================================ cvs:source=1.12.12-1 cvc rdiff cvs -1 /weasel.rpath.org@wgl:3-devel/1.12.12-1 ================================ 1.12.12-1 Filip Brcic (brcha@xxxxxxx) Sun Jan 31 13:33:07 2010 cvs 1.12.12 cvs-1.12.12-install-sh.patch: new --- /dev/null +++ cvs-1.12.12-install-sh.patch @@ -0,0 +12 @@ +diff -ur a/build-aux/install-sh b/build-aux/install-sh +--- a/build-aux/install-sh 2006-03-25 20:04:46 +0000 ++++ b/build-aux/install-sh 2007-09-14 10:53:29 +0100 +@@ -246,7 +246,7 @@ + fi + + if test -n "$dir_arg"; then +- $doit $mkdircmd "$dst" \ ++ { test -d "$dst" || $doit $mkdircmd -p "$dst"; } \ + && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \ + && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \ + && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \ cederqvist-1.12.12.html.tar.bz2: new cvs-1.12.12-cvsbug-tmpfix.patch: new --- /dev/null +++ cvs-1.12.12-cvsbug-tmpfix.patch @@ -0,0 +22 @@ +Index: cvs-1.12.12/src/cvsbug.in +=================================================================== +--- cvs-1.12.12.orig/src/cvsbug.in ++++ cvs-1.12.12/src/cvsbug.in +@@ -109,14 +109,14 @@ elif [ -f /bin/domainname ]; then + /usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:" | + cut -f5 -d':' | sed -e 's/,.*//' > $TEMP + ORIGINATOR="`cat $TEMP`" +- rm -f $TEMP ++ > $TEMP + fi + fi + + if [ "$ORIGINATOR" = "" ]; then + grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP + ORIGINATOR="`cat $TEMP`" +- rm -f $TEMP ++ > $TEMP + fi + + if [ -n "$ORGANIZATION" ]; then + cvs.pam-include-1.12.12: new --- /dev/null +++ cvs.pam-include-1.12.12 @@ -0,0 +4 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +session include system-auth cvs.recipe: new --- /dev/null +++ cvs.recipe @@ -0,0 +72 @@ +# +# Copyright (c) 2010 Filip Brcic <brcha@xxxxxxxxxxxx> +# Distributed under the terms of the GNU General Public License v3 +# + +class Cvs(AutoPackageRecipe): + name = 'cvs' + version = '1.12.12' + + buildRequires = [ + 'e2fsprogs:devel', 'gettext:runtime', 'ghostscript:runtime', + 'groff:runtime', 'install-info:runtime', 'krb5:devel', + 'pam:devel', 'perl:devel', 'texinfo:runtime', 'vim:runtime', + 'zlib:devel', + ] + + shortDesc = 'Concurrent Versions System' + longDesc = 'Concurrent Versions System - source code revision control tools' + url = 'http://www.nongnu.org/cvs/' + licenses = [ 'GPL-2', 'LGPL-2' ] + categories = [ 'Development/Utilities' ] + + def unpack(r): + r.addArchive('mirror://gnu/non-gnu/cvs/source/feature/%(version)s/') + r.addArchive('mirror://gnu/non-gnu/cvs/source/feature/%(version)s/' + 'cederqvist-%(version)s.html.tar.bz2') + r.addSource('mirror://gnu/non-gnu/cvs/source/feature/%(version)s/' + 'cederqvist-%(version)s.pdf') + r.addSource('mirror://gnu/non-gnu/cvs/source/feature/%(version)s/' + 'cederqvist-%(version)s.ps') + + r.addPatch('cvs-1.12.12-cvsbug-tmpfix.patch') + r.addPatch('cvs-1.12.12-openat.patch') + r.addPatch('cvs-1.12.12-block-requests.patch') + r.addPatch('cvs-1.12.12-cvs-gnulib-vasnprintf.patch') + r.addPatch('cvs-1.12.12-install-sh.patch') + + def configure(r): + r.Configure( + ' --with-external-zlib' + ' --with-tmpdir=/tmp' + ' --enable-encryption' + ' --with-gssapi' + ' --enable-nls' + ' --enable-pam' + ' --enable-server' + ) + + def policy(r): + r.addSource('cvspserver.xinetd.d', + dest='%(sysconfdir)s/xinetd.d/cvspserver') + + r.Doc('BUGS', 'ChangeLog*', 'DEVEL*', 'FAQ', 'HACKING', + 'MINOR*', 'NEWS', 'PROJECTS', 'README*', 'TESTS', + 'TODO') + + # it clobbers normal C indentation, don't install if it to emacs site-lisp + r.Doc('cvs-format.el') + + r.addSource('cvs-1.12.12-cvs-custom.c', + dest='%(thisdocdir)s/cvs-custom.c') + + r.Doc('cederqvist-%(version)s.pdf') + r.Doc('cederqvist-%(version)s.ps') + r.Doc('../cederqvist-%(version)s.html/*', dir='html') + r.Symlink('%(thisdocdir)s/html/cvs.html', + '%(thisdocdir)s/html/index.html') + + r.addSource('cvs.pam-include-1.12.12', + dest='%(sysconfdir)s/pam.d/cvs') + + r.BadInterpreterPaths(exceptions='%(datadir)s/cvs/contrib/sccs2rcs') cederqvist-1.12.12.ps: new cederqvist-1.12.12.pdf: new cvs-1.12.12-cvs-custom.c: new --- /dev/null +++ cvs-1.12.12-cvs-custom.c @@ -0,0 +58 @@ +/* +Author: Robin H. Johnson <robbat2@xxxxxxxxxx> +Date: 2006-08-09 + +This patch allows a CVS server to deny usage of specific commands, based on +input in the environment. + +Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want, +seperated by spaces. Eg: +CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents" +would block ALL usage of compression. + +Please see the array 'struct request requests[]' in src/server.c for a full +list of commands. + +Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients +may fail! (This includes 'ci'!). + +See the companion cvs-custom.c for a wrapper that can enforce the environment variable for pserver setups. + +Signed-off-by: Robin H. Johnson <robbat2@xxxxxxxxxx> +*/ + +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> +#include <malloc.h> + + +#define REAL_CVS "/bin/cvs" +#define CVS_TMPDIR "/tmp" +#define CMDS_BLOCKED " Gzip-stream gzip-file-contents Kerberos-encrypt Gssapi-encrypt Gssapi-authenticate add remove admin import init history watch-on watch-off watch-add watch-remove watchers editors edit version tag rtag " + +int main(int argc, char* argv[]) { + char** newargv; + int newargc, offset; + int i; + // 0 for argv[0] we must copy + offset = 0+0; + // +1 for trailing NULL + newargc = argc+offset+1; + newargv = (char**) malloc(newargc*sizeof(char*)); + newargv[0] = "cvs"; + //newargv[1] = "-T"; + //newargv[2] = CVS_TMPDIR; + //newargv[3] = "-R"; + for(i=1;i<argc;i++) { + newargv[i+offset] = argv[i]; + } + newargv[newargc-1] = NULL; + setenv("CVS_BLOCK_REQUESTS",CMDS_BLOCKED ,1); + //for(i =0;i<newargc;i++) { + // printf("[%d]='%s'\n",i,newargv[i] != NULL ? newargv[i] : "NULL"); + //} + execv(REAL_CVS,newargv); + free(newargv); + return 0; +} cvs-1.12.12-cvs-gnulib-vasnprintf.patch: new --- /dev/null +++ cvs-1.12.12-cvs-gnulib-vasnprintf.patch @@ -0,0 +34 @@ +http://bugs.gentoo.org/213833 + +commit 913c09becd9df89dbd9b9f386e7f35c240d5efe8 +Author: Bruno Haible <bruno@xxxxxxxxx> +Date: Fri Oct 19 01:50:42 2007 +0200 + + Don't use %n on glibc >= 2.3 systems. + +diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c +index f563823..5d818aa 100644 +--- a/lib/vasnprintf.c ++++ b/lib/vasnprintf.c +@@ -3385,9 +3385,21 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp, + #endif + *p = dp->conversion; + #if USE_SNPRINTF ++# if !(__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)) + p[1] = '%'; + p[2] = 'n'; + p[3] = '\0'; ++# else ++ /* On glibc2 systems from glibc >= 2.3 - probably also older ++ ones - we know that snprintf's returns value conforms to ++ ISO C 99: the gl_SNPRINTF_DIRECTIVE_N test passes. ++ Therefore we can avoid using %n in this situation. ++ On glibc2 systems from 2004-10-18 or newer, the use of %n ++ in format strings in writable memory may crash the program ++ (if compiled with _FORTIFY_SOURCE=2), so we should avoid it ++ in this situation. */ ++ p[1] = '\0'; ++# endif + #else + p[1] = '\0'; + #endif cvs-1.12.12-openat.patch: new --- /dev/null +++ cvs-1.12.12-openat.patch @@ -0,0 +21 @@ +Index: cvs-1.12.12/lib/openat.c +=================================================================== +--- cvs-1.12.12.orig/lib/openat.c ++++ cvs-1.12.12/lib/openat.c +@@ -55,9 +55,13 @@ rpl_openat (int fd, char const *filename + va_list arg; + va_start (arg, flags); + +- /* Assume that mode_t is passed compatibly with mode_t's type +- after argument promotion. */ +- mode = va_arg (arg, mode_t); ++ /* If mode_t is narrower than int, use the promoted type (int), ++ not mode_t. Use sizeof to guess whether mode_t is nerrower; ++ we don't know of any practical counterexamples. */ ++ if (sizeof (mode_t) < sizeof (int)) ++ mode = va_arg (arg, int); ++ else ++ mode = va_arg (arg, mode_t); + + va_end (arg); + } cvspserver.xinetd.d: new --- /dev/null +++ cvspserver.xinetd.d @@ -0,0 +14 @@ +service cvspserver +{ + disable = yes + socket_type = stream + wait = no + user = root + log_type = FILE /var/log/cvspserver + protocol = tcp + env = HOME=/var/cvsroot + log_on_failure += USERID + port = 2401 + server = /usr/bin/cvs + server_args = -f --allow-root=/var/cvsroot pserver +} cvs-1.12.12.tar.bz2: new cvs-1.12.12-block-requests.patch: new --- /dev/null +++ cvs-1.12.12-block-requests.patch @@ -0,0 +140 @@ +Author: Robin H. Johnson <robbat2@xxxxxxxxxx> +Date: 2006-08-09 + +This patch allows a CVS server to deny usage of specific commands, based on +input in the environment. + +Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want, +seperated by spaces. Eg: +CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents" +would block ALL usage of compression. + +Please see the array 'struct request requests[]' in src/server.c for a full +list of commands. + +Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients +may fail! (This includes 'ci'!). + +See the companion cvs-custom.c for a wrapper that can enforce the environment variable for pserver setups. + +Signed-off-by: Robin H. Johnson <robbat2@xxxxxxxxxx> + +diff -Nuar --exclude '*~' -U 10 cvs-1.12.12.orig/src/server.c cvs-1.12.12/src/server.c +--- cvs-1.12.12.orig/src/server.c 2005-04-14 14:13:29.000000000 +0000 ++++ cvs-1.12.12/src/server.c 2006-08-09 01:40:44.000000000 +0000 +@@ -5836,43 +5836,90 @@ + #undef REQ_LINE + }; + #endif /* SERVER_SUPPORT or CLIENT_SUPPORT */ + + + + #ifdef SERVER_SUPPORT + /* + * This server request is not ignored by the secondary. + */ ++ ++/* Hack by Robin H. Johnson <robbat2@xxxxxxxxxx>. ++ * Allow the server ENV to specify what request types are to be ignored. ++ */ ++ ++static char blocked_requests[BUFSIZ] = " "; ++ ++static void build_blocked_requests() { ++ char *tmp = getenv("CVS_BLOCK_REQUESTS"); ++ ++ if (tmp != NULL && strlen(tmp) > 0) { ++ // move to our custom buffer ++ strncat(blocked_requests, tmp, sizeof(blocked_requests)-strlen(blocked_requests)); ++ //add a space on the end as well for searching ++ strncat(blocked_requests, " ", sizeof(blocked_requests)-strlen(blocked_requests)); ++ } ++ ++ // now blocked_requests contains the list of every request that we do not ++ // want to serve ++} ++ ++// returns 0 if we should serve this request ++// use as if(checker(FOO)) continue; ++static int serve_valid_requests_checker(char *reqname) { ++ char needle[BUFSIZ] = " "; ++ char *tmp; ++ ++ if(!blocked_requests || strlen(blocked_requests) < 2) ++ return 0; ++ ++ // we want to look for ' 'reqname' ' ++ snprintf(needle, sizeof(needle), " %s ", reqname); ++ ++ // now do the search ++ tmp = strstr(blocked_requests, needle); ++ ++ if (tmp != NULL) ++ return 1; ++ ++ return 0; ++ ++} ++ + static void + serve_valid_requests (char *arg) + { + struct request *rq; + + /* Since this is processed in the first pass, don't reprocess it in the + * second. + * + * We still print errors since new errors could have been generated in the + * second pass. + */ + if (print_pending_error () + #ifdef PROXY_SUPPORT + || reprocessing + #endif /* PROXY_SUPPORT */ + ) + return; ++ ++ build_blocked_requests(); + + buf_output0 (buf_to_net, "Valid-requests"); + for (rq = requests; rq->name != NULL; rq++) + { + if (rq->func != NULL) + { ++ if(serve_valid_requests_checker(rq->name)) ++ continue; + buf_append_char (buf_to_net, ' '); + buf_output0 (buf_to_net, rq->name); + } + } + buf_output0 (buf_to_net, "\nok\n"); + + /* The client is waiting for the list of valid requests, so we + must send the output now. */ + buf_flush (buf_to_net, 1); + } +@@ -6353,20 +6400,24 @@ + cmd += len; + else if (cmd[len] == ' ') + cmd += len + 1; + else + /* + * The first len characters match, but it's a different + * command. e.g. the command is "cooperate" but we matched + * "co". + */ + continue; ++ // Ignore commands that we are supposed to ignore. ++ if(serve_valid_requests_checker(rq->name)) ++ continue; ++ + + if (!(rq->flags & RQ_ROOTLESS) + && current_parsed_root == NULL) + { + /* For commands which change the way in which data + is sent and received, for example Gzip-stream, + this does the wrong thing. Since the client + assumes that everything is being compressed, + unconditionally, there is no way to give this + error to the client without turning on Committed by: brcha