OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src openpkg-web Date: 08-Jan-2004 14:21:48
Branch: OPENPKG_1_2_SOLID HEAD Handle: 2004010813214602
Added files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/cvs cvs.patch
Modified files:
openpkg-web news.txt
Modified files: (Branch: OPENPKG_1_2_SOLID)
openpkg-src/cvs cvs.patches.msvb cvs.patches.rse cvs.spec
Log:
relocate previous patch to standard patch file; Extracted bugfixes and
security enhancement from Stable CVS 1.11.11
Summary:
Revision Changes Path
1.3.4.1 +152 -0 openpkg-src/cvs/cvs.patch
1.1.4.2 +0 -21 openpkg-src/cvs/cvs.patches.msvb
1.8.4.2 +1 -1 openpkg-src/cvs/cvs.patches.rse
1.48.2.1.2.6+5 -3 openpkg-src/cvs/cvs.spec
1.8011 +1 -0 openpkg-web/news.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/cvs/cvs.patch
============================================================================
$ cvs diff -u -r0 -r1.3.4.1 cvs.patch
--- /dev/null 2004-01-08 14:21:48.000000000 +0100
+++ cvs.patch 2004-01-08 14:21:48.000000000 +0100
@@ -0,0 +1,152 @@
+diff -Naur cvs-1.11.5.orig/cvs-1.11.5/src/modules.c
cvs-1.11.5/cvs-1.11.5/src/modules.c
+--- src/modules.c.orig Thu Jun 21 23:23:09 2001
++++ src/modules.c Fri Dec 12 17:44:14 2003
+@@ -159,6 +159,17 @@
+ }
+ #endif
+
++ /* Don't process absolute directories. Anything else could be a security
++ * problem. Before this check was put in place:
++ *
++ * $ cvs -d:fork:/cvsroot co /foo
++ * cvs server: warning: cannot make directory CVS in /: Permission denied
++ * cvs [server aborted]: cannot make directory /foo: Permission denied
++ * $
++ */
++ if (isabsolute (mname))
++ error (1, 0, "Absolute module reference invalid: `%s'", mname);
++
+ /* if this is a directory to ignore, add it to that list */
+ if (mname[0] == '!' && mname[1] != '\0')
+ {
++ /* Don't process absolute directories. Anything else could be a security
++ * problem. Before this check was put in place:
++ *
++ * $ cvs -d:fork:/cvsroot co /foo
++ * cvs server: warning: cannot make directory CVS in /: Permission denied
++ * cvs [server aborted]: cannot make directory /foo: Permission denied
++ * $
++ */
++ if (isabsolute (mname))
++ error (1, 0, "Absolute module reference invalid: `%s'", mname);
++
+ /* if this is a directory to ignore, add it to that list */
+ if (mname[0] == '!' && mname[1] != '\0')
+ {
+
+Extracted bugfixes and security enhancement from Stable CVS 1.11.11.
+
+2003-12-18 19:11 dprice
+
+ * src/: ChangeLog, server.c: * server.c (switch_to_user): SysLog
+ attempts to root from pserver.
+
+2003-12-18 18:38 dprice
+
+ * src/: ChangeLog, sanity.sh, server.c: * server.c
+ (switch_to_user): Don't allow CVS to run as root in pserver mode.
+ (Original patch from Wichert Akkerman via Bradley M Kuhn
+ <[EMAIL PROTECTED]>.) * sanity.sh (pserver): Check for bad root error
+ message.
+
+2003-12-18 04:00 scjones
+
+ * src/: ChangeLog, run.c: * run.c (close_on_exec): fcntl is not
+ documented to return 0 for success (and QNX doesn't), only -1 for
+ error.
+
+2003-12-10 10:36 mdb
+
+ * src/: ChangeLog, server.c: * server.c (template_proc): Fix broken
+ Template protocol code. Must call send buf_send_counted() for
+ Template files to avoid "Protocol error: uncounted data discarded"
+ messages in some circumstances. (Problem reported by "Jim.Hyslop"
+ <[EMAIL PROTECTED]>.)
+
+Index: src/run.c
+===================================================================
+RCS file: /cvs/ccvs/src/run.c,v
+retrieving revision 1.33
+retrieving revision 1.33.6.1
+diff -u -d -u -d -r1.33 -r1.33.6.1
+--- src/run.c 24 Jan 2001 03:35:10 -0000 1.33
++++ src/run.c 18 Dec 2003 03:00:44 -0000 1.33.6.1
+@@ -455,7 +455,7 @@
+ int fd;
+ {
+ #ifdef F_SETFD
+- if (fcntl (fd, F_SETFD, 1))
++ if (fcntl (fd, F_SETFD, 1) == -1)
+ error (1, errno, "can't set close-on-exec flag on %d", fd);
+ #endif
+ }
+Index: src/server.c
+===================================================================
+RCS file: /cvs/ccvs/src/server.c,v
+retrieving revision 1.284.2.9
+retrieving revision 1.284.2.12
+diff -u -d -u -d -r1.284.2.9 -r1.284.2.12
+--- src/server.c 3 Oct 2003 19:15:32 -0000 1.284.2.9
++++ src/server.c 18 Dec 2003 18:03:13 -0000 1.284.2.12
+@@ -4404,6 +4404,7 @@
+ return 1;
+ }
+ }
++ buf_send_counted (protocol);
+ if (fclose (fp) < 0)
+ error (0, errno, "cannot close rcsinfo template file %s", template);
+ return 0;
+@@ -5118,10 +5119,11 @@
+
+
+ #if defined (HAVE_KERBEROS) || defined (AUTH_SERVER_SUPPORT) || defined
(HAVE_GSSAPI)
+-static void switch_to_user PROTO((const char *));
++static void switch_to_user PROTO((const char *, const char *));
+
+ static void
+-switch_to_user (username)
++switch_to_user (cvs_username, username)
++ const char *cvs_username; /* Only used for error messages. */
+ const char *username;
+ {
+ struct passwd *pw;
+@@ -5138,6 +5140,20 @@
+ error_exit ();
+ }
+
++ if (pw->pw_uid == 0)
++ {
++#ifdef HAVE_SYSLOG_H
++ /* FIXME: Can the IP address of the connecting client be retrieved
++ * and printed here?
++ */
++ syslog (LOG_DAEMON | LOG_ALERT,
++ "attempt to root from account: %s", cvs_username
++ );
++#endif
++ printf("error 0: root not allowed\n");
++ error_exit ();
++ }
++
+ #if HAVE_INITGROUPS
+ if (initgroups (pw->pw_name, pw->pw_gid) < 0
+ # ifdef EPERM
+@@ -5735,7 +5751,7 @@
+ strcpy (Pserver_Repos, repository);
+
+ /* Switch to run as this user. */
+- switch_to_user (host_user);
++ switch_to_user (username, host_user);
+ free (host_user);
+ free (tmp);
+ free (repository);
+@@ -5928,7 +5944,7 @@
+ error (1, errno, "fwrite failed");
+ }
+
+- switch_to_user (buf);
++ switch_to_user ("GSSAPI", buf);
+
+ printf ("I LOVE YOU\n");
+ fflush (stdout);
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/cvs/cvs.patches.msvb
============================================================================
$ cvs diff -u -r1.1.4.1 -r1.1.4.2 cvs.patches.msvb
--- openpkg-src/cvs/cvs.patches.msvb 12 Dec 2003 16:57:18 -0000 1.1.4.1
+++ openpkg-src/cvs/cvs.patches.msvb 8 Jan 2004 13:21:48 -0000 1.1.4.2
@@ -8,24 +8,3 @@
#include <netdb.h>
#endif
-diff -Naur cvs-1.11.5.orig/cvs-1.11.5/src/modules.c
cvs-1.11.5/cvs-1.11.5/src/modules.c
---- src/modules.c.orig Thu Jun 21 23:23:09 2001
-+++ src/modules.c Fri Dec 12 17:44:14 2003
-@@ -159,6 +159,17 @@
- }
- #endif
-
-+ /* Don't process absolute directories. Anything else could be a security
-+ * problem. Before this check was put in place:
-+ *
-+ * $ cvs -d:fork:/cvsroot co /foo
-+ * cvs server: warning: cannot make directory CVS in /: Permission denied
-+ * cvs [server aborted]: cannot make directory /foo: Permission denied
-+ * $
-+ */
-+ if (isabsolute (mname))
-+ error (1, 0, "Absolute module reference invalid: `%s'", mname);
-+
- /* if this is a directory to ignore, add it to that list */
- if (mname[0] == '!' && mname[1] != '\0')
- {
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/cvs/cvs.patches.rse
============================================================================
$ cvs diff -u -r1.8.4.1 -r1.8.4.2 cvs.patches.rse
--- openpkg-src/cvs/cvs.patches.rse 21 Jan 2003 08:41:48 -0000 1.8.4.1
+++ openpkg-src/cvs/cvs.patches.rse 8 Jan 2004 13:21:48 -0000 1.8.4.2
@@ -4626,7 +4626,7 @@
+ }
+
+ /* Switch to run as this user. */
-+ switch_to_user(host_user);
++ switch_to_user(username, host_user);
+ free(tmp);
+ free(repository);
+ free(username);
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/cvs/cvs.spec
============================================================================
$ cvs diff -u -r1.48.2.1.2.5 -r1.48.2.1.2.6 cvs.spec
--- openpkg-src/cvs/cvs.spec 12 Dec 2003 16:57:18 -0000 1.48.2.1.2.5
+++ openpkg-src/cvs/cvs.spec 8 Jan 2004 13:21:48 -0000 1.48.2.1.2.6
@@ -37,7 +37,7 @@
Group: SCM
License: GPL
Version: %{V_cvs}
-Release: 1.2.3
+Release: 1.2.4
# optional support for applying the RSE patches
%option with_rse_patches no
@@ -49,6 +49,7 @@
Source2: cvs.patches.rse
Source3: cvs.patches.msvb
Source4: rc.cvs
+Patch0: cvs.patch
# build information
Prefix: %{l_prefix}
@@ -85,8 +86,8 @@
%prep
%setup0 -q -c
%setup1 -q -T -D -a 1
-%if "%{with_rse_patches}" == "yes"
( cd cvs-%{V_cvs}
+%if "%{with_rse_patches}" == "yes"
cat %{SOURCE cvs.patches.rse} |\
sed -e 's;\(#define RSE_PATCH_CVSUSER_CALLER
"\)cvs\("\);\1%{with_rse_patch_cvsuser_caller}\2;' |\
%{l_patch} -p0
@@ -96,8 +97,9 @@
%{l_patch} -p0 < %{SOURCE cvs.patches.msvb}
;;
esac
- )
%endif
+ %patch -p0
+ )
%build
( cd cvs-%{V_cvs}
@@ .
patch -p0 <<'@@ .'
Index: openpkg-web/news.txt
============================================================================
$ cvs diff -u -r1.8010 -r1.8011 news.txt
--- openpkg-web/news.txt 8 Jan 2004 13:13:49 -0000 1.8010
+++ openpkg-web/news.txt 8 Jan 2004 13:21:46 -0000 1.8011
@@ -1,3 +1,4 @@
+08-Jan-2004: Upgraded package: P<cvs-1.11.5-1.2.4>
08-Jan-2004: New package: P<pdnsd-1.1.8b1par8-20040108>
08-Jan-2004: Upgraded package: P<cvs-1.12.1-1.3.3>
08-Jan-2004: Upgraded package: P<inn-2.4.1-20040108>
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]