Add upstream patch to resolve vulnerability.

At https://www.cups.org/str.php?L4609 upstream describes a privilege escalation attack. The patch is against 2.0.2, but applies to 1.5 without trouble. From Edgar Fuß via tech-pkg.
2015-06-18 16:33:26 +00:00 · 2015-06-18 16:33:26 +00:00 · cae22c6d81
commit cae22c6d81
parent c020ff490d
2 changed files with 10 additions and 3 deletions
--- a/print/cups15/Makefile
+++ b/print/cups15/Makefile
@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.5 2015/06/12 10:50:57 wiz Exp $
+# $NetBSD: Makefile,v 1.6 2015/06/18 16:33:26 gdt Exp $
 #
 # The CUPS author is very good about taking back changes into the main
 # CUPS distribution.  The correct place to send patches or bug-fixes is:
@ -8,8 +8,12 @@ DISTNAME=	cups-${DIST_VERS}-source
 PKGNAME=	cups-${DIST_VERS:S/-/./g}
 BASE_VERS=	1.5.4
 DIST_VERS=	${BASE_VERS}
+PKGREVISION=	14
+
+# Fix for https://www.cups.org/str.php?L4609
+PATCH_SITES=	http://www.cups.org/strfiles.php/3482/
+PATCHFILES=	str4609-1.5.patch

-PKGREVISION=	13
 CATEGORIES=	print
 MASTER_SITES=	http://ftp.easysw.com/pub/cups/${BASE_VERS}/ \
 		ftp://ftp.easysw.com/pub/cups/${BASE_VERS}/ \
--- a/print/cups15/distinfo
+++ b/print/cups15/distinfo
@ -1,8 +1,11 @@
-$NetBSD: distinfo,v 1.1 2014/06/17 13:17:12 wiz Exp $
+$NetBSD: distinfo,v 1.2 2015/06/18 16:33:26 gdt Exp $

 SHA1 (cups-1.5.4-source.tar.bz2) = cb39961cbaf1851a47694828ad9a7cdf4da51fbd
 RMD160 (cups-1.5.4-source.tar.bz2) = 9d6a7fd69d3036ec1f3dfd9c70672a2c6fb517b6
 Size (cups-1.5.4-source.tar.bz2) = 9583002 bytes
+SHA1 (str4609-1.5.patch) = 07b06a1f097303e511bfe7bdddc0a6e8737185e9
+RMD160 (str4609-1.5.patch) = f83ccd525661d7a24294fb2f79233da455f37572
+Size (str4609-1.5.patch) = 10825 bytes
 SHA1 (patch-ac) = d99dfa6e71efdc5f069c2c3e73e1b29beebf5c9b
 SHA1 (patch-ad) = a8d6610c4057ae98d98435ba577606e3c2bfb4b9
 SHA1 (patch-ae) = 67e846ac428b4c44d8da9b49d959fa4f14fbb494