pkgsrc-changes: CVS commit: [pkgsrc-2006Q2] pkgsrc/devel/cscope

Subject: CVS commit: [pkgsrc-2006Q2] pkgsrc/devel/cscope
To: None <pkgsrc-changes@NetBSD.org>
From: Geert Hendrickx <ghen@netbsd.org>
List: pkgsrc-changes
Date: 08/25/2006 11:05:02
Module Name:	pkgsrc
Committed By:	ghen
Date:		Fri Aug 25 11:05:02 UTC 2006

Modified Files:
	pkgsrc/devel/cscope [pkgsrc-2006Q2]: Makefile distinfo
	pkgsrc/devel/cscope/patches [pkgsrc-2006Q2]: patch-aa patch-ae patch-af
	    patch-ag patch-ah patch-ai patch-aj
Added Files:
	pkgsrc/devel/cscope/patches [pkgsrc-2006Q2]: patch-ap

Log Message:
Pullup ticket 1808 - requested by salo
security fix for cscope

Revisions pulled up:
- pkgsrc/devel/cscope/Makefile				1.45
- pkgsrc/devel/cscope/distinfo				1.15
- pkgsrc/devel/cscope/patches/patch-aa			1.11
- pkgsrc/devel/cscope/patches/patch-ae			1.9
- pkgsrc/devel/cscope/patches/patch-af			1.8
- pkgsrc/devel/cscope/patches/patch-ag			1.5
- pkgsrc/devel/cscope/patches/patch-ah			1.5
- pkgsrc/devel/cscope/patches/patch-ai			1.5
- pkgsrc/devel/cscope/patches/patch-aj			1.3
- pkgsrc/devel/cscope/patches/patch-ap			1.

Module Name:	pkgsrc
Committed By:	salo
Date:		Thu Aug 24 22:02:02 UTC 2006

Modified Files:
	pkgsrc/devel/cscope: Makefile distinfo
	pkgsrc/devel/cscope/patches: patch-aa patch-ae patch-af patch-ag
	    patch-ah patch-ai patch-aj
Added Files:
	pkgsrc/devel/cscope/patches: patch-ap

Log Message:
Security fix for SA21601:

"Will Drewry has reported some vulnerabilities in Cscope, which
 potentially can be exploited by malicious people to compromise
 a vulnerable system.

 1) Various boundary errors within the parsing of file lists or
    the expansion of environment variables can be exploited to
    cause stack-based buffer overflows when parsing specially
    crafted "cscope.lists" files or directories.

 2) A boundary error within the parsing of command line arguments
    can be exploited to cause a stack-based buffer overflow when
    supplying an overly long "reffile" argument.

 Successful exploitation may allow execution of arbitrary code."

Patches adapted from cscope CVS.  Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -r1.44 -r1.44.2.1 pkgsrc/devel/cscope/Makefile
cvs rdiff -r1.14 -r1.14.2.1 pkgsrc/devel/cscope/distinfo
cvs rdiff -r1.10 -r1.10.4.1 pkgsrc/devel/cscope/patches/patch-aa
cvs rdiff -r1.8 -r1.8.2.1 pkgsrc/devel/cscope/patches/patch-ae
cvs rdiff -r1.7 -r1.7.2.1 pkgsrc/devel/cscope/patches/patch-af
cvs rdiff -r1.4 -r1.4.2.1 pkgsrc/devel/cscope/patches/patch-ag \
    pkgsrc/devel/cscope/patches/patch-ah pkgsrc/devel/cscope/patches/patch-ai
cvs rdiff -r1.2 -r1.2.4.1 pkgsrc/devel/cscope/patches/patch-aj
cvs rdiff -r0 -r1.1.2.1 pkgsrc/devel/cscope/patches/patch-ap

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.