diff options
| author | salo <salo@pkgsrc.org> | 2005-04-22 14:39:14 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2005-04-22 14:39:14 +0000 |
| commit | 89fe5f2f38fce2c6018671995541f677c34444c2 (patch) | |
| tree | a89049ef3b003160ddc6a0d3aeaec4c3484fb8da /devel | |
| parent | d09f45d153da0a4331dbec1793157233949b7256 (diff) | |
| download | pkgsrc-89fe5f2f38fce2c6018671995541f677c34444c2.tar.gz | |
Pullup ticket 464 - requested by Thomas Klausner
security update for cvs
Revisions pulled up:
- pkgsrc/devel/cvs/Makefile 1.84
- pkgsrc/devel/cvs/distinfo 1.26
- pkgsrc/devel/cvs/patches/patch-ab 1.15
- pkgsrc/devel/cvs/patches/patch-ae 1.10
- pkgsrc/devel/cvs/patches/patch-af 1.12
- pkgsrc/devel/cvs/patches/patch-ag 1.6
- pkgsrc/devel/cvs/patches/patch-ai 1.9
- pkgsrc/devel/cvs/patches/patch-al 1.11
- pkgsrc/devel/cvs/patches/patch-ar 1.16
- pkgsrc/devel/cvs/patches/patch-as 1.8
- pkgsrc/devel/cvs/patches/patch-az 1.9
Module Name: pkgsrc
Committed By: wiz
Date: Tue Apr 19 12:39:18 UTC 2005
Modified Files:
pkgsrc/devel/cvs: Makefile distinfo
pkgsrc/devel/cvs/patches: patch-ab patch-ae patch-af patch-ag
patch-ai patch-al patch-ar patch-as patch-az
Log Message:
Update to 1.11.20.
NOTE: currently without IPv6 support, until there is an updated KAME
patch for it.
Changes:
Changes since 1.11.19:
**********************
SERVER SECURITY FIXES
* Thanks to a report from Alen Zukich, several minor security issues
have been addressed. One was a buffer overflow that is potentially
serious but which may not be exploitable, assigned CAN-2005-0753 by
the Common Vulnerabilities and Exposures Project
<http://www.cve.mitre.org>. Other fixes resulting from Alen's report
include repair of an arbitrary free with no known exploit and several
plugged memory leaks and potentially freed NULL pointers which may
have been exploitable for a denial of service attack.
* Thanks to a report from Craig Monson, minor potential
vulnerabilities in the contributed Perl scripts have been fixed.
The confirmed vulnerability could allow the execution of arbitrary
code on the CVS server, but only if a user already had commit access
and if one of the contrib scripts was installed improperly,
a condition which should have been quickly visible to any
administrator. The complete description of the problem is here:
<https://ccvs.cvshome.org/issues/show_bug.cgi?id=224>. If you were
making use of any of the contributed trigger scripts on a CVS server,
you should probably still replace them with the new versions, to be
on the safe side.
Unfortunately, our fix is incomplete. Taint-checking has been
enabled in all the contributed Perl scripts intended to be run as
trigger scripts, but no attempt has been made to ensure that they
still run in taint mode. You will most likely have to tweak the
scripts in some way to make them run. Please send any patches you
find necessary back to <bug-cvs@gnu.org> so that we may again ship
fully enabled scripts in the future.
You should also make sure that any home-grown Perl scripts that you
might have installed as CVS triggers also have taint-checking enabled.
This can be done by adding `-T' on the scripts' #! lines. Please try
running `perldoc perlsec' if you would like more information on
general Perl security and taint-checking.
BUG FIXES
* Thanks to a report and a patch from Georg Scwharz
CVS now builds without error on IRIX 5.3
DEVELOPER ISSUES
* We've standardized on Automake 1.9.5 to get some at new features
that make our jobs easier. See the HACKING file for more on using
the autotools with CVS.
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/cvs/Makefile | 12 | ||||
| -rw-r--r-- | devel/cvs/distinfo | 26 | ||||
| -rw-r--r-- | devel/cvs/patches/patch-ab | 6 | ||||
| -rw-r--r-- | devel/cvs/patches/patch-ae | 16 | ||||
| -rw-r--r-- | devel/cvs/patches/patch-af | 6 | ||||
| -rw-r--r-- | devel/cvs/patches/patch-ag | 17 | ||||
| -rw-r--r-- | devel/cvs/patches/patch-ai | 6 | ||||
| -rw-r--r-- | devel/cvs/patches/patch-al | 6 | ||||
| -rw-r--r-- | devel/cvs/patches/patch-ar | 14 | ||||
| -rw-r--r-- | devel/cvs/patches/patch-as | 6 | ||||
| -rw-r--r-- | devel/cvs/patches/patch-az | 8 |
11 files changed, 62 insertions, 61 deletions
diff --git a/devel/cvs/Makefile b/devel/cvs/Makefile index b190c3b3ac3..4872fb3e896 100644 --- a/devel/cvs/Makefile +++ b/devel/cvs/Makefile @@ -1,12 +1,11 @@ -# $NetBSD: Makefile,v 1.82 2005/03/01 15:36:48 wiz Exp $ +# $NetBSD: Makefile,v 1.82.2.1 2005/04/22 14:39:14 salo Exp $ # -DISTNAME= cvs-1.11.19 +DISTNAME= cvs-1.11.20 CATEGORIES= devel # (SSL) download URL according to http://www.cvshome.org/ is -# https://ccvs.cvshome.org/files/documents/19/742/cvs-1.11.19.tar.bz2 -MASTER_SITES= http://distro.ibiblio.org/pub/linux/distributions/sorcerer/sources/cvs/1.11.19/ \ - ${MASTER_SITE_BACKUP} +# https://ccvs.cvshome.org/files/documents/19/861/cvs-1.11.20.tar.bz2 +MASTER_SITES= ${MASTER_SITE_BACKUP} EXTRACT_SUFX= .tar.bz2 MAINTAINER= wiz@NetBSD.org @@ -25,7 +24,8 @@ BUILD_DEFS+= USE_INET6 .if defined(USE_INET6) && !empty(USE_INET6:M[yY][eE][sS]) && \ empty(MACHINE_PLATFORM:MSunOS-5.[89]-*) && \ empty(MACHINE_PLATFORM:MSunOS-5.10-*) && \ - empty(MACHINE_PLATFORM:MLinux-*) + empty(MACHINE_PLATFORM:MLinux-*) && \ + defined(NOT_YET_AVAILABLE_FOR_CVS_1_11_20) CONFIGURE_ARGS+= --enable-ipv6 PATCH_SITES= ftp://ftp.kame.net/pub/kame/misc/ PATCHFILES= cvs-1.11.19-v6-20050205.diff.gz diff --git a/devel/cvs/distinfo b/devel/cvs/distinfo index 6f660cbe3d5..672f1c6099b 100644 --- a/devel/cvs/distinfo +++ b/devel/cvs/distinfo @@ -1,31 +1,31 @@ -$NetBSD: distinfo,v 1.25 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: distinfo,v 1.25.2.1 2005/04/22 14:39:14 salo Exp $ -SHA1 (cvs-1.11.19.tar.bz2) = 0d5e93a4380d02d4b6b41259b538c05d04d9d633 -RMD160 (cvs-1.11.19.tar.bz2) = 3a499e4dd32e4302e61e282ede48598bab0997fa -Size (cvs-1.11.19.tar.bz2) = 2392762 bytes +SHA1 (cvs-1.11.20.tar.bz2) = 47f51a96b5a73e18c96f431f3c494735aa9c0236 +RMD160 (cvs-1.11.20.tar.bz2) = 4f926d661b35dc1bafb5ee5f98487289a907d34d +Size (cvs-1.11.20.tar.bz2) = 2414744 bytes SHA1 (cvs-1.11.19-v6-20050205.diff.gz) = 5cd1519d99c8a6bc124fd5e4daaf5202cde87f07 RMD160 (cvs-1.11.19-v6-20050205.diff.gz) = a6c304badf71464798311f121f3eb2df50501c2f Size (cvs-1.11.19-v6-20050205.diff.gz) = 13004 bytes SHA1 (patch-aa) = 57bcc59a51d44f436d2f79a0752e44e317589650 -SHA1 (patch-ab) = 4a539ac6e37e3dc48ab0c427487806e2f3ff78ae +SHA1 (patch-ab) = 3c5ff65e7a087b2e73e933366aae99b6b5549371 SHA1 (patch-ac) = 4da02fe019da9721afe6f9af0cd1db44214b575e SHA1 (patch-ad) = da297e6f5f1a8ad4cf0c47f7b57f6bbb860ea64c -SHA1 (patch-ae) = 2fcd5c228c0e18a2ea54f0bcee29e200193544c0 -SHA1 (patch-af) = af7e1f8dba74b40129d623b096ddf5a6c5dbefb4 -SHA1 (patch-ag) = e5c273fb784c5e340cbdf7ff182a6ae09c93dc4f +SHA1 (patch-ae) = 3c9083c3d6532505efc530845feaee70158569b5 +SHA1 (patch-af) = 2f809d054c0b215a6668eda3b18e3ea2c5dfab27 +SHA1 (patch-ag) = 5dd358a7dbf5db402d3e56faf49e8748afdd05f2 SHA1 (patch-ah) = 47b9f55979ed65844efe22fb614b105ae247408d -SHA1 (patch-ai) = ef52993cef430675f3efd09ae37cee522fd93369 +SHA1 (patch-ai) = d51b3f1429e73156cbfb7e0480a34ac6ce7a208d SHA1 (patch-ak) = dc51b6899005cbfdbad1876060c7ef53cce3156f -SHA1 (patch-al) = 7f223fd872f96788af499743f07e49d45d64715f +SHA1 (patch-al) = 3f20d43ed1423ae6e811d9ec2d35af4932e84b41 SHA1 (patch-am) = a2a83f3a3788a99f008372f5a8d7ee9a3a6dbf72 SHA1 (patch-an) = 5fda0f44ff5ee165f18cedd43c6adf97a51e6398 SHA1 (patch-ao) = e19a61b0ccb0e71491fb53d553f03d85135ef5c6 SHA1 (patch-ap) = 9aa44fc82540f86aefa14c47f1d2632377a0471f SHA1 (patch-aq) = bc828ae6c5eff55e7952752cb50317e268dcdd7b -SHA1 (patch-ar) = 4c47f223205de1b6afd3858e4161f99550e1d099 -SHA1 (patch-as) = 35e59c65a544cdd8bd8c6808fdf3410c590dd827 +SHA1 (patch-ar) = 89c787d8725c6dc4a91268138749a2ec0ec255b1 +SHA1 (patch-as) = 095bab2722f1885db6c6d9e6f599e07444077c15 SHA1 (patch-at) = 1cbed8c43bda54a851a7ff1b85e78a224cbeeca2 SHA1 (patch-au) = ba788685ee842d07ac866183185e257ce2dcf749 SHA1 (patch-av) = d381dbf50a59d78e0a4bf8fff09b2570988d5647 SHA1 (patch-ay) = 7a0ee5bf1707afeaeb9092ce3faf7fc594044a2b -SHA1 (patch-az) = e732ec022131d3ca23f7193625e4e2f305600fa9 +SHA1 (patch-az) = 4b773728b228af6c69d4e10cf59f1677feaa54ea diff --git a/devel/cvs/patches/patch-ab b/devel/cvs/patches/patch-ab index 594246f8a11..8fe32c54af8 100644 --- a/devel/cvs/patches/patch-ab +++ b/devel/cvs/patches/patch-ab @@ -1,8 +1,8 @@ -$NetBSD: patch-ab,v 1.14 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: patch-ab,v 1.14.2.1 2005/04/22 14:39:14 salo Exp $ ---- doc/cvs.texinfo.orig 2005-01-31 23:25:55.000000000 +0100 +--- doc/cvs.texinfo.orig 2005-04-14 19:38:46.000000000 +0200 +++ doc/cvs.texinfo -@@ -13504,6 +13504,11 @@ CPU intensive but is not recommended for +@@ -13548,6 +13548,11 @@ CPU intensive but is not recommended for @xref{verifymsg}, for more information on how verifymsg may be used. diff --git a/devel/cvs/patches/patch-ae b/devel/cvs/patches/patch-ae index eb89a620b9d..7d292c71ffa 100644 --- a/devel/cvs/patches/patch-ae +++ b/devel/cvs/patches/patch-ae @@ -1,8 +1,8 @@ -$NetBSD: patch-ae,v 1.9 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: patch-ae,v 1.9.2.1 2005/04/22 14:39:14 salo Exp $ ---- src/rcs.c.orig 2005-01-31 23:15:08.000000000 +0100 +--- src/rcs.c.orig 2005-03-17 17:33:47.000000000 +0100 +++ src/rcs.c -@@ -3498,7 +3498,7 @@ struct rcs_keyword +@@ -3534,7 +3534,7 @@ struct rcs_keyword size_t len; }; #define KEYWORD_INIT(s) (s), sizeof (s) - 1 @@ -11,7 +11,7 @@ $NetBSD: patch-ae,v 1.9 2005/03/01 15:36:48 wiz Exp $ { { KEYWORD_INIT ("Author") }, { KEYWORD_INIT ("Date") }, -@@ -3511,6 +3511,7 @@ static const struct rcs_keyword keywords +@@ -3547,6 +3547,7 @@ static const struct rcs_keyword keywords { KEYWORD_INIT ("Revision") }, { KEYWORD_INIT ("Source") }, { KEYWORD_INIT ("State") }, @@ -19,7 +19,7 @@ $NetBSD: patch-ae,v 1.9 2005/03/01 15:36:48 wiz Exp $ { NULL, 0 } }; enum keyword -@@ -3525,7 +3526,8 @@ enum keyword +@@ -3561,7 +3562,8 @@ enum keyword KEYWORD_RCSFILE, KEYWORD_REVISION, KEYWORD_SOURCE, @@ -29,7 +29,7 @@ $NetBSD: patch-ae,v 1.9 2005/03/01 15:36:48 wiz Exp $ }; /* Convert an RCS date string into a readable string. This is like -@@ -3662,6 +3664,11 @@ expand_keywords (rcs, ver, name, log, lo +@@ -3698,6 +3700,11 @@ expand_keywords (rcs, ver, name, log, lo return; } @@ -41,7 +41,7 @@ $NetBSD: patch-ae,v 1.9 2005/03/01 15:36:48 wiz Exp $ /* If we are using -kkvl, dig out the locker information if any. */ locker = NULL; if (expand == KFLAG_KVL) -@@ -3753,6 +3760,7 @@ expand_keywords (rcs, ver, name, log, lo +@@ -3789,6 +3796,7 @@ expand_keywords (rcs, ver, name, log, lo case KEYWORD_HEADER: case KEYWORD_ID: @@ -49,7 +49,7 @@ $NetBSD: patch-ae,v 1.9 2005/03/01 15:36:48 wiz Exp $ { const char *path; int free_path; -@@ -4402,7 +4410,7 @@ RCS_checkout (rcs, workfile, rev, nameta +@@ -4446,7 +4454,7 @@ RCS_checkout (rcs, workfile, rev, nameta if (info != NULL) { /* If the size of `devtype' changes, fix the sscanf call also */ diff --git a/devel/cvs/patches/patch-af b/devel/cvs/patches/patch-af index 95bf739bf68..09a70b83ea6 100644 --- a/devel/cvs/patches/patch-af +++ b/devel/cvs/patches/patch-af @@ -1,8 +1,8 @@ -$NetBSD: patch-af,v 1.11 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: patch-af,v 1.11.2.1 2005/04/22 14:39:14 salo Exp $ ---- src/update.c.orig 2005-01-31 23:18:01.000000000 +0100 +--- src/update.c.orig 2005-03-16 23:01:21.000000000 +0100 +++ src/update.c -@@ -1366,11 +1366,18 @@ VERS: ", 0); +@@ -1368,11 +1368,18 @@ VERS: ", 0); xchmod (finfo->file, 1); else { diff --git a/devel/cvs/patches/patch-ag b/devel/cvs/patches/patch-ag index 19c720a2f54..12bb24efc83 100644 --- a/devel/cvs/patches/patch-ag +++ b/devel/cvs/patches/patch-ag @@ -1,10 +1,10 @@ -$NetBSD: patch-ag,v 1.5 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: patch-ag,v 1.5.2.1 2005/04/22 14:39:14 salo Exp $ ---- lib/xtime.h.orig 2004-11-11 23:30:47.000000000 +0100 +--- lib/xtime.h.orig 2005-03-04 20:05:09.000000000 +0100 +++ lib/xtime.h -@@ -12,6 +12,9 @@ - * functions - */ +@@ -14,6 +14,9 @@ + #ifndef XTIME_HEADER_INCLUDED + #define XTIME_HEADER_INCLUDED +#ifndef _XTIME_H_ +#define _XTIME_H_ @@ -12,9 +12,10 @@ $NetBSD: patch-ag,v 1.5 2005/03/01 15:36:48 wiz Exp $ #ifdef vms # include <time.h> #else /* vms */ -@@ -55,3 +58,5 @@ extern long timezone; - # endif /* !defined(HAVE_FTIME) && !defined(HAVE_TIMEZONE) */ +@@ -58,4 +61,6 @@ extern long timezone; #endif /* !vms */ -+ + +#endif /* !_XTIME_H_ */ ++ + #endif /* !XTIME_HEADER_INCLUDED */ diff --git a/devel/cvs/patches/patch-ai b/devel/cvs/patches/patch-ai index b66e36b8629..b9f67ea871a 100644 --- a/devel/cvs/patches/patch-ai +++ b/devel/cvs/patches/patch-ai @@ -1,8 +1,8 @@ -$NetBSD: patch-ai,v 1.8 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: patch-ai,v 1.8.2.1 2005/04/22 14:39:14 salo Exp $ ---- src/parseinfo.c.orig 2005-01-31 23:14:54.000000000 +0100 +--- src/parseinfo.c.orig 2005-03-16 23:01:21.000000000 +0100 +++ src/parseinfo.c -@@ -355,6 +355,14 @@ parse_config (cvsroot) +@@ -357,6 +357,14 @@ parse_config (cvsroot) goto error_return; } } diff --git a/devel/cvs/patches/patch-al b/devel/cvs/patches/patch-al index 2acc5c7bd6a..5415ef5003d 100644 --- a/devel/cvs/patches/patch-al +++ b/devel/cvs/patches/patch-al @@ -1,8 +1,8 @@ -$NetBSD: patch-al,v 1.10 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: patch-al,v 1.10.2.1 2005/04/22 14:39:14 salo Exp $ ---- src/client.c.orig 2004-11-18 16:45:30.000000000 +0100 +--- src/client.c.orig 2005-03-17 16:47:22.000000000 +0100 +++ src/client.c -@@ -4519,6 +4519,16 @@ start_server () +@@ -4528,6 +4528,16 @@ start_server () error (1, 0, "This server does not support the global -n option."); } diff --git a/devel/cvs/patches/patch-ar b/devel/cvs/patches/patch-ar index 0832a314501..d33c3298fa2 100644 --- a/devel/cvs/patches/patch-ar +++ b/devel/cvs/patches/patch-ar @@ -1,8 +1,8 @@ -$NetBSD: patch-ar,v 1.15 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: patch-ar,v 1.15.2.1 2005/04/22 14:39:14 salo Exp $ ---- src/server.c.orig 2004-09-24 21:59:08.000000000 +0200 +--- src/server.c.orig 2005-03-16 20:16:01.000000000 +0100 +++ src/server.c -@@ -773,6 +773,7 @@ E Protocol error: Root says \"%s\" but p +@@ -780,6 +780,7 @@ E Protocol error: Root says \"%s\" but p nothing. But for rsh, we need to do it now. */ parse_config (current_parsed_root->directory); @@ -10,7 +10,7 @@ $NetBSD: patch-ar,v 1.15 2005/03/01 15:36:48 wiz Exp $ path = xmalloc (strlen (current_parsed_root->directory) + sizeof (CVSROOTADM) + 2); -@@ -790,6 +791,7 @@ E Protocol error: Root says \"%s\" but p +@@ -797,6 +798,7 @@ E Protocol error: Root says \"%s\" but p pending_error = save_errno; } free (path); @@ -18,7 +18,7 @@ $NetBSD: patch-ar,v 1.15 2005/03/01 15:36:48 wiz Exp $ #ifdef HAVE_PUTENV env = xmalloc (strlen (CVSROOT_ENV) + strlen (current_parsed_root->directory) + 2); -@@ -2268,8 +2270,12 @@ serve_global_option (arg) +@@ -2276,8 +2278,12 @@ serve_global_option (arg) break; case 'n': noexec = 1; @@ -31,7 +31,7 @@ $NetBSD: patch-ar,v 1.15 2005/03/01 15:36:48 wiz Exp $ case 'q': quiet = 1; break; -@@ -5293,6 +5299,7 @@ switch_to_user (cvs_username, username) +@@ -5301,6 +5307,7 @@ switch_to_user (cvs_username, username) const char *username; { struct passwd *pw; @@ -39,7 +39,7 @@ $NetBSD: patch-ar,v 1.15 2005/03/01 15:36:48 wiz Exp $ pw = getpwnam (username); if (pw == NULL) -@@ -5371,7 +5378,15 @@ error 0 %s: no such system user\n", user +@@ -5379,7 +5386,15 @@ error 0 %s: no such system user\n", user } } diff --git a/devel/cvs/patches/patch-as b/devel/cvs/patches/patch-as index 8fb83ec9bdd..deb8163cb4a 100644 --- a/devel/cvs/patches/patch-as +++ b/devel/cvs/patches/patch-as @@ -1,8 +1,8 @@ -$NetBSD: patch-as,v 1.7 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: patch-as,v 1.7.2.1 2005/04/22 14:39:14 salo Exp $ ---- src/tag.c.orig 2005-01-31 23:17:45.000000000 +0100 +--- src/tag.c.orig 2005-03-16 20:16:01.000000000 +0100 +++ src/tag.c -@@ -1300,7 +1300,7 @@ Numeric tag %s contains characters other +@@ -1301,7 +1301,7 @@ Numeric tag %s contains characters other /* The tags is valid but not mentioned in val-tags. Add it. */ datum value; diff --git a/devel/cvs/patches/patch-az b/devel/cvs/patches/patch-az index 0e111143e46..d96251c9536 100644 --- a/devel/cvs/patches/patch-az +++ b/devel/cvs/patches/patch-az @@ -1,8 +1,8 @@ -$NetBSD: patch-az,v 1.8 2005/03/01 15:36:48 wiz Exp $ +$NetBSD: patch-az,v 1.8.2.1 2005/04/22 14:39:14 salo Exp $ ---- src/modules.c.orig 2005-01-31 23:14:32.000000000 +0100 +--- src/modules.c.orig 2005-03-16 23:01:21.000000000 +0100 +++ src/modules.c -@@ -746,7 +746,8 @@ module `%s' is a request for a file in a +@@ -747,7 +747,8 @@ module `%s' is a request for a file in a cvs_output ("'\n", 0); cvs_flushout (); } @@ -11,4 +11,4 @@ $NetBSD: patch-az,v 1.8 2005/03/01 15:36:48 wiz Exp $ + RUN_NORMAL | RUN_UNSETXID); free (expanded_path); } - free (real_prog); + if (real_prog) free (real_prog); |