diff options
author | TBK <tbk@jjtc.eu> | 2020-02-25 21:49:05 +0100 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-02-25 20:16:04 -0300 |
commit | 8cdd93154aeb43702a196270e3818bf2466c3e0c (patch) | |
tree | 6ae5f29a342825d634afec4ecdb6d6de301e37a7 /main/cvs/cvs-1.12.12-openat.patch | |
parent | bf0db593e8e6a00eadd5975a64209eb2e9ec5da6 (diff) | |
download | aports-8cdd93154aeb43702a196270e3818bf2466c3e0c.tar.bz2 aports-8cdd93154aeb43702a196270e3818bf2466c3e0c.tar.xz |
main/cvs: security upgrade to 1.12.12
Most distros uses 1.12.13 (https://repology.org/project/cvs/versions) but according to Gentoo it is usable, so following Gentoo (https://bugs.gentoo.org/124733) 1.12.12 is the way forward.
CVEs:
* CVE-2010-3846 - https://bugzilla.redhat.com/show_bug.cgi?id=642146
* CVE-2012-0804 - https://security-tracker.debian.org/tracker/CVE-2012-0804
* CVE-2017-12836 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810#10
Diffstat (limited to 'main/cvs/cvs-1.12.12-openat.patch')
-rw-r--r-- | main/cvs/cvs-1.12.12-openat.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/main/cvs/cvs-1.12.12-openat.patch b/main/cvs/cvs-1.12.12-openat.patch new file mode 100644 index 0000000000..fdb406a45e --- /dev/null +++ b/main/cvs/cvs-1.12.12-openat.patch @@ -0,0 +1,21 @@ +Index: cvs-1.12.12/lib/openat.c +=================================================================== +--- cvs-1.12.12.orig/lib/openat.c ++++ cvs-1.12.12/lib/openat.c +@@ -55,9 +55,13 @@ rpl_openat (int fd, char const *filename + va_list arg; + va_start (arg, flags); + +- /* Assume that mode_t is passed compatibly with mode_t's type +- after argument promotion. */ +- mode = va_arg (arg, mode_t); ++ /* If mode_t is narrower than int, use the promoted type (int), ++ not mode_t. Use sizeof to guess whether mode_t is nerrower; ++ we don't know of any practical counterexamples. */ ++ if (sizeof (mode_t) < sizeof (int)) ++ mode = va_arg (arg, int); ++ else ++ mode = va_arg (arg, mode_t); + + va_end (arg); + } |