Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 5E2D363B93C
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Wed, 22 Oct 2008 21:48:18 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 0)
	id 0F95A63B357; Wed, 22 Oct 2008 21:48:18 +0000 (UTC)
Received: from cvs.netbsd.org (unknown [IPv6:2001:4f8:4:7:2e0:81ff:fe25:eab4])
	by mail.netbsd.org (Postfix) with ESMTP id 7C7EA63B354
	for <pkgsrc-changes@NetBSD.org>; Wed, 22 Oct 2008 21:48:16 +0000 (UTC)
Received: by cvs.netbsd.org (Postfix, from userid 500)
	id 656AF175D0; Wed, 22 Oct 2008 21:48:16 +0000 (UTC)
From: Tonnerre Lombard <tonnerre@netbsd.org>
Subject: CVS commit: pkgsrc/print/cups
To: pkgsrc-changes@NetBSD.org
Reply-To: tonnerre@netbsd.org
Message-Id: <20081022214816.656AF175D0@cvs.netbsd.org>
Date: Wed, 22 Oct 2008 21:48:16 +0000 (UTC)
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes
Precedence: list


Module Name:	pkgsrc
Committed By:	tonnerre
Date:		Wed Oct 22 21:48:16 UTC 2008

Modified Files:
	pkgsrc/print/cups: Makefile PLIST distinfo
Removed Files:
	pkgsrc/print/cups/patches: patch-au

Log Message:
Upgrade cups to version 1.3.9 in order to fix CVE-2008-3639, CVE-2008-3640
and CVE-2008-3641. Also, it fixes a ton of bugs and has portability
enhancements. Full list of changes:

 - SECURITY: The HP-GL/2 filter did not range check pen numbers
   (STR #2911)
 - SECURITY: The SGI image file reader did not range check
   16-bit run lengths (STR #2918)
 - SECURITY: The text filter did not range check cpi, lpi, or
   column values (STR #2919)
 - Documentation updates (STR #2904, STR #2944)
 - The French web admin page was never updated (STR #2963)
 - The IPP backend did not retry print jobs when the printer
   reported itself as busy or unavailable (STR #2951)
 - The "Set Allowed Users" web interface did not handle trailing
   whitespace correctly (STR #2956)
 - The PostScript filter did not work with Adobe applications
   using custom page sizes (STR #2968)
 - The Mac OS X USB backend did not work with some printers
   that reported a bad 1284 device ID.
 - The scheduler incorrectly resolved the client connection
   address when HostNameLookups was set to Off (STR #2946)
 - The IPP backend incorrectly stopped the local queue if
   the remote server reported the "paused" state.
 - The cupsGetDests() function did not catch all types of
   request errors.
 - The scheduler did not always log "job queued" messages
   (STR #2943)
 - The scheduler did not support destination filtering using
   the printer-location attribute properly (STR #2945)
 - The scheduler did not send the server-started,
   server-restarted, or server-stopped events (STR #2927)
 - The scheduler no longer enforces configuration file
   permissions on symlinked files (STR #2937)
 - CUPS now reinitializes the DNS resolver on failures
   (STR #2920)
 - The CUPS desktop menu item was broken (STR #2924)
 - The PPD parser was too strict about missing keyword
   values in "relaxed" mode.
 - The PostScript filter incorrectly mirrored landscape
   documents.
 - The scheduler did not correctly update the
   auth-info-required value(s) if the AuthType was Default.
 - The scheduler required Kerberos authentication for
   all operations on remote Kerberized printers instead
   of just for the operations that needed it.
 - The socket backend could wait indefinitely for back-
   channel data with some devices.
 - PJL panel messages were not reset correctly on older
   printers (STR #2909)
 - cupsfilter used the wrong default path (STR #2908)
 - Fixed address matching for "BrowseAddress @IF(name)"
   (STR #2910)
 - Fixed compiles on AIX.
 - Firefox 3 did not work with the CUPS web interface in SSL
   mode (STR #2892)
 - Custom options with multiple parameters were not emitted
   correctly.
 - Refined the cupstestppd utility.
 - ppdEmit*() did not support custom JCL options (STR #2889)
 - The cupstestppd utility incorrectly reported missing
   "en" base translations (STR #2887)
 - Documentation updates (STR #2785, STR #2861, STR #2862)
 - The scheduler did not add the ending job sheet when the
   job was released.
 - The IPP backend did not relay marker-* attributes.
 - The CUPS GNOME/KDE menu item was not localized for
   Chinese (STR #2880)
 - The CUPS GNOME/KDE menu item was not localized for
   Japanese (STR #2876)
 - The cupstestppd utility reported mixed line endings for
   Mac OS and Windows PPD files (STR #2874)
 - The pdftops filter did not print landscape orientation PDF
   pages correctly on all printers (STR #2850)
 - The scheduler did not handle expiring of implicit classes
   or their members properly, leading to a configuration where
   one of the members would have a short name (STR #2766)
 - The scheduler and cupstestppd utilities did not support
   cupsFilter and cupsPreFilter programs with spaces in their
   names (STR #2866)
 - Removed unused variables and assignments found by the
   LLVM "clang" tool.
 - Added NULL checks recommended by the LLVM "clang" tool.
 - The scheduler would crash if you started a printer that
   pointed to a backend that did not exist (STR #2865)
 - The ppdLocalize functions incorrectly mapped all generic
   locales to country-specific locales.
 - The cups-driverd program did not support Simplified Chinese
   or Traditional Chinese language version strings (STR #2851)
 - Added an Indonesian translation (STR #2792)
 - Fixed a timing issue in the backends that could cause data
   corruption with the CUPS_SC_CMD_DRAIN_OUTPUT side-channel
   command (STR #2858)
 - The scheduler did not support "HostNameLookups" with all of
   the boolean names (STR #2861)
 - Fixed a compile problem with glibc 2.8 (STR #2860)
 - The PostScript filter did not support %%IncludeFeature lines
   in the page setup section of each page (STR #2831)
 - The scheduler did not generate printer-state events when the
   default printer was changed (STR #2764)
 - cupstestppd incorrectly reported a warning about the PPD format
   version in some locales (STR #2854)
 - cupsGetPPD() and friends incorrectly returned a PPD file for
   a class with no printers.
 - The member-uris values for local printers in a class returned
   by the scheduler did not reflect the connected hostname or
   port.
 - The CUPS PHP extension was not thread-safe (STR #2828)
 - The scheduler incorrectly added the document-format-default
   attribute to the list of "common" printer attributes, which
   over time would slow down the printing system (STR #2755,
   STR #2836)
 - The cups-deviced and cups-driverd helper programs did not set
   the CFProcessPath environment variable on Mac OS X (STR #2837)
 - "lpstat -p" could report the wrong job as printing (STR #2845)
 - The scheduler would crash when some cupsd.conf directives
   were missing values (STR #2849)
 - The web interface "move jobs" operation redirected users to
   the wrong URL (STR #2815)
 - The Polish web interface translation contained errors
   (STR #2815)
 - The scheduler did not report PostScript printer PPDs with
   filters as PostScript devices.
 - The scheduler did not set the job document-format attribute
   for jobs submitted using Create-Job and Send-Document.
 - cupsFileTell() did not work for log files opened in append
   mode (STR #2810)
 - The scheduler did not set QUERY_STRING all of the time
   for CGI scripts (STR #2781, STR #2816)
 - The scheduler now returns an error for bad job-sheets
   values (STR #2775)
 - Authenticated remote printing did not work over domain
   sockets (STR #2750)
 - The scheduler incorrectly logged errors for print filters
   when a job was canceled (STR #2806, #2808)
 - The scheduler no longer allows multiple RSS subscriptions
   with the same URI (STR #2789)
 - The scheduler now supports Kerberized printing with
   multiple server names (STR #2783)
 - "Satisfy any" did not work in IPP policies (STR #2782)
 - The CUPS imaging library would crash with very large
   images - more than 16Mx16M pixels (STR #2805)
 - The PNG image loading code would crash with large images
   (STR #2790)
 - The scheduler did not limit the total number of filters.
 - The scheduler now ensures that the RSS directory has
   the correct permissions.
 - The RSS notifier did not quote the feed URL in the RSS
   file it created (STR #2801)
 - The web interface allowed the creation and cancellation
   of RSS subscriptions without a username (STR #2774)
 - Increased the default MaxCopies value on Mac OS X to
   9999 to match the limit imposed by the print dialog.
 - The scheduler did not reject requests with an empty
   Content-Length field (STR #2787)
 - The scheduler did not log the current date and time and
   did not escape special characters in request URIs when
   logging bad requests to the access_log file (STR #2788)


To generate a diff of this commit:
cvs rdiff -r1.135 -r1.136 pkgsrc/print/cups/Makefile
cvs rdiff -r1.24 -r1.25 pkgsrc/print/cups/PLIST
cvs rdiff -r1.56 -r1.57 pkgsrc/print/cups/distinfo
cvs rdiff -r1.11 -r0 pkgsrc/print/cups/patches/patch-au

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.