head 1.7; access; symbols pkgsrc-2013Q2:1.7.0.26 pkgsrc-2013Q2-base:1.7 pkgsrc-2012Q4:1.7.0.24 pkgsrc-2012Q4-base:1.7 pkgsrc-2011Q4:1.7.0.22 pkgsrc-2011Q4-base:1.7 pkgsrc-2011Q2:1.7.0.20 pkgsrc-2011Q2-base:1.7 pkgsrc-2009Q4:1.7.0.18 pkgsrc-2009Q4-base:1.7 pkgsrc-2008Q4:1.7.0.16 pkgsrc-2008Q4-base:1.7 pkgsrc-2008Q3:1.7.0.14 pkgsrc-2008Q3-base:1.7 cube-native-xorg:1.7.0.12 cube-native-xorg-base:1.7 pkgsrc-2008Q2:1.7.0.10 pkgsrc-2008Q2-base:1.7 pkgsrc-2008Q1:1.7.0.8 pkgsrc-2008Q1-base:1.7 pkgsrc-2007Q4:1.7.0.6 pkgsrc-2007Q4-base:1.7 pkgsrc-2007Q3:1.7.0.4 pkgsrc-2007Q3-base:1.7 pkgsrc-2007Q2:1.7.0.2 pkgsrc-2007Q2-base:1.7 pkgsrc-2007Q1:1.6.0.16 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.6.0.14 pkgsrc-2006Q4-base:1.6 pkgsrc-2006Q3:1.6.0.12 pkgsrc-2006Q3-base:1.6 pkgsrc-2006Q2:1.6.0.10 pkgsrc-2006Q2-base:1.6 pkgsrc-2006Q1:1.6.0.8 pkgsrc-2006Q1-base:1.6 pkgsrc-2005Q4:1.6.0.6 pkgsrc-2005Q4-base:1.6 pkgsrc-2005Q3:1.6.0.4 pkgsrc-2005Q3-base:1.6 pkgsrc-2005Q2:1.6.0.2 pkgsrc-2005Q2-base:1.6 pkgsrc-2005Q1:1.5.0.2 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.4.0.10 pkgsrc-2004Q4-base:1.4 pkgsrc-2004Q3:1.4.0.8 pkgsrc-2004Q3-base:1.4 pkgsrc-2004Q2:1.4.0.6 pkgsrc-2004Q2-base:1.4 pkgsrc-2004Q1:1.4.0.4 pkgsrc-2004Q1-base:1.4 pkgsrc-2003Q4:1.4.0.2 pkgsrc-2003Q4-base:1.4 netbsd-1-6-1:1.3.0.6 netbsd-1-6-1-base:1.3 netbsd-1-6:1.3.0.8 netbsd-1-6-RELEASE-base:1.3 pkgviews:1.3.0.4 pkgviews-base:1.3 buildlink2:1.3.0.2 buildlink2-base:1.3 netbsd-1-5-PATCH003:1.3 netbsd-1-5-PATCH001:1.3; locks; strict; comment @# @; 1.7 date 2007.05.27.09.49.45; author schmonz; state dead; branches; next 1.6; 1.6 date 2005.04.19.12.39.18; author wiz; state Exp; branches; next 1.5; 1.5 date 2005.03.01.15.36.48; author wiz; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 2003.06.19.21.55.26; author seb; state dead; branches; next 1.3; 1.3 date 2000.10.18.03.31.16; author hubertf; state Exp; branches; next 1.2; 1.2 date 99.04.20.15.01.11; author mycroft; state dead; branches; next 1.1; 1.1 date 99.03.11.09.48.43; author tron; state Exp; branches; next ; 1.5.2.1 date 2005.04.22.14.39.14; author salo; state Exp; branches; next ; desc @@ 1.7 log @Move cvs to scmcvs so it can be checked out on a case-insensitive filesystem without interference from devel/CVS metadata. PKGNAME stays the same. Discussed with agc. @ text @$NetBSD: patch-ag,v 1.6 2005/04/19 12:39:18 wiz Exp $ --- lib/xtime.h.orig 2005-03-04 20:05:09.000000000 +0100 +++ lib/xtime.h @@@@ -14,6 +14,9 @@@@ #ifndef XTIME_HEADER_INCLUDED #define XTIME_HEADER_INCLUDED +#ifndef _XTIME_H_ +#define _XTIME_H_ + #ifdef vms # include #else /* vms */ @@@@ -58,4 +61,6 @@@@ extern long timezone; #endif /* !vms */ +#endif /* !_XTIME_H_ */ + #endif /* !XTIME_HEADER_INCLUDED */ @ 1.6 log @Update to 1.11.20. NOTE: currently without IPv6 support, until there is an updated KAME patch for it. Changes: Changes since 1.11.19: ********************** SERVER SECURITY FIXES * Thanks to a report from Alen Zukich, several minor security issues have been addressed. One was a buffer overflow that is potentially serious but which may not be exploitable, assigned CAN-2005-0753 by the Common Vulnerabilities and Exposures Project . Other fixes resulting from Alen's report include repair of an arbitrary free with no known exploit and several plugged memory leaks and potentially freed NULL pointers which may have been exploitable for a denial of service attack. * Thanks to a report from Craig Monson, minor potential vulnerabilities in the contributed Perl scripts have been fixed. The confirmed vulnerability could allow the execution of arbitrary code on the CVS server, but only if a user already had commit access and if one of the contrib scripts was installed improperly, a condition which should have been quickly visible to any administrator. The complete description of the problem is here: . If you were making use of any of the contributed trigger scripts on a CVS server, you should probably still replace them with the new versions, to be on the safe side. Unfortunately, our fix is incomplete. Taint-checking has been enabled in all the contributed Perl scripts intended to be run as trigger scripts, but no attempt has been made to ensure that they still run in taint mode. You will most likely have to tweak the scripts in some way to make them run. Please send any patches you find necessary back to so that we may again ship fully enabled scripts in the future. You should also make sure that any home-grown Perl scripts that you might have installed as CVS triggers also have taint-checking enabled. This can be done by adding `-T' on the scripts' #! lines. Please try running `perldoc perlsec' if you would like more information on general Perl security and taint-checking. BUG FIXES * Thanks to a report and a patch from Georg Scwharz CVS now builds without error on IRIX 5.3 DEVELOPER ISSUES * We've standardized on Automake 1.9.5 to get some at new features that make our jobs easier. See the HACKING file for more on using the autotools with CVS. @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.5 2005/03/01 15:36:48 wiz Exp $ @ 1.5 log @Update to 1.11.19. pkgsrc change: patch-ag, provided by Georg Schwarz, added to fix the build on IRIX. NEWS: Changes since 1.11.18: ********************** BUG FIXES * An intermittant assertion failure in checkout has been fixed. * Thanks to a report from Chris Bohn, all the source files needed for the Windows "red file" fix are actually included in the distribution. * Misc bug and documentation fixes. Changes from 1.11.17 to 1.11.18: ******************************** BUG FIXES * Thanks to a report from Gottfried Ganssauge, CVS no longer exits when it encounters links pointing to paths containing more than 128 characters. * Thanks to a report from Dan Peterson, error messages from GSSAPI servers are no longer truncated. * Thanks to a report from Dan Peterson, attempts to resurrect a file on the trunk that was added on a branch no longer causes an assertion failure. * Thanks to a report from Dan Peterson, imports to branches like "1.1." no longer create corrupt RCS archives. * Thanks to a report from Chris Bohn, links from J.C. Hamlin, and code posted by Jonathan Gilligan, we think we have finally corrected the Windows "red-file" (daylight savings time) bug once and for all. * Thanks to a patch from Jeroen Ruigrok/asmodai, the log_accum.pl script should no longer elicit warnings from Perl 5.8.5. * The r* commands (rlog, rls, etc.) can once again handle requests to run against the entire repository (e.g. `cvs rlog .'). Thanks go to Dan Peterson for the report. * A problem where the attempted access of files via tags beginning with spaces could cause the CVS server to hang has been fixed. This was a particular problem with WinCVS clients because users would sometimes accidentally include spaces in tags pasted into a dialog box. This fix also altered some of the error messages generated by the use of invalid tags. Thanks go to Dan Peterson for the report. * Thanks to James E Wilson for a bug fix to modules processing "gcc-core -a !gcc/f gcc" will no longer exclude gcc/fortran by mistake. * Thanks to Conrad Pino, the Windows build works once again. * Misc updates to the manual. DEVELOPER ISSUES * We've standardized on Automake 1.9.3 to get some at new features that make our jobs easier. See the note below on the Autoconf upgrade for more details. * We've standardized on Autoconf version 2.59 to get presumed bug fixes and features, but nothing specific. Mostly, once we decide to upgrade one of the autotools we just figure it'll save time later to grab the most current versions of the others too. See the HACKING file for more on using the autotools with CVS. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- lib/xtime.h.orig 2004-11-11 23:30:47.000000000 +0100 d5 3 a7 3 @@@@ -12,6 +12,9 @@@@ * functions */ d15 1 a15 2 @@@@ -55,3 +58,5 @@@@ extern long timezone; # endif /* !defined(HAVE_FTIME) && !defined(HAVE_TIMEZONE) */ d18 2 d21 1 a21 1 +#endif /* !_XTIME_H_ */ @ 1.5.2.1 log @Pullup ticket 464 - requested by Thomas Klausner security update for cvs Revisions pulled up: - pkgsrc/devel/cvs/Makefile 1.84 - pkgsrc/devel/cvs/distinfo 1.26 - pkgsrc/devel/cvs/patches/patch-ab 1.15 - pkgsrc/devel/cvs/patches/patch-ae 1.10 - pkgsrc/devel/cvs/patches/patch-af 1.12 - pkgsrc/devel/cvs/patches/patch-ag 1.6 - pkgsrc/devel/cvs/patches/patch-ai 1.9 - pkgsrc/devel/cvs/patches/patch-al 1.11 - pkgsrc/devel/cvs/patches/patch-ar 1.16 - pkgsrc/devel/cvs/patches/patch-as 1.8 - pkgsrc/devel/cvs/patches/patch-az 1.9 Module Name: pkgsrc Committed By: wiz Date: Tue Apr 19 12:39:18 UTC 2005 Modified Files: pkgsrc/devel/cvs: Makefile distinfo pkgsrc/devel/cvs/patches: patch-ab patch-ae patch-af patch-ag patch-ai patch-al patch-ar patch-as patch-az Log Message: Update to 1.11.20. NOTE: currently without IPv6 support, until there is an updated KAME patch for it. Changes: Changes since 1.11.19: ********************** SERVER SECURITY FIXES * Thanks to a report from Alen Zukich, several minor security issues have been addressed. One was a buffer overflow that is potentially serious but which may not be exploitable, assigned CAN-2005-0753 by the Common Vulnerabilities and Exposures Project . Other fixes resulting from Alen's report include repair of an arbitrary free with no known exploit and several plugged memory leaks and potentially freed NULL pointers which may have been exploitable for a denial of service attack. * Thanks to a report from Craig Monson, minor potential vulnerabilities in the contributed Perl scripts have been fixed. The confirmed vulnerability could allow the execution of arbitrary code on the CVS server, but only if a user already had commit access and if one of the contrib scripts was installed improperly, a condition which should have been quickly visible to any administrator. The complete description of the problem is here: . If you were making use of any of the contributed trigger scripts on a CVS server, you should probably still replace them with the new versions, to be on the safe side. Unfortunately, our fix is incomplete. Taint-checking has been enabled in all the contributed Perl scripts intended to be run as trigger scripts, but no attempt has been made to ensure that they still run in taint mode. You will most likely have to tweak the scripts in some way to make them run. Please send any patches you find necessary back to so that we may again ship fully enabled scripts in the future. You should also make sure that any home-grown Perl scripts that you might have installed as CVS triggers also have taint-checking enabled. This can be done by adding `-T' on the scripts' #! lines. Please try running `perldoc perlsec' if you would like more information on general Perl security and taint-checking. BUG FIXES * Thanks to a report and a patch from Georg Scwharz CVS now builds without error on IRIX 5.3 DEVELOPER ISSUES * We've standardized on Automake 1.9.5 to get some at new features that make our jobs easier. See the HACKING file for more on using the autotools with CVS. @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.6 2005/04/19 12:39:18 wiz Exp $ d3 1 a3 1 --- lib/xtime.h.orig 2005-03-04 20:05:09.000000000 +0100 d5 3 a7 3 @@@@ -14,6 +14,9 @@@@ #ifndef XTIME_HEADER_INCLUDED #define XTIME_HEADER_INCLUDED d15 2 a16 1 @@@@ -58,4 +61,6 @@@@ extern long timezone; d19 1 a19 1 a20 2 + #endif /* !XTIME_HEADER_INCLUDED */ @ 1.4 log @Convert to USE_NEW_TEXINFO. Remove unnecessary patches on texinfo sources. @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.3 2000/10/18 03:31:16 hubertf Exp $ d3 5 a7 5 --- doc/cvsclient.texi.orig Wed Aug 30 03:16:32 2000 +++ doc/cvsclient.texi @@@@ -8,6 +8,11 @@@@ * cvsclient: (cvsclient). The CVS client/server protocol. @@end direntry d9 2 a10 4 +@@dircategory Programming & development tools +@@direntry +* CVS-CLIENT: (cvsclient). CVS client/server Reference Manual. +@@end direntry d12 5 a16 2 @@node Top @@top CVS Client/Server d18 3 @ 1.3 log @Update to 1.11. Changes since 1.10: * The new "cvs version" command gives a short version message. If the repository is remote, both the client and server versions are reported. * "cvs admin -t" now works correctly in client/server mode. * The "cvs history" command output format has changed -- the date now includes the year and is given is ISO 8601 format (yyyy-mm-dd). Also, the new LogHistory option in CVSROOT/config can be used to control what information gets recorded in the log file and code has been added to record file removals. * The buggy PreservePermissions code has been disabled. * Anonymous read-only access can now be done without requiring a password. On the server side, simply give that user (presumably `anonymous') an empty password in the CVSROOT/passwd file, and then any received password will authenticate successfully. * There is a new access method :fork: which is similar to :local: except that it is implemented via the CVS remote protocol, and thus has a somewhat different set of quirks and bugs. * The -d command line option no longer updates the CVS/Root file. For one thing, the CVS 1.9/1.10 behavior never had updated CVS/Root in subdirectories, and for another, it didn't seem that popular in general. So this change restores the CVS 1.8 behavior (which is also the CVS 1.9/1.10 behavior if the environment variable CVS_IGNORE_REMOTE_ROOT is set; with this change, CVS_IGNORE_REMOTE_ROOT no longer has any effect). * It is now possible for a single CVS command to recurse into several CVS roots. This includes roots which are located on several servers, or which are both remote and local. CVS will make connections to as many servers as necessary. * It is now possible to put the CVS lock files in a directory set by the new LockDir option in CVSROOT/config. The default continues to be to put the lock files in the repository itself. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Nuke the klugy CVSREADONLY hack, and instead use a modified version of our old `cvs -u' changes to prevent lock creation. @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.1 1999/03/11 09:48:43 tron Exp $ d3 5 a7 5 --- src/cvs.h.orig Mon Jul 27 04:54:11 1998 +++ src/cvs.h Thu Mar 11 10:39:14 1999 @@@@ -256,6 +256,8 @@@@ #define CVSREAD_ENV "CVSREAD" /* make files read-only */ #define CVSREAD_DFLT 0 /* writable files by default */ d9 4 a12 1 +#define CVSREADONLYFS_ENV "CVSREADONLYFS" /* repository is read-only */ d14 2 a15 2 #define TMPDIR_ENV "TMPDIR" /* Temporary directory */ /* #define TMPDIR_DFLT Set by options.h */ a16 8 @@@@ -383,6 +385,7 @@@@ extern int trace; /* Show all commands */ extern int noexec; /* Don't modify disk anywhere */ +extern int readonlyfs; /* fail on all write locks; succeed all read locks */ extern int logoff; /* Don't write history entry */ extern int top_level_admin; @ 1.1 log @Add support for read only CVS repositories derived from OpenBSD. @ text @d1 1 a1 1 $NetBSD$ @