diff options
Diffstat (limited to 'dev-vcs/cvs/files')
| -rw-r--r-- | dev-vcs/cvs/files/cvs-1.12.12-CVE-2012-0804.patch | 30 | ||||
| -rw-r--r-- | dev-vcs/cvs/files/cvs-1.12.12-format-security.patch | 22 | ||||
| -rw-r--r-- | dev-vcs/cvs/files/cvs-1.12.12-getdelim.patch | 4 | ||||
| -rw-r--r-- | dev-vcs/cvs/files/cvs-1.12.12-hash-nameclash.patch | 4 | ||||
| -rw-r--r-- | dev-vcs/cvs/files/cvs-1.12.12-mktime-configure.patch | 4 | ||||
| -rw-r--r-- | dev-vcs/cvs/files/cvs-1.12.12-musl.patch | 13 | ||||
| -rw-r--r-- | dev-vcs/cvs/files/cvs-1.12.12-rcs2log-coreutils.patch | 6 |
7 files changed, 74 insertions, 9 deletions
diff --git a/dev-vcs/cvs/files/cvs-1.12.12-CVE-2012-0804.patch b/dev-vcs/cvs/files/cvs-1.12.12-CVE-2012-0804.patch new file mode 100644 index 000000000000..107c3ea12204 --- /dev/null +++ b/dev-vcs/cvs/files/cvs-1.12.12-CVE-2012-0804.patch @@ -0,0 +1,30 @@ +[CVE-2012-0804] Fix proxy response parser + +If proxy sends overlong HTTP vesion string, the string will be copied +to unallocatd space (write_buf) causing heap overflow. + +This patch fixes it by ignoring the HTTP version string and checking +the response line has been parsed correctly. + +See <https://bugzilla.redhat.com/show_bug.cgi?id=773699> for more +details. + +Index: src/client.c +=================================================================== +RCS file: /sources/cvs/ccvs/src/client.c,v +retrieving revision 1.483 +diff -u -r1.483 client.c +--- a/src/client.c 18 Nov 2008 22:59:02 -0000 1.483 ++++ b/src/client.c 26 Jan 2012 16:32:25 -0000 +@@ -4339,9 +4339,9 @@ + * code. + */ + read_line_via (from_server, to_server, &read_buf); +- sscanf (read_buf, "%s %d", write_buf, &codenum); ++ count = sscanf (read_buf, "%*s %d", &codenum); + +- if ((codenum / 100) != 2) ++ if (count != 1 || (codenum / 100) != 2) + error (1, 0, "proxy server %s:%d does not support http tunnelling", + root->proxy_hostname, proxy_port_number); + free (read_buf); diff --git a/dev-vcs/cvs/files/cvs-1.12.12-format-security.patch b/dev-vcs/cvs/files/cvs-1.12.12-format-security.patch new file mode 100644 index 000000000000..d710a9020735 --- /dev/null +++ b/dev-vcs/cvs/files/cvs-1.12.12-format-security.patch @@ -0,0 +1,22 @@ +--- a/diff/diff3.c ++++ b/diff/diff3.c +@@ -1503,7 +1503,7 @@ + line = 0; + do + { +- printf_output (line_prefix); ++ printf_output ("%s", line_prefix); + cp = D_RELNUM (ptr, realfile, line); + length = D_RELLEN (ptr, realfile, line); + write_output (cp, length); +--- a/src/main.c ++++ b/src/main.c +@@ -1375,7 +1375,7 @@ + { + (void) fprintf (stderr, *cpp++, program_name, cvs_cmd_name); + for (; *cpp; cpp++) +- (void) fprintf (stderr, *cpp); ++ (void) fprintf (stderr, "%s", *cpp); + exit (EXIT_FAILURE); + } + diff --git a/dev-vcs/cvs/files/cvs-1.12.12-getdelim.patch b/dev-vcs/cvs/files/cvs-1.12.12-getdelim.patch index 04eb03ab600d..837d4408ab1f 100644 --- a/dev-vcs/cvs/files/cvs-1.12.12-getdelim.patch +++ b/dev-vcs/cvs/files/cvs-1.12.12-getdelim.patch @@ -8,8 +8,8 @@ http://bugs.gentoo.org/314791 Already comitted upstream: http://cvs.savannah.gnu.org/viewvc/ccvs/src/myndbm.c?root=cvs&r1=1.38&r2=1.39 ---- src/myndbm.c.orig -+++ src/myndbm.c +--- a/src/myndbm.c.orig ++++ b/src/myndbm.c @@ -213,7 +213,7 @@ mydbm_load_file (FILE *fp, List *list, char *filename) { diff --git a/dev-vcs/cvs/files/cvs-1.12.12-hash-nameclash.patch b/dev-vcs/cvs/files/cvs-1.12.12-hash-nameclash.patch index 0a33eea873ff..95fd61e0a51a 100644 --- a/dev-vcs/cvs/files/cvs-1.12.12-hash-nameclash.patch +++ b/dev-vcs/cvs/files/cvs-1.12.12-hash-nameclash.patch @@ -1,8 +1,8 @@ http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/hash.h?r1=1.14.6.2&r2=1.14.6.3&pathrev=cvs1-11-x-branch fixed in cvs-1.11.23, cvs-HEAD after cvs-1.12.13a ---- src/hash.h.orig 2005-02-01 22:56:48 +0100 -+++ src/hash.h 2010-03-10 19:00:11 +0100 +--- a/src/hash.h.orig 2005-02-01 22:56:48 +0100 ++++ b/src/hash.h 2010-03-10 19:00:11 +0100 @@ -27,26 +27,26 @@ }; typedef enum ntype Ntype; diff --git a/dev-vcs/cvs/files/cvs-1.12.12-mktime-configure.patch b/dev-vcs/cvs/files/cvs-1.12.12-mktime-configure.patch index 1a9c47b68ba8..03d7f35601e2 100644 --- a/dev-vcs/cvs/files/cvs-1.12.12-mktime-configure.patch +++ b/dev-vcs/cvs/files/cvs-1.12.12-mktime-configure.patch @@ -3,8 +3,8 @@ https://bugs.gentoo.org/570208 update mktime check to latest autoconf version which is less buggy ---- configure -+++ configure +--- a/configure ++++ b/configure @@ -5299,26 +6059,25 @@ cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ diff --git a/dev-vcs/cvs/files/cvs-1.12.12-musl.patch b/dev-vcs/cvs/files/cvs-1.12.12-musl.patch new file mode 100644 index 000000000000..e426cf55fcc7 --- /dev/null +++ b/dev-vcs/cvs/files/cvs-1.12.12-musl.patch @@ -0,0 +1,13 @@ +http://gcc.gnu.org/ml/gcc/2003-04/msg00518.html + +--- a/lib/regex.c ++++ b/lib/regex.c +@@ -8184,7 +8184,7 @@ + if (msg_size > errbuf_size) + { + #if defined HAVE_MEMPCPY || defined _LIBC +- *((char *) __mempcpy (errbuf, msg, errbuf_size - 1)) = '\0'; ++ *((char *) mempcpy (errbuf, msg, errbuf_size - 1)) = '\0'; + #else + memcpy (errbuf, msg, errbuf_size - 1); + errbuf[errbuf_size - 1] = 0; diff --git a/dev-vcs/cvs/files/cvs-1.12.12-rcs2log-coreutils.patch b/dev-vcs/cvs/files/cvs-1.12.12-rcs2log-coreutils.patch index 0fb4c6c6d73d..7dda3f0f1724 100644 --- a/dev-vcs/cvs/files/cvs-1.12.12-rcs2log-coreutils.patch +++ b/dev-vcs/cvs/files/cvs-1.12.12-rcs2log-coreutils.patch @@ -1,8 +1,8 @@ X-Gentoo-bug: 144114 -diff -Nuar cvs-1.12.12.orig//contrib/rcs2log.sh cvs-1.12.12//contrib/rcs2log.sh ---- cvs-1.12.12.orig//contrib/rcs2log.sh 2003-02-25 21:32:51.000000000 +0000 -+++ cvs-1.12.12//contrib/rcs2log.sh 2010-12-06 21:14:33.831532212 +0000 +diff -Nuar cvs-1.12.12.orig/contrib/rcs2log.sh cvs-1.12.12/contrib/rcs2log.sh +--- cvs-1.12.12.orig/contrib/rcs2log.sh 2003-02-25 21:32:51.000000000 +0000 ++++ cvs-1.12.12/contrib/rcs2log.sh 2010-12-06 21:14:33.831532212 +0000 @@ -620,7 +620,7 @@ # Sort the log entries, first by date+time (in reverse order), # then by author, then by log entry, and finally by file name and revision |