head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.10 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.8 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.6 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.4 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.2 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q1:1.3.0.4 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.2 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.2.0.16 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.14 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.12 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.10 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.8 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.6 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.4 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.2 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.1.0.6 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.4 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.2; locks; strict; comment @# @; 1.4 date 2009.05.23.09.04.01; author tron; state dead; branches; next 1.3; 1.3 date 2008.12.17.17.01.15; author ghen; state Exp; branches 1.3.4.1; next 1.2; 1.2 date 2007.01.06.22.45.49; author wiz; state dead; branches; next 1.1; 1.1 date 2006.08.24.22.02.02; author salo; state Exp; branches 1.1.2.1; next ; 1.3.4.1 date 2009.06.04.08.56.16; author spz; state dead; branches; next ; 1.1.2.1 date 2006.08.24.22.02.02; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.08.25.11.05.02; author ghen; state Exp; branches; next ; desc @@ 1.4 log @Update "cscope" package to version 15.7a. This version fixes the security vulnerability reported in CVE-2009-0148. @ text @$NetBSD: patch-ap,v 1.3 2008/12/17 17:01:15 ghen Exp $ --- src/main.c.orig 2008-12-17 11:50:30.000000000 +0100 +++ src/main.c 2008-12-17 11:50:45.000000000 +0100 @@@@ -128,7 +128,8 @@@@ (void) sig; (void) info; (void) unused; - ungetch(KEY_RESIZE); + if (incurses == YES) + ungetch(KEY_RESIZE); } #endif @@@@ -153,12 +154,7 @@@@ yyout = stdout; /* save the command name for messages */ argv0 = argv[0]; -#if defined(KEY_RESIZE) && !defined(__DJGPP__) - winch_action.sa_sigaction = sigwinch_handler; - sigemptyset(&winch_action.sa_mask); - winch_action.sa_flags = SA_SIGINFO; - sigaction(SIGWINCH,&winch_action,NULL); -#endif + /* set the options */ while (--argc > 0 && (*++argv)[0] == '-') { /* HBB 20030814: add GNU-style --help and --version options */ @@@@ -403,6 +399,13 @@@@ signal(SIGINT, SIG_IGN); /* ignore interrupts */ signal(SIGPIPE, SIG_IGN);/* | command can cause pipe signal */ +#if defined(KEY_RESIZE) && !defined(__DJGPP__) + winch_action.sa_sigaction = sigwinch_handler; + sigemptyset(&winch_action.sa_mask); + winch_action.sa_flags = SA_SIGINFO; + sigaction(SIGWINCH,&winch_action,NULL); +#endif + /* initialize the curses display package */ initscr(); /* initialize the screen */ entercurses(); @ 1.3 log @When Vim receives a SIGWINCH when its window is resized, it passes the signal on to cscope when it's running (whether this is correct or not is a different discussion). The signal handler in cscope tries to ungetch() which crashes if cscope is running in line mode (as under Vim) as opposed to under ncurses. From Philip Paeps . Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.3.4.1 log @Pullup ticket 2780 - requested by tron Security update Revisions pulled up: - pkgsrc/devel/cscope/Makefile 1.50 - pkgsrc/devel/cscope/distinfo 1.19 Files deleted: - pkgsrc/devel/cscope/patches/patch-ae - pkgsrc/devel/cscope/patches/patch-af - pkgsrc/devel/cscope/patches/patch-ag - pkgsrc/devel/cscope/patches/patch-ah - pkgsrc/devel/cscope/patches/patch-ai - pkgsrc/devel/cscope/patches/patch-aj - pkgsrc/devel/cscope/patches/patch-ak - pkgsrc/devel/cscope/patches/patch-al - pkgsrc/devel/cscope/patches/patch-am - pkgsrc/devel/cscope/patches/patch-an - pkgsrc/devel/cscope/patches/patch-ao - pkgsrc/devel/cscope/patches/patch-ap Module Name: pkgsrc Committed By: tron Date: Sat May 23 09:04:02 UTC 2009 Modified Files: pkgsrc/devel/cscope: Makefile distinfo Removed Files: pkgsrc/devel/cscope/patches: patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao patch-ap Log Message: Update "cscope" package to version 15.7a. This version fixes the security vulnerability reported in CVE-2009-0148. To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 pkgsrc/devel/cscope/Makefile cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/cscope/distinfo cvs rdiff -u -r1.10 -r0 pkgsrc/devel/cscope/patches/patch-ae cvs rdiff -u -r1.9 -r0 pkgsrc/devel/cscope/patches/patch-af cvs rdiff -u -r1.6 -r0 pkgsrc/devel/cscope/patches/patch-ag \ pkgsrc/devel/cscope/patches/patch-ai cvs rdiff -u -r1.7 -r0 pkgsrc/devel/cscope/patches/patch-ah cvs rdiff -u -r1.4 -r0 pkgsrc/devel/cscope/patches/patch-aj cvs rdiff -u -r1.3 -r0 pkgsrc/devel/cscope/patches/patch-ak \ pkgsrc/devel/cscope/patches/patch-al pkgsrc/devel/cscope/patches/patch-ap cvs rdiff -u -r1.2 -r0 pkgsrc/devel/cscope/patches/patch-am \ pkgsrc/devel/cscope/patches/patch-an pkgsrc/devel/cscope/patches/patch-ao @ text @d1 1 a1 1 $NetBSD: patch-ap,v 1.3 2008/12/17 17:01:15 ghen Exp $ @ 1.2 log @Update to 15.6: Some security problems have been addressed, and overall stability has improved. There are no new features. (The security problems were already fixed in pkgsrc.) @ text @d1 1 a1 1 $NetBSD: patch-ap,v 1.1 2006/08/24 22:02:02 salo Exp $ d3 40 a42 22 --- src/input.c.orig 2001-07-18 15:49:01.000000000 +0200 +++ src/input.c 2006-08-24 23:44:25.000000000 +0200 @@@@ -290,7 +290,7 @@@@ shellpath(char *out, int limit, char *in v = logdir(out); } /* copy the directory name */ - if (v != NULL) { + if (v != NULL && strlen(v) < (lastchar - out)) { (void) strcpy(out - 1, v); out += strlen(v) - 1; } @@@@ -313,8 +313,8 @@@@ shellpath(char *out, int limit, char *in } *s = '\0'; - /* get its value */ - if ((v = getenv(out)) != NULL) { + /* get its value, but only it isn't too big */ + if ((v = getenv(out)) != NULL && strlen(v) < (lastchar - out)) { (void) strcpy(out - 1, v); out += strlen(v) - 1; } @ 1.1 log @Security fix for SA21601: "Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. 1) Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories. 2) A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument. Successful exploitation may allow execution of arbitrary code." Patches adapted from cscope CVS. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ap was added on branch pkgsrc-2006Q2 on 2006-08-24 22:02:02 +0000 @ text @d1 24 @ 1.1.2.2 log @Pullup ticket 1808 - requested by salo security fix for cscope Revisions pulled up: - pkgsrc/devel/cscope/Makefile 1.45 - pkgsrc/devel/cscope/distinfo 1.15 - pkgsrc/devel/cscope/patches/patch-aa 1.11 - pkgsrc/devel/cscope/patches/patch-ae 1.9 - pkgsrc/devel/cscope/patches/patch-af 1.8 - pkgsrc/devel/cscope/patches/patch-ag 1.5 - pkgsrc/devel/cscope/patches/patch-ah 1.5 - pkgsrc/devel/cscope/patches/patch-ai 1.5 - pkgsrc/devel/cscope/patches/patch-aj 1.3 - pkgsrc/devel/cscope/patches/patch-ap 1. Module Name: pkgsrc Committed By: salo Date: Thu Aug 24 22:02:02 UTC 2006 Modified Files: pkgsrc/devel/cscope: Makefile distinfo pkgsrc/devel/cscope/patches: patch-aa patch-ae patch-af patch-ag patch-ah patch-ai patch-aj Added Files: pkgsrc/devel/cscope/patches: patch-ap Log Message: Security fix for SA21601: "Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. 1) Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories. 2) A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument. Successful exploitation may allow execution of arbitrary code." Patches adapted from cscope CVS. Bump PKGREVISION. @ text @a0 24 $NetBSD: patch-ap,v 1.1.2.1 2006/08/25 11:05:02 ghen Exp $ --- src/input.c.orig 2001-07-18 15:49:01.000000000 +0200 +++ src/input.c 2006-08-24 23:44:25.000000000 +0200 @@@@ -290,7 +290,7 @@@@ shellpath(char *out, int limit, char *in v = logdir(out); } /* copy the directory name */ - if (v != NULL) { + if (v != NULL && strlen(v) < (lastchar - out)) { (void) strcpy(out - 1, v); out += strlen(v) - 1; } @@@@ -313,8 +313,8 @@@@ shellpath(char *out, int limit, char *in } *s = '\0'; - /* get its value */ - if ((v = getenv(out)) != NULL) { + /* get its value, but only it isn't too big */ + if ((v = getenv(out)) != NULL && strlen(v) < (lastchar - out)) { (void) strcpy(out - 1, v); out += strlen(v) - 1; } @