die + + if ! use zeroconf ; then + sed -i -e 's:need cupsd avahi-daemon:need cupsd:g' "${T}"/cups-browsed || die + sed -i -e 's:cups\.service avahi-daemon\.service:cups.service:g' "${S}"/daemon/cups-browsed.service || die + fi + + doinitd "${T}"/cups-browsed + systemd_dounit "${S}"/daemon/cups-browsed.service + +}
