From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1673980-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id F2F43158083
	for <garchives@archives.gentoo.org>; Thu, 26 Sep 2024 21:21:32 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id EB593E2B28;
	Thu, 26 Sep 2024 21:21:31 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id BA7AEE2B28
	for <gentoo-commits@lists.gentoo.org>; Thu, 26 Sep 2024 21:21:31 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id DED34343394
	for <gentoo-commits@lists.gentoo.org>; Thu, 26 Sep 2024 21:21:29 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 14B351ACF
	for <gentoo-commits@lists.gentoo.org>; Thu, 26 Sep 2024 21:21:28 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1727385622.514b7f9c5f97a92ad3e9c4321db99e8fc4cd14a2.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-print/cups-browsed/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-print/cups-browsed/Manifest net-print/cups-browsed/cups-browsed-2.0.1.ebuild
X-VCS-Directories: net-print/cups-browsed/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 514b7f9c5f97a92ad3e9c4321db99e8fc4cd14a2
X-VCS-Branch: master
Date: Thu, 26 Sep 2024 21:21:28 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: a1ef3b69-cf30-48d6-a644-fe3005e12b6b
X-Archives-Hash: c981ded4b439b9d78b798096b0f7cc77

commit:     514b7f9c5f97a92ad3e9c4321db99e8fc4cd14a2
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 26 21:19:03 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Sep 26 21:20:22 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=514b7f9c

net-print/cups-browsed: add 2.0.1

Also, include a mitigation for CVE-2024-47176 (bug #940311) by
copying the effects of upstream commit 1debe6b140c37e0aa928559add4abcc95ce54aa2,
i.e. drop 'cups' from --with-browseremoteprotocols=...

(Also, while here, change the casing to match the upstream configure script.)

Bug: https://bugs.gentoo.org/940312
Bug: https://bugs.gentoo.org/940311
Bug: https://bugs.gentoo.org/940313
Bug: https://bugs.gentoo.org/940314
Bug: https://bugs.gentoo.org/940315
Bug: https://bugs.gentoo.org/940316
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-print/cups-browsed/Manifest                  |  1 +
 net-print/cups-browsed/cups-browsed-2.0.1.ebuild | 79 ++++++++++++++++++++++++
 2 files changed, 80 insertions(+)

diff --git a/net-print/cups-browsed/Manifest b/net-print/cups-browsed/Manifest
index e9a2ce2398ba..f4b18818f2c7 100644
--- a/net-print/cups-browsed/Manifest
+++ b/net-print/cups-browsed/Manifest
@@ -1 +1,2 @@
 DIST cups-browsed-2.0.0.tar.xz 426132 BLAKE2B e1724c03302d61cf131c8886a95f6ad8f0236b134f1deaadb783fa185141b83cd8ac5c5d993ded37d04c7fd806c5cde157a792a90a2f372075f24a5bd2423dc5 SHA512 592493ef82c65b2418b86b555c4d24bdf352f78516993a021d106240b8c399fd9f4fcc27e396e895d94da889a97f2bbc5e96bfa92c58c8be80802ee8df43db80
+DIST cups-browsed-2.0.1.tar.xz 427060 BLAKE2B 06c9c8f8c50a165b11f029804dbb20db0ebfd7cddc93c274851e1ab849d0a200fcb8e7dfc489656fa1255c7d6540ae5407467161bd51edca3e8ce04e7d02b78f SHA512 9e9a11708daa861ef58b19a3bda636f1e1fccf0cf12ad5880096d61132f1df9bfa8b81f437247064d199e3aa6a5438061ba085a6d6df52c1ba6021f3b32d9d00

diff --git a/net-print/cups-browsed/cups-browsed-2.0.1.ebuild b/net-print/cups-browsed/cups-browsed-2.0.1.ebuild
new file mode 100644
index 000000000000..b2dadbc233a5
--- /dev/null
+++ b/net-print/cups-browsed/cups-browsed-2.0.1.ebuild
@@ -0,0 +1,79 @@
+# Copyright 2023-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd
+
+DESCRIPTION="helper daemon to browse for remote CUPS queues and IPP network printers"
+HOMEPAGE="https://github.com/OpenPrinting/cups-browsed"
+SRC_URI="https://github.com/OpenPrinting/cups-browsed/releases/download/${PV}/${P}.tar.xz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+IUSE="ldap test zeroconf"
+
+RDEPEND="
+	dev-libs/glib:2
+	>=net-print/cups-2
+	>=net-print/cups-filters-2.0.0
+	ldap? ( net-nds/openldap:= )
+	test? ( net-print/cups[zeroconf] )
+	zeroconf? ( net-dns/avahi[dbus] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	dev-util/gdbus-codegen
+	>=sys-devel/gettext-0.18.3
+	virtual/pkgconfig
+"
+
+# The tests are new since the split out of cups-filters. Actually running them
+# seems to be challenging. You need:
+# - cups tools that are USE-optional
+# - running avahi-daemon (as root!)
+# - disable portage's pid-sandbox, which interferes with avahi
+# - ipptool still fails to connect to port 8xxx
+#
+# If anything fails, a `while true` loop fails to successfully launch and break
+# out of the loop, leading to a hang. Until there's an obvious recipe for
+# successfully running the tests, restrict it.
+RESTRICT="test"
+
+src_configure() {
+	local myeconfargs=(
+		--localstatedir="${EPREFIX}"/var
+		# Omit cups here for bug #940311 (CVE-2024-47176 mitigation)
+		--with-browseremoteprotocols=dnssd
+		--with-cups-rundir="${EPREFIX}"/run/cups
+		--with-rcdir=no
+
+		$(use_enable ldap)
+		$(use_enable zeroconf avahi)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_test() {
+	# Requires avahi running. Hangs forever if not available.
+	avahi-daemon --check 2>/dev/null || die "no running avahi daemon found, cannot run tests"
+
+	default
+}
+
+src_install() {
+	default
+
+	cp "${FILESDIR}"/cups-browsed.init.d "${T}"/cups-browsed || die
+
+	if ! use zeroconf ; then
+		sed -i -e 's:need cupsd avahi-daemon:need cupsd:g' "${T}"/cups-browsed || die
+		sed -i -e 's:cups\.service avahi-daemon\.service:cups.service:g' "${S}"/daemon/cups-browsed.service || die
+	fi
+
+	doinitd "${T}"/cups-browsed
+	systemd_dounit "${S}"/daemon/cups-browsed.service
+
+}