head	1.5;
access;
symbols
	pkgsrc-2013Q2:1.5.0.10
	pkgsrc-2013Q2-base:1.5
	pkgsrc-2012Q4:1.5.0.8
	pkgsrc-2012Q4-base:1.5
	pkgsrc-2011Q4:1.5.0.6
	pkgsrc-2011Q4-base:1.5
	pkgsrc-2011Q2:1.5.0.4
	pkgsrc-2011Q2-base:1.5
	pkgsrc-2009Q4:1.5.0.2
	pkgsrc-2009Q4-base:1.5
	pkgsrc-2009Q1:1.4.0.22
	pkgsrc-2009Q1-base:1.4
	pkgsrc-2008Q4:1.4.0.20
	pkgsrc-2008Q4-base:1.4
	pkgsrc-2008Q3:1.4.0.18
	pkgsrc-2008Q3-base:1.4
	cube-native-xorg:1.4.0.16
	cube-native-xorg-base:1.4
	pkgsrc-2008Q2:1.4.0.14
	pkgsrc-2008Q2-base:1.4
	cwrapper:1.4.0.12
	pkgsrc-2008Q1:1.4.0.10
	pkgsrc-2008Q1-base:1.4
	pkgsrc-2007Q4:1.4.0.8
	pkgsrc-2007Q4-base:1.4
	pkgsrc-2007Q3:1.4.0.6
	pkgsrc-2007Q3-base:1.4
	pkgsrc-2007Q2:1.4.0.4
	pkgsrc-2007Q2-base:1.4
	pkgsrc-2007Q1:1.4.0.2
	pkgsrc-2007Q1-base:1.4
	pkgsrc-2006Q4:1.3.0.4
	pkgsrc-2006Q4-base:1.3
	pkgsrc-2006Q3:1.3.0.2
	pkgsrc-2006Q3-base:1.3
	pkgsrc-2006Q2:1.2.0.4
	pkgsrc-2006Q2-base:1.2
	pkgsrc-2006Q1:1.2.0.2;
locks; strict;
comment	@# @;


1.5
date	2009.05.23.09.04.01;	author tron;	state dead;
branches;
next	1.4;

1.4
date	2007.01.06.22.45.49;	author wiz;	state Exp;
branches
	1.4.22.1;
next	1.3;

1.3
date	2006.08.24.22.02.02;	author salo;	state Exp;
branches;
next	1.2;

1.2
date	2006.05.29.13.51.20;	author tron;	state Exp;
branches
	1.2.2.1
	1.2.4.1;
next	1.1;

1.1
date	2006.05.29.13.48.53;	author tron;	state Exp;
branches;
next	;

1.4.22.1
date	2009.06.04.08.56.16;	author spz;	state dead;
branches;
next	;

1.2.2.1
date	2006.05.29.13.51.20;	author ghen;	state dead;
branches;
next	1.2.2.2;

1.2.2.2
date	2006.05.30.20.18.31;	author ghen;	state Exp;
branches;
next	;

1.2.4.1
date	2006.08.25.11.05.02;	author ghen;	state Exp;
branches;
next	;


desc
@@


1.5
log
@Update "cscope" package to version 15.7a. This version fixes the
security vulnerability reported in CVE-2009-0148.
@
text
@$NetBSD: patch-aj,v 1.4 2007/01/06 22:45:49 wiz Exp $

--- src/edit.c.orig	2006-09-30 10:13:00.000000000 +0200
+++ src/edit.c
@@@@ -105,9 +105,9 @@@@ edit(char *file, char *linenum)
 	char	*s;
 
 	file = filepath(file);
-	(void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file);
+	(void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file);
 	postmsg(msg);
-	(void) sprintf(plusnum, lineflag, linenum);
+	(void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum);
 	/* if this is the more or page commands */
 	if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) {
 		
@@@@ -132,7 +132,7 @@@@ filepath(char *file)
 	static	char	path[PATHLEN + 1];
 	
 	if (prependpath != NULL && *file != '/') {
-		(void) sprintf(path, "%s/%s", prependpath, file);
+		(void) snprintf(path, sizeof(path), "%s/%s", prependpath, file);
 		file = path;
 	}
 	return(file);
@


1.4
log
@Update to 15.6:

Some security problems have been addressed, and overall stability
has improved. There are no new features.

(The security problems were already fixed in pkgsrc.)
@
text
@d1 1
a1 1
$NetBSD: patch-aj,v 1.3 2006/08/24 22:02:02 salo Exp $
@


1.4.22.1
log
@Pullup ticket 2780 - requested by tron
Security update

Revisions pulled up:
- pkgsrc/devel/cscope/Makefile			1.50
- pkgsrc/devel/cscope/distinfo			1.19

Files deleted:
- pkgsrc/devel/cscope/patches/patch-ae
- pkgsrc/devel/cscope/patches/patch-af
- pkgsrc/devel/cscope/patches/patch-ag
- pkgsrc/devel/cscope/patches/patch-ah
- pkgsrc/devel/cscope/patches/patch-ai
- pkgsrc/devel/cscope/patches/patch-aj
- pkgsrc/devel/cscope/patches/patch-ak
- pkgsrc/devel/cscope/patches/patch-al
- pkgsrc/devel/cscope/patches/patch-am
- pkgsrc/devel/cscope/patches/patch-an
- pkgsrc/devel/cscope/patches/patch-ao
- pkgsrc/devel/cscope/patches/patch-ap

   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Sat May 23 09:04:02 UTC 2009

   Modified Files:
   	pkgsrc/devel/cscope: Makefile distinfo
   Removed Files:
   	pkgsrc/devel/cscope/patches: patch-ae patch-af patch-ag patch-ah
   	    patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao
   	    patch-ap

   Log Message:
   Update "cscope" package to version 15.7a. This version fixes the
   security vulnerability reported in CVE-2009-0148.


   To generate a diff of this commit:
   cvs rdiff -u -r1.49 -r1.50 pkgsrc/devel/cscope/Makefile
   cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/cscope/distinfo
   cvs rdiff -u -r1.10 -r0 pkgsrc/devel/cscope/patches/patch-ae
   cvs rdiff -u -r1.9 -r0 pkgsrc/devel/cscope/patches/patch-af
   cvs rdiff -u -r1.6 -r0 pkgsrc/devel/cscope/patches/patch-ag \
       pkgsrc/devel/cscope/patches/patch-ai
   cvs rdiff -u -r1.7 -r0 pkgsrc/devel/cscope/patches/patch-ah
   cvs rdiff -u -r1.4 -r0 pkgsrc/devel/cscope/patches/patch-aj
   cvs rdiff -u -r1.3 -r0 pkgsrc/devel/cscope/patches/patch-ak \
       pkgsrc/devel/cscope/patches/patch-al pkgsrc/devel/cscope/patches/patch-ap
   cvs rdiff -u -r1.2 -r0 pkgsrc/devel/cscope/patches/patch-am \
       pkgsrc/devel/cscope/patches/patch-an pkgsrc/devel/cscope/patches/patch-ao
@
text
@d1 1
a1 1
$NetBSD: patch-aj,v 1.4 2007/01/06 22:45:49 wiz Exp $
@


1.3
log
@Security fix for SA21601:

"Will Drewry has reported some vulnerabilities in Cscope, which
 potentially can be exploited by malicious people to compromise
 a vulnerable system.

 1) Various boundary errors within the parsing of file lists or
    the expansion of environment variables can be exploited to
    cause stack-based buffer overflows when parsing specially
    crafted "cscope.lists" files or directories.

 2) A boundary error within the parsing of command line arguments
    can be exploited to cause a stack-based buffer overflow when
    supplying an overly long "reffile" argument.

 Successful exploitation may allow execution of arbitrary code."

Patches adapted from cscope CVS.  Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
d3 2
a4 20
--- src/edit.c.orig	2001-07-18 15:49:01.000000000 +0200
+++ src/edit.c	2006-08-24 23:39:09.000000000 +0200
@@@@ -60,7 +60,7 @@@@ editref(int i)
 	seekline(i + topline);
 	
 	/* get the file name and line number */
-	if (fscanf(refsfound, "%s%*s%s", file, linenum) == 2) {
+	if (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s", file, linenum) == 2) {
 		edit(file, linenum);	/* edit it */
 	}
 	seekline(topline);	/* restore the line pointer */
@@@@ -83,7 +83,7 @@@@ editall(void)
 	seekline(1);
 	
 	/* get each file name and line number */
-	while (fscanf(refsfound, "%s%*s%s%*[^\n]", file, linenum) == 2) {
+	while (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s%*[^\n]", file, linenum) == 2) {
 		edit(file, linenum);	/* edit it */
 		if (editallprompt == YES) {
 			addstr("Type ^D to stop editing all lines, or any other character to continue: ");
@


1.2
log
@Add missing RCS Ids.
@
text
@d3 21
a23 3
--- src/edit.c.orig	2001-07-18 14:49:01.000000000 +0100
+++ src/edit.c	2006-05-29 14:34:26.000000000 +0100
@@@@ -105,9 +105,9 @@@@
d35 1
a35 1
@@@@ -132,7 +132,7 @@@@
@


1.2.2.1
log
@file patch-aj was added on branch pkgsrc-2006Q1 on 2006-05-29 13:51:20 +0000
@
text
@d1 25
@


1.2.2.2
log
@Pullup ticket 1675 - requested by tron
security fix for cscope

Revisions pulled up:
- pkgsrc/devel/cscope/Makefile		1.44
- pkgsrc/devel/cscope/distinfo		1.13
- pkgsrc/devel/cscope/patches/patch-ae	1.7
- pkgsrc/devel/cscope/patches/patch-af	1.6
- pkgsrc/devel/cscope/patches/patch-ag	1.3
- pkgsrc/devel/cscope/patches/patch-ah	1.3
- pkgsrc/devel/cscope/patches/patch-ai	1.3
- pkgsrc/devel/cscope/patches/patch-aj	1.1
- pkgsrc/devel/cscope/patches/patch-ak	1.1
- pkgsrc/devel/cscope/patches/patch-al	1.1
- pkgsrc/devel/cscope/patches/patch-am	1.1
- pkgsrc/devel/cscope/patches/patch-an	1.1
- pkgsrc/devel/cscope/patches/patch-ao	1.1

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Mon May 29 13:48:53 UTC 2006

   Modified Files:
           pkgsrc/devel/cscope: Makefile distinfo
           pkgsrc/devel/cscope/patches: patch-af
   Added Files:
           pkgsrc/devel/cscope/patches: patch-ae patch-ag patch-ah patch-ai
               patch-aj patch-ak patch-al patch-am patch-an patch-ao

   Log Message:
   Integrate Debian's fix for security whole reported in CVE-2004-2541.
   Bump package revision.
@
text
@a0 23
--- src/edit.c.orig	2001-07-18 14:49:01.000000000 +0100
+++ src/edit.c	2006-05-29 14:34:26.000000000 +0100
@@@@ -105,9 +105,9 @@@@
 	char	*s;
 
 	file = filepath(file);
-	(void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file);
+	(void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file);
 	postmsg(msg);
-	(void) sprintf(plusnum, lineflag, linenum);
+	(void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum);
 	/* if this is the more or page commands */
 	if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) {
 		
@@@@ -132,7 +132,7 @@@@
 	static	char	path[PATHLEN + 1];
 	
 	if (prependpath != NULL && *file != '/') {
-		(void) sprintf(path, "%s/%s", prependpath, file);
+		(void) snprintf(path, sizeof(path), "%s/%s", prependpath, file);
 		file = path;
 	}
 	return(file);
@


1.2.4.1
log
@Pullup ticket 1808 - requested by salo
security fix for cscope

Revisions pulled up:
- pkgsrc/devel/cscope/Makefile				1.45
- pkgsrc/devel/cscope/distinfo				1.15
- pkgsrc/devel/cscope/patches/patch-aa			1.11
- pkgsrc/devel/cscope/patches/patch-ae			1.9
- pkgsrc/devel/cscope/patches/patch-af			1.8
- pkgsrc/devel/cscope/patches/patch-ag			1.5
- pkgsrc/devel/cscope/patches/patch-ah			1.5
- pkgsrc/devel/cscope/patches/patch-ai			1.5
- pkgsrc/devel/cscope/patches/patch-aj			1.3
- pkgsrc/devel/cscope/patches/patch-ap			1.

Module Name:	pkgsrc
Committed By:	salo
Date:		Thu Aug 24 22:02:02 UTC 2006

Modified Files:
	pkgsrc/devel/cscope: Makefile distinfo
	pkgsrc/devel/cscope/patches: patch-aa patch-ae patch-af patch-ag
	    patch-ah patch-ai patch-aj
Added Files:
	pkgsrc/devel/cscope/patches: patch-ap

Log Message:
Security fix for SA21601:

"Will Drewry has reported some vulnerabilities in Cscope, which
 potentially can be exploited by malicious people to compromise
 a vulnerable system.

 1) Various boundary errors within the parsing of file lists or
    the expansion of environment variables can be exploited to
    cause stack-based buffer overflows when parsing specially
    crafted "cscope.lists" files or directories.

 2) A boundary error within the parsing of command line arguments
    can be exploited to cause a stack-based buffer overflow when
    supplying an overly long "reffile" argument.

 Successful exploitation may allow execution of arbitrary code."

Patches adapted from cscope CVS.  Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD: patch-aj,v 1.3 2006/08/24 22:02:02 salo Exp $
d3 3
a5 21
--- src/edit.c.orig	2001-07-18 15:49:01.000000000 +0200
+++ src/edit.c	2006-08-24 23:39:09.000000000 +0200
@@@@ -60,7 +60,7 @@@@ editref(int i)
 	seekline(i + topline);
 	
 	/* get the file name and line number */
-	if (fscanf(refsfound, "%s%*s%s", file, linenum) == 2) {
+	if (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s", file, linenum) == 2) {
 		edit(file, linenum);	/* edit it */
 	}
 	seekline(topline);	/* restore the line pointer */
@@@@ -83,7 +83,7 @@@@ editall(void)
 	seekline(1);
 	
 	/* get each file name and line number */
-	while (fscanf(refsfound, "%s%*s%s%*[^\n]", file, linenum) == 2) {
+	while (fscanf(refsfound, "%" PATHLEN_STR "s%*s%" NUMLEN_STR "s%*[^\n]", file, linenum) == 2) {
 		edit(file, linenum);	/* edit it */
 		if (editallprompt == YES) {
 			addstr("Type ^D to stop editing all lines, or any other character to continue: ");
@@@@ -105,9 +105,9 @@@@ edit(char *file, char *linenum)
d17 1
a17 1
@@@@ -132,7 +132,7 @@@@ filepath(char *file)
@


1.1
log
@Integrate Debian's fix for security whole reported in CVE-2004-2541.
Bump package revision.
@
text
@d1 2
@