cups{,-base}: Update print/cups{,-base} to 2.2.7

pkgsrc changes:
- Get rid of extra `/' in patches/patch-config-scripts_cups-opsys.m4
  (NFCI, pointed out by mkpatches).
- Add to patches/patch-scheduler_auth.c a backport of issue #5283 to fix build
  without PAM. This will be not needed in cups-2.2.8.

Changes:
CUPS v2.2.7
-----------
- NOTICE: Raw print queues are now deprecated (Issue #5269)
- Fixed an Avahi crash bug in the scheduler (Issue #5268)
- The IPP Everywhere PPD generator did not include the `cupsJobPassword`
  keyword, when supported (Issue #5265)
- Systemd did not restart cupsd when configuration changes were made that
  required a restart (Issue #5263)
- The Lexmark Optra E310 printer needs the "no-reattach" USB quirk rule
  (Issue #5259)
- The scheduler could crash while adding an IPP Everywhere printer (Issue #5258)
- Label printers supported by the rastertolabel driver don't support SNMP, so
  don't delay printing to test it (Issue #5256)
- Fixed a compile issue when PAM is not available (Issue #5253)
- Documentation fixes (Issue #5252)
- Star Micronics printers need the "unidir" USB quirk rule (Issue #5251)
- The scheduler now supports using temporary print queues for older IPP/1.1
  print queues like those shared by CUPS 1.3 and earlier (Issue #5241)
- Fixed printing to some IPP Everywhere printers (Issue #5238)
- Kerberized printing to another CUPS server did not work correctly
  (Issue #5233)
- The `cupsRasterWritePixels` function did not correctly swap bytes for some
  formats (Issue #5225)
- Added a USB quirk rule for Canon MP280 series printers (Issue #5221)
- The `ppdInstallableConflict` tested too many constraints (Issue #5213)
- More fixes for printing to old CUPS servers (Issue #5211)
- The `cupsCopyDest` function now correctly copies the `is_default` value
  (Issue #5208)
- The scheduler did not work with older versions of uClibc (Issue #5188)
- The scheduler now substitutes default values for invalid job attributes when
  running in "relaxed conformance" mode (Issue #5186)
- Fixed PAM module detection and added support for the common PAM definitions
  (Issue #5185)
- Fixed a journald support bug in the scheduler (Issue #5181)
- The cups-driverd program incorrectly stopped scanning PPDs as soon as a loop
  was seen (Issue #5170)
- Fixed group validation on OpenBSD (Issue #5166)
- Fixed the `ippserver` sample code when threading is disabled or unavailable
  (Issue #5154)
- The `cupsEnumDests` function did not include options from the lpoptions files
  (Issue #5144)
- The `SSLOptions` directive now supports `MinTLS` and `MaxTLS` options to
  control the minimum and maximum TLS versions that will be allowed,
  respectively (Issue #5119)
- The scheduler did not write out dirty configuration and state files if there
  were open client connections (Issue #5118)
- The `lpadmin` command now provides a better error message when an unsupported
  System V interface script is used (Issue #5111)
- The `lp` and `lpr` commands now provide better error messages when the default
  printer cannot be found (Issue #5096)
- No longer support backslash, question mark, or quotes in printer names
  (Issue #4966)
- The CUPS library now supports the latest HTTP Digest authentication
  specification including support for SHA-256 (Issue #4862)
- The `lpstat` command now reports when new jobs are being held (Issue #4761)
- The `lpoptions` command incorrectly saved default options (Issue #4717)
- The `ppdLocalizeIPPReason` function incorrectly returned a localized version
  of "none" (rdar://36566269)
- TLS connections now properly timeout (rdar://34938533)
- The IPP backend did not properly detect failed PDF prints (rdar://34055474)
- Temporary files are now placed in the correct directory for sandboxed
  applications on macOS (rdar://problem/37789645)

6 files changed, 192 insertions, 25 deletions

diff --git a/print/cups-base/Makefile b/print/cups-base/Makefile
index bde8149efbb..64369b0a3bb 100644
--- a/print/cups-base/Makefile
+++ b/print/cups-base/Makefile
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.6 2018/03/12 11:15:41 wiz Exp $
+# $NetBSD: Makefile,v 1.7 2018/04/05 16:31:45 leot Exp $
 
-PKGREVISION= 2
 .include "../../print/cups/Makefile.common"
 
 DISTNAME=	cups-${CUPS_VERS}-source
diff --git a/print/cups-base/distinfo b/print/cups-base/distinfo
index d8bba1bdd0a..f3e327d6b64 100644
--- a/print/cups-base/distinfo
+++ b/print/cups-base/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.4 2018/01/26 17:22:51 jperkin Exp $
+$NetBSD: distinfo,v 1.5 2018/04/05 16:31:45 leot Exp $
 
-SHA1 (cups-2.2.6-source.tar.gz) = b5e3389fb9450bfed377c95c0230c029c053acc4
-RMD160 (cups-2.2.6-source.tar.gz) = 7f4689e9102916d4190ffbb958e58d447c0fa146
-SHA512 (cups-2.2.6-source.tar.gz) = 52aa26acf5d38de5a4867c70f5b3006cb84fe5b362876c2f907872107bbac3d95fb249389546745249ad24d032963ac2d70f98a0884427a974c5bc4edc199c45
-Size (cups-2.2.6-source.tar.gz) = 10315433 bytes
+SHA1 (cups-2.2.7-source.tar.gz) = aa2ae7c486d5957c9fc5f00aec63e453b19311b4
+RMD160 (cups-2.2.7-source.tar.gz) = ae82e358d8e24e14b2a633ec12e4db1fc8eacd48
+SHA512 (cups-2.2.7-source.tar.gz) = 780a6a484f38967ff678456ec7b532aa8445a9562663e4e4f6f7a24aac6ec9e8eae36459ee3c025dff053d59ad1d9ecfb823e8a832bae9d384db3d1a10d8860e
+Size (cups-2.2.7-source.tar.gz) = 10330296 bytes
 SHA1 (patch-ae) = f34ec899f4816bdcf96ff315e001e3ac5a960200
 SHA1 (patch-af) = 6ae6ae6006387db69bf7c15f7c8500708c9e8f56
 SHA1 (patch-ai) = 2c1ca67ea6f6c1dedb4c8ff97736f328a2b9a7c6
@@ -15,7 +15,7 @@ SHA1 (patch-config-scripts_cups-directories.m4) = 8a6c2f962dafdde20f913fac2e172a
 SHA1 (patch-config-scripts_cups-gssapi.m4) = ac2df3e82bc844630af8462a461c7efe1da4b354
 SHA1 (patch-config-scripts_cups-libtool.m4) = a6139fbbbee7038d11654c0a2387af21f48b7412
 SHA1 (patch-config-scripts_cups-manpages.m4) = 5cc943738df29f11fc366557938b82c1e9162344
-SHA1 (patch-config-scripts_cups-opsys.m4) = 73524f5c406664038e3f7111fd5faf67699edf61
+SHA1 (patch-config-scripts_cups-opsys.m4) = 2bbacc401d4d8dbc157889b6a6cf66684c52357b
 SHA1 (patch-cups-tls.c) = f89c25f8089d9e11a983a270adbb2cbde3c22511
 SHA1 (patch-doc-help-man-cups-files.conf.html) = fcd3d06c00b0a85b6c0790235ccb68685252ea68
 SHA1 (patch-man-cups-files.conf.man.in) = 1563a7be3327a975ce8753a3287947f1594975a3
@@ -23,6 +23,6 @@ SHA1 (patch-ppdc_Makefile) = cdeb0ef9a68f9dd85453ef3076a0120ad9983698
 SHA1 (patch-scheduler-conf.c) = 179964f8d251be3c21f4cfc7b67f3196beda29dc
 SHA1 (patch-scheduler-conf.h) = d11f3b789af096dcaca13a38f6484727ff895bee
 SHA1 (patch-scheduler-main.c) = cb31fa7427b497108ce7724bbfee1b784b9330ab
-SHA1 (patch-scheduler_auth.c) = ca675a6e903d4b41cd69a0cab27180653e11f501
+SHA1 (patch-scheduler_auth.c) = 9f329eab415dea7d53e45f39e7ce9ff66ba0a128
 SHA1 (patch-scheduler_dirsvc.c) = aae5b924fb8fb39007cf04d8b83747e8724485cf
 SHA1 (patch-test_ippfind.c) = 6db56b9b1b9a26d5c40336af4dc6cde98abd9c19
diff --git a/print/cups-base/patches/patch-config-scripts_cups-opsys.m4 b/print/cups-base/patches/patch-config-scripts_cups-opsys.m4
index 2c5f0c3ac97..e99eeeb3151 100644
--- a/print/cups-base/patches/patch-config-scripts_cups-opsys.m4
+++ b/print/cups-base/patches/patch-config-scripts_cups-opsys.m4
@@ -1,9 +1,9 @@
-$NetBSD: patch-config-scripts_cups-opsys.m4,v 1.1 2017/12/19 08:23:53 adam Exp $
+$NetBSD: patch-config-scripts_cups-opsys.m4,v 1.2 2018/04/05 16:31:45 leot Exp $
 
 Fix building on newer macOS.
 
---- config-scripts//cups-opsys.m4.orig	2017-12-19 08:18:26.000000000 +0000
-+++ config-scripts//cups-opsys.m4
+--- config-scripts/cups-opsys.m4.orig	2018-03-23 03:48:36.000000000 +0000
++++ config-scripts/cups-opsys.m4
 @@ -22,9 +22,6 @@ if test "x$host_os_version" = x; then
          host_os_version="0"
  fi
diff --git a/print/cups-base/patches/patch-scheduler_auth.c b/print/cups-base/patches/patch-scheduler_auth.c
index ef1abcb0e6d..e517bd34720 100644
--- a/print/cups-base/patches/patch-scheduler_auth.c
+++ b/print/cups-base/patches/patch-scheduler_auth.c
@@ -1,13 +1,25 @@
-$NetBSD: patch-scheduler_auth.c,v 1.1 2017/11/12 14:10:15 khorben Exp $
+$NetBSD: patch-scheduler_auth.c,v 1.2 2018/04/05 16:31:45 leot Exp $
 
-Don't pull in sys/ucred.h on Solaris as it results in procfs.h being
-included and conflicts between _FILE_OFFSET_BITS=64 and 32-bit procfs.
+- Don't pull in sys/ucred.h on Solaris as it results in procfs.h being
+  included and conflicts between _FILE_OFFSET_BITS=64 and 32-bit procfs.
+- OpenBSD defines SO_PEERCRED, but it is different from Linux's one.
+- Backport commit `570933a6a3597371bae1beeb754ee8711d6305ab' to fix builds
+  without PAM (issue #5283). It will not be needed in cups-2.2.8.
 
-OpenBSD defines SO_PEERCRED, but it is different from Linux's one.
-
---- scheduler/auth.c.orig	2015-10-26 19:46:02.000000000 +0000
+--- scheduler/auth.c.orig	2018-04-05 16:07:04.209662684 +0000
 +++ scheduler/auth.c
-@@ -49,7 +49,7 @@ extern const char *cssmErrorString(int e
+@@ -1,8 +1,8 @@
+ /*
+  * Authorization routines for the CUPS scheduler.
+  *
+- * Copyright 2007-2016 by Apple Inc.
+- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
++ * Copyright © 2007-2018 by Apple Inc.
++ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
+  *
+  * This file contains Kerberos support code, copyright 2006 by
+  * Jelmer Vernooij.
+@@ -47,7 +47,7 @@ extern const char *cssmErrorString(int e
  #ifdef HAVE_SYS_PARAM_H
  #  include <sys/param.h>
  #endif /* HAVE_SYS_PARAM_H */
@@ -16,7 +28,17 @@ OpenBSD defines SO_PEERCRED, but it is different from Linux's one.
  #  include <sys/ucred.h>
  typedef struct xucred cupsd_ucred_t;
  #  define CUPSD_UCRED_UID(c) (c).cr_uid
-@@ -404,7 +404,7 @@ cupsdAuthorize(cupsd_client_t *con)	/* I
+@@ -71,9 +71,6 @@ static int		check_authref(cupsd_client_t
+ static int		compare_locations(cupsd_location_t *a,
+ 			                  cupsd_location_t *b);
+ static cupsd_authmask_t	*copy_authmask(cupsd_authmask_t *am, void *data);
+-#if !HAVE_LIBPAM
+-static char		*cups_crypt(const char *pw, const char *salt);
+-#endif /* !HAVE_LIBPAM */
+ static void		free_authmask(cupsd_authmask_t *am, void *data);
+ #if HAVE_LIBPAM
+ static int		pam_func(int, const struct pam_message **,
+@@ -402,7 +399,7 @@ cupsdAuthorize(cupsd_client_t *con)	/* I
      con->type = CUPSD_AUTH_BASIC;
    }
  #endif /* HAVE_AUTHORIZATION_H */
@@ -25,7 +47,24 @@ OpenBSD defines SO_PEERCRED, but it is different from Linux's one.
    else if (!strncmp(authorization, "PeerCred ", 9) &&
             con->http->hostaddr->addr.sa_family == AF_LOCAL && con->best)
    {
-@@ -841,7 +841,7 @@ cupsdAuthorize(cupsd_client_t *con)	/* I
+@@ -694,14 +691,14 @@ cupsdAuthorize(cupsd_client_t *con)	/* I
+ 	    * client...
+ 	    */
+ 
+-	    pass = cups_crypt(password, pw->pw_passwd);
++	    pass = crypt(password, pw->pw_passwd);
+ 
+ 	    if (!pass || strcmp(pw->pw_passwd, pass))
+ 	    {
+ #  ifdef HAVE_SHADOW_H
+ 	      if (spw)
+ 	      {
+-		pass = cups_crypt(password, spw->sp_pwdp);
++		pass = crypt(password, spw->sp_pwdp);
+ 
+ 		if (pass == NULL || strcmp(spw->sp_pwdp, pass))
+ 		{
+@@ -839,7 +836,7 @@ cupsdAuthorize(cupsd_client_t *con)	/* I
  
      gss_delete_sec_context(&minor_status, &context, GSS_C_NO_BUFFER);
  
@@ -34,3 +73,133 @@ OpenBSD defines SO_PEERCRED, but it is different from Linux's one.
     /*
      * Get the client's UID if we are printing locally - that allows a backend
      * to run as the correct user to get Kerberos credentials of its own.
+@@ -1995,129 +1992,6 @@ copy_authmask(cupsd_authmask_t *mask,	/*
+ }
+ 
+ 
+-#if !HAVE_LIBPAM
+-/*
+- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
+- *                  as needed.
+- */
+-
+-static char *				/* O - Encrypted password */
+-cups_crypt(const char *pw,		/* I - Password string */
+-           const char *salt)		/* I - Salt (key) string */
+-{
+-  if (!strncmp(salt, "$1$", 3))
+-  {
+-   /*
+-    * Use MD5 passwords without the benefit of PAM; this is for
+-    * Slackware Linux, and the algorithm was taken from the
+-    * old shadow-19990827/lib/md5crypt.c source code... :(
+-    */
+-
+-    int			i;		/* Looping var */
+-    unsigned long	n;		/* Output number */
+-    int			pwlen;		/* Length of password string */
+-    const char		*salt_end;	/* End of "salt" data for MD5 */
+-    char		*ptr;		/* Pointer into result string */
+-    _cups_md5_state_t	state;		/* Primary MD5 state info */
+-    _cups_md5_state_t	state2;		/* Secondary MD5 state info */
+-    unsigned char	digest[16];	/* MD5 digest result */
+-    static char		result[120];	/* Final password string */
+-
+-
+-   /*
+-    * Get the salt data between dollar signs, e.g. $1$saltdata$md5.
+-    * Get a maximum of 8 characters of salt data after $1$...
+-    */
+-
+-    for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++)
+-      if (*salt_end == '$')
+-        break;
+-
+-   /*
+-    * Compute the MD5 sum we need...
+-    */
+-
+-    pwlen = strlen(pw);
+-
+-    _cupsMD5Init(&state);
+-    _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-    _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt);
+-
+-    _cupsMD5Init(&state2);
+-    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
+-    _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3);
+-    _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
+-    _cupsMD5Finish(&state2, digest);
+-
+-    for (i = pwlen; i > 0; i -= 16)
+-      _cupsMD5Append(&state, digest, i > 16 ? 16 : i);
+-
+-    for (i = pwlen; i > 0; i >>= 1)
+-      _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1);
+-
+-    _cupsMD5Finish(&state, digest);
+-
+-    for (i = 0; i < 1000; i ++)
+-    {
+-      _cupsMD5Init(&state);
+-
+-      if (i & 1)
+-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-      else
+-        _cupsMD5Append(&state, digest, 16);
+-
+-      if (i % 3)
+-        _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3);
+-
+-      if (i % 7)
+-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-
+-      if (i & 1)
+-        _cupsMD5Append(&state, digest, 16);
+-      else
+-        _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
+-
+-      _cupsMD5Finish(&state, digest);
+-    }
+-
+-   /*
+-    * Copy the final sum to the result string and return...
+-    */
+-
+-    memcpy(result, salt, (size_t)(salt_end - salt));
+-    ptr = result + (salt_end - salt);
+-    *ptr++ = '$';
+-
+-    for (i = 0; i < 5; i ++, ptr += 4)
+-    {
+-      n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8);
+-
+-      if (i < 4)
+-        n |= (unsigned)digest[i + 12];
+-      else
+-        n |= (unsigned)digest[5];
+-
+-      to64(ptr, n, 4);
+-    }
+-
+-    to64(ptr, (unsigned)digest[11], 2);
+-    ptr += 2;
+-    *ptr = '\0';
+-
+-    return (result);
+-  }
+-  else
+-  {
+-   /*
+-    * Use the standard crypt() function...
+-    */
+-
+-    return (crypt(pw, salt));
+-  }
+-}
+-#endif /* !HAVE_LIBPAM */
+-
+-
+ /*
+  * 'free_authmask()' - Free function for auth masks.
+  */
diff --git a/print/cups/Makefile b/print/cups/Makefile
index 81e782dd876..854a5d5c9d9 100644
--- a/print/cups/Makefile
+++ b/print/cups/Makefile
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.256 2018/03/12 11:17:25 wiz Exp $
+# $NetBSD: Makefile,v 1.257 2018/04/05 16:31:45 leot Exp $
 
-PKGREVISION= 2
 .include "../../print/cups/Makefile.common"
 
 PKGNAME=	cups-${CUPS_VERS}
diff --git a/print/cups/Makefile.common b/print/cups/Makefile.common
index 4dee8fd8eda..fb191c9296b 100644
--- a/print/cups/Makefile.common
+++ b/print/cups/Makefile.common
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.2 2017/12/02 20:02:34 leot Exp $
+# $NetBSD: Makefile.common,v 1.3 2018/04/05 16:31:45 leot Exp $
 #
 # used by print/cups/Makefile
 # used by print/cups-base/Makefile
 
-CUPS_VERS=	2.2.6
+CUPS_VERS=	2.2.7
 DISTNAME=	cups-${CUPS_VERS}-source
 CATEGORIES=	print