Pullup ticket #5074 - requested by christos

devel/cvsps: security patch

Revisions pulled up:
- devel/cvsps/Makefile                                          1.27
- devel/cvsps/distinfo                                          1.14
- devel/cvsps/patches/patch-ag                                  1.2

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   christos
   Date:           Mon Jul 25 05:10:03 UTC 2016

   Modified Files:
           pkgsrc/devel/cvsps: Makefile distinfo
           pkgsrc/devel/cvsps/patches: patch-ag

   Log Message:
   Fix buffer overflow on long lines


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/devel/cvsps/Makefile
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/cvsps/distinfo
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/devel/cvsps/patches/patch-ag

3 files changed, 91 insertions, 9 deletions

diff --git a/devel/cvsps/Makefile b/devel/cvsps/Makefile
index b18c7239b32..f899c9f358a 100644
--- a/devel/cvsps/Makefile
+++ b/devel/cvsps/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.26 2014/10/09 14:06:08 wiz Exp $
+# $NetBSD: Makefile,v 1.26.14.1 2016/07/28 12:56:35 spz Exp $
 #
 
 DISTNAME=	cvsps-2.1
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	devel scm
 MASTER_SITES=	${HOMEPAGE}
 
diff --git a/devel/cvsps/distinfo b/devel/cvsps/distinfo
index 43e39f2d088..d17d2a1e1ab 100644
--- a/devel/cvsps/distinfo
+++ b/devel/cvsps/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2015/11/03 03:27:21 agc Exp $
+$NetBSD: distinfo,v 1.13.6.1 2016/07/28 12:56:35 spz Exp $
 
 SHA1 (cvsps-2.1.tar.gz) = a53a62b121e7b86e07a393bcb8aa4f0492a747c4
 RMD160 (cvsps-2.1.tar.gz) = a3063f638fbf1136761549658432d5842e4a766f
@@ -10,4 +10,4 @@ SHA1 (patch-ac) = 07f6d1955c0fde42784f8891b1136f12fa5dbfa4
 SHA1 (patch-ad) = 20d84dc236a5c259677fdf68268de5bb64e6d26f
 SHA1 (patch-ae) = 345036b4021f90a2f6629a5d32e85caa786d961f
 SHA1 (patch-af) = d32eb67ede1d81ee3abe55a7f94515fcf3ea93cf
-SHA1 (patch-ag) = 38ea212acde5e07aee33413c79f893e311ebb85e
+SHA1 (patch-ag) = c68adbb42938ecb2f42c55bc9be0aa6db3b013f9
diff --git a/devel/cvsps/patches/patch-ag b/devel/cvsps/patches/patch-ag
index abc5dcabf82..c79e1132bca 100644
--- a/devel/cvsps/patches/patch-ag
+++ b/devel/cvsps/patches/patch-ag
@@ -1,14 +1,96 @@
-$NetBSD: patch-ag,v 1.1 2012/06/29 14:59:24 christos Exp $
+$NetBSD: patch-ag,v 1.1.34.1 2016/07/28 12:56:35 spz Exp $
 
---- cvs_direct.c.orig	2012-06-28 17:52:13.000000000 -0400
-+++ cvs_direct.c	2012-06-28 17:52:51.000000000 -0400
-@@ -916,7 +916,9 @@
+Keep reading for M
+Avoid buffer overflow (truncate).
+
+--- cvs_direct.c.orig	2005-05-25 23:39:40.000000000 -0400
++++ cvs_direct.c	2016-07-25 01:06:39.000000000 -0400
+@@ -45,7 +45,7 @@
+ static void send_string(CvsServerCtx *, const char *, ...);
+ static int read_response(CvsServerCtx *, const char *);
+ static void ctx_to_fp(CvsServerCtx * ctx, FILE * fp);
+-static int read_line(CvsServerCtx * ctx, char * p);
++static int read_line(CvsServerCtx * ctx, char * p, size_t);
+ 
+ static CvsServerCtx * open_ctx_pserver(CvsServerCtx *, const char *);
+ static CvsServerCtx * open_ctx_forked(CvsServerCtx *, const char *);
+@@ -131,7 +131,7 @@
+ 	send_string(ctx, "valid-requests\n");
+ 
+ 	/* check for the commands we will issue */
+-	read_line(ctx, buff);
++	read_line(ctx, buff, sizeof(buff));
+ 	if (strncmp(buff, "Valid-requests", 14) != 0)
+ 	{
+ 	    debug(DEBUG_APPERROR, "cvs_direct: bad response to valid-requests command");
+@@ -150,7 +150,7 @@
+ 	    return NULL;
+ 	}
+ 	
+-	read_line(ctx, buff);
++	read_line(ctx, buff, sizeof(buff));
+ 	if (strcmp(buff, "ok") != 0)
+ 	{
+ 	    debug(DEBUG_APPERROR, "cvs_direct: bad ok trailer to valid-requests command");
+@@ -661,7 +661,7 @@
+     return len;
+ }
+ 
+-static int read_line(CvsServerCtx * ctx, char * p)
++static int read_line(CvsServerCtx * ctx, char * p, size_t size)
+ {
+     int len = 0;
+     while (1)
+@@ -672,7 +672,7 @@
+ 
+ 	*p = *ctx->head++;
+ 
+-	if (*p == '\n')
++	if (*p == '\n' || len >= size - 1)
+ 	{
+ 	    *p = 0;
+ 	    break;
+@@ -689,7 +689,7 @@
+     /* FIXME: more than 1 char at a time */
+     char resp[BUFSIZ];
+ 
+-    if (read_line(ctx, resp) < 0)
++    if (read_line(ctx, resp, sizeof(resp)) < 0)
+ 	return 0;
+ 
+     debug(DEBUG_TCP, "response '%s' read", resp);
+@@ -703,7 +703,7 @@
+ 
+     while (1)
+     {
+-	read_line(ctx, line);
++	read_line(ctx, line, sizeof(line));
+ 	debug(DEBUG_TCP, "ctx_to_fp: %s", line);
+ 	if (memcmp(line, "M ", 2) == 0)
+ 	{
+@@ -879,7 +879,7 @@
+     char lbuff[BUFSIZ];
+     int len;
+ 
+-    len = read_line(ctx, lbuff);
++    len = read_line(ctx, lbuff, sizeof(lbuff));
+     debug(DEBUG_TCP, "cvs_direct: rlog: read %s", lbuff);
+ 
+     if (memcmp(lbuff, "M ", 2) == 0)
+@@ -910,13 +910,15 @@
+     char lbuff[BUFSIZ];
+     strcpy(client_version, "Client: Concurrent Versions System (CVS) 99.99.99 (client/server) cvs-direct");
+     send_string(ctx, "version\n");
+-    read_line(ctx, lbuff);
++    read_line(ctx, lbuff, sizeof(lbuff));
+     if (memcmp(lbuff, "M ", 2) == 0)
+ 	sprintf(server_version, "Server: %s", lbuff + 2);
      else
  	debug(DEBUG_APPERROR, "cvs_direct: didn't read version: %s", lbuff);
      
 -    read_line(ctx, lbuff);
 +    do
-+	read_line(ctx, lbuff);
++	read_line(ctx, lbuff, sizeof(lbuff));
 +    while(memcmp(lbuff, "M ", 2) == 0);
      if (strcmp(lbuff, "ok") != 0)
  	debug(DEBUG_APPERROR, "cvs_direct: protocol error reading version");