commit cvs for openSUSE:Factory
Hello community,
here is the log from the commit of package cvs for openSUSE:Factory checked in
at 2018-10-01 09:03:49
Comparing /work/SRC/openSUSE:Factory/cvs (Old)
and /work/SRC/openSUSE:Factory/.cvs.new (New)
Package is "cvs"
Mon Oct 1 09:03:49 2018 rev:34 rq:636903 version:1.12.13
Changes:
--- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2018-02-13 10:25:02.654517431
+0100
+++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2018-10-01
09:03:52.923972356 +0200
@@ -1,0 +2,14 @@
+Wed Sep 19 15:32:59 UTC 2018 - josef.moell...@suse.com
+
+- Upgrade to 1.12.13
+ This version fixes two security vulnerabilities in the zlib
+ compression libraries (see CERT vulnerabilities advisories
+ #238678 & #680620 for more info), several issues involving
+ potential data-loss on heavily loaded systems, some minor
+ potential crashes, hangs, and several minor annoyances in CVS
+ client and server behavior.
+ See also:
+ https://savannah.nongnu.org/forum/forum.php?forum_id=4046
+ http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/NEWS?revision=1.341
+
+---
Old:
cvs-1.12.12.tar.bz2
New:
cvs-1.12.13.tar.bz2
Other differences:
--
++ cvs.spec ++
--- /var/tmp/diff_new_pack.B5fPAE/_old 2018-10-01 09:03:53.899971511 +0200
+++ /var/tmp/diff_new_pack.B5fPAE/_new 2018-10-01 09:03:53.903971507 +0200
@@ -17,7 +17,7 @@
Name: cvs
-Version:1.12.12
+Version:1.12.13
Release:0
Summary:Concurrent Versions System
License:GPL-2.0
@@ -90,7 +90,7 @@
%patch8 -p1
%patch10
%patch11 -p1
-%patch12
+%patch12 -p1
%patch16
%patch17
%patch18
@@ -191,6 +191,7 @@
%{_datadir}/%{name}/contrib/rcslock
%{_datadir}/%{name}/contrib/rcs-to-cvs
%{_datadir}/%{name}/contrib/README
+%{_datadir}/%{name}/contrib/rcs-5.7-commitid.patch
%{_datadir}/%{name}/contrib/sandbox_status
%{_datadir}/%{name}/contrib/validate_repo
%attr(755,root,root) %{_datadir}/%{name}/contrib/sccs2rcs
@@ -201,10 +202,7 @@
%files doc
%defattr(-,root,root)
%dir %{_defaultdocdir}/%{name}
-%{_infodir}/cvs.info-*%{ext_info}
-%{_infodir}/cvs.info%{ext_info}
-%{_infodir}/cvsclient.info-*%{ext_info}
-%{_infodir}/cvsclient.info%{ext_info}
+%{_infodir}/*.info*
%doc %{_datadir}/%{name}/contrib/intro.doc
%doc %{_defaultdocdir}/%{name}/OpenSourceDevWithCVS_2E.pdf
++ 03cvs-client-exploit-fix.diff ++
--- /var/tmp/diff_new_pack.B5fPAE/_old 2018-10-01 09:03:53.927971487 +0200
+++ /var/tmp/diff_new_pack.B5fPAE/_new 2018-10-01 09:03:53.927971487 +0200
@@ -1,8 +1,8 @@
-Index: src/client.c
-
src/client.c
-+++ src/client.c
-@@ -767,6 +767,19 @@
+Index: cvs-1.12.13/src/client.c
+===
+--- cvs-1.12.13.orig/src/client.c
cvs-1.12.13/src/client.c
+@@ -750,6 +750,19 @@ call_in_directory (const char *pathname,
assert (pathname);
@@ -12,13 +12,13 @@
+ * Anything less means a trojan CVS server could create and edit arbitrary
+ * files on the client.
+ */
-+if (isabsolute (pathname) || pathname_levels (pathname) > 0)
++if (ISABSOLUTE (pathname) || pathname_levels (pathname) > 0)
+{
-+ error (0, 0,
++ error (0, 0,
+ "Server attempted to update a file via an invalid pathname:");
+error (1, 0, "`%s'.", pathname);
+}
+
reposname = NULL;
read_line (&reposname);
- assert (reposname != NULL);
+ assert (reposname);
++ cvs-1.12.12.tar.bz2 -> cvs-1.12.13.tar.bz2 ++
157373 lines of diff (skipped)
++ cvs-format.patch ++
--- /var/tmp/diff_new_pack.B5fPAE/_old 2018-10-01 09:03:56.067969634 +0200
+++ /var/tmp/diff_new_pack.B5fPAE/_new 2018-10-01 09:03:56.071969631 +0200
@@ -1,6 +1,8 @@
cvs-1.12.12/src/cvs.h
-+++ cvs-1.12.12/src/cvs.h
-@@ -566,7 +566,7 @@
+Index: cvs-1.12.13/src/cvs.h
+===
+--- cvs-1.12.13.orig/src/cvs.h
cvs-1.12.13/src/cvs.h
+@@ -585,7 +585,7 @@ void cat_module (int status);
void check_entries (char *dir);
void close_module (DBM * db);
void copy_file (const char *from, const char *to);
@@ -9,14 +11,3 @@
int ign_name (char *name);
void ign_add (char *ign, int hold);
cvs-1.12.12/src/subr.h
-+++ cvs-1.12.12/src/subr.h
-@@ -69,7 +69,7 @@
- #ifdef SUPPORT_OLD_INFO_FMT_STRINGS
- char *format_cmdline (bool oldway, const char *srepos, const char *format,
...);
- #else /* SUPPORT_OLD_INFO_FMT_STRINGS */
--char *format_cmdline (const char *format, ...);
-+char *format_cmdline (const char *format, ...)
__attribute__((__format__(printf,
commit cvs for openSUSE:Factory
Hello community,
here is the log from the commit of package cvs for openSUSE:Factory checked in
at 2018-02-13 10:25:01
Comparing /work/SRC/openSUSE:Factory/cvs (Old)
and /work/SRC/openSUSE:Factory/.cvs.new (New)
Package is "cvs"
Tue Feb 13 10:25:01 2018 rev:33 rq:574721 version:1.12.12
Changes:
--- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2017-08-30 16:23:43.769047864
+0200
+++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2018-02-13
10:25:02.654517431 +0100
@@ -1,0 +2,5 @@
+Fri Feb 9 12:03:19 UTC 2018 - ku...@suse.com
+
+- Don't create unused xinetd directory
+
+---
Other differences:
--
++ cvs.spec ++
--- /var/tmp/diff_new_pack.C0Wy9q/_old 2018-02-13 10:25:03.886473044 +0100
+++ /var/tmp/diff_new_pack.C0Wy9q/_new 2018-02-13 10:25:03.890472900 +0100
@@ -1,7 +1,7 @@
#
# spec file for package cvs
#
-# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -128,7 +128,6 @@
install -m 0644 %{SOURCE3} %{SOURCE4} %{buildroot}%{_sysconfdir}/profile.d
# hack to avoid csh in requires
chmod 644 %{buildroot}%{_datadir}/cvs/contrib/sccs2rcs
-mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
install -p -m 644 -D %{SOURCE5} %{buildroot}%{_unitdir}/cvs\@.service
install -p -m 644 -D %{SOURCE6} %{buildroot}%{_unitdir}/cvs.socket
install -p -m 644 -D %{SOURCE7} %{buildroot}%{_unitdir}/cvs.target
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2017-08-30 16:23:21 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs" Wed Aug 30 16:23:21 2017 rev:32 rq:519464 version:1.12.12 Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2017-08-24 18:21:35.629760694 +0200 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2017-08-30 16:23:43.769047864 +0200 @@ -5 +5,2 @@ - [bsc#1053364, cvs-Bug-1053364-disallow-dash.patch] + [bsc#1053364, CVE-2017-12836, + cvs-Bug-1053364-disallow-dash.patch] Other differences: --
commit cvs for openSUSE:Factory
Hello community,
here is the log from the commit of package cvs for openSUSE:Factory checked in
at 2017-08-24 18:21:25
Comparing /work/SRC/openSUSE:Factory/cvs (Old)
and /work/SRC/openSUSE:Factory/.cvs.new (New)
Package is "cvs"
Thu Aug 24 18:21:25 2017 rev:31 rq:516133 version:1.12.12
Changes:
--- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2017-06-20 10:59:26.455621507
+0200
+++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2017-08-24
18:21:35.629760694 +0200
@@ -1,0 +2,8 @@
+Fri Aug 11 12:21:12 UTC 2017 - josef.moell...@suse.com
+
+- Disallow a leading dash in the argument of the "-d" option.
+ [bsc#1053364, cvs-Bug-1053364-disallow-dash.patch]
+- Changed license to "GPL-2.0"
+ see http://cvs.savannah.nongnu.org/viewvc/cvs/ccvs/cvs.spec.in
+
+---
New:
cvs-Bug-1053364-disallow-dash.patch
Other differences:
--
++ cvs.spec ++
--- /var/tmp/diff_new_pack.zHWcDq/_old 2017-08-24 18:21:37.125550081 +0200
+++ /var/tmp/diff_new_pack.zHWcDq/_new 2017-08-24 18:21:37.129549518 +0200
@@ -1,7 +1,7 @@
#
# spec file for package cvs
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@
Version:1.12.12
Release:0
Summary:Concurrent Versions System
-License:GPL-2.0+ AND LGPL-2.1+
+License:GPL-2.0
Group: Development/Tools/Version Control
Url:http://www.nongnu.org/cvs/
Source:
http://ftp.gnu.org/non-gnu/%{name}/source/feature/%{version}/%{name}-%{version}.tar.bz2
@@ -52,6 +52,7 @@
Patch27:cvs-fix_printf_format.diff
Patch28:cvs-gnulib.diff
Patch29:cvs-CVE-2012-0804.patch
+Patch30:cvs-Bug-1053364-disallow-dash.patch
BuildRequires: automake
BuildRequires: gdbm-devel
BuildRequires: groff
@@ -104,6 +105,7 @@
%patch27
%patch28
%patch29
+%patch30 -p1
%build
autoreconf -fvi
++ cvs-Bug-1053364-disallow-dash.patch ++
Index: cvs-1.12.12/src/root.c
===
--- cvs-1.12.12.orig/src/root.c
+++ cvs-1.12.12/src/root.c
@@ -615,6 +615,24 @@ parse_cvsroot (const char *root_in)
}
#endif /* defined (CLIENT_SUPPORT) || defined (SERVER_SUPPORT) */
}
+else if (*cvsroot_copy == '-')
+{
+ /*
+* If the first character is not a colon, it may be the start of
+* - a username
+* - a hostname
+* - a pathname
+* The syntax of a hostname is defined by RFCs 952 and 1123
+* and it must start with a letter or a digit.
+* According to the definition above, a path should start with a slash
+* but even if not, there are other tools that croak upon a leading dash
+* so you could just as well prepend a "./" if it was a relative path!
+* But there is no clear definition of what is permissable at the start
of a username
+* and this may vary between server OSes, so we just disallow a dash.
+*/
+ error (0, 0, "CVSROOT (`%s') must not start with a dash.",
cvsroot_copy);
+ goto error_exit;
+}
else
{
/* If the method isn't specified, assume EXT_METHOD if the string looks
commit cvs for openSUSE:Factory
Hello community,
here is the log from the commit of package cvs for openSUSE:Factory checked in
at 2017-06-20 10:59:01
Comparing /work/SRC/openSUSE:Factory/cvs (Old)
and /work/SRC/openSUSE:Factory/.cvs.new (New)
Package is "cvs"
Tue Jun 20 10:59:01 2017 rev:30 rq:503933 version:1.12.12
Changes:
--- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2013-03-25 20:17:05.0
+0100
+++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2017-06-20
10:59:26.455621507 +0200
@@ -1,0 +2,15 @@
+Thu Jun 15 11:38:00 UTC 2017 - mplus...@suse.com
+
+- Update dependencies:
+ * enable kerberos
+ * explicitly require ssh
+
+---
+Thu Jun 15 09:41:35 UTC 2017 - tchva...@suse.com
+
+- Update bit with spec-cleaner
+- Use proper url for docu and do not recompress:
+ * OpenSourceDevWithCVS_2E.tar.gz instead of bz2
+- Add systemd socket service to replace the xinetd service
+
+---
Old:
OpenSourceDevWithCVS_2E.tar.bz2
xinetd.conf
New:
OpenSourceDevWithCVS_2E.tar.gz
cvs.socket
cvs.target
cvs@.service
Other differences:
--
++ cvs.spec ++
--- /var/tmp/diff_new_pack.J8RJsJ/_old 2017-06-20 10:59:27.375491847 +0200
+++ /var/tmp/diff_new_pack.J8RJsJ/_new 2017-06-20 10:59:27.387490155 +0200
@@ -1,7 +1,7 @@
#
# spec file for package cvs
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,29 +17,23 @@
Name: cvs
-BuildRequires: automake
-BuildRequires: gdbm-devel
-BuildRequires: zlib-devel
-Url:http://www.nongnu.org/cvs/
Version:1.12.12
Release:0
Summary:Concurrent Versions System
-License:GPL-2.0+ and LGPL-2.1+
+License:GPL-2.0+ AND LGPL-2.1+
Group: Development/Tools/Version Control
-Requires: /bin/mktemp
-Requires: /usr/bin/csh
-Source:
http://ftp.gnu.org/non-gnu/%name/source/feature/%version/%name-%version.tar.bz2
+Url:http://www.nongnu.org/cvs/
+Source:
http://ftp.gnu.org/non-gnu/%{name}/source/feature/%{version}/%{name}-%{version}.tar.bz2
Source1:http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz
-Source2:xinetd.conf
Source3:cvs.sh
Source4:cvs.csh
-# http://cvsbook.red-bean.com/OpenSourceDevWithCVS_2E.tar.gz
-Source10: OpenSourceDevWithCVS_2E.tar.bz2
-Patch: cvs.diff
+Source5:cvs@.service
+Source6:cvs.socket
+Source7:cvs.target
+Source10: http://cvsbook.red-bean.com/OpenSourceDevWithCVS_2E.tar.gz
+Patch0: cvs.diff
Patch2: diff-k.possible.patch
Patch5: cvs-fix_sigpipe_flowcontrol.diff
-#Patch6: allow_trailing_dir_slash.diff
-#Patch7: use_system_zlib.diff
Patch8: cvs-use_vitmp.diff
Patch10:cvs-new-sort-option.diff
Patch11:cvs-1.11.9-nocsh.patch
@@ -58,8 +52,17 @@
Patch27:cvs-fix_printf_format.diff
Patch28:cvs-gnulib.diff
Patch29:cvs-CVE-2012-0804.patch
-PreReq: %install_info_prereq
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: automake
+BuildRequires: gdbm-devel
+BuildRequires: groff
+BuildRequires: krb5-devel
+BuildRequires: openssh
+Requires: openssh
+BuildRequires: zlib-devel
+Requires: %{_bindir}/csh
+Requires: /bin/mktemp
+Requires(post): %{install_info_prereq}
+Requires(preun): %{install_info_prereq}
%description
CVS is a front-end to the rcs (Revision Control System) included in the
@@ -80,10 +83,9 @@
%prep
%setup -q -a 1 -a 10
-%patch
+%patch0
%patch2
%patch5
-#%patch7 -p1
%patch8 -p1
%patch10
%patch11 -p1
@@ -104,13 +106,11 @@
%patch29
%build
-autoreconf -fi
-#aclocal -I m4
-#autoconf
-export CFLAGS="$RPM_OPT_FLAGS -pipe -D_GNU_SOURCE -std=gnu99"
+autoreconf -fvi
+export CFLAGS="%{optflags} -pipe -D_GNU_SOURCE -std=gnu99"
%configure \
--with-external-zlib \
- --with-editor=/usr/bin/vitmp \
+ --with-editor=%{_bindir}/vitmp \
--with-rsh=ssh
cd cvslock-*
%configure
@@ -121,42 +121,56 @@
cd -
%install
-%makeinstall install-info
+%make_install install-info
mkdir -p %{buildroot}%{_sysconfdir}/profile.d
-install -m 0644 %SOURCE3 %SOURCE4 %{buildroot}%{_sysconfdir}/profile.d
+install -m 0644 %{SOURCE3} %{SOURCE4} %{buildroot}%{_sysconfdir}/profile.d
# hack to avoid csh in requires
-chmod 644 %{buildroot}/usr/share/cvs/contrib/sccs2rcs
+chmod 644 %{buildroot}%{_datadir}/cvs/
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2013-03-25 20:17:03 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs", Maintainer is "p...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2013-02-05 12:11:09.0 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2013-03-25 20:17:05.0 +0100 @@ -1,0 +2,6 @@ +Fri Mar 22 09:06:16 UTC 2013 - mmeis...@suse.com + +- Added url as source. + Please see http://en.opensuse.org/SourceUrls + +--- Old: cvslock-0.2.tar.bz2 New: cvslock-0.2.tar.gz Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.gl9tUr/_old 2013-03-25 20:17:06.0 +0100 +++ /var/tmp/diff_new_pack.gl9tUr/_new 2013-03-25 20:17:06.0 +0100 @@ -28,9 +28,8 @@ Group: Development/Tools/Version Control Requires: /bin/mktemp Requires: /usr/bin/csh -Source: %name-%version.tar.bz2 -# http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz -Source1:cvslock-0.2.tar.bz2 +Source: http://ftp.gnu.org/non-gnu/%name/source/feature/%version/%name-%version.tar.bz2 +Source1:http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz Source2:xinetd.conf Source3:cvs.sh Source4:cvs.csh -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2013-02-05 12:11:08 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs", Maintainer is "p...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2012-02-23 15:32:29.0 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2013-02-05 12:11:09.0 +0100 @@ -1,0 +2,5 @@ +Mon Feb 4 14:30:50 UTC 2013 - co...@suse.com + +- update license to new format + +--- Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.kfmxmi/_old 2013-02-05 12:11:11.0 +0100 +++ /var/tmp/diff_new_pack.kfmxmi/_new 2013-02-05 12:11:11.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package cvs # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,9 +24,10 @@ Version:1.12.12 Release:0 Summary:Concurrent Versions System -License:GPL-2.0+ ; LGPL-2.1+ +License:GPL-2.0+ and LGPL-2.1+ Group: Development/Tools/Version Control -Requires: /bin/mktemp, /usr/bin/csh +Requires: /bin/mktemp +Requires: /usr/bin/csh Source: %name-%version.tar.bz2 # http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz Source1:cvslock-0.2.tar.bz2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2012-02-23 15:32:27 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs", Maintainer is "p...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2012-02-14 13:05:15.0 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2012-02-23 15:32:29.0 +0100 @@ -1,0 +2,5 @@ +Tue Feb 21 11:50:12 CET 2012 - p...@suse.de + +- Fix typo in the last patch. + +--- Other differences: -- ++ cvs-CVE-2012-0804.patch ++ --- /var/tmp/diff_new_pack.1Pi1wq/_old 2012-02-23 15:32:31.0 +0100 +++ /var/tmp/diff_new_pack.1Pi1wq/_new 2012-02-23 15:32:31.0 +0100 @@ -7,7 +7,7 @@ */ read_line_via (from_server, to_server, &read_buf); - sscanf (read_buf, "%s %d", write_buf, &codenum); -+ count = sscanf (read_buf, "%s %d", write_buf, &codenum); ++ count = sscanf (read_buf, "%*s %d", &codenum); - if ((codenum / 100) != 2) + if (count != 1 || (codenum / 100) != 2) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community,
here is the log from the commit of package cvs for openSUSE:Factory checked in
at 2012-02-14 13:05:11
Comparing /work/SRC/openSUSE:Factory/cvs (Old)
and /work/SRC/openSUSE:Factory/.cvs.new (New)
Package is "cvs", Maintainer is "p...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2011-12-08 11:27:41.0
+0100
+++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2012-02-14
13:05:15.0 +0100
@@ -1,0 +2,6 @@
+Mon Jan 30 14:35:57 CET 2012 - p...@suse.de
+
+- Fix the way CVS reads proxy connection HTTP responses
+ (bnc#744059, CVE-2012-0804).
+
+---
New:
cvs-CVE-2012-0804.patch
Other differences:
--
++ cvs.spec ++
--- /var/tmp/diff_new_pack.LdfTgo/_old 2012-02-14 13:05:17.0 +0100
+++ /var/tmp/diff_new_pack.LdfTgo/_new 2012-02-14 13:05:17.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package cvs
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,16 +15,17 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+
Name: cvs
BuildRequires: automake
BuildRequires: gdbm-devel
BuildRequires: zlib-devel
-License:GPL-2.0+ ; LGPL-2.1+
-Group: Development/Tools/Version Control
Url:http://www.nongnu.org/cvs/
Version:1.12.12
Release:0
Summary:Concurrent Versions System
+License:GPL-2.0+ ; LGPL-2.1+
+Group: Development/Tools/Version Control
Requires: /bin/mktemp, /usr/bin/csh
Source: %name-%version.tar.bz2
# http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz
@@ -56,6 +57,7 @@
Patch26:cvs-request_rcs_installation.diff
Patch27:cvs-fix_printf_format.diff
Patch28:cvs-gnulib.diff
+Patch29:cvs-CVE-2012-0804.patch
PreReq: %install_info_prereq
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -66,6 +68,7 @@
%package doc
Summary:Info pages and Open Source Development with CVS, 2nd Edition
Book
+Group: Development/Tools/Version Control
%if 0%{?suse_version} >= 1120
BuildArch: noarch
%endif
@@ -98,6 +101,7 @@
%patch26
%patch27
%patch28
+%patch29
%build
autoreconf -fi
++ cvs-CVE-2012-0804.patch ++
Index: src/client.c
===
--- src/client.c.orig 2012-01-30 14:32:50.0 +0100
+++ src/client.c2012-01-30 14:34:59.644866100 +0100
@@ -3491,9 +3491,9 @@ connect_to_pserver (cvsroot_t *root, str
* code.
*/
read_line_via (from_server, to_server, &read_buf);
- sscanf (read_buf, "%s %d", write_buf, &codenum);
+ count = sscanf (read_buf, "%s %d", write_buf, &codenum);
- if ((codenum / 100) != 2)
+ if (count != 1 || (codenum / 100) != 2)
error (1, 0, "proxy server %s:%d does not support http tunnelling",
root->proxy_hostname, proxy_port_number);
free (read_buf);
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community,
here is the log from the commit of package cvs for openSUSE:Factory checked in
at 2011-12-08 11:27:40
Comparing /work/SRC/openSUSE:Factory/cvs (Old)
and /work/SRC/openSUSE:Factory/.cvs.new (New)
Package is "cvs", Maintainer is "p...@suse.com"
Changes:
--- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2011-09-23 01:54:45.0
+0200
+++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2011-12-08
11:27:41.0 +0100
@@ -1,0 +2,5 @@
+Fri Dec 2 07:47:31 UTC 2011 - co...@suse.com
+
+- add automake as buildrequire to avoid implicit dependency
+
+---
Other differences:
--
++ cvs.spec ++
--- /var/tmp/diff_new_pack.OZFAxf/_old 2011-12-08 11:27:42.0 +0100
+++ /var/tmp/diff_new_pack.OZFAxf/_new 2011-12-08 11:27:42.0 +0100
@@ -15,15 +15,15 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-
-
Name: cvs
-BuildRequires: gdbm-devel zlib-devel
-License:GPLv2+ ; LGPLv2.1+
+BuildRequires: automake
+BuildRequires: gdbm-devel
+BuildRequires: zlib-devel
+License:GPL-2.0+ ; LGPL-2.1+
Group: Development/Tools/Version Control
Url:http://www.nongnu.org/cvs/
Version:1.12.12
-Release:164
+Release:0
Summary:Concurrent Versions System
Requires: /bin/mktemp, /usr/bin/csh
Source: %name-%version.tar.bz2
@@ -65,9 +65,7 @@
CVS, is also included.
%package doc
-License:GPLv2+ ; LGPLv2.1+
Summary:Info pages and Open Source Development with CVS, 2nd Edition
Book
-Group: Development/Tools/Version Control
%if 0%{?suse_version} >= 1120
BuildArch: noarch
%endif
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community,
here is the log from the commit of package cvs for openSUSE:Factory
checked in at Mon Sep 19 15:58:39 CEST 2011.
--- cvs/cvs.changes 2010-09-20 11:21:05.0 +0200
+++ /mounts/work_src_done/STABLE/cvs/cvs.changes2011-09-18
02:11:59.0 +0200
@@ -1,0 +2,5 @@
+Sun Sep 18 00:11:50 UTC 2011 - jeng...@medozas.de
+
+- Remove redundant tags/sections from specfile
+
+---
calling whatdependson for head-i586
Other differences:
--
++ cvs.spec ++
--- /var/tmp/diff_new_pack.NnLRRc/_old 2011-09-19 15:58:34.0 +0200
+++ /var/tmp/diff_new_pack.NnLRRc/_new 2011-09-19 15:58:34.0 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package cvs (Version 1.12.12)
+# spec file for package cvs
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,7 +15,6 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
Name: cvs
@@ -23,7 +22,6 @@
License:GPLv2+ ; LGPLv2.1+
Group: Development/Tools/Version Control
Url:http://www.nongnu.org/cvs/
-AutoReqProv:on
Version:1.12.12
Release:164
Summary:Concurrent Versions System
@@ -66,13 +64,6 @@
standard Linux distributions. PCL-CVS, an emacs (Emacs) front-end for
CVS, is also included.
-
-
-Authors:
-
-Brian Berliner
-Jeff Polk
-
%package doc
License:GPLv2+ ; LGPLv2.1+
Summary:Info pages and Open Source Development with CVS, 2nd Edition
Book
@@ -86,13 +77,6 @@
(%{_datadir}/%{name}/contrib/intro.doc) and the complete book "Open Source
Development with CVS, 2nd Edition".
-
-
-Authors:
-
-Brian Berliner
-Jeff Polk
-
%prep
%setup -q -a 1 -a 10
%patch
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
