Pullup ticket #3513 - requested by sbd

print/cups: security update

Revisions pulled up:
- print/cups/Makefile                                           1.177-1.178
- print/cups/PLIST                                              1.36
- print/cups/distinfo                                           1.81-1.82
- print/cups/patches/patch-aa                                   deleted
- print/cups/patches/patch-filter_image-gif.c                   1.1

---
   Module Name:	pkgsrc
   Committed By:	sbd
   Date:		Sun Aug 28 07:11:01 UTC 2011

   Modified Files:
   	pkgsrc/print/cups: Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/print/cups/patches: patch-aa

   Log Message:
   Update to cups-1.4.8

   CHANGES IN CUPS V1.4.8

           - The scheduler would delete job data files when restarted (STR #3880)
           - The network backends could crash if a printer returned a value of 0
             for the maximum capacity for a supply (STR #3875)

   CHANGES IN CUPS V1.4.7

           - Documentation changes (STR #3710, STR #3720, STR #3745, STR #3750,
             STR #3757, STR #3758, STR #3782, STR #3826, STR #3829, STR #3837)
           - Web interface fixes (STR #3412, STR #3345, STR #3455, STR #3707,
             STR #3755, STR #3769, STR #3783)
           - Configure script fixes (STR #3659, STR #3691)
           - Compilation fixes (STR #3718, STR #3771, STR #3774)
           - The imageto* filters could crash with bad GIF files (STR #3867)
           - The scheduler might leave old job data files in the spool directory
             (STR #3795)
           - CUPS did not work with locales using the ASCII character set
             (STR #3832)
           - httpAddrString() did not return a URI-style IPv6 numeric address
             (STR #3814)
           - Fixed an issue when reading compressed CUPS raster streams (STR #3812)
           - Fixed an issue with PostScript printer auto-configuration (STR #3443)
           - Fixed some compatibility issues with the libusb-based USB backend
             (STR #3799)
           - The network backends no longer try to collect SNMP supply and status
             information for raw queues (STR #3809)
           - The DBUS notifier did not report job state changes (STR #3805)
           - The scheduler did not always report that the "normal" print-quality
             value was supported (STR #3803)
           - The gziptoany filter did not report the correct error if it was unable
             to write the uncompressed document to the next filter or backend in
             the chain (STR #3797)
           - The Epson and Oki 9-pin drivers had a bad resolution option
             (STR #3798)
           - The scheduler did not always register the correct default ICC profile
             on Mac OS X.
           - The scheduler did not use the job owner when authorizing access for
             the CUPS-Get-Document operation, preventing non-admins from accessing
             their own jobs.
           - CUPS did not work with some printers that incorrectly implemented the
             HTTP/1.1 standard (STR #3778, STR #3791)
           - The scheduler did not retry fax jobs properly.
           - The scheduler now recognizes an empty cupsCommands PPD keyword as
             meaning that CUPS commands are not supported for a printer (STR #3773)
           - Fixed a crash bug in the scheduler when the application/octet-stream
             MIME type was not defined (STR #3690)
           - Polled printers were advertised more slowly than necessary (STR #3574)
           - cupsResolveConflicts() did not handle resolving multiple UIConstraints
             issues (STR #3705)
           - The SetEnv and PassEnv directives had no effect (STR #3664)
           - The web interface no longer tries to use multi-part delivery when
             adding printers (STR #3455)
           - The libusb-based USB backend printed slowly to the LaserJet 1300 and
             other printers (STR #3405)
           - "lp" and "lpr" failed to print with Kerberos enabled (STR #3768)
           - The cupsctl program now displays an error if you try to directly set
             the Port or Listen directives (STR #3749)
           - PPD files with "*JobPatchFile: bla" no longer fail to load in relaxed
             conformance mode (STR #3747)
           - The scheduler generated a bad notify-text string for printer state
             change notifications (STR #3739)
           - The scheduler incorrectly updated printers.conf when it really needed
             to update classes.conf or remote.cache (STR #3726)
           - Hardwired remote printers with options did not work (STR #3717)
           - Accessing the CUPS web interface using a CNAME-based hostname would
             sometimes fail due to redirection to the actual hostname (STR #3701)
           - Subscription events had a misspelled attribute (STR #3693)
           - "make check" failed if LC_MESSAGES was set (STR #3765)
           - Fixed the configure script to always look for the pkg-config script
             (STR #3761)
           - The scheduler now only looks up interface hostnames if HostNameLookups
             are enabled (STR #3737)
           - Fixed a compilation problem on DragonFly BSD (STR #3738)
           - The default PageLogFormat value had the username and job ID swapped
             from CUPS 1.3.x (STR #3727)
           - The scheduler could crash if a browsed printer times out while a job
             is printing (STR #3754)
           - The scheduler incorrectly mapped custom page sizes to standard sizes
             (STR #3764)
           - cupsfilter and pstops did not map IPP attributes to PPD options due to
             a change in cupsMarkOptions (STR #3756)
           - The scheduler did not always show the most recent status message from
             the print filters (STR #3731)
           - The PostScript filter did not apply the mirror and number-up options
             properly, leading to offset and clipped output (STR #3732)
           - The network backends always reported "low toner" or "out of toner"
             states, even for inkjet printers (STR #3733)

---
   Module Name:	pkgsrc
   Committed By:	sbd
   Date:		Sun Aug 28 07:22:12 UTC 2011

   Modified Files:
   	pkgsrc/print/cups: Makefile distinfo
   Added Files:
   	pkgsrc/print/cups/patches: patch-filter_image-gif.c

   Log Message:
   Use str3914.patch from STR #3914 to fix CVE-2011-3170

   Bump PKGREVISION

5 files changed, 47 insertions, 24 deletions

diff --git a/print/cups/Makefile b/print/cups/Makefile
index 4b2388e7717..162a7100e53 100644
--- a/print/cups/Makefile
+++ b/print/cups/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.176 2011/01/19 03:28:42 sbd Exp $
+# $NetBSD: Makefile,v 1.176.4.1 2011/08/29 08:15:07 tron Exp $
 #
 # The CUPS author is very good about taking back changes into the main
 # CUPS distribution.  The correct place to send patches or bug-fixes is:
@@ -6,10 +6,10 @@
 
 DISTNAME=	cups-${DIST_VERS}-source
 PKGNAME=	cups-${DIST_VERS:S/-/./g}
-BASE_VERS=	1.4.6
+BASE_VERS=	1.4.8
 DIST_VERS=	${BASE_VERS}
-
 PKGREVISION=	1
+
 CATEGORIES=	print
 MASTER_SITES=	http://ftp.easysw.com/pub/cups/${BASE_VERS}/ \
 		ftp://ftp.easysw.com/pub/cups/${BASE_VERS}/ \
diff --git a/print/cups/PLIST b/print/cups/PLIST
index 6ffe779987f..1567462032a 100644
--- a/print/cups/PLIST
+++ b/print/cups/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.35 2011/01/19 03:28:42 sbd Exp $
+@comment $NetBSD: PLIST,v 1.35.4.1 2011/08/29 08:15:07 tron Exp $
 bin/cancel
 bin/cups-config
 bin/cupstestdsc
@@ -947,7 +947,9 @@ share/doc/cups/images/cups.png
 share/doc/cups/images/generic.png
 share/doc/cups/images/left.gif
 share/doc/cups/images/raster.png
+share/doc/cups/images/raster-organization.png
 share/doc/cups/images/right.gif
+share/doc/cups/images/sample-image.png
 share/doc/cups/images/sel.gif
 share/doc/cups/images/smiley.jpg
 share/doc/cups/images/unsel.gif
diff --git a/print/cups/distinfo b/print/cups/distinfo
index c4286f70f0e..a7d85eed999 100644
--- a/print/cups/distinfo
+++ b/print/cups/distinfo
@@ -1,9 +1,8 @@
-$NetBSD: distinfo,v 1.79.4.1 2011/08/14 12:17:35 tron Exp $
+$NetBSD: distinfo,v 1.79.4.2 2011/08/29 08:15:07 tron Exp $
 
-SHA1 (cups-1.4.6-source.tar.bz2) = 42fb1ca00ee7291561564d3072716eb2045f05d1
-RMD160 (cups-1.4.6-source.tar.bz2) = 94c9921e03f5ec52d9c16947435622365f53aef6
-Size (cups-1.4.6-source.tar.bz2) = 4517061 bytes
-SHA1 (patch-aa) = ddb088080d433b8b364ae9e0708cc79c249a1160
+SHA1 (cups-1.4.8-source.tar.bz2) = 9167f556e78e0bc075f1eb2f695d79cc1f334007
+RMD160 (cups-1.4.8-source.tar.bz2) = ee80e8d0b56dc0e2edf2a9aa9a43c4b92619f741
+Size (cups-1.4.8-source.tar.bz2) = 4547162 bytes
 SHA1 (patch-ab) = 8269ed7f24bcd5b16c143353443d4689fef082b2
 SHA1 (patch-ac) = d99dfa6e71efdc5f069c2c3e73e1b29beebf5c9b
 SHA1 (patch-ad) = 40c7f9d14619fec77255783d918c79c24ead6631
@@ -21,3 +20,4 @@ SHA1 (patch-ao) = 7fe50080b9a6fd4dac186020f9351ef6000373c7
 SHA1 (patch-ap) = 70c5fa4a19ca2812818844180ca9db9cb7cfd601
 SHA1 (patch-at) = aee1f0e8cbcd9e2dbcfa9af3fb675ea7ce1ce622
 SHA1 (patch-au) = e4e976ccb4d7782e31f5b0e3ed175359bf95ba42
+SHA1 (patch-filter_image-gif.c) = 2269cbf7e42ec80ba91c27eda4871884775f4b7a
diff --git a/print/cups/patches/patch-aa b/print/cups/patches/patch-aa
deleted file mode 100644
index 574190327b0..00000000000
--- a/print/cups/patches/patch-aa
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-aa,v 1.22 2010/05/21 10:05:20 sbd Exp $
-
-Treat DragonFly like other BSD descendants.
-
---- cups/http.h.orig	2009-06-22 20:40:28.000000000 +0000
-+++ cups/http.h
-@@ -88,7 +88,7 @@ extern "C" {
- #if defined(AF_INET6) && !defined(s6_addr32)
- #  if defined(__sun)
- #    define s6_addr32	_S6_un._S6_u32
--#  elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__)
-+#  elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__) || defined(__DragonFly__)
- #    define s6_addr32	__u6_addr.__u6_addr32
- #  elif defined(__osf__)
- #    define s6_addr32	s6_un.sa6_laddr
diff --git a/print/cups/patches/patch-filter_image-gif.c b/print/cups/patches/patch-filter_image-gif.c
new file mode 100644
index 00000000000..1826e189f42
--- /dev/null
+++ b/print/cups/patches/patch-filter_image-gif.c
@@ -0,0 +1,36 @@
+$NetBSD: patch-filter_image-gif.c,v 1.1.2.2 2011/08/29 08:15:07 tron Exp $
+
+Use str3914.patch from STR #3914 to fix CVE-2011-3170
+
+--- filter/image-gif.c.orig	2011-06-20 20:37:51.000000000 +0000
++++ filter/image-gif.c
+@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp,			/* I - File to
+ 
+     if (code == max_code)
+     {
+-      *sp++ = firstcode;
+-      code  = oldcode;
++      if (sp < (stack + 8192))
++	*sp++ = firstcode;
++
++      code = oldcode;
+     }
+ 
+-    while (code >= clear_code)
++    while (code >= clear_code && sp < (stack + 8192))
+     {
+       *sp++ = table[1][code];
+       if (code == table[0][code])
+@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp,			/* I - File to
+       code = table[0][code];
+     }
+ 
+-    *sp++ = firstcode = table[1][code];
+-    code  = max_code;
++    if (sp < (stack + 8192))
++      *sp++ = firstcode = table[1][code];
++
++    code = max_code;
+ 
+     if (code < 4096)
+     {