pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/devel/cvs Update to 1.11.15 (security update):
details: https://anonhg.NetBSD.org/pkgsrc/rev/586f06913bae
branches: trunk
changeset: 473080:586f06913bae
user: wiz <wiz%pkgsrc.org@localhost>
date: Thu Apr 15 22:28:36 2004 +0000
description:
Update to 1.11.15 (security update):
Changes since 1.11.14:
**********************
SERVER SECURITY ISSUES
* Piped checkouts of paths above $CVSROOT no longer work. Previously, clients
could have requested the contents of RCS archive files anywhere on a CVS
server.
CLIENT SECURITY ISSUES
* Clients now check paths from the server to verify that they are within one of
the sandboxes the user requested be updated. Previously, a trojan server
could have written or overwritten files anywhere the user had access,
presenting a serious security risk.
GENERAL USER ISSUES
* Method options (used by WinCVS & CVS 1.12.7+) in CVSROOTs are ignored.
* Configure no longer checks the $TMPDIR, $TMP, & $TEMP variables to set the
default temporary directory.
* CVS on Cygwin correctly handles X:\ style paths.
* Import now uses backslash rather than slash on Windows when checking for
"CVS" directories to ignore in import commands.
* Relative paths containing up-references (`..') should now work in
client/server mode (client fix).
* A race condition between the ordering of messages from CVS and messages from
called scripts in client/server mode has been removed (server fix).
* Resurrected files now get their modes and timestamps set correctly and a
longstanding bug involving resurrection of an uncommitted removal has been
fixed (server fix).
* Some resurrection (cvs add) status messages have changed slightly.
* `cvs release' now works with Kerberos or GSSAPI encryption enabled (server
fix).
* File resurrection from a previously existing revision no longer just reports
that it works (server fix).
* Misc error & status message corrections.
* Diffing of locally added files against arbitrary revisions in an RCS archive
is now allowed when a file of the same name exists or used to exist on some
branch (server fix).
* Misc documentation fixes.
Changes from 1.11.13 to 1.11.14:
********************************
GENERAL USER ISSUES
* Imports will now always ignore directories and files named `CVS' to avoid
violating assumptions made by other parts of CVS.
* A problem with `cvs release' of subdirs that could corrupt CVS/Entries files
has been fixed (client/server).
* The CVS server's protocol check for unused data from the client is no longer
called automatically at program exit in order to avoid potential recursive
calls to error when the first close is due to memory allocation or similar
problems that cause calls to error() to fail. The check is still made when
the server program exits normally.
* The spec file has been updated to work with more recent versions of RPM.
* Several memory leaks have been plugged (client/server).
DEVELOPER ISSUES
* Misc cosmetic, readability, and commenting fixes.
diffstat:
devel/cvs/Makefile | 7 +++----
devel/cvs/distinfo | 40 ++++++++++++++++++++--------------------
devel/cvs/patches/patch-ab | 6 +++---
devel/cvs/patches/patch-ae | 18 +++++++++---------
devel/cvs/patches/patch-af | 6 +++---
devel/cvs/patches/patch-ai | 6 +++---
devel/cvs/patches/patch-al | 6 +++---
devel/cvs/patches/patch-am | 16 ++++++++--------
devel/cvs/patches/patch-an | 6 +++---
devel/cvs/patches/patch-ao | 12 ++++++------
devel/cvs/patches/patch-aq | 6 +++---
devel/cvs/patches/patch-ar | 8 ++++----
devel/cvs/patches/patch-as | 6 +++---
devel/cvs/patches/patch-at | 10 +++++-----
devel/cvs/patches/patch-au | 10 +++++-----
devel/cvs/patches/patch-ay | 6 +++---
devel/cvs/patches/patch-az | 6 +++---
17 files changed, 87 insertions(+), 88 deletions(-)
diffs (truncated from 425 to 300 lines):
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/Makefile
--- a/devel/cvs/Makefile Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/Makefile Thu Apr 15 22:28:36 2004 +0000
@@ -1,11 +1,10 @@
-# $NetBSD: Makefile,v 1.75 2004/03/27 04:21:55 jlam Exp $
+# $NetBSD: Makefile,v 1.76 2004/04/15 22:28:36 wiz Exp $
#
-DISTNAME= cvs-1.11.13
+DISTNAME= cvs-1.11.15
CATEGORIES= devel
MASTER_SITES= http://www.cvshome.org/files/19/10/ \
http://ftp.cvshome.org/release/stable/${DISTNAME}/
-# ${MASTER_SITE_GNU:=non-gnu/cvs/}
EXTRACT_SUFX= .tar.bz2
MAINTAINER= wiz%NetBSD.org@localhost
@@ -26,7 +25,7 @@
empty(MACHINE_PLATFORM:MLinux-*)
CONFIGURE_ARGS+= --enable-ipv6
PATCH_SITES= ftp://ftp.kame.net/pub/kame/misc/
-PATCHFILES= cvs-1.11.13-v6-20040215.diff.gz
+PATCHFILES= cvs-1.11.15-v6-20040416.diff.gz
PATCH_DIST_STRIP= -p1
.else
CONFIGURE_ARGS+= --disable-ipv6
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/distinfo
--- a/devel/cvs/distinfo Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/distinfo Thu Apr 15 22:28:36 2004 +0000
@@ -1,27 +1,27 @@
-$NetBSD: distinfo,v 1.18 2004/03/27 04:22:55 jlam Exp $
+$NetBSD: distinfo,v 1.19 2004/04/15 22:28:36 wiz Exp $
-SHA1 (cvs-1.11.13.tar.bz2) = 1eaf715ebc322cb788807438af6a336350baff35
-Size (cvs-1.11.13.tar.bz2) = 2232892 bytes
-SHA1 (cvs-1.11.13-v6-20040215.diff.gz) = 92b1683fa0acf889e82b6f699c6deeb4110a5f11
-Size (cvs-1.11.13-v6-20040215.diff.gz) = 12831 bytes
+SHA1 (cvs-1.11.15.tar.bz2) = 7287488d7f01303b67def79e8685eb3d3eace5fb
+Size (cvs-1.11.15.tar.bz2) = 2248876 bytes
+SHA1 (cvs-1.11.15-v6-20040416.diff.gz) = d2dcbe131b5f6fdc26fa8255b6063fa34129eb2d
+Size (cvs-1.11.15-v6-20040416.diff.gz) = 12806 bytes
SHA1 (patch-aa) = 01f2d7bc29a97cd2d971b436483285c5206ca27a
-SHA1 (patch-ab) = 1c2e9f8f439bb2c0f8f87ae56754cf7ec0224642
+SHA1 (patch-ab) = df6220fb19bafc9fd8b623213151ae0c212e3263
SHA1 (patch-ac) = c2142c0fab9603bf8d605fa53957d50bb0b40b3d
-SHA1 (patch-ae) = 250e58a640335e83119306112e22467cbdf78668
-SHA1 (patch-af) = 3952be37a6654e65fb60c4c499d6ccf0cacb43bd
+SHA1 (patch-ae) = d924435a3622da0fb7733e5abd56c42141ec99a2
+SHA1 (patch-af) = 91e4891622b663252810bae405ad570b7e200f56
SHA1 (patch-ah) = 38a1757ef83789bb780a83bde95c2c6e8f65e1ca
-SHA1 (patch-ai) = ee3dd64fe6f593fc4ff74a6ff29dfb79c5555b9c
+SHA1 (patch-ai) = 4427e59513bd0d3c8b479a270c8c4e0a41db9c88
SHA1 (patch-ak) = 9d8b5633a589d0e423f0da8bf029f9141604738b
-SHA1 (patch-al) = 7bdf247c6a0fb809d8c5d104691f046873b6537a
-SHA1 (patch-am) = 8643a4e03e12e25a2c1976c5c9713c76fc243af0
-SHA1 (patch-an) = 96d7ccd604137e67289444010b16389bdf2193e7
-SHA1 (patch-ao) = c5db3de14d40fd498aabae88f3ad07a749841cf4
+SHA1 (patch-al) = 6948d49370f0dbf16bc502df4ed2851d4e84f658
+SHA1 (patch-am) = 87fc84a28628576858d6269fcd2eeb506b74aaba
+SHA1 (patch-an) = a6af5d54800c56a5fedfc1e195faa5f6b0815174
+SHA1 (patch-ao) = ca6a926a7059c5056667038547abea6a66715368
SHA1 (patch-ap) = cca991b0856a3a96718288742d0e1a765b9f435c
-SHA1 (patch-aq) = fc55dea2b0e7b9330966f3c94c4f60d080fc1610
-SHA1 (patch-ar) = 9ee0bd55eb25aa6958e78daa0c72ffdc6990dbfb
-SHA1 (patch-as) = a867a8155d1051a131f9847c7177cf723c11474c
-SHA1 (patch-at) = d9b35d2cf026bb1980e56033379084a697d0a0a8
-SHA1 (patch-au) = 17499e786aa6f1dbe4f20ce23ec8f9328d28d5d5
+SHA1 (patch-aq) = 53c53dd6cb6fb99abba20d9b020cae7a606f5e3b
+SHA1 (patch-ar) = 25dedc956deeb34da2eb0ec967be4eb019709d37
+SHA1 (patch-as) = 406f56419556d9953ddf0ca7bff5fd14a6e55689
+SHA1 (patch-at) = 75c4ea5a2fd211aa6a2a9630c434d9f0ca531047
+SHA1 (patch-au) = e1491b0a95d6eb2fb5e45c9be6d26432ed1328e6
SHA1 (patch-av) = ca8e5c4885430f5f5f14d61bf32788c2bb2e1ee0
-SHA1 (patch-ay) = 2a81a1bfe6397f0f851f96b37ae4fc660ebda635
-SHA1 (patch-az) = aba3b65d95d8ade531fc62fbd8d46046b8d97f83
+SHA1 (patch-ay) = 7a0ee5bf1707afeaeb9092ce3faf7fc594044a2b
+SHA1 (patch-az) = 6cd82e3608e62beb8f2aa8e64f115008359abaa7
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-ab
--- a/devel/cvs/patches/patch-ab Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-ab Thu Apr 15 22:28:36 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.10 2004/03/04 20:54:40 wiz Exp $
+$NetBSD: patch-ab,v 1.11 2004/04/15 22:28:36 wiz Exp $
---- doc/cvs.texinfo.orig Wed Feb 4 20:05:46 2004
+--- doc/cvs.texinfo.orig Wed Apr 7 02:46:57 2004
+++ doc/cvs.texinfo
-@@ -13446,6 +13446,11 @@ CPU intensive but is not recommended for
+@@ -13450,6 +13450,11 @@ CPU intensive but is not recommended for
@xref{verifymsg}, for more information on how verifymsg
may be used.
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-ae
--- a/devel/cvs/patches/patch-ae Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-ae Thu Apr 15 22:28:36 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ae,v 1.7 2004/03/04 20:54:40 wiz Exp $
+$NetBSD: patch-ae,v 1.8 2004/04/15 22:28:36 wiz Exp $
---- src/rcs.c.orig Tue Feb 3 17:13:43 2004
+--- src/rcs.c.orig Fri Apr 2 21:16:34 2004
+++ src/rcs.c
-@@ -3474,7 +3474,7 @@ struct rcs_keyword
+@@ -3483,7 +3483,7 @@ struct rcs_keyword
size_t len;
};
#define KEYWORD_INIT(s) (s), sizeof (s) - 1
@@ -11,7 +11,7 @@
{
{ KEYWORD_INIT ("Author") },
{ KEYWORD_INIT ("Date") },
-@@ -3487,6 +3487,7 @@ static const struct rcs_keyword keywords
+@@ -3496,6 +3496,7 @@ static const struct rcs_keyword keywords
{ KEYWORD_INIT ("Revision") },
{ KEYWORD_INIT ("Source") },
{ KEYWORD_INIT ("State") },
@@ -19,7 +19,7 @@
{ NULL, 0 }
};
enum keyword
-@@ -3501,7 +3502,8 @@ enum keyword
+@@ -3510,7 +3511,8 @@ enum keyword
KEYWORD_RCSFILE,
KEYWORD_REVISION,
KEYWORD_SOURCE,
@@ -29,7 +29,7 @@
};
/* Convert an RCS date string into a readable string. This is like
-@@ -3638,6 +3640,11 @@ expand_keywords (rcs, ver, name, log, lo
+@@ -3647,6 +3649,11 @@ expand_keywords (rcs, ver, name, log, lo
return;
}
@@ -41,15 +41,15 @@
/* If we are using -kkvl, dig out the locker information if any. */
locker = NULL;
if (expand == KFLAG_KVL)
-@@ -3729,6 +3736,7 @@ expand_keywords (rcs, ver, name, log, lo
+@@ -3738,6 +3745,7 @@ expand_keywords (rcs, ver, name, log, lo
case KEYWORD_HEADER:
case KEYWORD_ID:
+ case KEYWORD_LOCALID:
{
- char *path;
+ const char *path;
int free_path;
-@@ -4361,7 +4369,7 @@ RCS_checkout (rcs, workfile, rev, nameta
+@@ -4383,7 +4391,7 @@ RCS_checkout (rcs, workfile, rev, nameta
if (info != NULL)
{
/* If the size of `devtype' changes, fix the sscanf call also */
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-af
--- a/devel/cvs/patches/patch-af Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-af Thu Apr 15 22:28:36 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-af,v 1.8 2003/12/12 22:05:55 wiz Exp $
+$NetBSD: patch-af,v 1.9 2004/04/15 22:28:36 wiz Exp $
---- src/update.c.orig Tue Nov 11 02:20:12 2003
+--- src/update.c.orig Mon Mar 22 18:20:26 2004
+++ src/update.c
-@@ -1338,11 +1338,18 @@ VERS: ", 0);
+@@ -1349,11 +1349,18 @@ VERS: ", 0);
xchmod (finfo->file, 1);
else
{
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-ai
--- a/devel/cvs/patches/patch-ai Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-ai Thu Apr 15 22:28:36 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ai,v 1.6 2004/03/04 20:54:40 wiz Exp $
+$NetBSD: patch-ai,v 1.7 2004/04/15 22:28:36 wiz Exp $
---- src/parseinfo.c.orig Thu Feb 12 20:56:15 2004
+--- src/parseinfo.c.orig Fri Mar 19 21:36:39 2004
+++ src/parseinfo.c
-@@ -347,6 +347,14 @@ parse_config (cvsroot)
+@@ -350,6 +350,14 @@ parse_config (cvsroot)
goto error_return;
}
}
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-al
--- a/devel/cvs/patches/patch-al Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-al Thu Apr 15 22:28:36 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-al,v 1.7 2004/03/04 20:54:40 wiz Exp $
+$NetBSD: patch-al,v 1.8 2004/04/15 22:28:36 wiz Exp $
---- src/client.c.orig Thu Feb 5 22:45:10 2004
+--- src/client.c.orig Sun Apr 11 17:46:22 2004
+++ src/client.c
-@@ -4409,6 +4409,16 @@ start_server ()
+@@ -4481,6 +4481,16 @@ start_server ()
error (1, 0,
"This server does not support the global -n option.");
}
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-am
--- a/devel/cvs/patches/patch-am Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-am Thu Apr 15 22:28:36 2004 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-am,v 1.9 2004/03/04 20:54:40 wiz Exp $
+$NetBSD: patch-am,v 1.10 2004/04/15 22:28:36 wiz Exp $
---- src/cvs.h.orig Wed Feb 11 16:44:41 2004
+--- src/cvs.h.orig Thu Apr 1 20:53:22 2004
+++ src/cvs.h
@@ -368,6 +368,7 @@ extern int really_quiet, quiet;
extern int use_editor;
@@ -18,11 +18,11 @@
extern int logoff; /* Don't write history entry */
extern int top_level_admin;
-@@ -664,6 +666,7 @@ int set_nonblock_fd PROTO((int _fd));
- #define RUN_STDOUT_APPEND 0x0004 /* append to stdout, don't truncate */
- #define RUN_STDERR_APPEND 0x0008 /* append to stderr, don't truncate */
- #define RUN_SIGIGNORE 0x0010 /* ignore interrupts for command */
-+#define RUN_UNSETXID 0x0020 /* undo setxid in child */
- #define RUN_TTY (char *)0 /* for the benefit of lint */
+@@ -681,6 +683,7 @@ void sleep_past PROTO ((time_t desttime)
+ #define RUN_STDOUT_APPEND 0x0004 /* append to stdout, don't truncate */
+ #define RUN_STDERR_APPEND 0x0008 /* append to stderr, don't truncate */
+ #define RUN_SIGIGNORE 0x0010 /* ignore interrupts for command */
++#define RUN_UNSETXID 0x0020 /* undo setxid in child */
+ #define RUN_TTY (char *)0 /* for the benefit of lint */
void run_arg PROTO((const char *s));
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-an
--- a/devel/cvs/patches/patch-an Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-an Thu Apr 15 22:28:36 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-an,v 1.5 2003/12/12 22:05:56 wiz Exp $
+$NetBSD: patch-an,v 1.6 2004/04/15 22:28:36 wiz Exp $
---- src/history.c.orig Wed Oct 8 22:13:47 2003
+--- src/history.c.orig Fri Mar 19 21:10:44 2004
+++ src/history.c
-@@ -746,7 +746,7 @@ history_write (type, update_dir, revs, n
+@@ -747,7 +747,7 @@ history_write (type, update_dir, revs, n
if (trace)
fprintf (stderr, "%s-> fopen(%s,a)\n",
CLIENT_SERVER_STR, fname);
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-ao
--- a/devel/cvs/patches/patch-ao Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-ao Thu Apr 15 22:28:36 2004 +0000
@@ -1,22 +1,22 @@
-$NetBSD: patch-ao,v 1.5 2003/12/12 22:05:56 wiz Exp $
+$NetBSD: patch-ao,v 1.6 2004/04/15 22:28:36 wiz Exp $
---- src/lock.c.orig Tue Nov 11 02:20:10 2003
+--- src/lock.c.orig Thu Apr 1 23:25:57 2004
+++ src/lock.c
-@@ -405,7 +405,7 @@ Reader_Lock (xrepository)
+@@ -407,7 +407,7 @@ Reader_Lock (xrepository)
(void) fprintf (stderr, "%s-> Reader_Lock(%s)\n", CLIENT_SERVER_STR,
xrepository);
- if (noexec)
+ if (nolock)
- return (0);
+ return 0;
/* we only do one directory at a time for read locks! */
-@@ -477,7 +477,7 @@ Writer_Lock (list)
+@@ -481,7 +481,7 @@ Writer_Lock (list)
{
char *wait_repos;
- if (noexec)
+ if (nolock)
- return (0);
+ return 0;
/* We only know how to do one list at a time */
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-aq
--- a/devel/cvs/patches/patch-aq Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-aq Thu Apr 15 22:28:36 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aq,v 1.5 2003/12/12 22:05:56 wiz Exp $
+$NetBSD: patch-aq,v 1.6 2004/04/15 22:28:36 wiz Exp $
---- src/recurse.c.orig Tue Nov 11 02:20:10 2003
+--- src/recurse.c.orig Fri Mar 19 23:21:18 2004
+++ src/recurse.c
-@@ -523,7 +523,7 @@ do_recursion (frame)
+@@ -526,7 +526,7 @@ do_recursion (frame)
if (frame->flags == R_SKIP_ALL)
return (0);
diff -r 8730cda3e0c2 -r 586f06913bae devel/cvs/patches/patch-ar
--- a/devel/cvs/patches/patch-ar Thu Apr 15 22:13:31 2004 +0000
+++ b/devel/cvs/patches/patch-ar Thu Apr 15 22:28:36 2004 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ar,v 1.11 2004/03/04 20:54:40 wiz Exp $
+$NetBSD: patch-ar,v 1.12 2004/04/15 22:28:36 wiz Exp $
---- src/server.c.orig Fri Feb 13 15:53:50 2004
+--- src/server.c.orig Tue Apr 6 22:20:55 2004
+++ src/server.c
Home |
Main Index |
Thread Index |
Old Index