head 1.7; access; symbols pkgsrc-2013Q2:1.7.0.10 pkgsrc-2013Q2-base:1.7 pkgsrc-2012Q4:1.7.0.8 pkgsrc-2012Q4-base:1.7 pkgsrc-2011Q4:1.7.0.6 pkgsrc-2011Q4-base:1.7 pkgsrc-2011Q2:1.7.0.4 pkgsrc-2011Q2-base:1.7 pkgsrc-2009Q4:1.7.0.2 pkgsrc-2009Q4-base:1.7 pkgsrc-2009Q1:1.6.0.22 pkgsrc-2009Q1-base:1.6 pkgsrc-2008Q4:1.6.0.20 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.18 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.16 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.14 pkgsrc-2008Q2-base:1.6 cwrapper:1.6.0.12 pkgsrc-2008Q1:1.6.0.10 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.8 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.6 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.4 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.2 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.5.0.4 pkgsrc-2006Q4-base:1.5 pkgsrc-2006Q3:1.5.0.2 pkgsrc-2006Q3-base:1.5 pkgsrc-2006Q2:1.4.0.2 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.2.0.20 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.18 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.16 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.14 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.12 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2 buildlink2-base:1.2; locks; strict; comment @# @; 1.7 date 2009.05.23.09.04.01; author tron; state dead; branches; next 1.6; 1.6 date 2007.01.06.22.45.49; author wiz; state Exp; branches 1.6.22.1; next 1.5; 1.5 date 2006.08.24.22.02.02; author salo; state Exp; branches; next 1.4; 1.4 date 2006.05.29.13.51.20; author tron; state Exp; branches 1.4.2.1; next 1.3; 1.3 date 2006.05.29.13.48.53; author tron; state Exp; branches; next 1.2; 1.2 date 2000.05.19.11.03.41; author wiz; state dead; branches 1.2.20.1; next 1.1; 1.1 date 2000.05.04.01.33.07; author hubertf; state Exp; branches; next ; 1.6.22.1 date 2009.06.04.08.56.16; author spz; state dead; branches; next ; 1.4.2.1 date 2006.08.25.11.05.02; author ghen; state Exp; branches; next ; 1.2.20.1 date 2006.05.30.20.18.31; author ghen; state Exp; branches; next ; desc @@ 1.7 log @Update "cscope" package to version 15.7a. This version fixes the security vulnerability reported in CVE-2009-0148. @ text @$NetBSD: patch-ag,v 1.6 2007/01/06 22:45:49 wiz Exp $ --- src/command.c.orig 2006-09-30 10:13:00.000000000 +0200 +++ src/command.c @@@@ -739,7 +739,7 @@@@ changestring(void) /* make sure it can be changed */ if (access(newfile, WRITE) != 0) { - sprintf(msg, "Cannot write to file %s", newfile); + snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile); postmsg(msg); anymarked = NO; break; @ 1.6 log @Update to 15.6: Some security problems have been addressed, and overall stability has improved. There are no new features. (The security problems were already fixed in pkgsrc.) @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.5 2006/08/24 22:02:02 salo Exp $ @ 1.6.22.1 log @Pullup ticket 2780 - requested by tron Security update Revisions pulled up: - pkgsrc/devel/cscope/Makefile 1.50 - pkgsrc/devel/cscope/distinfo 1.19 Files deleted: - pkgsrc/devel/cscope/patches/patch-ae - pkgsrc/devel/cscope/patches/patch-af - pkgsrc/devel/cscope/patches/patch-ag - pkgsrc/devel/cscope/patches/patch-ah - pkgsrc/devel/cscope/patches/patch-ai - pkgsrc/devel/cscope/patches/patch-aj - pkgsrc/devel/cscope/patches/patch-ak - pkgsrc/devel/cscope/patches/patch-al - pkgsrc/devel/cscope/patches/patch-am - pkgsrc/devel/cscope/patches/patch-an - pkgsrc/devel/cscope/patches/patch-ao - pkgsrc/devel/cscope/patches/patch-ap Module Name: pkgsrc Committed By: tron Date: Sat May 23 09:04:02 UTC 2009 Modified Files: pkgsrc/devel/cscope: Makefile distinfo Removed Files: pkgsrc/devel/cscope/patches: patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao patch-ap Log Message: Update "cscope" package to version 15.7a. This version fixes the security vulnerability reported in CVE-2009-0148. To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 pkgsrc/devel/cscope/Makefile cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/cscope/distinfo cvs rdiff -u -r1.10 -r0 pkgsrc/devel/cscope/patches/patch-ae cvs rdiff -u -r1.9 -r0 pkgsrc/devel/cscope/patches/patch-af cvs rdiff -u -r1.6 -r0 pkgsrc/devel/cscope/patches/patch-ag \ pkgsrc/devel/cscope/patches/patch-ai cvs rdiff -u -r1.7 -r0 pkgsrc/devel/cscope/patches/patch-ah cvs rdiff -u -r1.4 -r0 pkgsrc/devel/cscope/patches/patch-aj cvs rdiff -u -r1.3 -r0 pkgsrc/devel/cscope/patches/patch-ak \ pkgsrc/devel/cscope/patches/patch-al pkgsrc/devel/cscope/patches/patch-ap cvs rdiff -u -r1.2 -r0 pkgsrc/devel/cscope/patches/patch-am \ pkgsrc/devel/cscope/patches/patch-an pkgsrc/devel/cscope/patches/patch-ao @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.6 2007/01/06 22:45:49 wiz Exp $ @ 1.5 log @Security fix for SA21601: "Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. 1) Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories. 2) A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument. Successful exploitation may allow execution of arbitrary code." Patches adapted from cscope CVS. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 12 --- src/command.c.orig 2002-07-29 14:37:49.000000000 +0200 +++ src/command.c 2006-08-24 23:31:53.000000000 +0200 @@@@ -707,7 +707,7 @@@@ changestring(void) (void) fprintf(script, "ed - <<\\!\n"); *oldfile = '\0'; seekline(1); - for (i = 0; fscanf(refsfound, "%s%*s%s%*[^\n]", newfile, linenum) == 2; + for (i = 0; fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s%*[^\n]", newfile, linenum) == 2; ++i) { /* see if the line is to be changed */ if (change[i] == YES) { @@@@ -718,7 +718,7 @@@@ changestring(void) d7 7 a13 7 /* make sure it can be changed */ if (access(newfile, WRITE) != 0) { - (void) sprintf(msg, "Cannot write to file %s", newfile); + (void) snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile); postmsg(msg); anymarked = NO; break; @ 1.4 log @Add missing RCS Ids. @ text @d3 12 a14 3 --- src/command.c.orig 2002-07-29 13:37:49.000000000 +0100 +++ src/command.c 2006-05-29 14:34:26.000000000 +0100 @@@@ -718,7 +718,7 @@@@ @ 1.4.2.1 log @Pullup ticket 1808 - requested by salo security fix for cscope Revisions pulled up: - pkgsrc/devel/cscope/Makefile 1.45 - pkgsrc/devel/cscope/distinfo 1.15 - pkgsrc/devel/cscope/patches/patch-aa 1.11 - pkgsrc/devel/cscope/patches/patch-ae 1.9 - pkgsrc/devel/cscope/patches/patch-af 1.8 - pkgsrc/devel/cscope/patches/patch-ag 1.5 - pkgsrc/devel/cscope/patches/patch-ah 1.5 - pkgsrc/devel/cscope/patches/patch-ai 1.5 - pkgsrc/devel/cscope/patches/patch-aj 1.3 - pkgsrc/devel/cscope/patches/patch-ap 1. Module Name: pkgsrc Committed By: salo Date: Thu Aug 24 22:02:02 UTC 2006 Modified Files: pkgsrc/devel/cscope: Makefile distinfo pkgsrc/devel/cscope/patches: patch-aa patch-ae patch-af patch-ag patch-ah patch-ai patch-aj Added Files: pkgsrc/devel/cscope/patches: patch-ap Log Message: Security fix for SA21601: "Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. 1) Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories. 2) A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument. Successful exploitation may allow execution of arbitrary code." Patches adapted from cscope CVS. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.5 2006/08/24 22:02:02 salo Exp $ d3 3 a5 12 --- src/command.c.orig 2002-07-29 14:37:49.000000000 +0200 +++ src/command.c 2006-08-24 23:31:53.000000000 +0200 @@@@ -707,7 +707,7 @@@@ changestring(void) (void) fprintf(script, "ed - <<\\!\n"); *oldfile = '\0'; seekline(1); - for (i = 0; fscanf(refsfound, "%s%*s%s%*[^\n]", newfile, linenum) == 2; + for (i = 0; fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s%*[^\n]", newfile, linenum) == 2; ++i) { /* see if the line is to be changed */ if (change[i] == YES) { @@@@ -718,7 +718,7 @@@@ changestring(void) @ 1.3 log @Integrate Debian's fix for security whole reported in CVE-2004-2541. Bump package revision. @ text @d1 2 @ 1.2 log @Update to 15.0bl2. Changes: Bugfixes, better man page, code cleanup. Fixes pkg/10153. @ text @d1 11 a11 19 $NetBSD: patch-ag,v 1.1 2000/05/04 01:33:07 hubertf Exp $ diff -x *.orig -urN ./common/library.h /disk1/cvs/pkgsrc/devel/cscope/work.i386.unpatched/cscope-13.0/common/library.h --- ./common/library.h Tue Apr 18 03:41:11 2000 +++ /disk1/cvs/pkgsrc/devel/cscope/work.i386.unpatched/cscope-13.0/common/library.h Thu May 4 03:24:27 2000 @@@@ -53,7 +53,12 @@@@ char *ctime(), *getcwd(), *getenv(), *mktemp(); char *strcat(), *strcpy(), *strncpy(), *strpbrk(), *strchr(), *strrchr(); char *strtok(); -long lseek(), time(); +#if BSD +off_t lseek(); +time_t time(); +#else +long lseek(); +#endif unsigned sleep(); void exit(), free(), qsort(); #if BSD @ 1.2.20.1 log @Pullup ticket 1675 - requested by tron security fix for cscope Revisions pulled up: - pkgsrc/devel/cscope/Makefile 1.44 - pkgsrc/devel/cscope/distinfo 1.13 - pkgsrc/devel/cscope/patches/patch-ae 1.7 - pkgsrc/devel/cscope/patches/patch-af 1.6 - pkgsrc/devel/cscope/patches/patch-ag 1.3 - pkgsrc/devel/cscope/patches/patch-ah 1.3 - pkgsrc/devel/cscope/patches/patch-ai 1.3 - pkgsrc/devel/cscope/patches/patch-aj 1.1 - pkgsrc/devel/cscope/patches/patch-ak 1.1 - pkgsrc/devel/cscope/patches/patch-al 1.1 - pkgsrc/devel/cscope/patches/patch-am 1.1 - pkgsrc/devel/cscope/patches/patch-an 1.1 - pkgsrc/devel/cscope/patches/patch-ao 1.1 Module Name: pkgsrc Committed By: tron Date: Mon May 29 13:48:53 UTC 2006 Modified Files: pkgsrc/devel/cscope: Makefile distinfo pkgsrc/devel/cscope/patches: patch-af Added Files: pkgsrc/devel/cscope/patches: patch-ae patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao Log Message: Integrate Debian's fix for security whole reported in CVE-2004-2541. Bump package revision. @ text @d1 19 a19 11 --- src/command.c.orig 2002-07-29 13:37:49.000000000 +0100 +++ src/command.c 2006-05-29 14:34:26.000000000 +0100 @@@@ -718,7 +718,7 @@@@ /* make sure it can be changed */ if (access(newfile, WRITE) != 0) { - (void) sprintf(msg, "Cannot write to file %s", newfile); + (void) snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile); postmsg(msg); anymarked = NO; break; @ 1.1 log @ * split * don't change the name of cbreak to crmode if sun is not defined Hint by Brett Lymn , sent to me by Thomas Klausner. @ text @d1 1 a1 1 $NetBSD$ @