commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2018-10-01 09:03:49 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs" Mon Oct 1 09:03:49 2018 rev:34 rq:636903 version:1.12.13 Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2018-02-13 10:25:02.654517431 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2018-10-01 09:03:52.923972356 +0200 @@ -1,0 +2,14 @@ +Wed Sep 19 15:32:59 UTC 2018 - josef.moell...@suse.com + +- Upgrade to 1.12.13 + This version fixes two security vulnerabilities in the zlib + compression libraries (see CERT vulnerabilities advisories + #238678 & #680620 for more info), several issues involving + potential data-loss on heavily loaded systems, some minor + potential crashes, hangs, and several minor annoyances in CVS + client and server behavior. + See also: + https://savannah.nongnu.org/forum/forum.php?forum_id=4046 + http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/NEWS?revision=1.341 + +--- Old: cvs-1.12.12.tar.bz2 New: cvs-1.12.13.tar.bz2 Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.B5fPAE/_old 2018-10-01 09:03:53.899971511 +0200 +++ /var/tmp/diff_new_pack.B5fPAE/_new 2018-10-01 09:03:53.903971507 +0200 @@ -17,7 +17,7 @@ Name: cvs -Version:1.12.12 +Version:1.12.13 Release:0 Summary:Concurrent Versions System License:GPL-2.0 @@ -90,7 +90,7 @@ %patch8 -p1 %patch10 %patch11 -p1 -%patch12 +%patch12 -p1 %patch16 %patch17 %patch18 @@ -191,6 +191,7 @@ %{_datadir}/%{name}/contrib/rcslock %{_datadir}/%{name}/contrib/rcs-to-cvs %{_datadir}/%{name}/contrib/README +%{_datadir}/%{name}/contrib/rcs-5.7-commitid.patch %{_datadir}/%{name}/contrib/sandbox_status %{_datadir}/%{name}/contrib/validate_repo %attr(755,root,root) %{_datadir}/%{name}/contrib/sccs2rcs @@ -201,10 +202,7 @@ %files doc %defattr(-,root,root) %dir %{_defaultdocdir}/%{name} -%{_infodir}/cvs.info-*%{ext_info} -%{_infodir}/cvs.info%{ext_info} -%{_infodir}/cvsclient.info-*%{ext_info} -%{_infodir}/cvsclient.info%{ext_info} +%{_infodir}/*.info* %doc %{_datadir}/%{name}/contrib/intro.doc %doc %{_defaultdocdir}/%{name}/OpenSourceDevWithCVS_2E.pdf ++ 03cvs-client-exploit-fix.diff ++ --- /var/tmp/diff_new_pack.B5fPAE/_old 2018-10-01 09:03:53.927971487 +0200 +++ /var/tmp/diff_new_pack.B5fPAE/_new 2018-10-01 09:03:53.927971487 +0200 @@ -1,8 +1,8 @@ -Index: src/client.c - src/client.c -+++ src/client.c -@@ -767,6 +767,19 @@ +Index: cvs-1.12.13/src/client.c +=== +--- cvs-1.12.13.orig/src/client.c cvs-1.12.13/src/client.c +@@ -750,6 +750,19 @@ call_in_directory (const char *pathname, assert (pathname); @@ -12,13 +12,13 @@ + * Anything less means a trojan CVS server could create and edit arbitrary + * files on the client. + */ -+if (isabsolute (pathname) || pathname_levels (pathname) > 0) ++if (ISABSOLUTE (pathname) || pathname_levels (pathname) > 0) +{ -+ error (0, 0, ++ error (0, 0, + "Server attempted to update a file via an invalid pathname:"); +error (1, 0, "`%s'.", pathname); +} + reposname = NULL; read_line (&reposname); - assert (reposname != NULL); + assert (reposname); ++ cvs-1.12.12.tar.bz2 -> cvs-1.12.13.tar.bz2 ++ 157373 lines of diff (skipped) ++ cvs-format.patch ++ --- /var/tmp/diff_new_pack.B5fPAE/_old 2018-10-01 09:03:56.067969634 +0200 +++ /var/tmp/diff_new_pack.B5fPAE/_new 2018-10-01 09:03:56.071969631 +0200 @@ -1,6 +1,8 @@ cvs-1.12.12/src/cvs.h -+++ cvs-1.12.12/src/cvs.h -@@ -566,7 +566,7 @@ +Index: cvs-1.12.13/src/cvs.h +=== +--- cvs-1.12.13.orig/src/cvs.h cvs-1.12.13/src/cvs.h +@@ -585,7 +585,7 @@ void cat_module (int status); void check_entries (char *dir); void close_module (DBM * db); void copy_file (const char *from, const char *to); @@ -9,14 +11,3 @@ int ign_name (char *name); void ign_add (char *ign, int hold); cvs-1.12.12/src/subr.h -+++ cvs-1.12.12/src/subr.h -@@ -69,7 +69,7 @@ - #ifdef SUPPORT_OLD_INFO_FMT_STRINGS - char *format_cmdline (bool oldway, const char *srepos, const char *format, ...); - #else /* SUPPORT_OLD_INFO_FMT_STRINGS */ --char *format_cmdline (const char *format, ...); -+char *format_cmdline (const char *format, ...) __attribute__((__format__(printf,
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2018-02-13 10:25:01 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs" Tue Feb 13 10:25:01 2018 rev:33 rq:574721 version:1.12.12 Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2017-08-30 16:23:43.769047864 +0200 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2018-02-13 10:25:02.654517431 +0100 @@ -1,0 +2,5 @@ +Fri Feb 9 12:03:19 UTC 2018 - ku...@suse.com + +- Don't create unused xinetd directory + +--- Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.C0Wy9q/_old 2018-02-13 10:25:03.886473044 +0100 +++ /var/tmp/diff_new_pack.C0Wy9q/_new 2018-02-13 10:25:03.890472900 +0100 @@ -1,7 +1,7 @@ # # spec file for package cvs # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -128,7 +128,6 @@ install -m 0644 %{SOURCE3} %{SOURCE4} %{buildroot}%{_sysconfdir}/profile.d # hack to avoid csh in requires chmod 644 %{buildroot}%{_datadir}/cvs/contrib/sccs2rcs -mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d install -p -m 644 -D %{SOURCE5} %{buildroot}%{_unitdir}/cvs\@.service install -p -m 644 -D %{SOURCE6} %{buildroot}%{_unitdir}/cvs.socket install -p -m 644 -D %{SOURCE7} %{buildroot}%{_unitdir}/cvs.target
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2017-08-30 16:23:21 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs" Wed Aug 30 16:23:21 2017 rev:32 rq:519464 version:1.12.12 Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2017-08-24 18:21:35.629760694 +0200 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2017-08-30 16:23:43.769047864 +0200 @@ -5 +5,2 @@ - [bsc#1053364, cvs-Bug-1053364-disallow-dash.patch] + [bsc#1053364, CVE-2017-12836, + cvs-Bug-1053364-disallow-dash.patch] Other differences: --
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2017-08-24 18:21:25 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs" Thu Aug 24 18:21:25 2017 rev:31 rq:516133 version:1.12.12 Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2017-06-20 10:59:26.455621507 +0200 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2017-08-24 18:21:35.629760694 +0200 @@ -1,0 +2,8 @@ +Fri Aug 11 12:21:12 UTC 2017 - josef.moell...@suse.com + +- Disallow a leading dash in the argument of the "-d" option. + [bsc#1053364, cvs-Bug-1053364-disallow-dash.patch] +- Changed license to "GPL-2.0" + see http://cvs.savannah.nongnu.org/viewvc/cvs/ccvs/cvs.spec.in + +--- New: cvs-Bug-1053364-disallow-dash.patch Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.zHWcDq/_old 2017-08-24 18:21:37.125550081 +0200 +++ /var/tmp/diff_new_pack.zHWcDq/_new 2017-08-24 18:21:37.129549518 +0200 @@ -1,7 +1,7 @@ # # spec file for package cvs # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Version:1.12.12 Release:0 Summary:Concurrent Versions System -License:GPL-2.0+ AND LGPL-2.1+ +License:GPL-2.0 Group: Development/Tools/Version Control Url:http://www.nongnu.org/cvs/ Source: http://ftp.gnu.org/non-gnu/%{name}/source/feature/%{version}/%{name}-%{version}.tar.bz2 @@ -52,6 +52,7 @@ Patch27:cvs-fix_printf_format.diff Patch28:cvs-gnulib.diff Patch29:cvs-CVE-2012-0804.patch +Patch30:cvs-Bug-1053364-disallow-dash.patch BuildRequires: automake BuildRequires: gdbm-devel BuildRequires: groff @@ -104,6 +105,7 @@ %patch27 %patch28 %patch29 +%patch30 -p1 %build autoreconf -fvi ++ cvs-Bug-1053364-disallow-dash.patch ++ Index: cvs-1.12.12/src/root.c === --- cvs-1.12.12.orig/src/root.c +++ cvs-1.12.12/src/root.c @@ -615,6 +615,24 @@ parse_cvsroot (const char *root_in) } #endif /* defined (CLIENT_SUPPORT) || defined (SERVER_SUPPORT) */ } +else if (*cvsroot_copy == '-') +{ + /* +* If the first character is not a colon, it may be the start of +* - a username +* - a hostname +* - a pathname +* The syntax of a hostname is defined by RFCs 952 and 1123 +* and it must start with a letter or a digit. +* According to the definition above, a path should start with a slash +* but even if not, there are other tools that croak upon a leading dash +* so you could just as well prepend a "./" if it was a relative path! +* But there is no clear definition of what is permissable at the start of a username +* and this may vary between server OSes, so we just disallow a dash. +*/ + error (0, 0, "CVSROOT (`%s') must not start with a dash.", cvsroot_copy); + goto error_exit; +} else { /* If the method isn't specified, assume EXT_METHOD if the string looks
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2017-06-20 10:59:01 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs" Tue Jun 20 10:59:01 2017 rev:30 rq:503933 version:1.12.12 Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2013-03-25 20:17:05.0 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2017-06-20 10:59:26.455621507 +0200 @@ -1,0 +2,15 @@ +Thu Jun 15 11:38:00 UTC 2017 - mplus...@suse.com + +- Update dependencies: + * enable kerberos + * explicitly require ssh + +--- +Thu Jun 15 09:41:35 UTC 2017 - tchva...@suse.com + +- Update bit with spec-cleaner +- Use proper url for docu and do not recompress: + * OpenSourceDevWithCVS_2E.tar.gz instead of bz2 +- Add systemd socket service to replace the xinetd service + +--- Old: OpenSourceDevWithCVS_2E.tar.bz2 xinetd.conf New: OpenSourceDevWithCVS_2E.tar.gz cvs.socket cvs.target cvs@.service Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.J8RJsJ/_old 2017-06-20 10:59:27.375491847 +0200 +++ /var/tmp/diff_new_pack.J8RJsJ/_new 2017-06-20 10:59:27.387490155 +0200 @@ -1,7 +1,7 @@ # # spec file for package cvs # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,29 +17,23 @@ Name: cvs -BuildRequires: automake -BuildRequires: gdbm-devel -BuildRequires: zlib-devel -Url:http://www.nongnu.org/cvs/ Version:1.12.12 Release:0 Summary:Concurrent Versions System -License:GPL-2.0+ and LGPL-2.1+ +License:GPL-2.0+ AND LGPL-2.1+ Group: Development/Tools/Version Control -Requires: /bin/mktemp -Requires: /usr/bin/csh -Source: http://ftp.gnu.org/non-gnu/%name/source/feature/%version/%name-%version.tar.bz2 +Url:http://www.nongnu.org/cvs/ +Source: http://ftp.gnu.org/non-gnu/%{name}/source/feature/%{version}/%{name}-%{version}.tar.bz2 Source1:http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz -Source2:xinetd.conf Source3:cvs.sh Source4:cvs.csh -# http://cvsbook.red-bean.com/OpenSourceDevWithCVS_2E.tar.gz -Source10: OpenSourceDevWithCVS_2E.tar.bz2 -Patch: cvs.diff +Source5:cvs@.service +Source6:cvs.socket +Source7:cvs.target +Source10: http://cvsbook.red-bean.com/OpenSourceDevWithCVS_2E.tar.gz +Patch0: cvs.diff Patch2: diff-k.possible.patch Patch5: cvs-fix_sigpipe_flowcontrol.diff -#Patch6: allow_trailing_dir_slash.diff -#Patch7: use_system_zlib.diff Patch8: cvs-use_vitmp.diff Patch10:cvs-new-sort-option.diff Patch11:cvs-1.11.9-nocsh.patch @@ -58,8 +52,17 @@ Patch27:cvs-fix_printf_format.diff Patch28:cvs-gnulib.diff Patch29:cvs-CVE-2012-0804.patch -PreReq: %install_info_prereq -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: automake +BuildRequires: gdbm-devel +BuildRequires: groff +BuildRequires: krb5-devel +BuildRequires: openssh +Requires: openssh +BuildRequires: zlib-devel +Requires: %{_bindir}/csh +Requires: /bin/mktemp +Requires(post): %{install_info_prereq} +Requires(preun): %{install_info_prereq} %description CVS is a front-end to the rcs (Revision Control System) included in the @@ -80,10 +83,9 @@ %prep %setup -q -a 1 -a 10 -%patch +%patch0 %patch2 %patch5 -#%patch7 -p1 %patch8 -p1 %patch10 %patch11 -p1 @@ -104,13 +106,11 @@ %patch29 %build -autoreconf -fi -#aclocal -I m4 -#autoconf -export CFLAGS="$RPM_OPT_FLAGS -pipe -D_GNU_SOURCE -std=gnu99" +autoreconf -fvi +export CFLAGS="%{optflags} -pipe -D_GNU_SOURCE -std=gnu99" %configure \ --with-external-zlib \ - --with-editor=/usr/bin/vitmp \ + --with-editor=%{_bindir}/vitmp \ --with-rsh=ssh cd cvslock-* %configure @@ -121,42 +121,56 @@ cd - %install -%makeinstall install-info +%make_install install-info mkdir -p %{buildroot}%{_sysconfdir}/profile.d -install -m 0644 %SOURCE3 %SOURCE4 %{buildroot}%{_sysconfdir}/profile.d +install -m 0644 %{SOURCE3} %{SOURCE4} %{buildroot}%{_sysconfdir}/profile.d # hack to avoid csh in requires -chmod 644 %{buildroot}/usr/share/cvs/contrib/sccs2rcs +chmod 644 %{buildroot}%{_datadir}/cvs/
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2013-03-25 20:17:03 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs", Maintainer is "p...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2013-02-05 12:11:09.0 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2013-03-25 20:17:05.0 +0100 @@ -1,0 +2,6 @@ +Fri Mar 22 09:06:16 UTC 2013 - mmeis...@suse.com + +- Added url as source. + Please see http://en.opensuse.org/SourceUrls + +--- Old: cvslock-0.2.tar.bz2 New: cvslock-0.2.tar.gz Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.gl9tUr/_old 2013-03-25 20:17:06.0 +0100 +++ /var/tmp/diff_new_pack.gl9tUr/_new 2013-03-25 20:17:06.0 +0100 @@ -28,9 +28,8 @@ Group: Development/Tools/Version Control Requires: /bin/mktemp Requires: /usr/bin/csh -Source: %name-%version.tar.bz2 -# http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz -Source1:cvslock-0.2.tar.bz2 +Source: http://ftp.gnu.org/non-gnu/%name/source/feature/%version/%name-%version.tar.bz2 +Source1:http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz Source2:xinetd.conf Source3:cvs.sh Source4:cvs.csh -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2013-02-05 12:11:08 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs", Maintainer is "p...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2012-02-23 15:32:29.0 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2013-02-05 12:11:09.0 +0100 @@ -1,0 +2,5 @@ +Mon Feb 4 14:30:50 UTC 2013 - co...@suse.com + +- update license to new format + +--- Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.kfmxmi/_old 2013-02-05 12:11:11.0 +0100 +++ /var/tmp/diff_new_pack.kfmxmi/_new 2013-02-05 12:11:11.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package cvs # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,9 +24,10 @@ Version:1.12.12 Release:0 Summary:Concurrent Versions System -License:GPL-2.0+ ; LGPL-2.1+ +License:GPL-2.0+ and LGPL-2.1+ Group: Development/Tools/Version Control -Requires: /bin/mktemp, /usr/bin/csh +Requires: /bin/mktemp +Requires: /usr/bin/csh Source: %name-%version.tar.bz2 # http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz Source1:cvslock-0.2.tar.bz2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2012-02-23 15:32:27 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs", Maintainer is "p...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2012-02-14 13:05:15.0 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2012-02-23 15:32:29.0 +0100 @@ -1,0 +2,5 @@ +Tue Feb 21 11:50:12 CET 2012 - p...@suse.de + +- Fix typo in the last patch. + +--- Other differences: -- ++ cvs-CVE-2012-0804.patch ++ --- /var/tmp/diff_new_pack.1Pi1wq/_old 2012-02-23 15:32:31.0 +0100 +++ /var/tmp/diff_new_pack.1Pi1wq/_new 2012-02-23 15:32:31.0 +0100 @@ -7,7 +7,7 @@ */ read_line_via (from_server, to_server, &read_buf); - sscanf (read_buf, "%s %d", write_buf, &codenum); -+ count = sscanf (read_buf, "%s %d", write_buf, &codenum); ++ count = sscanf (read_buf, "%*s %d", &codenum); - if ((codenum / 100) != 2) + if (count != 1 || (codenum / 100) != 2) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2012-02-14 13:05:11 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs", Maintainer is "p...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2011-12-08 11:27:41.0 +0100 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2012-02-14 13:05:15.0 +0100 @@ -1,0 +2,6 @@ +Mon Jan 30 14:35:57 CET 2012 - p...@suse.de + +- Fix the way CVS reads proxy connection HTTP responses + (bnc#744059, CVE-2012-0804). + +--- New: cvs-CVE-2012-0804.patch Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.LdfTgo/_old 2012-02-14 13:05:17.0 +0100 +++ /var/tmp/diff_new_pack.LdfTgo/_new 2012-02-14 13:05:17.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package cvs # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,16 +15,17 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: cvs BuildRequires: automake BuildRequires: gdbm-devel BuildRequires: zlib-devel -License:GPL-2.0+ ; LGPL-2.1+ -Group: Development/Tools/Version Control Url:http://www.nongnu.org/cvs/ Version:1.12.12 Release:0 Summary:Concurrent Versions System +License:GPL-2.0+ ; LGPL-2.1+ +Group: Development/Tools/Version Control Requires: /bin/mktemp, /usr/bin/csh Source: %name-%version.tar.bz2 # http://www.does-not-exist.org/roessler/cvslock-0.2.tar.gz @@ -56,6 +57,7 @@ Patch26:cvs-request_rcs_installation.diff Patch27:cvs-fix_printf_format.diff Patch28:cvs-gnulib.diff +Patch29:cvs-CVE-2012-0804.patch PreReq: %install_info_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -66,6 +68,7 @@ %package doc Summary:Info pages and Open Source Development with CVS, 2nd Edition Book +Group: Development/Tools/Version Control %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif @@ -98,6 +101,7 @@ %patch26 %patch27 %patch28 +%patch29 %build autoreconf -fi ++ cvs-CVE-2012-0804.patch ++ Index: src/client.c === --- src/client.c.orig 2012-01-30 14:32:50.0 +0100 +++ src/client.c2012-01-30 14:34:59.644866100 +0100 @@ -3491,9 +3491,9 @@ connect_to_pserver (cvsroot_t *root, str * code. */ read_line_via (from_server, to_server, &read_buf); - sscanf (read_buf, "%s %d", write_buf, &codenum); + count = sscanf (read_buf, "%s %d", write_buf, &codenum); - if ((codenum / 100) != 2) + if (count != 1 || (codenum / 100) != 2) error (1, 0, "proxy server %s:%d does not support http tunnelling", root->proxy_hostname, proxy_port_number); free (read_buf); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at 2011-12-08 11:27:40 Comparing /work/SRC/openSUSE:Factory/cvs (Old) and /work/SRC/openSUSE:Factory/.cvs.new (New) Package is "cvs", Maintainer is "p...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/cvs/cvs.changes 2011-09-23 01:54:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.cvs.new/cvs.changes 2011-12-08 11:27:41.0 +0100 @@ -1,0 +2,5 @@ +Fri Dec 2 07:47:31 UTC 2011 - co...@suse.com + +- add automake as buildrequire to avoid implicit dependency + +--- Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.OZFAxf/_old 2011-12-08 11:27:42.0 +0100 +++ /var/tmp/diff_new_pack.OZFAxf/_new 2011-12-08 11:27:42.0 +0100 @@ -15,15 +15,15 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - - Name: cvs -BuildRequires: gdbm-devel zlib-devel -License:GPLv2+ ; LGPLv2.1+ +BuildRequires: automake +BuildRequires: gdbm-devel +BuildRequires: zlib-devel +License:GPL-2.0+ ; LGPL-2.1+ Group: Development/Tools/Version Control Url:http://www.nongnu.org/cvs/ Version:1.12.12 -Release:164 +Release:0 Summary:Concurrent Versions System Requires: /bin/mktemp, /usr/bin/csh Source: %name-%version.tar.bz2 @@ -65,9 +65,7 @@ CVS, is also included. %package doc -License:GPLv2+ ; LGPLv2.1+ Summary:Info pages and Open Source Development with CVS, 2nd Edition Book -Group: Development/Tools/Version Control %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit cvs for openSUSE:Factory
Hello community, here is the log from the commit of package cvs for openSUSE:Factory checked in at Mon Sep 19 15:58:39 CEST 2011. --- cvs/cvs.changes 2010-09-20 11:21:05.0 +0200 +++ /mounts/work_src_done/STABLE/cvs/cvs.changes2011-09-18 02:11:59.0 +0200 @@ -1,0 +2,5 @@ +Sun Sep 18 00:11:50 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections from specfile + +--- calling whatdependson for head-i586 Other differences: -- ++ cvs.spec ++ --- /var/tmp/diff_new_pack.NnLRRc/_old 2011-09-19 15:58:34.0 +0200 +++ /var/tmp/diff_new_pack.NnLRRc/_new 2011-09-19 15:58:34.0 +0200 @@ -1,7 +1,7 @@ # -# spec file for package cvs (Version 1.12.12) +# spec file for package cvs # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: cvs @@ -23,7 +22,6 @@ License:GPLv2+ ; LGPLv2.1+ Group: Development/Tools/Version Control Url:http://www.nongnu.org/cvs/ -AutoReqProv:on Version:1.12.12 Release:164 Summary:Concurrent Versions System @@ -66,13 +64,6 @@ standard Linux distributions. PCL-CVS, an emacs (Emacs) front-end for CVS, is also included. - - -Authors: - -Brian Berliner -Jeff Polk - %package doc License:GPLv2+ ; LGPLv2.1+ Summary:Info pages and Open Source Development with CVS, 2nd Edition Book @@ -86,13 +77,6 @@ (%{_datadir}/%{name}/contrib/intro.doc) and the complete book "Open Source Development with CVS, 2nd Edition". - - -Authors: - -Brian Berliner -Jeff Polk - %prep %setup -q -a 1 -a 10 %patch Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org