diff options
author | wiz <wiz@pkgsrc.org> | 2004-05-22 10:38:06 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2004-05-22 10:38:06 +0000 |
commit | 7100c44a2a0dbc736654cd2e733e9b1a64c99a47 (patch) | |
tree | 4adfd56c3bd56d0ca4881fcf0a63cbb0353744c2 | |
parent | 16dfeecb8c0746a7bd7c769392ed55cbf8c3ea8b (diff) | |
download | pkgsrc-7100c44a2a0dbc736654cd2e733e9b1a64c99a47.tar.gz |
Update to 1.11.16:
Changes since 1.11.15:
**********************
SERVER SECURITY FIXES
* A potential buffer overflow vulnerability in the server has been fixed.
Prior to this patch, a malicious client could potentially use carefully
crafted server requests to run arbitrary programs on the CVS server machine.
This addresses the Common Vulnerabilities and Exposures Project's issue
#CAN-2004-0396. Please see <http://www.cve.mitre.org> for more information.
BUG FIXES
* The Microsoft Visual C++ workspace and project files have been repaired and
regenerated with MSVC++ 6.0.
* The cvs.1 man page is now generated automatically from a section of the CVS
Manual.
* Thanks to a report from Mark Andrews at the Internet Systems Consortium, the
:ext: connection method no longer relies on a transparent transport that uses
an argument processor that can handle arbitrary ordering of options and other
arguments when using a username other than the caller's.
* Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release'
or empty directory pruning, now works on network shares under Windows XP.
-rw-r--r-- | devel/cvs/Makefile | 6 | ||||
-rw-r--r-- | devel/cvs/distinfo | 26 | ||||
-rw-r--r-- | devel/cvs/patches/patch-aa | 6 | ||||
-rw-r--r-- | devel/cvs/patches/patch-ab | 6 | ||||
-rw-r--r-- | devel/cvs/patches/patch-af | 6 | ||||
-rw-r--r-- | devel/cvs/patches/patch-al | 6 | ||||
-rw-r--r-- | devel/cvs/patches/patch-am | 6 | ||||
-rw-r--r-- | devel/cvs/patches/patch-ar | 10 | ||||
-rw-r--r-- | devel/cvs/patches/patch-at | 12 | ||||
-rw-r--r-- | devel/cvs/patches/patch-au | 14 |
10 files changed, 49 insertions, 49 deletions
diff --git a/devel/cvs/Makefile b/devel/cvs/Makefile index 6d9c717ab2b..f4ad16299e2 100644 --- a/devel/cvs/Makefile +++ b/devel/cvs/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.76 2004/04/15 22:28:36 wiz Exp $ +# $NetBSD: Makefile,v 1.77 2004/05/22 10:38:06 wiz Exp $ # -DISTNAME= cvs-1.11.15 +DISTNAME= cvs-1.11.16 CATEGORIES= devel MASTER_SITES= http://www.cvshome.org/files/19/10/ \ http://ftp.cvshome.org/release/stable/${DISTNAME}/ @@ -25,7 +25,7 @@ BUILD_DEFS+= USE_INET6 empty(MACHINE_PLATFORM:MLinux-*) CONFIGURE_ARGS+= --enable-ipv6 PATCH_SITES= ftp://ftp.kame.net/pub/kame/misc/ -PATCHFILES= cvs-1.11.15-v6-20040416.diff.gz +PATCHFILES= cvs-1.11.16-v6-20040521.diff.gz PATCH_DIST_STRIP= -p1 .else CONFIGURE_ARGS+= --disable-ipv6 diff --git a/devel/cvs/distinfo b/devel/cvs/distinfo index c0e078b1584..2279c934a29 100644 --- a/devel/cvs/distinfo +++ b/devel/cvs/distinfo @@ -1,27 +1,27 @@ -$NetBSD: distinfo,v 1.19 2004/04/15 22:28:36 wiz Exp $ +$NetBSD: distinfo,v 1.20 2004/05/22 10:38:06 wiz Exp $ -SHA1 (cvs-1.11.15.tar.bz2) = 7287488d7f01303b67def79e8685eb3d3eace5fb -Size (cvs-1.11.15.tar.bz2) = 2248876 bytes -SHA1 (cvs-1.11.15-v6-20040416.diff.gz) = d2dcbe131b5f6fdc26fa8255b6063fa34129eb2d -Size (cvs-1.11.15-v6-20040416.diff.gz) = 12806 bytes -SHA1 (patch-aa) = 01f2d7bc29a97cd2d971b436483285c5206ca27a -SHA1 (patch-ab) = df6220fb19bafc9fd8b623213151ae0c212e3263 +SHA1 (cvs-1.11.16.tar.bz2) = 4039da2b3e7570a26760fdc389c7eb97e86fd22e +Size (cvs-1.11.16.tar.bz2) = 2268160 bytes +SHA1 (cvs-1.11.16-v6-20040521.diff.gz) = 80eba2b51111d6019b898210f9ff140d207b7c91 +Size (cvs-1.11.16-v6-20040521.diff.gz) = 12823 bytes +SHA1 (patch-aa) = 54f4e33a268bb9f65ed7b832a32de83abdc9f9e1 +SHA1 (patch-ab) = dc38ec5a77905f754d707fe2bfb76475c6fd537f SHA1 (patch-ac) = c2142c0fab9603bf8d605fa53957d50bb0b40b3d SHA1 (patch-ae) = d924435a3622da0fb7733e5abd56c42141ec99a2 -SHA1 (patch-af) = 91e4891622b663252810bae405ad570b7e200f56 +SHA1 (patch-af) = 91909b9b0fd0052c65ea01638087023ddf5fdf8c SHA1 (patch-ah) = 38a1757ef83789bb780a83bde95c2c6e8f65e1ca SHA1 (patch-ai) = 4427e59513bd0d3c8b479a270c8c4e0a41db9c88 SHA1 (patch-ak) = 9d8b5633a589d0e423f0da8bf029f9141604738b -SHA1 (patch-al) = 6948d49370f0dbf16bc502df4ed2851d4e84f658 -SHA1 (patch-am) = 87fc84a28628576858d6269fcd2eeb506b74aaba +SHA1 (patch-al) = dc5900560304190bc6534d9b5b031ef852ab84ef +SHA1 (patch-am) = 50b2c6156198a01494967f72cd95063d17721a49 SHA1 (patch-an) = a6af5d54800c56a5fedfc1e195faa5f6b0815174 SHA1 (patch-ao) = ca6a926a7059c5056667038547abea6a66715368 SHA1 (patch-ap) = cca991b0856a3a96718288742d0e1a765b9f435c SHA1 (patch-aq) = 53c53dd6cb6fb99abba20d9b020cae7a606f5e3b -SHA1 (patch-ar) = 25dedc956deeb34da2eb0ec967be4eb019709d37 +SHA1 (patch-ar) = 92312b3da05441645cac7a16ebdbdbdc0ad95d67 SHA1 (patch-as) = 406f56419556d9953ddf0ca7bff5fd14a6e55689 -SHA1 (patch-at) = 75c4ea5a2fd211aa6a2a9630c434d9f0ca531047 -SHA1 (patch-au) = e1491b0a95d6eb2fb5e45c9be6d26432ed1328e6 +SHA1 (patch-at) = 179a6aa982fd2f599bc1a62a9e7c6e78a80bfd00 +SHA1 (patch-au) = 4b27ff2eed743f47162f117c822646e26027a9d4 SHA1 (patch-av) = ca8e5c4885430f5f5f14d61bf32788c2bb2e1ee0 SHA1 (patch-ay) = 7a0ee5bf1707afeaeb9092ce3faf7fc594044a2b SHA1 (patch-az) = 6cd82e3608e62beb8f2aa8e64f115008359abaa7 diff --git a/devel/cvs/patches/patch-aa b/devel/cvs/patches/patch-aa index 002b06f4f03..e2a5adc42ca 100644 --- a/devel/cvs/patches/patch-aa +++ b/devel/cvs/patches/patch-aa @@ -1,6 +1,6 @@ -$NetBSD: patch-aa,v 1.9 2004/03/04 20:54:40 wiz Exp $ +$NetBSD: patch-aa,v 1.10 2004/05/22 10:38:06 wiz Exp $ ---- Makefile.in.orig Fri Feb 13 16:27:51 2004 +--- Makefile.in.orig 2004-05-19 16:05:42.000000000 +0200 +++ Makefile.in @@ -142,7 +142,7 @@ target_alias = @target_alias@ @@ -11,7 +11,7 @@ $NetBSD: patch-aa,v 1.9 2004/03/04 20:54:40 wiz Exp $ # All other subdirs: SUBDIRS = $(USOURCE_SUBDIRS) man doc contrib tools \ windows-NT os2 emx vms -@@ -171,7 +171,7 @@ subdir = . +@@ -172,7 +172,7 @@ subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = config.h diff --git a/devel/cvs/patches/patch-ab b/devel/cvs/patches/patch-ab index e7b83e53100..89fe73c5247 100644 --- a/devel/cvs/patches/patch-ab +++ b/devel/cvs/patches/patch-ab @@ -1,8 +1,8 @@ -$NetBSD: patch-ab,v 1.11 2004/04/15 22:28:36 wiz Exp $ +$NetBSD: patch-ab,v 1.12 2004/05/22 10:38:06 wiz Exp $ ---- doc/cvs.texinfo.orig Wed Apr 7 02:46:57 2004 +--- doc/cvs.texinfo.orig 2004-05-14 20:50:08.000000000 +0200 +++ doc/cvs.texinfo -@@ -13450,6 +13450,11 @@ CPU intensive but is not recommended for +@@ -13500,6 +13500,11 @@ CPU intensive but is not recommended for @xref{verifymsg}, for more information on how verifymsg may be used. diff --git a/devel/cvs/patches/patch-af b/devel/cvs/patches/patch-af index be7541096d4..ba2deb785a1 100644 --- a/devel/cvs/patches/patch-af +++ b/devel/cvs/patches/patch-af @@ -1,8 +1,8 @@ -$NetBSD: patch-af,v 1.9 2004/04/15 22:28:36 wiz Exp $ +$NetBSD: patch-af,v 1.10 2004/05/22 10:38:06 wiz Exp $ ---- src/update.c.orig Mon Mar 22 18:20:26 2004 +--- src/update.c.orig 2004-05-04 19:25:54.000000000 +0200 +++ src/update.c -@@ -1349,11 +1349,18 @@ VERS: ", 0); +@@ -1359,11 +1359,18 @@ VERS: ", 0); xchmod (finfo->file, 1); else { diff --git a/devel/cvs/patches/patch-al b/devel/cvs/patches/patch-al index d1c72c36511..3c156c29fe3 100644 --- a/devel/cvs/patches/patch-al +++ b/devel/cvs/patches/patch-al @@ -1,8 +1,8 @@ -$NetBSD: patch-al,v 1.8 2004/04/15 22:28:36 wiz Exp $ +$NetBSD: patch-al,v 1.9 2004/05/22 10:38:06 wiz Exp $ ---- src/client.c.orig Sun Apr 11 17:46:22 2004 +--- src/client.c.orig 2004-05-22 12:21:08.000000000 +0200 +++ src/client.c -@@ -4481,6 +4481,16 @@ start_server () +@@ -4511,6 +4511,16 @@ start_server () error (1, 0, "This server does not support the global -n option."); } diff --git a/devel/cvs/patches/patch-am b/devel/cvs/patches/patch-am index 3968fe8654b..8fca1dcbe46 100644 --- a/devel/cvs/patches/patch-am +++ b/devel/cvs/patches/patch-am @@ -1,6 +1,6 @@ -$NetBSD: patch-am,v 1.10 2004/04/15 22:28:36 wiz Exp $ +$NetBSD: patch-am,v 1.11 2004/05/22 10:38:06 wiz Exp $ ---- src/cvs.h.orig Thu Apr 1 20:53:22 2004 +--- src/cvs.h.orig 2004-05-08 22:45:19.000000000 +0200 +++ src/cvs.h @@ -368,6 +368,7 @@ extern int really_quiet, quiet; extern int use_editor; @@ -18,7 +18,7 @@ $NetBSD: patch-am,v 1.10 2004/04/15 22:28:36 wiz Exp $ extern int logoff; /* Don't write history entry */ extern int top_level_admin; -@@ -681,6 +683,7 @@ void sleep_past PROTO ((time_t desttime) +@@ -680,6 +682,7 @@ void sleep_past PROTO ((time_t desttime) #define RUN_STDOUT_APPEND 0x0004 /* append to stdout, don't truncate */ #define RUN_STDERR_APPEND 0x0008 /* append to stderr, don't truncate */ #define RUN_SIGIGNORE 0x0010 /* ignore interrupts for command */ diff --git a/devel/cvs/patches/patch-ar b/devel/cvs/patches/patch-ar index 2f71d83176d..e936f73e3fa 100644 --- a/devel/cvs/patches/patch-ar +++ b/devel/cvs/patches/patch-ar @@ -1,6 +1,6 @@ -$NetBSD: patch-ar,v 1.12 2004/04/15 22:28:36 wiz Exp $ +$NetBSD: patch-ar,v 1.13 2004/05/22 10:38:06 wiz Exp $ ---- src/server.c.orig Tue Apr 6 22:20:55 2004 +--- src/server.c.orig 2004-05-22 12:21:08.000000000 +0200 +++ src/server.c @@ -773,6 +773,7 @@ E Protocol error: Root says \"%s\" but p nothing. But for rsh, we need to do it now. */ @@ -18,7 +18,7 @@ $NetBSD: patch-ar,v 1.12 2004/04/15 22:28:36 wiz Exp $ #ifdef HAVE_PUTENV env = xmalloc (strlen (CVSROOT_ENV) + strlen (current_parsed_root->directory) + 2); -@@ -2174,8 +2176,12 @@ serve_global_option (arg) +@@ -2212,8 +2214,12 @@ serve_global_option (arg) break; case 'n': noexec = 1; @@ -31,7 +31,7 @@ $NetBSD: patch-ar,v 1.12 2004/04/15 22:28:36 wiz Exp $ case 'q': quiet = 1; break; -@@ -5198,6 +5204,7 @@ switch_to_user (cvs_username, username) +@@ -5236,6 +5242,7 @@ switch_to_user (cvs_username, username) const char *username; { struct passwd *pw; @@ -39,7 +39,7 @@ $NetBSD: patch-ar,v 1.12 2004/04/15 22:28:36 wiz Exp $ pw = getpwnam (username); if (pw == NULL) -@@ -5276,7 +5283,15 @@ error 0 %s: no such system user\n", user +@@ -5314,7 +5321,15 @@ error 0 %s: no such system user\n", user } } diff --git a/devel/cvs/patches/patch-at b/devel/cvs/patches/patch-at index 5a3967d9cc5..75ce7101a58 100644 --- a/devel/cvs/patches/patch-at +++ b/devel/cvs/patches/patch-at @@ -1,6 +1,6 @@ -$NetBSD: patch-at,v 1.10 2004/04/15 22:28:36 wiz Exp $ +$NetBSD: patch-at,v 1.11 2004/05/22 10:38:06 wiz Exp $ ---- src/logmsg.c.orig Fri Mar 19 21:35:29 2004 +--- src/logmsg.c.orig 2004-03-19 21:35:29.000000000 +0100 +++ src/logmsg.c @@ -226,6 +226,8 @@ do_editor (dir, messagep, repository, ch (*messagep)[strlen (*messagep) - 1] != '\n') @@ -20,11 +20,10 @@ $NetBSD: patch-at,v 1.10 2004/04/15 22:28:36 wiz Exp $ error (editinfo_editor ? 1 : 0, retcode == -1 ? errno : 0, editinfo_editor ? "Logfile verification failed" : "warning: editor session failed"); -@@ -684,6 +686,15 @@ title_proc (p, closure) - xrealloc (str_list, +@@ -685,6 +687,15 @@ title_proc (p, closure) strlen (str_list) + strlen (p->key) + 5); (void) strcat (str_list, p->key); -+ break; + break; + case 't': + str_list = + xrealloc (str_list, @@ -33,6 +32,7 @@ $NetBSD: patch-at,v 1.10 2004/04/15 22:28:36 wiz Exp $ + + 10) + ); + (void) strcat (str_list, (li->tag ? li->tag : "")); - break; ++ break; case 'V': str_list = + xrealloc (str_list, diff --git a/devel/cvs/patches/patch-au b/devel/cvs/patches/patch-au index 85cc3f207bd..56d3f05c379 100644 --- a/devel/cvs/patches/patch-au +++ b/devel/cvs/patches/patch-au @@ -1,8 +1,8 @@ -$NetBSD: patch-au,v 1.7 2004/04/15 22:28:36 wiz Exp $ +$NetBSD: patch-au,v 1.8 2004/05/22 10:38:06 wiz Exp $ ---- src/commit.c.orig Thu Apr 1 20:53:22 2004 +--- src/commit.c.orig 2004-05-05 18:10:30.000000000 +0200 +++ src/commit.c -@@ -1020,7 +1020,9 @@ warning: file `%s' seems to still contai +@@ -1030,7 +1030,9 @@ warning: file `%s' seems to still contai xmalloc (sizeof (struct logfile_info))); li->type = status; li->tag = xstrdup (vers->tag); @@ -13,12 +13,12 @@ $NetBSD: patch-au,v 1.7 2004/04/15 22:28:36 wiz Exp $ li->rev_new = NULL; p->data = li; (void) addnode (ulist, p); -@@ -1168,7 +1170,7 @@ precommit_proc (repository, filter) +@@ -1182,7 +1184,7 @@ precommit_proc (repository, filter) run_setup (filter); run_arg (repository); (void) walklist (saved_ulist, precommit_list_proc, NULL); -- return (run_exec (RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL|RUN_REALLY)); -+ return (run_exec (RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL|RUN_REALLY|RUN_UNSETXID)); +- return run_exec (RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL|RUN_REALLY); ++ return run_exec (RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL|RUN_REALLY|RUN_UNSETXID); } - /* + |