snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

cvs: update to 1.12.13.

This commit is contained in:
Juan RP 2013-10-14 17:03:12 +02:00
parent 2a53cf633d
commit 94382f4da3
3 changed files with 6 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
srcpkgs/cvs/patches/cvs-1.11.23-cve-2010-3846.patch
View File

@ -1,167 +0,0 @@
From b122edcb68ff05bb6eb22f6e50423e7f1050841b Mon Sep 17 00:00:00 2001
From: Larry Jones <lawrence.jones@siemens.com>
Date: Thu, 21 Oct 2010 10:08:16 +0200
Subject: [PATCH] Fix for CVE-2010-3846
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Mallformed RCS revision (delete after the end of input file, or overlayed
deleted regions) screws output file image size computation. This leads to
write attempt after the allocated memory opening hiden memory corruption
driven by CVS server.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
src/rcs.c | 52 +++++++++++++++++++++++++++++-----------------------
1 files changed, 29 insertions(+), 23 deletions(-)
diff --git a/src/rcs.c b/src/rcs.c
index 7d0d078..2f88f85 100644
--- a/src/rcs.c
+++ b/src/rcs.c
@@ -7128,7 +7128,7 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
struct deltafrag *dfhead;
struct deltafrag **dftail;
struct deltafrag *df;
- unsigned long numlines, lastmodline, offset;
+ unsigned long numlines, offset;
struct linevector lines;
int err;
@@ -7202,12 +7202,12 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
/* New temp data structure to hold new org before
copy back into original structure. */
- lines.nlines = lines.lines_alloced = numlines;
+ lines.lines_alloced = numlines;
lines.vector = xmalloc (numlines * sizeof *lines.vector);
/* We changed the list order to first to last -- so the
list never gets larger than the size numlines. */
- lastmodline = 0;
+ lines.nlines = 0;
/* offset created when adding/removing lines
between new and original structure */
@@ -7216,25 +7216,24 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
for (df = dfhead; df != NULL; )
{
unsigned int ln;
- unsigned long deltaend;
+ unsigned long newpos = df->pos - offset;
- if (df->pos > orig_lines->nlines)
+ if (newpos < lines.nlines || newpos > numlines)
err = 1;
/* On error, just free the rest of the list. */
if (!err)
{
- /* Here we need to get to the line where the next insert will
+ /* Here we need to get to the line where the next change will
begin, which is DF->pos in ORIG_LINES. We will fill up to
DF->pos - OFFSET in LINES with original items. */
- for (deltaend = df->pos - offset;
- lastmodline < deltaend;
- lastmodline++)
+ while (lines.nlines < newpos)
{
/* we need to copy from the orig structure into new one */
- lines.vector[lastmodline] =
- orig_lines->vector[lastmodline + offset];
- lines.vector[lastmodline]->refcount++;
+ lines.vector[lines.nlines] =
+ orig_lines->vector[lines.nlines + offset];
+ lines.vector[lines.nlines]->refcount++;
+ lines.nlines++;
}
switch (df->type)
@@ -7246,7 +7245,12 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
struct line *q;
int nextline_newline;
size_t nextline_len;
-
+
+ if (newpos + df->nlines > numlines)
+ {
+ err = 1;
+ break;
+ }
textend = df->new_lines + df->len;
nextline_newline = 0;
nextline_text = df->new_lines;
@@ -7271,8 +7275,7 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
q->has_newline = nextline_newline;
q->refcount = 1;
memcpy (q->text, nextline_text, nextline_len);
- lines.vector[lastmodline++] = q;
- offset--;
+ lines.vector[lines.nlines++] = q;
nextline_text = (char *)p + 1;
nextline_newline = 0;
@@ -7286,11 +7289,11 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
q->has_newline = nextline_newline;
q->refcount = 1;
memcpy (q->text, nextline_text, nextline_len);
- lines.vector[lastmodline++] = q;
+ lines.vector[lines.nlines++] = q;
/* For each line we add the offset between the #'s
decreases. */
- offset--;
+ offset -= df->nlines;
break;
}
@@ -7301,7 +7304,9 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
if (df->pos + df->nlines > orig_lines->nlines)
err = 1;
else if (delvers)
+ {
for (ln = df->pos; ln < df->pos + df->nlines; ++ln)
+ {
if (orig_lines->vector[ln]->refcount > 1)
/* Annotate needs this but, since the original
* vector is disposed of before returning from
@@ -7309,6 +7314,8 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
* there are multiple references.
*/
orig_lines->vector[ln]->vers = delvers;
+ }
+ }
break;
}
}
@@ -7328,21 +7335,20 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
else
{
/* add the rest of the remaining lines to the data vector */
- for (; lastmodline < numlines; lastmodline++)
+ while (lines.nlines < numlines)
{
/* we need to copy from the orig structure into new one */
- lines.vector[lastmodline] = orig_lines->vector[lastmodline
+ lines.vector[lines.nlines] = orig_lines->vector[lines.nlines
+ offset];
- lines.vector[lastmodline]->refcount++;
+ lines.vector[lines.nlines]->refcount++;
+ lines.nlines++;
}
/* Move the lines vector to the original structure for output,
* first deleting the old.
*/
linevector_free (orig_lines);
- orig_lines->vector = lines.vector;
- orig_lines->lines_alloced = numlines;
- orig_lines->nlines = lines.nlines;
+ *orig_lines = lines;
}
return !err;
--
1.7.2.3

34
srcpkgs/cvs/patches/cvs-1.11.23-getline64.patch
View File

@ -1,34 +0,0 @@
--- cvs-1.11.23/lib/getline.c 2005-04-04 22:46:05.000000000 +0200
+++ cvs-1.11.23/lib/getline.c.old 2008-06-03 19:06:25.000000000 +0200
@@ -154,7 +154,7 @@
return ret;
}
-int
+ssize_t
getline (lineptr, n, stream)
char **lineptr;
size_t *n;
@@ -163,7 +163,7 @@
return getstr (lineptr, n, stream, '\n', 0, GETLINE_NO_LIMIT);
}
-int
+ssize_t
getline_safe (lineptr, n, stream, limit)
char **lineptr;
size_t *n;
--- cvs-1.11.23/lib/getline.h 2005-04-04 22:46:05.000000000 +0200
+++ cvs-1.11.23/lib/getline.h.old 2008-06-03 19:06:27.000000000 +0200
@@ -11,9 +11,9 @@
#define GETLINE_NO_LIMIT -1
-int
+ssize_t
getline __PROTO ((char **_lineptr, size_t *_n, FILE *_stream));
-int
+ssize_t
getline_safe __PROTO ((char **_lineptr, size_t *_n, FILE *_stream,
int limit));
int

13
srcpkgs/cvs/template
View File

@ -1,18 +1,17 @@
# Template file for 'cvs'
pkgname=cvs
version=1.11.23
revision=4
patch_args="-Np1"
version=1.12.13
revision=1
build_style=gnu-configure
configure_args="--with-editor=/usr/bin/vi"
configure_args="--with-editor=/usr/bin/vi --with-external-zlib"
hostmakedepends="nvi"
makedepends="mit-krb5-devel openssh>=6.1p1"
short_desc="Concurrent Versions System"
maintainer="Juan RP <xtraeme@gmail.com>"
homepage="http://www.nongnu.org/cvs/"
license="GPL-1, LGPL-2"
distfiles="http://ftp.gnu.org/non-gnu/cvs/source/stable/$version/cvs-$version.tar.bz2"
checksum=400f51b59d85116e79b844f2d5dbbad4759442a789b401a94aa5052c3d7a4aa9
distfiles="http://ftp.gnu.org/non-gnu/cvs/source/feature/$version/cvs-$version.tar.bz2"
checksum=78853613b9a6873a30e1cc2417f738c330e75f887afdaf7b3d0800cb19ca515e
long_desc="
CVS is a version control system, an important component of Source
Configuration Management (SCM). Using it, you can record the history of
@ -25,6 +24,6 @@ long_desc="
cvs_package() {
depends="openssh>=6.1p1"
pkg_install() {
vmove usr
vmove all
}
}