Update to 1.11.20.

NOTE: currently without IPv6 support, until there is an updated KAME patch
for it.

Changes:

Changes since 1.11.19:
**********************

SERVER SECURITY FIXES

* Thanks to a report from Alen Zukich, several minor
  security issues have been addressed.  One was a buffer overflow that is
  potentially serious but which may not be exploitable, assigned CAN-2005-0753
  by the Common Vulnerabilities and Exposures Project
  <http://www.cve.mitre.org>.  Other fixes resulting from Alen's report include
  repair of an arbitrary free with no known exploit and several plugged memory
  leaks and potentially freed NULL pointers which may have been exploitable for
  a denial of service attack.

* Thanks to a report from Craig Monson, minor
  potential vulnerabilities in the contributed Perl scripts have been fixed.
  The confirmed vulnerability could allow the execution of arbitrary code on
  the CVS server, but only if a user already had commit access and if one of
  the contrib scripts was installed improperly, a condition which should have
  been quickly visible to any administrator.  The complete description of the
  problem is here: <https://ccvs.cvshome.org/issues/show_bug.cgi?id=224>.  If
  you were making use of any of the contributed trigger scripts on a CVS
  server, you should probably still replace them with the new versions, to be
  on the safe side.

  Unfortunately, our fix is incomplete.  Taint-checking has been enabled in all
  the contributed Perl scripts intended to be run as trigger scripts, but no
  attempt has been made to ensure that they still run in taint mode.  You will
  most likely have to tweak the scripts in some way to make them run.  Please
  send any patches you find necessary back to <bug-cvs@gnu.org> so that we may
  again ship fully enabled scripts in the future.

  You should also make sure that any home-grown Perl scripts that you might
  have installed as CVS triggers also have taint-checking enabled.  This can be
  done by adding `-T' on the scripts' #! lines.  Please try running
  `perldoc perlsec' if you would like more information on general Perl security
  and taint-checking.

BUG FIXES

* Thanks to a report and a patch from Georg Scwharz
  CVS now builds without error on IRIX 5.3

DEVELOPER ISSUES

* We've standardized on Automake 1.9.5 to get some at new features that make
  our jobs easier.  See the HACKING file for more on using the autotools with
  CVS.

1 files changed, 6 insertions, 6 deletions

diff --git a/devel/cvs/Makefile b/devel/cvs/Makefile
index 7a5318a8aa2..aabd76530f0 100644
--- a/devel/cvs/Makefile
+++ b/devel/cvs/Makefile
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.83 2005/04/11 21:45:19 tv Exp $
+# $NetBSD: Makefile,v 1.84 2005/04/19 12:39:18 wiz Exp $
 #
 
-DISTNAME=	cvs-1.11.19
+DISTNAME=	cvs-1.11.20
 CATEGORIES=	devel
 # (SSL) download URL according to http://www.cvshome.org/ is
-# https://ccvs.cvshome.org/files/documents/19/742/cvs-1.11.19.tar.bz2
-MASTER_SITES=	http://distro.ibiblio.org/pub/linux/distributions/sorcerer/sources/cvs/1.11.19/ \
-		${MASTER_SITE_BACKUP}
+# https://ccvs.cvshome.org/files/documents/19/861/cvs-1.11.20.tar.bz2
+MASTER_SITES=	${MASTER_SITE_BACKUP}
 EXTRACT_SUFX=	.tar.bz2
 
 MAINTAINER=	wiz@NetBSD.org
@@ -24,7 +23,8 @@ BUILD_DEFS+=		USE_INET6
 .if defined(USE_INET6) && !empty(USE_INET6:M[yY][eE][sS]) && \
     empty(MACHINE_PLATFORM:MSunOS-5.[89]-*) && \
     empty(MACHINE_PLATFORM:MSunOS-5.10-*) && \
-    empty(MACHINE_PLATFORM:MLinux-*)
+    empty(MACHINE_PLATFORM:MLinux-*) && \
+    defined(NOT_YET_AVAILABLE_FOR_CVS_1_11_20)
 CONFIGURE_ARGS+=	--enable-ipv6
 PATCH_SITES=		ftp://ftp.kame.net/pub/kame/misc/
 PATCHFILES=		cvs-1.11.19-v6-20050205.diff.gz