[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/cvs/ cvs.patch cvs.spec

Fri, 12 Dec 2003 09:42:04 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Michael Schloh
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   12-Dec-2003 17:39:13
  Branch: OPENPKG_1_3_SOLID                Handle: 2003121216391300

  Modified files:           (Branch: OPENPKG_1_3_SOLID)
    openpkg-src/cvs         cvs.patch cvs.spec

  Log:
    backport fix for filesystem violation, OpenPKG-SA-2003.052

  Summary:
    Revision    Changes     Path
    1.3.2.1.2.1 +20 -0      openpkg-src/cvs/cvs.patch
    1.48.2.3.2.2+1  -1      openpkg-src/cvs/cvs.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/cvs/cvs.patch
  ============================================================================
  $ cvs diff -u -r1.3.2.1 -r1.3.2.1.2.1 cvs.patch
  --- openpkg-src/cvs/cvs.patch 24 Jul 2003 20:41:53 -0000      1.3.2.1
  +++ openpkg-src/cvs/cvs.patch 12 Dec 2003 16:39:13 -0000      1.3.2.1.2.1
  @@ -23,3 +23,23 @@
    
    #ifdef SYSTEM_INITIALIZE
        /* Hook for OS-specific behavior, for example socket subsystems on
  +--- src/modules.c.orig       Fri Dec 12 15:47:47 2003
  ++++ src/modules.c    Fri Dec 12 15:49:50 2003
  +@@ -157,6 +157,17 @@
  +     }
  + #endif
  + 
  ++    /* Don't process absolute directories.  Anything else could be a security
  ++     * problem.  Before this check was put in place:
  ++     *
  ++     *   $ cvs -d:fork:/cvsroot co /foo
  ++     *   cvs server: warning: cannot make directory CVS in /: Permission denied
  ++     *   cvs [server aborted]: cannot make directory /foo: Permission denied
  ++     *   $
  ++     */
  ++    if (isabsolute (mname))
  ++    error (1, 0, "Absolute module reference invalid: `%s'", mname);
  ++
  +     /* if this is a directory to ignore, add it to that list */
  +     if (mname[0] == '!' && mname[1] != '\0')
  +     {
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/cvs/cvs.spec
  ============================================================================
  $ cvs diff -u -r1.48.2.3.2.1 -r1.48.2.3.2.2 cvs.spec
  --- openpkg-src/cvs/cvs.spec  29 Jul 2003 14:58:36 -0000      1.48.2.3.2.1
  +++ openpkg-src/cvs/cvs.spec  12 Dec 2003 16:39:13 -0000      1.48.2.3.2.2
  @@ -37,7 +37,7 @@
   Group:        SCM
   License:      GPL
   Version:      %{V_cvs}
  -Release:      1.3.0
  +Release:      1.3.1
   
   #   package options
   %option       with_fsl         yes
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to