Version bumps, fixing security issues. QA fixes. Remove old.

(Portage version: 2.2_rc49/cvs/Linux x86_64)

8 files changed, 503 insertions, 58 deletions

diff --git a/net-print/cups/ChangeLog b/net-print/cups/ChangeLog
index c4bf9e15e52f..ef3e84545473 100644
--- a/net-print/cups/ChangeLog
+++ b/net-print/cups/ChangeLog
@@ -1,6 +1,18 @@
 # ChangeLog for net-print/cups
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.366 2009/09/17 15:36:38 lack Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/ChangeLog,v 1.367 2009/11/13 18:53:55 tgurr Exp $
+
+*cups-1.4.2 (13 Nov 2009)
+*cups-1.3.11-r1 (13 Nov 2009)
+
+  13 Nov 2009; Timo Gurr <tgurr@gentoo.org>
+  -files/cups-1.3.9-CVE-2008-5286.patch, cups-1.3.10-r2.ebuild,
+  -cups-1.3.11.ebuild, +cups-1.3.11-r1.ebuild,
+  +files/cups-1.3.11-str3367-security-1.3v2.patch,
+  +files/cups-1.3.11-str3401-security-1.3v2-regression.patch,
+  -cups-1.4.1.ebuild, -files/cups-1.4.1-usb-function-decl.patch,
+  +cups-1.4.2.ebuild:
+  Version bumps, fixing security issues. QA fixes. Remove old.
 
   17 Sep 2009; Jim Ramsay <lack@gentoo.org> cups-1.4.1.ebuild,
   +files/cups-1.4.1-usb-function-decl.patch:
diff --git a/net-print/cups/cups-1.3.10-r2.ebuild b/net-print/cups/cups-1.3.10-r2.ebuild
index 5790dbde2fe7..b71164ba2024 100644
--- a/net-print/cups/cups-1.3.10-r2.ebuild
+++ b/net-print/cups/cups-1.3.10-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.10-r2.ebuild,v 1.9 2009/08/09 12:32:28 nixnut Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.10-r2.ebuild,v 1.10 2009/11/13 18:53:55 tgurr Exp $
 
 inherit autotools eutils flag-o-matic multilib pam
 
@@ -8,7 +8,7 @@ MY_P=${P/_}
 
 DESCRIPTION="The Common Unix Printing System"
 HOMEPAGE="http://www.cups.org/"
-SRC_URI="http://ftp.easysw.com/pub/cups/${PV}/${MY_P}-source.tar.bz2"
+SRC_URI="mirror://easysw/${PN}/${PV}/${MY_P}-source.tar.bz2"
 
 LICENSE="GPL-2"
 SLOT="0"
diff --git a/net-print/cups/cups-1.3.11.ebuild b/net-print/cups/cups-1.3.11-r1.ebuild
index 3b5c4404dd1f..8097a8abfc04 100644
--- a/net-print/cups/cups-1.3.11.ebuild
+++ b/net-print/cups/cups-1.3.11-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.11.ebuild,v 1.1 2009/07/08 22:41:43 tgurr Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.3.11-r1.ebuild,v 1.1 2009/11/13 18:53:55 tgurr Exp $
 
 inherit autotools eutils flag-o-matic multilib pam
 
@@ -8,7 +8,7 @@ MY_P=${P/_}
 
 DESCRIPTION="The Common Unix Printing System"
 HOMEPAGE="http://www.cups.org/"
-SRC_URI="http://ftp.easysw.com/pub/cups/${PV}/${MY_P}-source.tar.bz2"
+SRC_URI="mirror://easysw/${PN}/${PV}/${MY_P}-source.tar.bz2"
 
 LICENSE="GPL-2"
 SLOT="0"
@@ -104,6 +104,11 @@ src_unpack() {
 	# detect recent libgnutls versions, upstream bug STR #3178
 	epatch "${FILESDIR}/${PN}-1.3.10-str3178.patch"
 
+	# security fix CUPS XSS and HTTP header/body attacks via attribute injection
+	# upstream bug STR #3178 and STR #3401
+	epatch "${FILESDIR}/${PN}-1.3.11-str3367-security-1.3v2.patch"
+	epatch "${FILESDIR}/${PN}-1.3.11-str3401-security-1.3v2-regression.patch"
+
 	# cups does not use autotools "the usual way" and ship a static config.h.in
 	eaclocal
 	eautoconf
diff --git a/net-print/cups/cups-1.4.1.ebuild b/net-print/cups/cups-1.4.2.ebuild
index 7496ff8715a5..c8f7250bfee7 100644
--- a/net-print/cups/cups-1.4.1.ebuild
+++ b/net-print/cups/cups-1.4.2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.1.ebuild,v 1.2 2009/09/17 15:36:38 lack Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-print/cups/cups-1.4.2.ebuild,v 1.1 2009/11/13 18:53:55 tgurr Exp $
 
 EAPI="2"
 
@@ -57,6 +57,11 @@ RESTRICT="test"
 
 S="${WORKDIR}/${MY_P}"
 
+LANGS="da de es eu fi fr it ja ko nl no pl pt pt_BR ru sv zh zh_TW"
+for X in ${LANGS} ; do
+	IUSE="${IUSE} linguas_${X}"
+done
+
 pkg_setup() {
 	enewgroup lp
 	enewuser lp -1 -1 -1 lp
@@ -66,12 +71,16 @@ pkg_setup() {
 src_prepare() {
 	# create a missing symlink to allow https printing via IPP, bug #217293
 	epatch "${FILESDIR}/${PN}-1.4.0-backend-https.patch"
-	epatch "${FILESDIR}/${PN}-1.4.1-usb-function-decl.patch"
 }
 
 src_configure() {
-	local myconf
+	# locale support
+	strip-linguas ${LANGS}
+	if [ -z "${LINGUAS}" ] ; then
+		export LINGUAS=none
+	fi
 
+	local myconf
 	if use ssl || use gnutls ; then
 		myconf="${myconf} \
 			$(use_enable gnutls) \
@@ -88,9 +97,9 @@ src_configure() {
 		--with-cups-user=lp \
 		--with-cups-group=lp \
 		--with-docdir=/usr/share/cups/html \
+		--with-languages=${LINGUAS} \
 		--with-pdftops=pdftops \
 		--with-system-groups=lpadmin \
-		--with-xinetd=/etc/xinetd.d \
 		$(use_enable acl) \
 		$(use_enable dbus) \
 		$(use_enable debug) \
@@ -103,6 +112,7 @@ src_configure() {
 		$(use_enable slp) \
 		$(use_enable static) \
 		$(use_enable tiff) \
+		$(use_enable xinetd xinetd /etc/xinetd.d) \
 		$(use_enable zeroconf dnssd) \
 		$(use_with java) \
 		$(use_with perl) \
@@ -150,8 +160,11 @@ src_install() {
 		rm -rf "${D}"/etc/xinetd.d
 	fi
 
-	keepdir /usr/share/cups/profiles /usr/libexec/cups/driver /var/log/cups \
-		/var/run/cups/certs /var/cache/cups /var/spool/cups/tmp /etc/cups/ssl
+	keepdir /usr/libexec/cups/driver /usr/share/cups/{model,profiles} \
+		/var/cache/cups /var/cache/cups/rss /var/log/cups /var/run/cups/certs \
+		/var/spool/cups/tmp
+
+	keepdir /etc/cups/{interfaces,ppd,ssl}
 
 	use X || rm -r "${D}"/usr/share/applications
 
diff --git a/net-print/cups/files/cups-1.3.11-str3367-security-1.3v2.patch b/net-print/cups/files/cups-1.3.11-str3367-security-1.3v2.patch
new file mode 100644
index 000000000000..8fe6b17e979e
--- /dev/null
+++ b/net-print/cups/files/cups-1.3.11-str3367-security-1.3v2.patch
@@ -0,0 +1,435 @@
+Index: cgi-bin/printers.c
+===================================================================
+--- cgi-bin/printers.c	(.../easysw/current-1.3.x)	(revision 1707)
++++ cgi-bin/printers.c	(.../branches/leopard/cups)	(revision 1707)
+@@ -72,6 +72,7 @@
+   */
+ 
+   cgiSetVariable("SECTION", "printers");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * See if we are displaying a printer or all printers...
+Index: cgi-bin/cgi.h
+===================================================================
+--- cgi-bin/cgi.h	(.../easysw/current-1.3.x)	(revision 1707)
++++ cgi-bin/cgi.h	(.../branches/leopard/cups)	(revision 1707)
+@@ -54,6 +54,7 @@
+ extern void		cgiAbort(const char *title, const char *stylesheet,
+ 			         const char *format, ...);
+ extern int		cgiCheckVariables(const char *names);
++extern void		cgiClearVariables(void);
+ extern void		*cgiCompileSearch(const char *query);
+ extern void		cgiCopyTemplateFile(FILE *out, const char *tmpl);
+ extern void		cgiCopyTemplateLang(const char *tmpl);
+Index: cgi-bin/template.c
+===================================================================
+--- cgi-bin/template.c	(.../easysw/current-1.3.x)	(revision 1707)
++++ cgi-bin/template.c	(.../branches/leopard/cups)	(revision 1707)
+@@ -639,6 +639,8 @@
+       fputs("&gt;", out);
+     else if (*s == '\"')
+       fputs("&quot;", out);
++    else if (*s == '\'')
++      fputs("&#39;", out);
+     else if (*s == '&')
+       fputs("&amp;", out);
+     else
+@@ -659,7 +661,7 @@
+ {
+   while (*s)
+   {
+-    if (strchr("%&+ <>#=", *s) || *s & 128)
++    if (strchr("%@&+ <>#=", *s) || *s < ' ' || *s & 128)
+       fprintf(out, "%%%02X", *s & 255);
+     else
+       putc(*s, out);
+Index: cgi-bin/ipp-var.c
+===================================================================
+--- cgi-bin/ipp-var.c	(.../easysw/current-1.3.x)	(revision 1707)
++++ cgi-bin/ipp-var.c	(.../branches/leopard/cups)	(revision 1707)
+@@ -1220,7 +1220,9 @@
+   int			ascending,	/* Order of jobs (0 = descending) */
+ 			first,		/* First job to show */
+ 			count;		/* Number of jobs */
+-  const char		*var;		/* Form variable */
++  const char		*var,		/* Form variable */
++			*query,		/* Query string */
++			*section;	/* Section in web interface */
+   void			*search;	/* Search data */
+   char			url[1024],	/* URL for prev/next/this */
+ 			*urlptr,	/* Position in URL */
+@@ -1265,10 +1267,13 @@
+     * Get a list of matching job objects.
+     */
+ 
+-    if ((var = cgiGetVariable("QUERY")) != NULL)
+-      search = cgiCompileSearch(var);
++    if ((query = cgiGetVariable("QUERY")) != NULL)
++      search = cgiCompileSearch(query);
+     else
++    {
++      query  = NULL;
+       search = NULL;
++    }
+ 
+     jobs  = cgiGetIPPObjects(response, search);
+     count = cupsArrayCount(jobs);
+@@ -1293,17 +1298,28 @@
+     if (first < 0)
+       first = 0;
+ 
+-    sprintf(url, "%d", count);
+-    cgiSetVariable("TOTAL", url);
+-
+     if ((var = cgiGetVariable("ORDER")) != NULL)
+       ascending = !strcasecmp(var, "asc");
+     else
+-    {
+       ascending = !which_jobs || !strcasecmp(which_jobs, "not-completed");
+-      cgiSetVariable("ORDER", ascending ? "asc" : "dec");
+-    }
+ 
++    section = cgiGetVariable("SECTION");
++
++    cgiClearVariables();
++
++    if (query)
++      cgiSetVariable("QUERY", query);
++
++    cgiSetVariable("ORDER", ascending ? "asc" : "dec");
++
++    cgiSetVariable("SECTION", section);
++
++    sprintf(url, "%d", count);
++    cgiSetVariable("TOTAL", url);
++
++    if (which_jobs)
++      cgiSetVariable("WHICH_JOBS", which_jobs);
++
+     if (ascending)
+     {
+       for (i = 0, job = (ipp_attribute_t *)cupsArrayIndex(jobs, first);
+@@ -1325,11 +1341,10 @@
+ 
+     urlend = url + sizeof(url);
+ 
+-    if ((var = cgiGetVariable("QUERY")) != NULL)
++    if (query != NULL)
+     {
+       if (dest)
+-        snprintf(url, sizeof(url), "/%s/%s?QUERY=", cgiGetVariable("SECTION"),
+-	         dest);
++        snprintf(url, sizeof(url), "/%s/%s?QUERY=", section, dest);
+       else
+         strlcpy(url, "/jobs/?QUERY=", sizeof(url));
+ 
+@@ -1344,7 +1359,7 @@
+     else
+     {
+       if (dest)
+-        snprintf(url, sizeof(url), "/%s/%s?", cgiGetVariable("SECTION"), dest);
++        snprintf(url, sizeof(url), "/%s/%s?", section, dest);
+       else
+         strlcpy(url, "/jobs/?", sizeof(url));
+ 
+Index: cgi-bin/admin.c
+===================================================================
+--- cgi-bin/admin.c	(.../easysw/current-1.3.x)	(revision 1707)
++++ cgi-bin/admin.c	(.../branches/leopard/cups)	(revision 1707)
+@@ -104,6 +104,7 @@
+   */
+ 
+   cgiSetVariable("SECTION", "admin");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * See if we have form data...
+@@ -134,16 +135,61 @@
+ 
+ 
+       if (getenv("HTTPS"))
+-        snprintf(prefix, sizeof(prefix), "https://%s:%s",
+-	         getenv("SERVER_NAME"), getenv("SERVER_PORT"));
++	snprintf(prefix, sizeof(prefix), "https://%s:%s",
++		 getenv("SERVER_NAME"), getenv("SERVER_PORT"));
+       else
+-        snprintf(prefix, sizeof(prefix), "http://%s:%s",
+-	         getenv("SERVER_NAME"), getenv("SERVER_PORT"));
++	snprintf(prefix, sizeof(prefix), "http://%s:%s",
++		 getenv("SERVER_NAME"), getenv("SERVER_PORT"));
+ 
++      fprintf(stderr, "DEBUG: redirecting with prefix %s!\n", prefix);
++
+       if ((url = cgiGetVariable("URL")) != NULL)
+-        printf("Location: %s%s\n\n", prefix, url);
++      {
++	char	encoded[1024],		/* Encoded URL string */
++		*ptr;			/* Pointer into encoded string */
++
++
++	ptr = encoded;
++	if (*url != '/')
++	  *ptr++ = '/';
++
++	for (; *url && ptr < (encoded + sizeof(encoded) - 4); url ++)
++	{
++	  if (strchr("%@&+ <>#=", *url) || *url < ' ' || *url & 128)
++	  {
++	   /*
++	    * Percent-encode this character; safe because we have at least 4
++	    * bytes left in the array...
++	    */
++
++	    sprintf(ptr, "%%%02X", *url & 255);
++	    ptr += 3;
++	  }
++	  else
++	    *ptr++ = *url;
++	}
++
++	*ptr = '\0';
++
++	if (*url)
++	{
++	 /*
++	  * URL was too long, just redirect to the admin page...
++	  */
++
++	  printf("Location: %s/admin\n\n", prefix);
++	}
++	else
++	{
++	 /*
++	  * URL is OK, redirect there...
++	  */
++
++	  printf("Location: %s%s\n\n", prefix, encoded);
++	}
++      }
+       else
+-        printf("Location: %s/admin\n\n", prefix);
++	printf("Location: %s/admin\n\n", prefix);
+     }
+     else if (!strcmp(op, "start-printer"))
+       do_printer_op(http, IPP_RESUME_PRINTER, cgiText(_("Start Printer")));
+@@ -293,6 +339,31 @@
+     * and classes and (re)show the add page...
+     */
+ 
++    if (cgiGetVariable("EVENT_JOB_CREATED"))
++      cgiSetVariable("EVENT_JOB_CREATED", "CHECKED");
++    if (cgiGetVariable("EVENT_JOB_COMPLETED"))
++      cgiSetVariable("EVENT_JOB_COMPLETED", "CHECKED");
++    if (cgiGetVariable("EVENT_JOB_STOPPED"))
++      cgiSetVariable("EVENT_JOB_STOPPED", "CHECKED");
++    if (cgiGetVariable("EVENT_JOB_CONFIG_CHANGED"))
++      cgiSetVariable("EVENT_JOB_CONFIG_CHANGED", "CHECKED");
++    if (cgiGetVariable("EVENT_PRINTER_STOPPED"))
++      cgiSetVariable("EVENT_PRINTER_STOPPED", "CHECKED");
++    if (cgiGetVariable("EVENT_PRINTER_ADDED"))
++      cgiSetVariable("EVENT_PRINTER_ADDED", "CHECKED");
++    if (cgiGetVariable("EVENT_PRINTER_MODIFIED"))
++      cgiSetVariable("EVENT_PRINTER_MODIFIED", "CHECKED");
++    if (cgiGetVariable("EVENT_PRINTER_DELETED"))
++      cgiSetVariable("EVENT_PRINTER_DELETED", "CHECKED");
++    if (cgiGetVariable("EVENT_SERVER_STARTED"))
++      cgiSetVariable("EVENT_SERVER_STARTED", "CHECKED");
++    if (cgiGetVariable("EVENT_SERVER_STOPPED"))
++      cgiSetVariable("EVENT_SERVER_STOPPED", "CHECKED");
++    if (cgiGetVariable("EVENT_SERVER_RESTARTED"))
++      cgiSetVariable("EVENT_SERVER_RESTARTED", "CHECKED");
++    if (cgiGetVariable("EVENT_SERVER_AUDIT"))
++      cgiSetVariable("EVENT_SERVER_AUDIT", "CHECKED");
++
+     request  = ippNewRequest(CUPS_GET_PRINTERS);
+     response = cupsDoRequest(http, request, "/");
+ 
+@@ -450,6 +521,10 @@
+     * Do the request and get back a response...
+     */
+ 
++    cgiClearVariables();
++    if (name)
++      cgiSetVariable("PRINTER_NAME", name);
++
+     if ((response = cupsDoRequest(http, request, "/")) != NULL)
+     {
+      /*
+@@ -2336,7 +2411,9 @@
+   if ((val = cupsGetOption("DefaultAuthType", num_settings,
+                            settings)) != NULL && !strcasecmp(val, "Negotiate"))
+     cgiSetVariable("KERBEROS", "CHECKED");
++  else
+ #endif /* HAVE_GSSAPI */
++  cgiSetVariable("KERBEROS", "");
+ 
+   cupsFreeOptions(num_settings, settings);
+ 
+Index: cgi-bin/help.c
+===================================================================
+--- cgi-bin/help.c	(.../easysw/current-1.3.x)	(revision 1707)
++++ cgi-bin/help.c	(.../branches/leopard/cups)	(revision 1707)
+@@ -63,6 +63,7 @@
+   */
+ 
+   cgiSetVariable("SECTION", "help");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * Load the help index...
+@@ -102,7 +103,7 @@
+   */
+ 
+   for (i = 0; i < argc; i ++)
+-    fprintf(stderr, "argv[%d]=\"%s\"\n", i, argv[i]);
++    fprintf(stderr, "DEBUG: argv[%d]=\"%s\"\n", i, argv[i]);
+ 
+   if ((helpfile = getenv("PATH_INFO")) != NULL)
+   {
+@@ -179,6 +180,12 @@
+   topic = cgiGetVariable("TOPIC");
+   si    = helpSearchIndex(hi, query, topic, helpfile);
+ 
++  cgiClearVariables();
++  if (query)
++    cgiSetVariable("QUERY", query);
++  if (topic)
++    cgiSetVariable("TOPIC", topic);
++
+   fprintf(stderr, "DEBUG: query=\"%s\", topic=\"%s\"\n",
+           query ? query : "(null)", topic ? topic : "(null)");
+ 
+Index: cgi-bin/var.c
+===================================================================
+--- cgi-bin/var.c	(.../easysw/current-1.3.x)	(revision 1707)
++++ cgi-bin/var.c	(.../branches/leopard/cups)	(revision 1707)
+@@ -15,6 +15,7 @@
+  * Contents:
+  *
+  *   cgiCheckVariables()        - Check for the presence of "required" variables.
++ *   cgiClearVariables()        - Clear all form variables.
+  *   cgiGetArray()              - Get an element from a form array...
+  *   cgiGetFile()               - Get the file (if any) that was submitted in the form.
+  *   cgiGetSize()               - Get the size of a form array value.
+@@ -135,6 +136,31 @@
+ 
+ 
+ /*
++ * 'cgiClearVariables()' - Clear all form variables.
++ */
++
++void
++cgiClearVariables(void)
++{
++  int		i, j;			/* Looping vars */
++  _cgi_var_t	*v;			/* Current variable */
++
++
++  for (v = form_vars, i = form_count; i > 0; v ++, i --)
++  {
++    _cupsStrFree(v->name);
++    for (j = 0; j < v->nvalues; j ++)
++      if (v->values[j])
++        _cupsStrFree(v->values[j]);
++  }
++
++  form_count = 0;
++
++  cgi_unlink_file();
++}
++
++
++/*
+  * 'cgiGetArray()' - Get an element from a form array...
+  */
+ 
+@@ -154,7 +180,7 @@
+   if (element < 0 || element >= var->nvalues)
+     return (NULL);
+ 
+-  return (var->values[element]);
++  return (_cupsStrAlloc(var->values[element]));
+ }
+ 
+ 
+@@ -209,7 +235,7 @@
+            var->values[var->nvalues - 1]);
+ #endif /* DEBUG */
+ 
+-  return ((var == NULL) ? NULL : var->values[var->nvalues - 1]);
++  return ((var == NULL) ? NULL : _cupsStrAlloc(var->values[var->nvalues - 1]));
+ }
+ 
+ 
+@@ -341,9 +367,9 @@
+       var->nvalues = element + 1;
+     }
+     else if (var->values[element])
+-      free((char *)var->values[element]);
++      _cupsStrFree((char *)var->values[element]);
+ 
+-    var->values[element] = strdup(value);
++    var->values[element] = _cupsStrAlloc(value);
+   }
+ }
+ 
+@@ -388,7 +414,7 @@
+   {
+     for (i = size; i < var->nvalues; i ++)
+       if (var->values[i])
+-        free((void *)(var->values[i]));
++        _cupsStrFree((void *)(var->values[i]));
+   }
+ 
+   var->nvalues = size;
+@@ -421,9 +447,9 @@
+   {
+     for (i = 0; i < var->nvalues; i ++)
+       if (var->values[i])
+-        free((char *)var->values[i]);
++        _cupsStrFree((char *)var->values[i]);
+ 
+-    var->values[0] = strdup(value);
++    var->values[0] = _cupsStrAlloc(value);
+     var->nvalues   = 1;
+   }
+ }
+@@ -470,10 +496,10 @@
+   if ((var->values = calloc(element + 1, sizeof(char *))) == NULL)
+     return;
+ 
+-  var->name            = strdup(name);
++  var->name            = _cupsStrAlloc(name);
+   var->nvalues         = element + 1;
+   var->avalues         = element + 1;
+-  var->values[element] = strdup(value);
++  var->values[element] = _cupsStrAlloc(value);
+ 
+   form_count ++;
+ }
+Index: cgi-bin/jobs.c
+===================================================================
+--- cgi-bin/jobs.c	(.../easysw/current-1.3.x)	(revision 1707)
++++ cgi-bin/jobs.c	(.../branches/leopard/cups)	(revision 1707)
+@@ -57,6 +57,7 @@
+   */
+ 
+   cgiSetVariable("SECTION", "jobs");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * Connect to the HTTP server...
+Index: cgi-bin/classes.c
+===================================================================
+--- cgi-bin/classes.c	(.../easysw/current-1.3.x)	(revision 1707)
++++ cgi-bin/classes.c	(.../branches/leopard/cups)	(revision 1707)
+@@ -69,6 +69,7 @@
+   */
+ 
+   cgiSetVariable("SECTION", "classes");
++  cgiSetVariable("REFRESH_PAGE", "");
+ 
+  /*
+   * See if we are displaying a printer or all classes...
+
diff --git a/net-print/cups/files/cups-1.3.11-str3401-security-1.3v2-regression.patch b/net-print/cups/files/cups-1.3.11-str3401-security-1.3v2-regression.patch
new file mode 100644
index 000000000000..5f57175d6691
--- /dev/null
+++ b/net-print/cups/files/cups-1.3.11-str3401-security-1.3v2-regression.patch
@@ -0,0 +1,27 @@
+--- cgi-bin/admin.c.ori	2009-10-30 14:07:13.000000000 -0400
++++ cgi-bin/admin.c	2009-10-30 14:06:54.000000000 -0400
+@@ -536,6 +536,7 @@
+   ipp_attribute_t *attr;		/* member-uris attribute */
+   char		uri[HTTP_MAX_URI];	/* Device or printer URI */
+   const char	*name,			/* Pointer to class name */
++		*op,			/* Operation name */
+ 		*ptr;			/* Pointer to CGI variable */
+   const char	*title;			/* Title of page */
+   static const char * const pattrs[] =	/* Requested printer attributes */
+@@ -547,6 +548,7 @@
+ 
+ 
+   title = cgiText(modify ? _("Modify Class") : _("Add Class"));
++  op    = cgiGetVariable("OP");
+   name  = cgiGetVariable("PRINTER_NAME");
+ 
+   if (cgiGetVariable("PRINTER_LOCATION") == NULL)
+@@ -572,6 +574,8 @@
+     */
+ 
+     cgiClearVariables();
++    if (op)
++      cgiSetVariable("OP", op);
+     if (name)
+       cgiSetVariable("PRINTER_NAME", name);
+ 
diff --git a/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch b/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch
deleted file mode 100644
index bca23f71d7e4..000000000000
--- a/net-print/cups/files/cups-1.3.9-CVE-2008-5286.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Index: filter/image-png.c
-===================================================================
---- filter/image-png.c	(revision 8062)
-+++ filter/image-png.c	(working copy)
-@@ -178,7 +178,7 @@
-     {
-       bufsize = img->xsize * img->ysize;
- 
--      if ((bufsize / img->ysize) != img->xsize)
-+      if ((bufsize / img->xsize) != img->ysize)
-       {
- 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
- 		(unsigned)width, (unsigned)height);
-@@ -190,7 +190,7 @@
-     {
-       bufsize = img->xsize * img->ysize * 3;
- 
--      if ((bufsize / (img->ysize * 3)) != img->xsize)
-+      if ((bufsize / (img->xsize * 3)) != img->ysize)
-       {
- 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
- 		(unsigned)width, (unsigned)height);
diff --git a/net-print/cups/files/cups-1.4.1-usb-function-decl.patch b/net-print/cups/files/cups-1.4.1-usb-function-decl.patch
deleted file mode 100644
index 3953d92f86da..000000000000
--- a/net-print/cups/files/cups-1.4.1-usb-function-decl.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 484851e02cc5a9b702e0f226f20a0d33325d9dee Mon Sep 17 00:00:00 2001
-From: Tim Waugh <twaugh@redhat.com>
-Date: Mon, 14 Sep 2009 17:34:36 +0100
-Subject: [PATCH] Fixed side_cb function declaration in usb-unix.c.
-
----
- backend/usb-unix.c |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/backend/usb-unix.c b/backend/usb-unix.c
-index c47910d..a00f1ad 100644
---- a/backend/usb-unix.c
-+++ b/backend/usb-unix.c
-@@ -560,7 +560,7 @@ open_device(const char *uri,		/* I - Device URI */
-  * 'side_cb()' - Handle side-channel requests...
-  */
- 
--static void
-+static int
- side_cb(int         print_fd,		/* I - Print file */
-         int         device_fd,		/* I - Device file */
-         int         snmp_fd,		/* I - SNMP socket (unused) */
--- 
-1.6.4.2
-