Add upstream patch to resolve vulnerability.

At https://www.cups.org/str.php?L4609 upstream describes a privilege
escalation attack.  The patch is against 2.0.2, but applies to 1.5
without trouble.

From Edgar Fuß via tech-pkg.

2 files changed, 10 insertions, 3 deletions

diff --git a/print/cups15/Makefile b/print/cups15/Makefile
index c90e0b71578..d42bc187012 100644
--- a/print/cups15/Makefile
+++ b/print/cups15/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.5 2015/06/12 10:50:57 wiz Exp $
+# $NetBSD: Makefile,v 1.6 2015/06/18 16:33:26 gdt Exp $
 #
 # The CUPS author is very good about taking back changes into the main
 # CUPS distribution.  The correct place to send patches or bug-fixes is:
@@ -8,8 +8,12 @@ DISTNAME=	cups-${DIST_VERS}-source
 PKGNAME=	cups-${DIST_VERS:S/-/./g}
 BASE_VERS=	1.5.4
 DIST_VERS=	${BASE_VERS}
+PKGREVISION=	14
+
+# Fix for https://www.cups.org/str.php?L4609
+PATCH_SITES=	http://www.cups.org/strfiles.php/3482/
+PATCHFILES=	str4609-1.5.patch
 
-PKGREVISION=	13
 CATEGORIES=	print
 MASTER_SITES=	http://ftp.easysw.com/pub/cups/${BASE_VERS}/ \
 		ftp://ftp.easysw.com/pub/cups/${BASE_VERS}/ \
diff --git a/print/cups15/distinfo b/print/cups15/distinfo
index 8e907f7f4ae..91ee0471bdb 100644
--- a/print/cups15/distinfo
+++ b/print/cups15/distinfo
@@ -1,8 +1,11 @@
-$NetBSD: distinfo,v 1.1 2014/06/17 13:17:12 wiz Exp $
+$NetBSD: distinfo,v 1.2 2015/06/18 16:33:26 gdt Exp $
 
 SHA1 (cups-1.5.4-source.tar.bz2) = cb39961cbaf1851a47694828ad9a7cdf4da51fbd
 RMD160 (cups-1.5.4-source.tar.bz2) = 9d6a7fd69d3036ec1f3dfd9c70672a2c6fb517b6
 Size (cups-1.5.4-source.tar.bz2) = 9583002 bytes
+SHA1 (str4609-1.5.patch) = 07b06a1f097303e511bfe7bdddc0a6e8737185e9
+RMD160 (str4609-1.5.patch) = f83ccd525661d7a24294fb2f79233da455f37572
+Size (str4609-1.5.patch) = 10825 bytes
 SHA1 (patch-ac) = d99dfa6e71efdc5f069c2c3e73e1b29beebf5c9b
 SHA1 (patch-ad) = a8d6610c4057ae98d98435ba577606e3c2bfb4b9
 SHA1 (patch-ae) = 67e846ac428b4c44d8da9b49d959fa4f14fbb494