diff options
author | TBK <tbk@jjtc.eu> | 2020-02-25 21:57:53 +0100 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-02-25 20:17:17 -0300 |
commit | 254098d5ef34e30120e51a521573ed7eb0666100 (patch) | |
tree | 8df1b9492f6ce045662030dfea947519acc23d66 | |
parent | 603173745d534fef8c500954f09b66dc512fe535 (diff) | |
download | aports-254098d5ef34e30120e51a521573ed7eb0666100.tar.bz2 aports-254098d5ef34e30120e51a521573ed7eb0666100.tar.xz |
main/cvs: security upgrade to 1.12.12
Most distros uses 1.12.13 (https://repology.org/project/cvs/versions) but according to Gentoo it is usable, so following Gentoo (https://bugs.gentoo.org/124733) 1.12.12 is the way forward.
CVEs:
* CVE-2010-3846 - https://bugzilla.redhat.com/show_bug.cgi?id=642146
* CVE-2012-0804 - https://security-tracker.debian.org/tracker/CVE-2012-0804
* CVE-2017-12836 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810#10
-rw-r--r-- | main/cvs/APKBUILD | 77 | ||||
-rw-r--r-- | main/cvs/CVE-2017-12836.patch | 38 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-CVE-2012-0804.patch | 30 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-block-requests.patch | 140 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-cvsbug-tmpfix.patch | 22 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-fix-massive-leak.patch | 52 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-format-security.patch | 22 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-getdelim.patch | 21 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-hash-nameclash.patch | 42 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-install-sh.patch | 12 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-mktime-configure.patch | 201 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-mktime-x32.patch | 29 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-musl.patch | 13 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-openat.patch | 21 | ||||
-rw-r--r-- | main/cvs/cvs-1.12.12-rcs2log-coreutils.patch | 14 | ||||
-rw-r--r-- | main/cvs/cvs-musl.patch | 27 |
16 files changed, 708 insertions, 53 deletions
diff --git a/main/cvs/APKBUILD b/main/cvs/APKBUILD index 45c2967f9b..c2537d6ed8 100644 --- a/main/cvs/APKBUILD +++ b/main/cvs/APKBUILD @@ -1,33 +1,45 @@ # Contributor: Michael Mason <ms13sp@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=cvs -pkgver=1.11.23 +pkgver=1.12.12 pkgrel=0 pkgdesc="Concurrent Versions System" -url="http://www.nongnu.org/cvs/" +url="https://www.nongnu.org/cvs/" arch="all" license="GPL-2.0-or-later" -depends="" +options="!check" # Tests fail - src/lib/test-getdate.sh makedepends="zlib-dev" -install= subpackages="$pkgname-doc" -source="http://ftp.gnu.org/non-gnu/cvs/source/stable/$pkgver/$pkgname-$pkgver.tar.gz - cvs-musl.patch +source="https://ftp.gnu.org/non-gnu/cvs/source/feature/$pkgver/cvs-$pkgver.tar.gz + cvs-1.12.12-cvsbug-tmpfix.patch + cvs-1.12.12-openat.patch + cvs-1.12.12-block-requests.patch + cvs-1.12.12-install-sh.patch + cvs-1.12.12-hash-nameclash.patch + cvs-1.12.12-getdelim.patch + cvs-1.12.12-rcs2log-coreutils.patch + cvs-1.12.12-mktime-x32.patch + cvs-1.12.12-fix-massive-leak.patch + cvs-1.12.12-mktime-configure.patch + cvs-1.12.12-CVE-2012-0804.patch + cvs-1.12.12-format-security.patch + cvs-1.12.12-musl.patch + CVE-2017-12836.patch " +builddir="$srcdir/$pkgname-$pkgver" -_builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 1.12.12-r0: +# - CVE-2010-3846 +# - CVE-2012-0804 +# - CVE-2017-12836 prepare() { - local i - cd "$_builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; - esac - done + default_prepare + update_config_sub } build() { - cd "$_builddir" + cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -36,19 +48,32 @@ build() { --mandir=/usr/share/man \ --infodir=/usr/share/info \ --with-external-zlib \ - --with-tmpdir=/tmp \ - || return 1 - make || return 1 + --with-tmpdir=/tmp + make +} + +check() { + cd "$builddir" + make check } package() { - cd "$_builddir" - make -j1 DESTDIR="$pkgdir" install + cd "$builddir" + make DESTDIR="$pkgdir" install } -md5sums="bf185eb51b5918330a04671c3f3cccde cvs-1.11.23.tar.gz -3b51f4b2b94b83666f9e105038222cd8 cvs-musl.patch" -sha256sums="0ad692e3c22e4b33274a53ad22a194deb3024ec833b9e87ad7968d9b0b58cdcf cvs-1.11.23.tar.gz -b5b687e9c5349fbb15e82ca1f99d9227432f6be29a55b7ca22bd9b1c8b6f08d5 cvs-musl.patch" -sha512sums="e486df1d2aaf13605b9abc8ea5e8e2261dd015483cef82a9489919646f0d5d52a7bf4385f4fdb5f845a9c2287184153a0d456510089f1e2609957ba48ad9f96a cvs-1.11.23.tar.gz -7de04d5ec797430f8405b00e271d9edb5dffa3be855fc1e1dc35b134d981418c969486da668a78e1da88a4dba57952bfa14ffafbe3ff3ffc081de9cc908cf245 cvs-musl.patch" +sha512sums="36cae30bbd075773d260fd8d0170335d37ba4b6dd09056465290df5c14cd7c39a18931d70761d98e2bd989798b013e372603e94c252b4062c56c3ab53251a1fb cvs-1.12.12.tar.gz +29014631f5595dbf51a47032a19a23e545190dd8d40d77a71d363cee07a9ae38263b67db52a512436a9a7b37a7f5ff4daafa4a0a9f3c29bcfeb71ecff74408b7 cvs-1.12.12-cvsbug-tmpfix.patch +b0a7abc785169705d2f0668a8af706f93ee3eba3d050d555689577962283e54f6bd186e662b64c65f926cf72dff76a37259181338707d641ee0f20591ba62805 cvs-1.12.12-openat.patch +541545ffc64c4f2303b7e8f6cae2cdff0437452e4bcf94b2149d51e43710096e17f024c1a8ed32433560ea51ecef2aba2f3e6bfaef8fa9e4ad2f2436649884d1 cvs-1.12.12-block-requests.patch +7e468d41c1eb23c0a62b605e6e48cffc004e8f386a87a9696dd73b36702c74aad529f5cba7280dee1100027b6e1e907adad257cc446ca3ad734fa40d47e4ff72 cvs-1.12.12-install-sh.patch +dcd612dcc4b008c0fbabd74bcc179e69ebaed31a9f6622127061194a8ed99549502fbc0bffc75cc87aed26f7fe46215da81438c3a797e2179ed3da8e0b5ebdbb cvs-1.12.12-hash-nameclash.patch +181b5daa6e103218e3fc1629a0b5f74daad613cdbe530655eff32479e4b9f32d067e60a82107efdbb129f917ee0626d274fb65555c66d907c997bf01fa262bdb cvs-1.12.12-getdelim.patch +73c3506fa670b00ac52363efa2a2fa34203108d3dc112400e52f78eb7d83967cf49b11280d6c27a461f79a9c38317b41b26dd1f67d10229dbcb6c2ad9d43b521 cvs-1.12.12-rcs2log-coreutils.patch +4a58c0f94de8e19c2de1930b7e5e04816e79a86885c89b792616a4c43f6e12aef271005ae59ae0d5788a910ba97735ccdf35f0ef5faafc2e3c50a9858b8f6216 cvs-1.12.12-mktime-x32.patch +c4c9026e971f3da49cefce102b57bc681427a708ec8caa185df1234fd2a95090c8dc8cbf84374a762fdef7002d658cd4b52450429664cb3a1bfbda63d31c78a7 cvs-1.12.12-fix-massive-leak.patch +10b29450d5d0a6a02d92812b919edbba2b86f2217aa54896b44358edb2eb8d8d6111b5c5db39faa50ef1f9a86ed1ee190332629f33402ad8cd8082b77547f486 cvs-1.12.12-mktime-configure.patch +4f86f75f59caf4ef7e83964ec2d9c93575ccdcb031b1a6a1774a2a80ab7d6f278b3d27c4ab9270b91edf457a0195d702e3bd20da17c167b3f204fd9d8980b720 cvs-1.12.12-CVE-2012-0804.patch +34f16defa5ab03ca2efcdea27269a37e27510d235bc4efd7a91871c2ae32fe9b922a51f3b87bcfec988964f8ae50d4649d7876937e25352836d5274ce88eea13 cvs-1.12.12-format-security.patch +1c14b89dccee3130cc4ff881b7204f01dd8e14d1767e21d30b879df17a368a0f6bc7d3945872f8a6adcf47e34c3e48b9f2c0c0c90cccbf10fa935690a57f5e20 cvs-1.12.12-musl.patch +1daf3d26acabe5e1f46331595f95f62a3bc7ffd28dfb063cfc8c9eec3f13f67ad32ba236ea4ff5f3180a10996ac5c902473d4a34226f9706f3b008b0c55491ea CVE-2017-12836.patch" diff --git a/main/cvs/CVE-2017-12836.patch b/main/cvs/CVE-2017-12836.patch new file mode 100644 index 0000000000..b20a88b667 --- /dev/null +++ b/main/cvs/CVE-2017-12836.patch @@ -0,0 +1,38 @@ +Subject: [PATCH] Fix CVE-2017-12836 +From: Thorsten Glaser <tg@mirbsd.de> + +--- a/src/rsh-client.c ++++ b/src/rsh-client.c +@@ -53,9 +53,10 @@ + char *cvs_server = (root->cvs_server != NULL + ? root->cvs_server : getenv ("CVS_SERVER")); + int i = 0; +- /* This needs to fit "rsh", "-b", "-l", "USER", "host", +- "cmd (w/ args)", and NULL. We leave some room to grow. */ +- char *rsh_argv[10]; ++ /* This needs to fit "rsh", "-b", "-l", "USER", "-p", port, ++ "--", "host", "cvs", "-R", "server", and NULL. ++ We leave some room to grow. */ ++ char *rsh_argv[16]; + + if (!cvs_rsh) + /* People sometimes suggest or assume that this should default +@@ -97,6 +98,9 @@ + rsh_argv[i++] = root->username; + } + ++ /* Only non-option arguments from here. (CVE-2017-12836) */ ++ rsh_argv[i++] = "--"; ++ + rsh_argv[i++] = root->hostname; + rsh_argv[i++] = cvs_server; + rsh_argv[i++] = "server"; +@@ -171,6 +175,8 @@ + *p++ = root->username; + } + ++ *p++ = "--"; ++ + *p++ = root->hostname; + *p++ = command; + *p++ = NULL; diff --git a/main/cvs/cvs-1.12.12-CVE-2012-0804.patch b/main/cvs/cvs-1.12.12-CVE-2012-0804.patch new file mode 100644 index 0000000000..107c3ea122 --- /dev/null +++ b/main/cvs/cvs-1.12.12-CVE-2012-0804.patch @@ -0,0 +1,30 @@ +[CVE-2012-0804] Fix proxy response parser + +If proxy sends overlong HTTP vesion string, the string will be copied +to unallocatd space (write_buf) causing heap overflow. + +This patch fixes it by ignoring the HTTP version string and checking +the response line has been parsed correctly. + +See <https://bugzilla.redhat.com/show_bug.cgi?id=773699> for more +details. + +Index: src/client.c +=================================================================== +RCS file: /sources/cvs/ccvs/src/client.c,v +retrieving revision 1.483 +diff -u -r1.483 client.c +--- a/src/client.c 18 Nov 2008 22:59:02 -0000 1.483 ++++ b/src/client.c 26 Jan 2012 16:32:25 -0000 +@@ -4339,9 +4339,9 @@ + * code. + */ + read_line_via (from_server, to_server, &read_buf); +- sscanf (read_buf, "%s %d", write_buf, &codenum); ++ count = sscanf (read_buf, "%*s %d", &codenum); + +- if ((codenum / 100) != 2) ++ if (count != 1 || (codenum / 100) != 2) + error (1, 0, "proxy server %s:%d does not support http tunnelling", + root->proxy_hostname, proxy_port_number); + free (read_buf); diff --git a/main/cvs/cvs-1.12.12-block-requests.patch b/main/cvs/cvs-1.12.12-block-requests.patch new file mode 100644 index 0000000000..9c9b49db8f --- /dev/null +++ b/main/cvs/cvs-1.12.12-block-requests.patch @@ -0,0 +1,140 @@ +Author: Robin H. Johnson <robbat2@gentoo.org> +Date: 2006-08-09 + +This patch allows a CVS server to deny usage of specific commands, based on +input in the environment. + +Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want, +seperated by spaces. Eg: +CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents" +would block ALL usage of compression. + +Please see the array 'struct request requests[]' in src/server.c for a full +list of commands. + +Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients +may fail! (This includes 'ci'!). + +See the companion cvs-custom.c for a wrapper that can enforce the environment variable for pserver setups. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> + +diff -Nuar --exclude '*~' -U 10 cvs-1.12.12.orig/src/server.c cvs-1.12.12/src/server.c +--- cvs-1.12.12.orig/src/server.c 2005-04-14 14:13:29.000000000 +0000 ++++ cvs-1.12.12/src/server.c 2006-08-09 01:40:44.000000000 +0000 +@@ -5836,43 +5836,90 @@ + #undef REQ_LINE + }; + #endif /* SERVER_SUPPORT or CLIENT_SUPPORT */ + + + + #ifdef SERVER_SUPPORT + /* + * This server request is not ignored by the secondary. + */ ++ ++/* Hack by Robin H. Johnson <robbat2@gentoo.org>. ++ * Allow the server ENV to specify what request types are to be ignored. ++ */ ++ ++static char blocked_requests[BUFSIZ] = " "; ++ ++static void build_blocked_requests() { ++ char *tmp = getenv("CVS_BLOCK_REQUESTS"); ++ ++ if (tmp != NULL && strlen(tmp) > 0) { ++ // move to our custom buffer ++ strncat(blocked_requests, tmp, sizeof(blocked_requests)-strlen(blocked_requests)); ++ //add a space on the end as well for searching ++ strncat(blocked_requests, " ", sizeof(blocked_requests)-strlen(blocked_requests)); ++ } ++ ++ // now blocked_requests contains the list of every request that we do not ++ // want to serve ++} ++ ++// returns 0 if we should serve this request ++// use as if(checker(FOO)) continue; ++static int serve_valid_requests_checker(char *reqname) { ++ char needle[BUFSIZ] = " "; ++ char *tmp; ++ ++ if(!blocked_requests || strlen(blocked_requests) < 2) ++ return 0; ++ ++ // we want to look for ' 'reqname' ' ++ snprintf(needle, sizeof(needle), " %s ", reqname); ++ ++ // now do the search ++ tmp = strstr(blocked_requests, needle); ++ ++ if (tmp != NULL) ++ return 1; ++ ++ return 0; ++ ++} ++ + static void + serve_valid_requests (char *arg) + { + struct request *rq; + + /* Since this is processed in the first pass, don't reprocess it in the + * second. + * + * We still print errors since new errors could have been generated in the + * second pass. + */ + if (print_pending_error () + #ifdef PROXY_SUPPORT + || reprocessing + #endif /* PROXY_SUPPORT */ + ) + return; ++ ++ build_blocked_requests(); + + buf_output0 (buf_to_net, "Valid-requests"); + for (rq = requests; rq->name != NULL; rq++) + { + if (rq->func != NULL) + { ++ if(serve_valid_requests_checker(rq->name)) ++ continue; + buf_append_char (buf_to_net, ' '); + buf_output0 (buf_to_net, rq->name); + } + } + buf_output0 (buf_to_net, "\nok\n"); + + /* The client is waiting for the list of valid requests, so we + must send the output now. */ + buf_flush (buf_to_net, 1); + } +@@ -6353,20 +6400,24 @@ + cmd += len; + else if (cmd[len] == ' ') + cmd += len + 1; + else + /* + * The first len characters match, but it's a different + * command. e.g. the command is "cooperate" but we matched + * "co". + */ + continue; ++ // Ignore commands that we are supposed to ignore. ++ if(serve_valid_requests_checker(rq->name)) ++ continue; ++ + + if (!(rq->flags & RQ_ROOTLESS) + && current_parsed_root == NULL) + { + /* For commands which change the way in which data + is sent and received, for example Gzip-stream, + this does the wrong thing. Since the client + assumes that everything is being compressed, + unconditionally, there is no way to give this + error to the client without turning on diff --git a/main/cvs/cvs-1.12.12-cvsbug-tmpfix.patch b/main/cvs/cvs-1.12.12-cvsbug-tmpfix.patch new file mode 100644 index 0000000000..fcd4431e87 --- /dev/null +++ b/main/cvs/cvs-1.12.12-cvsbug-tmpfix.patch @@ -0,0 +1,22 @@ +Index: cvs-1.12.12/src/cvsbug.in +=================================================================== +--- cvs-1.12.12.orig/src/cvsbug.in ++++ cvs-1.12.12/src/cvsbug.in +@@ -109,14 +109,14 @@ elif [ -f /bin/domainname ]; then + /usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:" | + cut -f5 -d':' | sed -e 's/,.*//' > $TEMP + ORIGINATOR="`cat $TEMP`" +- rm -f $TEMP ++ > $TEMP + fi + fi + + if [ "$ORIGINATOR" = "" ]; then + grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP + ORIGINATOR="`cat $TEMP`" +- rm -f $TEMP ++ > $TEMP + fi + + if [ -n "$ORGANIZATION" ]; then + diff --git a/main/cvs/cvs-1.12.12-fix-massive-leak.patch b/main/cvs/cvs-1.12.12-fix-massive-leak.patch new file mode 100644 index 0000000000..5366f50855 --- /dev/null +++ b/main/cvs/cvs-1.12.12-fix-massive-leak.patch @@ -0,0 +1,52 @@ +buf_free_data must free data independently +of send or reseived bytes over network. + +Moreover, when buffer is usually freed +buffer _is_ empty, but has one clean mapped page. + +I've observed massive 'cvs server' leaks +when importing large gentoo-x86 repo with 'cvsps'. +Leak ate all my 32GBs of RAM and killed process. +(Leaked around 3 pages per client request). + +valgrind found the leak easily: + +$ valgrind \ + cvsps \ + --root :local:$HOME/portage/gentoo-x86.rsync \ + --fast-export \ + gentoo-x86/dev-vcs/git-annex 2>l | + git fast-import + + ==13504== 1,248 bytes in 52 blocks are still reachable in loss record 41 of 47 + ==13504== at 0x4C2C19B: malloc (vg_replace_malloc.c:270) + ==13504== by 0x48A556: xnmalloc_inline (xmalloc.c:40) + ==13504== by 0x48A5B5: xmalloc (xmalloc.c:56) + ==13504== by 0x4855F5: new_memnode (pagealign_alloc.c:91) + ==13504== by 0x48571B: pagealign_alloc (pagealign_alloc.c:151) + ==13504== by 0x485739: pagealign_xalloc (pagealign_alloc.c:182) + ==13504== by 0x408DD7: get_buffer_data (buffer.c:98) + ==13504== by 0x409C0C: buf_input_data (buffer.c:738) + ==13504== by 0x45BB63: do_cvs_command (server.c:3847) + ==13504== by 0x45D39E: serve_co (server.c:4809) + ==13504== by 0x45F845: server (server.c:6438) + ==13504== by 0x438784: main (main.c:1066) + +And now it takes constant space (less, than 18MB) +for 'cvs server' process to convert all gentoo-x86 +by serving more, than 5 000 000 client requests. + +Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> +diff --git a/src/buffer.c b/src/buffer.c +index 3f12513..9a7a559 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -526,7 +526,7 @@ buf_copy_data (struct buffer *buf, struct buffer_data *data, + void + buf_free_data (struct buffer *buffer) + { +- if (buf_empty_p (buffer)) return; ++ if (! buffer->data) return; + buf_free_datas (buffer->data, buffer->last); + buffer->data = buffer->last = NULL; + } diff --git a/main/cvs/cvs-1.12.12-format-security.patch b/main/cvs/cvs-1.12.12-format-security.patch new file mode 100644 index 0000000000..d710a90207 --- /dev/null +++ b/main/cvs/cvs-1.12.12-format-security.patch @@ -0,0 +1,22 @@ +--- a/diff/diff3.c ++++ b/diff/diff3.c +@@ -1503,7 +1503,7 @@ + line = 0; + do + { +- printf_output (line_prefix); ++ printf_output ("%s", line_prefix); + cp = D_RELNUM (ptr, realfile, line); + length = D_RELLEN (ptr, realfile, line); + write_output (cp, length); +--- a/src/main.c ++++ b/src/main.c +@@ -1375,7 +1375,7 @@ + { + (void) fprintf (stderr, *cpp++, program_name, cvs_cmd_name); + for (; *cpp; cpp++) +- (void) fprintf (stderr, *cpp); ++ (void) fprintf (stderr, "%s", *cpp); + exit (EXIT_FAILURE); + } + diff --git a/main/cvs/cvs-1.12.12-getdelim.patch b/main/cvs/cvs-1.12.12-getdelim.patch new file mode 100644 index 0000000000..837d4408ab --- /dev/null +++ b/main/cvs/cvs-1.12.12-getdelim.patch @@ -0,0 +1,21 @@ +The function getdelim() behaves slightly different on FreeBSD, +only appending to the *line buffer if line_size is 0. + +See: +https://savannah.nongnu.org/bugs/?29466 +http://bugs.gentoo.org/314791 + +Already comitted upstream: +http://cvs.savannah.gnu.org/viewvc/ccvs/src/myndbm.c?root=cvs&r1=1.38&r2=1.39 + +--- a/src/myndbm.c.orig ++++ b/src/myndbm.c +@@ -213,7 +213,7 @@ + mydbm_load_file (FILE *fp, List *list, char *filename) + { + char *line = NULL; +- size_t line_size; ++ size_t line_size = 0; + char *value; + size_t value_allocated; + char *cp, *vp; diff --git a/main/cvs/cvs-1.12.12-hash-nameclash.patch b/main/cvs/cvs-1.12.12-hash-nameclash.patch new file mode 100644 index 0000000000..95fd61e0a5 --- /dev/null +++ b/main/cvs/cvs-1.12.12-hash-nameclash.patch @@ -0,0 +1,42 @@ +http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/hash.h?r1=1.14.6.2&r2=1.14.6.3&pathrev=cvs1-11-x-branch +fixed in cvs-1.11.23, cvs-HEAD after cvs-1.12.13a + +--- a/src/hash.h.orig 2005-02-01 22:56:48 +0100 ++++ b/src/hash.h 2010-03-10 19:00:11 +0100 +@@ -27,26 +27,26 @@ + }; + typedef enum ntype Ntype; + +-struct node ++struct hashnode + { + Ntype type; +- struct node *next; +- struct node *prev; +- struct node *hashnext; +- struct node *hashprev; ++ struct hashnode *next; ++ struct hashnode *prev; ++ struct hashnode *hashnext; ++ struct hashnode *hashprev; + char *key; + void *data; +- void (*delproc) (struct node *); ++ void (*delproc) (struct hashnode *); + }; +-typedef struct node Node; ++typedef struct hashnode Node; + +-struct list ++struct hashlist + { + Node *list; + Node *hasharray[HASHSIZE]; +- struct list *next; ++ struct hashlist *next; + }; +-typedef struct list List; ++typedef struct hashlist List; + + List *getlist (void); + Node *findnode (List * list, const char *key); diff --git a/main/cvs/cvs-1.12.12-install-sh.patch b/main/cvs/cvs-1.12.12-install-sh.patch new file mode 100644 index 0000000000..825c0ee6f1 --- /dev/null +++ b/main/cvs/cvs-1.12.12-install-sh.patch @@ -0,0 +1,12 @@ +diff -ur a/build-aux/install-sh b/build-aux/install-sh +--- a/build-aux/install-sh 2006-03-25 20:04:46 +0000 ++++ b/build-aux/install-sh 2007-09-14 10:53:29 +0100 +@@ -246,7 +246,7 @@ + fi + + if test -n "$dir_arg"; then +- $doit $mkdircmd "$dst" \ ++ { test -d "$dst" || $doit $mkdircmd -p "$dst"; } \ + && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \ + && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \ + && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \ diff --git a/main/cvs/cvs-1.12.12-mktime-configure.patch b/main/cvs/cvs-1.12.12-mktime-configure.patch new file mode 100644 index 0000000000..03d7f35601 --- /dev/null +++ b/main/cvs/cvs-1.12.12-mktime-configure.patch @@ -0,0 +1,201 @@ +https://bugs.gentoo.org/220040 +https://bugs.gentoo.org/570208 + +update mktime check to latest autoconf version which is less buggy + +--- a/configure ++++ b/configure +@@ -5299,26 +6059,25 @@ + cat >>conftest.$ac_ext <<_ACEOF + /* end confdefs.h. */ + /* Test program from Paul Eggert and Tony Leneis. */ +-#if TIME_WITH_SYS_TIME ++#ifdef TIME_WITH_SYS_TIME + # include <sys/time.h> + # include <time.h> + #else +-# if HAVE_SYS_TIME_H ++# ifdef HAVE_SYS_TIME_H + # include <sys/time.h> + # else + # include <time.h> + # endif + #endif + +-#if HAVE_STDLIB_H +-# include <stdlib.h> +-#endif ++#include <limits.h> ++#include <stdlib.h> + +-#if HAVE_UNISTD_H ++#ifdef HAVE_UNISTD_H + # include <unistd.h> + #endif + +-#if !HAVE_ALARM ++#ifndef HAVE_ALARM + # define alarm(X) /* empty */ + #endif + +@@ -5335,9 +6094,9 @@ + }; + #define N_STRINGS (sizeof (tz_strings) / sizeof (tz_strings[0])) + +-/* Fail if mktime fails to convert a date in the spring-forward gap. ++/* Return 0 if mktime fails to convert a date in the spring-forward gap. + Based on a problem report from Andreas Jaeger. */ +-static void ++static int + spring_forward_gap () + { + /* glibc (up to about 1998-10-07) failed this test. */ +@@ -5356,29 +6115,27 @@ + tm.tm_min = 0; + tm.tm_sec = 0; + tm.tm_isdst = -1; +- if (mktime (&tm) == (time_t)-1) +- exit (1); ++ return mktime (&tm) != (time_t) -1; + } + +-static void ++static int + mktime_test1 (now) + time_t now; + { + struct tm *lt; +- if ((lt = localtime (&now)) && mktime (lt) != now) +- exit (1); ++ return ! (lt = localtime (&now)) || mktime (lt) == now; + } + +-static void ++static int + mktime_test (now) + time_t now; + { +- mktime_test1 (now); +- mktime_test1 ((time_t) (time_t_max - now)); +- mktime_test1 ((time_t) (time_t_min + now)); ++ return (mktime_test1 (now) ++ && mktime_test1 ((time_t) (time_t_max - now)) ++ && mktime_test1 ((time_t) (time_t_min + now))); + } + +-static void ++static int + irix_6_4_bug () + { + /* Based on code from Ariel Faigon. */ +@@ -5391,11 +6148,10 @@ + tm.tm_sec = 0; + tm.tm_isdst = -1; + mktime (&tm); +- if (tm.tm_mon != 2 || tm.tm_mday != 31) +- exit (1); ++ return tm.tm_mon == 2 && tm.tm_mday == 31; + } + +-static void ++static int + bigtime_test (j) + int j; + { +@@ -5417,8 +6173,39 @@ + && lt->tm_wday == tm.tm_wday + && ((lt->tm_isdst < 0 ? -1 : 0 < lt->tm_isdst) + == (tm.tm_isdst < 0 ? -1 : 0 < tm.tm_isdst)))) +- exit (1); ++ return 0; + } ++ return 1; ++} ++ ++static int ++year_2050_test () ++{ ++ /* The correct answer for 2050-02-01 00:00:00 in Pacific time, ++ ignoring leap seconds. */ ++ unsigned long int answer = 2527315200UL; ++ ++ struct tm tm; ++ time_t t; ++ tm.tm_year = 2050 - 1900; ++ tm.tm_mon = 2 - 1; ++ tm.tm_mday = 1; ++ tm.tm_hour = tm.tm_min = tm.tm_sec = 0; ++ tm.tm_isdst = -1; ++ ++ /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0" ++ instead of "TZ=America/Vancouver" in order to detect the bug even ++ on systems that don't support the Olson extension, or don't have the ++ full zoneinfo tables installed. */ ++ putenv ("TZ=PST8PDT,M4.1.0,M10.5.0"); ++ ++ t = mktime (&tm); ++ ++ /* Check that the result is either a failure, or close enough ++ to the correct answer that we can assume the discrepancy is ++ due to leap seconds. */ ++ return (t == (time_t) -1 ++ || (0 < t && answer - 120 <= t && t <= answer + 120)); + } + + int +@@ -5432,12 +6219,15 @@ + isn't worth using anyway. */ + alarm (60); + +- for (time_t_max = 1; 0 < time_t_max; time_t_max *= 2) +- continue; +- time_t_max--; +- if ((time_t) -1 < 0) +- for (time_t_min = -1; (time_t) (time_t_min * 2) < 0; time_t_min *= 2) +- continue; ++ for (;;) ++ { ++ t = (time_t_max << 1) + 1; ++ if (t <= time_t_max) ++ break; ++ time_t_max = t; ++ } ++ time_t_min = - ((time_t) ~ (time_t) 0 == (time_t) -1) - time_t_max; ++ + delta = time_t_max / 997; /* a suitable prime number */ + for (i = 0; i < N_STRINGS; i++) + { +@@ -5445,18 +6235,22 @@ + putenv (tz_strings[i]); + + for (t = 0; t <= time_t_max - delta; t += delta) +- mktime_test (t); +- mktime_test ((time_t) 1); +- mktime_test ((time_t) (60 * 60)); +- mktime_test ((time_t) (60 * 60 * 24)); +- +- for (j = 1; 0 < j; j *= 2) +- bigtime_test (j); +- bigtime_test (j - 1); ++ if (! mktime_test (t)) ++ return 1; ++ if (! (mktime_test ((time_t) 1) ++ && mktime_test ((time_t) (60 * 60)) ++ && mktime_test ((time_t) (60 * 60 * 24)))) ++ return 1; ++ ++ for (j = 1; ; j <<= 1) ++ if (! bigtime_test (j)) ++ return 1; ++ else if (INT_MAX / 2 < j) ++ break; ++ if (! bigtime_test (INT_MAX)) ++ return 1; + } +- irix_6_4_bug (); +- spring_forward_gap (); +- exit (0); ++ return ! (irix_6_4_bug () && spring_forward_gap () && year_2050_test ()); + } + _ACEOF + rm -f conftest$ac_exeext diff --git a/main/cvs/cvs-1.12.12-mktime-x32.patch b/main/cvs/cvs-1.12.12-mktime-x32.patch new file mode 100644 index 0000000000..948fa4d714 --- /dev/null +++ b/main/cvs/cvs-1.12.12-mktime-x32.patch @@ -0,0 +1,29 @@ +back port changes from upstream gnulib to make this work on x32 + +https://bugs.gentoo.org/395641 + +--- cvs-1.12.12/lib/mktime.c ++++ cvs-1.12.12/lib/mktime.c +@@ -115,6 +115,13 @@ + #define TM_YEAR_BASE 1900 + verify (base_year_is_a_multiple_of_100, TM_YEAR_BASE % 100 == 0); + ++#if INT_MAX <= LONG_MAX / 2 ++typedef long int long_int; ++#else ++typedef long long int long_int; ++#endif ++verify (long_int_is_wide_enough, INT_MAX == INT_MAX * (long_int) 2 / 2); ++ + /* Return 1 if YEAR + TM_YEAR_BASE is a leap year. */ + static inline int + leapyear (long int year) +@@ -167,8 +174,6 @@ + int year0, int yday0, int hour0, int min0, int sec0) + { + verify (C99_integer_division, -1 / 2 == 0); +- verify (long_int_year_and_yday_are_wide_enough, +- INT_MAX <= LONG_MAX / 2 || TIME_T_MAX <= UINT_MAX); + + /* Compute intervening leap days correctly even if year is negative. + Take care to avoid integer overflow here. */ diff --git a/main/cvs/cvs-1.12.12-musl.patch b/main/cvs/cvs-1.12.12-musl.patch new file mode 100644 index 0000000000..e426cf55fc --- /dev/null +++ b/main/cvs/cvs-1.12.12-musl.patch @@ -0,0 +1,13 @@ +http://gcc.gnu.org/ml/gcc/2003-04/msg00518.html + +--- a/lib/regex.c ++++ b/lib/regex.c +@@ -8184,7 +8184,7 @@ + if (msg_size > errbuf_size) + { + #if defined HAVE_MEMPCPY || defined _LIBC +- *((char *) __mempcpy (errbuf, msg, errbuf_size - 1)) = '\0'; ++ *((char *) mempcpy (errbuf, msg, errbuf_size - 1)) = '\0'; + #else + memcpy (errbuf, msg, errbuf_size - 1); + errbuf[errbuf_size - 1] = 0; diff --git a/main/cvs/cvs-1.12.12-openat.patch b/main/cvs/cvs-1.12.12-openat.patch new file mode 100644 index 0000000000..fdb406a45e --- /dev/null +++ b/main/cvs/cvs-1.12.12-openat.patch @@ -0,0 +1,21 @@ +Index: cvs-1.12.12/lib/openat.c +=================================================================== +--- cvs-1.12.12.orig/lib/openat.c ++++ cvs-1.12.12/lib/openat.c +@@ -55,9 +55,13 @@ rpl_openat (int fd, char const *filename + va_list arg; + va_start (arg, flags); + +- /* Assume that mode_t is passed compatibly with mode_t's type +- after argument promotion. */ +- mode = va_arg (arg, mode_t); ++ /* If mode_t is narrower than int, use the promoted type (int), ++ not mode_t. Use sizeof to guess whether mode_t is nerrower; ++ we don't know of any practical counterexamples. */ ++ if (sizeof (mode_t) < sizeof (int)) ++ mode = va_arg (arg, int); ++ else ++ mode = va_arg (arg, mode_t); + + va_end (arg); + } diff --git a/main/cvs/cvs-1.12.12-rcs2log-coreutils.patch b/main/cvs/cvs-1.12.12-rcs2log-coreutils.patch new file mode 100644 index 0000000000..7dda3f0f17 --- /dev/null +++ b/main/cvs/cvs-1.12.12-rcs2log-coreutils.patch @@ -0,0 +1,14 @@ +X-Gentoo-bug: 144114 + +diff -Nuar cvs-1.12.12.orig/contrib/rcs2log.sh cvs-1.12.12/contrib/rcs2log.sh +--- cvs-1.12.12.orig/contrib/rcs2log.sh 2003-02-25 21:32:51.000000000 +0000 ++++ cvs-1.12.12/contrib/rcs2log.sh 2010-12-06 21:14:33.831532212 +0000 +@@ -620,7 +620,7 @@ + # Sort the log entries, first by date+time (in reverse order), + # then by author, then by log entry, and finally by file name and revision + # (just in case). +-sort -t"$SOH" +2 -4r +4 +0 | ++sort -t"$SOH" -k 3,4r -k 5 -k 1,2 | + + # Finally, reformat the sorted log entries. + $AWK -F"$SOH" ' diff --git a/main/cvs/cvs-musl.patch b/main/cvs/cvs-musl.patch deleted file mode 100644 index 313377dbdd..0000000000 --- a/main/cvs/cvs-musl.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- cvs-1.11.23.org/lib/getline.h 2013-09-16 18:28:13.026099577 +0000 -+++ cvs-1.11.23/lib/getline.h 2013-09-16 18:44:33.356064387 +0000 -@@ -12,8 +12,6 @@ - #define GETLINE_NO_LIMIT -1 - - int -- getline __PROTO ((char **_lineptr, size_t *_n, FILE *_stream)); --int - getline_safe __PROTO ((char **_lineptr, size_t *_n, FILE *_stream, - int limit)); - int ---- cvs-1.11.23.org/lib/getline.c 2013-09-16 18:28:13.021099577 +0000 -+++ cvs-1.11.23/lib/getline.c 2013-09-16 18:45:14.463062911 +0000 -@@ -154,12 +154,7 @@ - return ret; - } - --int --getline (lineptr, n, stream) -- char **lineptr; -- size_t *n; -- FILE *stream; --{ -+ssize_t getline(char ** lineptr, size_t * n, FILE *stream) { - return getstr (lineptr, n, stream, '\n', 0, GETLINE_NO_LIMIT); - } - |