From d053938d834e74b0c881c12a5cb240ad4bab0d9b Mon Sep 17 00:00:00 2001
From: root <root@rshg054.dnsready.net>
Date: Mon, 14 Oct 2013 00:05:52 -0700
Subject: Mon Oct 14 00:05:51 PDT 2013

---
 libre/hplip-libre/PKGBUILD                  | 28 ++++++++++++++++++++--------
 libre/hplip-libre/hplip-CVE-2013-4325.patch | 22 ++++++++++++++++++++++
 libre/ruby-rdiscount/PKGBUILD               | 14 +++++---------
 3 files changed, 47 insertions(+), 17 deletions(-)
 create mode 100644 libre/hplip-libre/hplip-CVE-2013-4325.patch

(limited to 'libre')

diff --git a/libre/hplip-libre/PKGBUILD b/libre/hplip-libre/PKGBUILD
index bd2820343..41ef21e4e 100644
--- a/libre/hplip-libre/PKGBUILD
+++ b/libre/hplip-libre/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 194375 2013-09-15 08:00:33Z andyrtr $
+# $Id: PKGBUILD 196443 2013-10-13 20:05:28Z andyrtr $
 # Maintainer: Tom Gundersen <teg@jklm.no>
 # Contributor : Rémy Oudompheng <remy@archlinux.org>
 # Contributor: Morgan LEFIEUX <comete@archlinuxfr.org>
@@ -7,7 +7,7 @@
 _pkgname=hplip
 pkgname=hplip-libre
 pkgver=3.13.9
-pkgrel=2
+pkgrel=3
 pkgdesc="Drivers for HP DeskJet, OfficeJet, Photosmart, Business Inkjet and some LaserJet, without hplip-plugin binary blobs recommendation"
 arch=('i686' 'x86_64')
 url="http://hplipopensource.com"
@@ -30,17 +30,22 @@ provides=$_pkgname=$pkgver
 options=('!libtool')
 install=hplip.install
 source=(http://downloads.sourceforge.net/${_pkgname}/$_pkgname-$pkgver.tar.gz{,.asc}
-        hp-mkuri.patch)
+        hp-mkuri.patch
+        hplip-CVE-2013-4325.patch)
 md5sums=('8fcbbd0d3a0b76550f325bd6cf46d9d9'
          'SKIP'
-         '0bd7779fdbc4d7a9386df04dce2cb8d4')
+         '0bd7779fdbc4d7a9386df04dce2cb8d4'
+         '947db41ee8556c78dd027a2f107957e6')
 
-build() {
- cd "$srcdir/$_pkgname-$pkgver"
+prepare() {
+ cd $_pkgname-$pkgver
 
  # fix linking libnotify, FS#34283
  patch -Np0 -i ${srcdir}/hp-mkuri.patch
  
+ # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4325
+ patch -Np1 -i ${srcdir}/hplip-CVE-2013-4325.patch
+ 
  export PYTHON=python2
  
  find . -type f -exec sed -i 's~^#.*env python~#!/usr/bin/env python2~' {} +
@@ -65,7 +70,10 @@ build() {
    
  export AUTOMAKE='automake --foreign'
  autoreconf --force --install
+}
 
+build() {
+ cd $_pkgname-$pkgver
  ./configure --prefix=/usr \
              --enable-qt4 \
              --disable-foomatic-rip-hplip-install \
@@ -83,15 +91,19 @@ build() {
 }
 
 package() {
- #cd "$srcdir/$_pkgname-$pkgver"
- cd "$srcdir/$_pkgname-${pkgver/.a/a}"
+ #cd $_pkgname-$pkgver
+ cd $_pkgname-${pkgver/.a/a}
  make rulesdir=/usr/lib/udev/rules.d DESTDIR="$pkgdir/" install
+ 
  # remove config provided by sane and autostart of hp-daemon
  rm -rf "$pkgdir"/etc/{sane.d,xdg}
+ 
  # remove HAL .fdi file because HAL is no longer used
  rm -rf "$pkgdir"/usr/share/hal
+ 
  # log dir should not be world writeable
  chmod 775 "$pkgdir"/var/log/hp{,/tmp}
+ 
  # remove rc script
  rm -rf "$pkgdir"/etc/init.d
 }
diff --git a/libre/hplip-libre/hplip-CVE-2013-4325.patch b/libre/hplip-libre/hplip-CVE-2013-4325.patch
new file mode 100644
index 000000000..85bff893b
--- /dev/null
+++ b/libre/hplip-libre/hplip-CVE-2013-4325.patch
@@ -0,0 +1,22 @@
+diff -up hplip-3.13.7/base/pkit.py.CVE-2013-4325 hplip-3.13.7/base/pkit.py
+--- hplip-3.13.7/base/pkit.py.CVE-2013-4325	2013-07-23 06:18:29.000000000 +0100
++++ hplip-3.13.7/base/pkit.py	2013-09-11 10:54:13.252419283 +0100
+@@ -176,15 +176,10 @@ class PolicyKitService(dbus.service.Obje
+                                     "/org/freedesktop/PolicyKit1/Authority",
+                                     "org.freedesktop.PolicyKit1.Authority")
+         policy_kit = dbus.Interface(obj, "org.freedesktop.PolicyKit1.Authority")
+-        info = dbus.Interface(connection.get_object("org.freedesktop.DBus",
+-                                                    "/org/freedesktop/DBus/Bus",
+-                                                    False),
+-                              "org.freedesktop.DBus")
+-        pid = info.GetConnectionUnixProcessID(sender)
+         
+         subject = (
+-            'unix-process',
+-            { 'pid' : dbus.UInt32(pid, variant_level = 1) }
++            'system-bus-name',
++            { 'name' : dbus.String(sender, variant_level = 1) }
+         )
+         details = { '' : '' }
+         flags = dbus.UInt32(1)         # AllowUserInteraction = 0x00000001
+
diff --git a/libre/ruby-rdiscount/PKGBUILD b/libre/ruby-rdiscount/PKGBUILD
index 76e4b58bd..b6cbcc4cc 100644
--- a/libre/ruby-rdiscount/PKGBUILD
+++ b/libre/ruby-rdiscount/PKGBUILD
@@ -4,24 +4,18 @@
 
 _gemname=rdiscount
 pkgname=ruby-$_gemname
-pkgver=1.6.5
+pkgver=2.1.6
 pkgdesc="C implementation of John Gruber's Markdown."
 url="http://dafoster.net/projects/rdiscount/"
 
-# About the license: It is a 4-clause BSD license with the 3rd clause modified
-# to mention documentation instead of advertising.  Not to be confused with
-# "Modified BSD", which the FSF uses to refer to a 3-clause BSD license
-# (dropping the 3rd clause).  Because of the way it is modified, it doesn't have
-# the problems normally associated with the 4-clause BSD license.
-license=('custom:modified-BSD4')
+license=('BSD3')
 
-pkgrel=2
+pkgrel=1
 arch=('i686' 'x86_64')
 depends=('ruby')
 makedepends=('rubygems')
 source=(http://rubygems.org/downloads/$_gemname-$pkgver.gem)
 noextract=($_gemname-$pkgver.gem)
-md5sums=('2de321f1ba826f80b84fe45c0d013fcf')
 
 package() {
   cd "${srcdir}"
@@ -36,3 +30,5 @@ package() {
     install -Dm644 "$file" "$pkgdir"/usr/share/man/man${file##*.}/${file##*/}
   done
 }
+
+md5sums=('99c5a8f33f6796e766f0b8e73b0519c6')
-- 
cgit v1.2.3-54-g00ecf