head 1.11; access; symbols pkgsrc-2013Q2:1.11.0.10 pkgsrc-2013Q2-base:1.11 pkgsrc-2012Q4:1.11.0.8 pkgsrc-2012Q4-base:1.11 pkgsrc-2011Q4:1.11.0.6 pkgsrc-2011Q4-base:1.11 pkgsrc-2011Q2:1.11.0.4 pkgsrc-2011Q2-base:1.11 pkgsrc-2009Q4:1.11.0.2 pkgsrc-2009Q4-base:1.11 pkgsrc-2009Q1:1.10.0.22 pkgsrc-2009Q1-base:1.10 pkgsrc-2008Q4:1.10.0.20 pkgsrc-2008Q4-base:1.10 pkgsrc-2008Q3:1.10.0.18 pkgsrc-2008Q3-base:1.10 cube-native-xorg:1.10.0.16 cube-native-xorg-base:1.10 pkgsrc-2008Q2:1.10.0.14 pkgsrc-2008Q2-base:1.10 cwrapper:1.10.0.12 pkgsrc-2008Q1:1.10.0.10 pkgsrc-2008Q1-base:1.10 pkgsrc-2007Q4:1.10.0.8 pkgsrc-2007Q4-base:1.10 pkgsrc-2007Q3:1.10.0.6 pkgsrc-2007Q3-base:1.10 pkgsrc-2007Q2:1.10.0.4 pkgsrc-2007Q2-base:1.10 pkgsrc-2007Q1:1.10.0.2 pkgsrc-2007Q1-base:1.10 pkgsrc-2006Q4:1.9.0.4 pkgsrc-2006Q4-base:1.9 pkgsrc-2006Q3:1.9.0.2 pkgsrc-2006Q3-base:1.9 pkgsrc-2006Q2:1.8.0.2 pkgsrc-2006Q2-base:1.8 pkgsrc-2006Q1:1.6.0.4 pkgsrc-2006Q1-base:1.6 pkgsrc-2005Q4:1.6.0.2 pkgsrc-2005Q4-base:1.6 pkgsrc-2005Q3:1.5.0.12 pkgsrc-2005Q3-base:1.5 pkgsrc-2005Q2:1.5.0.10 pkgsrc-2005Q2-base:1.5 pkgsrc-2005Q1:1.5.0.8 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.5.0.6 pkgsrc-2004Q4-base:1.5 pkgsrc-2004Q3:1.5.0.4 pkgsrc-2004Q3-base:1.5 pkgsrc-2004Q2:1.5.0.2 pkgsrc-2004Q2-base:1.5 pkgsrc-2004Q1:1.4.0.4 pkgsrc-2004Q1-base:1.4 pkgsrc-2003Q4:1.4.0.2 pkgsrc-2003Q4-base:1.4 buildlink2-base:1.2; locks; strict; comment @# @; 1.11 date 2009.05.23.09.04.01; author tron; state dead; branches; next 1.10; 1.10 date 2007.01.06.22.45.49; author wiz; state Exp; branches 1.10.22.1; next 1.9; 1.9 date 2006.08.24.22.02.02; author salo; state Exp; branches; next 1.8; 1.8 date 2006.05.29.13.51.20; author tron; state Exp; branches 1.8.2.1; next 1.7; 1.7 date 2006.05.29.13.48.53; author tron; state Exp; branches; next 1.6; 1.6 date 2005.10.03.15.00.12; author wiz; state dead; branches 1.6.4.1; next 1.5; 1.5 date 2004.05.05.13.25.27; author wiz; state Exp; branches; next 1.4; 1.4 date 2003.07.12.07.04.54; author wiz; state dead; branches; next 1.3; 1.3 date 2003.03.22.06.05.27; author wiz; state Exp; branches; next 1.2; 1.2 date 2000.05.19.11.03.40; author wiz; state dead; branches; next 1.1; 1.1 date 2000.05.04.01.33.07; author hubertf; state Exp; branches; next ; 1.10.22.1 date 2009.06.04.08.56.16; author spz; state dead; branches; next ; 1.8.2.1 date 2006.08.25.11.05.02; author ghen; state Exp; branches; next ; 1.6.4.1 date 2006.05.30.20.18.31; author ghen; state Exp; branches; next ; desc @@ 1.11 log @Update "cscope" package to version 15.7a. This version fixes the security vulnerability reported in CVE-2009-0148. @ text @$NetBSD: patch-ae,v 1.10 2007/01/06 22:45:49 wiz Exp $ --- src/build.c.orig 2006-09-30 10:13:00.000000000 +0200 +++ src/build.c @@@@ -223,7 +223,7 @@@@ build(void) if (strcmp(currentdir, home) == 0) { strcpy(newdir, "$HOME"); } else if (strncmp(currentdir, home, strlen(home)) == 0) { - sprintf(newdir, "$HOME%s", currentdir + strlen(home)); + snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home)); } /* sort the source file names (needed for rebuilding) */ qsort(srcfiles, nsrcfiles, sizeof(char *), compare); @@@@ -454,7 +454,7 @@@@ cscope: converting to new symbol databas } fstat(fileno(postings), &statstruct); fclose(postings); - sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); + snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1); if ((postings = mypopen(sortcommand, "r")) == NULL) { fprintf(stderr, "cscope: cannot open pipe to sort command\n"); cannotindex(); @ 1.10 log @Update to 15.6: Some security problems have been addressed, and overall stability has improved. There are no new features. (The security problems were already fixed in pkgsrc.) @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.9 2006/08/24 22:02:02 salo Exp $ @ 1.10.22.1 log @Pullup ticket 2780 - requested by tron Security update Revisions pulled up: - pkgsrc/devel/cscope/Makefile 1.50 - pkgsrc/devel/cscope/distinfo 1.19 Files deleted: - pkgsrc/devel/cscope/patches/patch-ae - pkgsrc/devel/cscope/patches/patch-af - pkgsrc/devel/cscope/patches/patch-ag - pkgsrc/devel/cscope/patches/patch-ah - pkgsrc/devel/cscope/patches/patch-ai - pkgsrc/devel/cscope/patches/patch-aj - pkgsrc/devel/cscope/patches/patch-ak - pkgsrc/devel/cscope/patches/patch-al - pkgsrc/devel/cscope/patches/patch-am - pkgsrc/devel/cscope/patches/patch-an - pkgsrc/devel/cscope/patches/patch-ao - pkgsrc/devel/cscope/patches/patch-ap Module Name: pkgsrc Committed By: tron Date: Sat May 23 09:04:02 UTC 2009 Modified Files: pkgsrc/devel/cscope: Makefile distinfo Removed Files: pkgsrc/devel/cscope/patches: patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao patch-ap Log Message: Update "cscope" package to version 15.7a. This version fixes the security vulnerability reported in CVE-2009-0148. To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 pkgsrc/devel/cscope/Makefile cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/cscope/distinfo cvs rdiff -u -r1.10 -r0 pkgsrc/devel/cscope/patches/patch-ae cvs rdiff -u -r1.9 -r0 pkgsrc/devel/cscope/patches/patch-af cvs rdiff -u -r1.6 -r0 pkgsrc/devel/cscope/patches/patch-ag \ pkgsrc/devel/cscope/patches/patch-ai cvs rdiff -u -r1.7 -r0 pkgsrc/devel/cscope/patches/patch-ah cvs rdiff -u -r1.4 -r0 pkgsrc/devel/cscope/patches/patch-aj cvs rdiff -u -r1.3 -r0 pkgsrc/devel/cscope/patches/patch-ak \ pkgsrc/devel/cscope/patches/patch-al pkgsrc/devel/cscope/patches/patch-ap cvs rdiff -u -r1.2 -r0 pkgsrc/devel/cscope/patches/patch-am \ pkgsrc/devel/cscope/patches/patch-an pkgsrc/devel/cscope/patches/patch-ao @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.10 2007/01/06 22:45:49 wiz Exp $ @ 1.9 log @Security fix for SA21601: "Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. 1) Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories. 2) A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument. Successful exploitation may allow execution of arbitrary code." Patches adapted from cscope CVS. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 12 a14 3 --- src/build.c.orig 2003-03-05 11:43:59.000000000 +0100 +++ src/build.c 2006-08-24 23:26:31.000000000 +0200 @@@@ -115,7 +115,7 @@@@ d16 7 a22 52 /* see if the name list is the same */ for (i = 0; i < count; ++i) { - if (fscanf(oldrefs, "%s", oldname) != 1 || + if (! fgets(oldname, sizeof(oldname), oldrefs)|| strnotequal(oldname, names[i])) { return(NO); } @@@@ -215,7 +215,7 @@@@ (void) strcpy(newdir, "$HOME"); } else if (strncmp(currentdir, home, strlen(home)) == 0) { - (void) sprintf(newdir, "$HOME%s", currentdir + strlen(home)); + (void) snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home)); } /* sort the source file names (needed for rebuilding) */ qsort(srcfiles, (unsigned) nsrcfiles, sizeof(char *), compare); @@@@ -223,7 +223,7 @@@@ /* if there is an old cross-reference and its current directory matches */ /* or this is an unconditional build */ if ((oldrefs = vpfopen(reffile, "rb")) != NULL && unconditional == NO && - fscanf(oldrefs, "cscope %d %s", &fileversion, olddir) == 2 && + fscanf(oldrefs, "cscope %d %" PATHLEN_STR "s", &fileversion, olddir) == 2 && (strcmp(olddir, currentdir) == 0 || /* remain compatible */ strcmp(olddir, newdir) == 0)) { /* get the cross-reference file's modification time */ @@@@ -292,7 +292,7 @@@@ /* see if the list of source files is the same and none have been changed up to the included files */ for (i = 0; i < nsrcfiles; ++i) { - if (fscanf(oldrefs, "%s", oldname) != 1 || + if (! fgets(oldname, sizeof(oldname), oldrefs) || strnotequal(oldname, srcfiles[i]) || lstat(srcfiles[i], &statstruct) != 0 || statstruct.st_mtime > reftime) { @@@@ -301,7 +301,7 @@@@ } /* the old cross-reference is up-to-date */ /* so get the list of included files */ - while (i++ < oldnum && fscanf(oldrefs, "%s", oldname) == 1) { + while (i++ < oldnum && fgets(oldname, sizeof(oldname), oldrefs)) { addsrcfile(oldname); } (void) fclose(oldrefs); @@@@ -443,7 +443,7 @@@@ } (void) fstat(fileno(postings), &statstruct); (void) fclose(postings); - (void) sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); + (void) snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1); if ((postings = mypopen(sortcommand, "r")) == NULL) { (void) fprintf(stderr, "cscope: cannot open pipe to sort command\n"); cannotindex(); @ 1.8 log @Add missing RCS Ids. @ text @d3 11 a13 2 --- src/build.c.orig 2003-03-05 10:43:59.000000000 +0000 +++ src/build.c 2006-05-29 14:34:26.000000000 +0100 d23 27 @ 1.8.2.1 log @Pullup ticket 1808 - requested by salo security fix for cscope Revisions pulled up: - pkgsrc/devel/cscope/Makefile 1.45 - pkgsrc/devel/cscope/distinfo 1.15 - pkgsrc/devel/cscope/patches/patch-aa 1.11 - pkgsrc/devel/cscope/patches/patch-ae 1.9 - pkgsrc/devel/cscope/patches/patch-af 1.8 - pkgsrc/devel/cscope/patches/patch-ag 1.5 - pkgsrc/devel/cscope/patches/patch-ah 1.5 - pkgsrc/devel/cscope/patches/patch-ai 1.5 - pkgsrc/devel/cscope/patches/patch-aj 1.3 - pkgsrc/devel/cscope/patches/patch-ap 1. Module Name: pkgsrc Committed By: salo Date: Thu Aug 24 22:02:02 UTC 2006 Modified Files: pkgsrc/devel/cscope: Makefile distinfo pkgsrc/devel/cscope/patches: patch-aa patch-ae patch-af patch-ag patch-ah patch-ai patch-aj Added Files: pkgsrc/devel/cscope/patches: patch-ap Log Message: Security fix for SA21601: "Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. 1) Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories. 2) A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument. Successful exploitation may allow execution of arbitrary code." Patches adapted from cscope CVS. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.9 2006/08/24 22:02:02 salo Exp $ d3 2 a4 11 --- src/build.c.orig 2003-03-05 11:43:59.000000000 +0100 +++ src/build.c 2006-08-24 23:26:31.000000000 +0200 @@@@ -115,7 +115,7 @@@@ } /* see if the name list is the same */ for (i = 0; i < count; ++i) { - if (fscanf(oldrefs, "%s", oldname) != 1 || + if (! fgets(oldname, sizeof(oldname), oldrefs)|| strnotequal(oldname, names[i])) { return(NO); } a13 27 @@@@ -223,7 +223,7 @@@@ /* if there is an old cross-reference and its current directory matches */ /* or this is an unconditional build */ if ((oldrefs = vpfopen(reffile, "rb")) != NULL && unconditional == NO && - fscanf(oldrefs, "cscope %d %s", &fileversion, olddir) == 2 && + fscanf(oldrefs, "cscope %d %" PATHLEN_STR "s", &fileversion, olddir) == 2 && (strcmp(olddir, currentdir) == 0 || /* remain compatible */ strcmp(olddir, newdir) == 0)) { /* get the cross-reference file's modification time */ @@@@ -292,7 +292,7 @@@@ /* see if the list of source files is the same and none have been changed up to the included files */ for (i = 0; i < nsrcfiles; ++i) { - if (fscanf(oldrefs, "%s", oldname) != 1 || + if (! fgets(oldname, sizeof(oldname), oldrefs) || strnotequal(oldname, srcfiles[i]) || lstat(srcfiles[i], &statstruct) != 0 || statstruct.st_mtime > reftime) { @@@@ -301,7 +301,7 @@@@ } /* the old cross-reference is up-to-date */ /* so get the list of included files */ - while (i++ < oldnum && fscanf(oldrefs, "%s", oldname) == 1) { + while (i++ < oldnum && fgets(oldname, sizeof(oldname), oldrefs)) { addsrcfile(oldname); } (void) fclose(oldrefs); @ 1.7 log @Integrate Debian's fix for security whole reported in CVE-2004-2541. Bump package revision. @ text @d1 2 @ 1.6 log @Update to 15.5: (2003/08/14 - broeker) Cleaned up man page, INSTALL and TODO files. (2003/08/14 - broeker) Have configure check for . Bail out if none found. (2003/08/14 - broeker) New options --help and --version. (2003/06/12 - broeker) New option -v to output progress updates even in line mode. To be used by interface kscope. (2003/06/02 - broeker) Use the basename of files only to test for SCCS/RCS files in -R traversal. (2003/04/29 - broeker) Check that a src file is a regular file before trying to scan it. Change from S_IFDIR/S_IFREG bit tests to macros S_ISDIR/S_ISREG. (2003/03/05 - broeker) Remove '-y' option from pipe call to utility "sort". It's long since deprecated, and some modern versions will barf seeing it. (2003/03/02 - broeker) Don't restrict to 14 character filenames any longer. (2003/01/23 - broeker) Update to latest auto* tools. First step towards integration of GNOME GUI version. (2002/12/11 - broeker) Get rid of deprecated ={...} style actions in egrep.y. Use plain {...} instead. (2002/10/29 - broeker) Fix bug #588671: disprefs was still 0 if only 1 very long reference output shown by curses display. (2002/08/27 - broeker) Fix bug #600494: use mygetenv() for HOME, and provide a fall-back if it's not there. @ text @d1 12 a12 5 $NetBSD: patch-ae,v 1.5 2004/05/05 13:25:27 wiz Exp $ --- src/build.c.orig 2001-11-22 18:38:19.000000000 +0100 +++ src/build.c @@@@ -443,7 +443,7 @@@@ build(void) d16 2 a17 2 - (void) sprintf(sortcommand, "env LC_ALL=C sort -y -T %s %s", tmpdir, temp1); + (void) sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); @ 1.6.4.1 log @Pullup ticket 1675 - requested by tron security fix for cscope Revisions pulled up: - pkgsrc/devel/cscope/Makefile 1.44 - pkgsrc/devel/cscope/distinfo 1.13 - pkgsrc/devel/cscope/patches/patch-ae 1.7 - pkgsrc/devel/cscope/patches/patch-af 1.6 - pkgsrc/devel/cscope/patches/patch-ag 1.3 - pkgsrc/devel/cscope/patches/patch-ah 1.3 - pkgsrc/devel/cscope/patches/patch-ai 1.3 - pkgsrc/devel/cscope/patches/patch-aj 1.1 - pkgsrc/devel/cscope/patches/patch-ak 1.1 - pkgsrc/devel/cscope/patches/patch-al 1.1 - pkgsrc/devel/cscope/patches/patch-am 1.1 - pkgsrc/devel/cscope/patches/patch-an 1.1 - pkgsrc/devel/cscope/patches/patch-ao 1.1 Module Name: pkgsrc Committed By: tron Date: Mon May 29 13:48:53 UTC 2006 Modified Files: pkgsrc/devel/cscope: Makefile distinfo pkgsrc/devel/cscope/patches: patch-af Added Files: pkgsrc/devel/cscope/patches: patch-ae patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao Log Message: Integrate Debian's fix for security whole reported in CVE-2004-2541. Bump package revision. @ text @d1 5 a5 12 --- src/build.c.orig 2003-03-05 10:43:59.000000000 +0000 +++ src/build.c 2006-05-29 14:34:26.000000000 +0100 @@@@ -215,7 +215,7 @@@@ (void) strcpy(newdir, "$HOME"); } else if (strncmp(currentdir, home, strlen(home)) == 0) { - (void) sprintf(newdir, "$HOME%s", currentdir + strlen(home)); + (void) snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home)); } /* sort the source file names (needed for rebuilding) */ qsort(srcfiles, (unsigned) nsrcfiles, sizeof(char *), compare); @@@@ -443,7 +443,7 @@@@ d9 2 a10 2 - (void) sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); + (void) snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1); @ 1.5 log @Add patch from Kailash Sethuraman in PR 25471 that removes an obsolete sort(1) flag. PKGREVISION=2. @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @Not needed in 15.4. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.3 2003/03/22 06:05:27 wiz Exp $ d3 3 a5 3 --- src/main.c.orig Fri Jun 1 14:43:24 2001 +++ src/main.c @@@@ -1056,7 +1056,7 @@@@ build(void) @ 1.3 log @Remove obsolete "-y" flag from sort call; bump PKGREVISION. Patch from Istvan Marko in PR 19425. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update to 15.0bl2. Changes: Bugfixes, better man page, code cleanup. Fixes pkg/10153. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.1 2000/05/04 01:33:07 hubertf Exp $ d3 3 a5 9 diff -x *.orig -urN ./common/help.c /disk1/cvs/pkgsrc/devel/cscope/work.i386.unpatched/cscope-13.0/common/help.c --- ./common/help.c Tue Apr 18 03:40:29 2000 +++ /disk1/cvs/pkgsrc/devel/cscope/work.i386.unpatched/cscope-13.0/common/help.c Thu May 4 03:24:27 2000 @@@@ -132,6 +132,7 @@@@ ++ln; } } + move(ln, 0); (void) addstr(*tp++); d7 7 a13 1 else { @ 1.1 log @ * split * don't change the name of cbreak to crmode if sun is not defined Hint by Brett Lymn , sent to me by Thomas Klausner. @ text @d1 1 a1 1 $NetBSD$ @