[weasel-commit] Source: cvs=1.12.12-1
- From: rbuilder@xxxxxxxxx
- To: weasel-commit@xxxxxxxxxxxxx
- Date: Sun, 31 Jan 2010 13:33:17 -0500
================================
cvs:source=1.12.12-1
cvc rdiff cvs -1 /weasel.rpath.org@wgl:3-devel/1.12.12-1
================================
1.12.12-1 Filip Brcic (brcha@xxxxxxx) Sun Jan 31 13:33:07 2010
cvs 1.12.12
cvs-1.12.12-install-sh.patch: new
--- /dev/null
+++ cvs-1.12.12-install-sh.patch
@@ -0,0 +12 @@
+diff -ur a/build-aux/install-sh b/build-aux/install-sh
+--- a/build-aux/install-sh 2006-03-25 20:04:46 +0000
++++ b/build-aux/install-sh 2007-09-14 10:53:29 +0100
+@@ -246,7 +246,7 @@
+ fi
+
+ if test -n "$dir_arg"; then
+- $doit $mkdircmd "$dst" \
++ { test -d "$dst" || $doit $mkdircmd -p "$dst"; } \
+ && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \
+ && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \
+ && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \
cederqvist-1.12.12.html.tar.bz2: new
cvs-1.12.12-cvsbug-tmpfix.patch: new
--- /dev/null
+++ cvs-1.12.12-cvsbug-tmpfix.patch
@@ -0,0 +22 @@
+Index: cvs-1.12.12/src/cvsbug.in
+===================================================================
+--- cvs-1.12.12.orig/src/cvsbug.in
++++ cvs-1.12.12/src/cvsbug.in
+@@ -109,14 +109,14 @@ elif [ -f /bin/domainname ]; then
+ /usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:"
|
+ cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
+ ORIGINATOR="`cat $TEMP`"
+- rm -f $TEMP
++ > $TEMP
+ fi
+ fi
+
+ if [ "$ORIGINATOR" = "" ]; then
+ grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
+ ORIGINATOR="`cat $TEMP`"
+- rm -f $TEMP
++ > $TEMP
+ fi
+
+ if [ -n "$ORGANIZATION" ]; then
+
cvs.pam-include-1.12.12: new
--- /dev/null
+++ cvs.pam-include-1.12.12
@@ -0,0 +4 @@
+#%PAM-1.0
+auth include system-auth
+account include system-auth
+session include system-auth
cvs.recipe: new
--- /dev/null
+++ cvs.recipe
@@ -0,0 +72 @@
+#
+# Copyright (c) 2010 Filip Brcic <brcha@xxxxxxxxxxxx>
+# Distributed under the terms of the GNU General Public License v3
+#
+
+class Cvs(AutoPackageRecipe):
+ name = 'cvs'
+ version = '1.12.12'
+
+ buildRequires = [
+ 'e2fsprogs:devel', 'gettext:runtime', 'ghostscript:runtime',
+ 'groff:runtime', 'install-info:runtime', 'krb5:devel',
+ 'pam:devel', 'perl:devel', 'texinfo:runtime', 'vim:runtime',
+ 'zlib:devel',
+ ]
+
+ shortDesc = 'Concurrent Versions System'
+ longDesc = 'Concurrent Versions System - source code revision control
tools'
+ url = 'http://www.nongnu.org/cvs/'
+ licenses = [ 'GPL-2', 'LGPL-2' ]
+ categories = [ 'Development/Utilities' ]
+
+ def unpack(r):
+ r.addArchive('mirror://gnu/non-gnu/cvs/source/feature/%(version)s/')
+ r.addArchive('mirror://gnu/non-gnu/cvs/source/feature/%(version)s/'
+ 'cederqvist-%(version)s.html.tar.bz2')
+ r.addSource('mirror://gnu/non-gnu/cvs/source/feature/%(version)s/'
+ 'cederqvist-%(version)s.pdf')
+ r.addSource('mirror://gnu/non-gnu/cvs/source/feature/%(version)s/'
+ 'cederqvist-%(version)s.ps')
+
+ r.addPatch('cvs-1.12.12-cvsbug-tmpfix.patch')
+ r.addPatch('cvs-1.12.12-openat.patch')
+ r.addPatch('cvs-1.12.12-block-requests.patch')
+ r.addPatch('cvs-1.12.12-cvs-gnulib-vasnprintf.patch')
+ r.addPatch('cvs-1.12.12-install-sh.patch')
+
+ def configure(r):
+ r.Configure(
+ ' --with-external-zlib'
+ ' --with-tmpdir=/tmp'
+ ' --enable-encryption'
+ ' --with-gssapi'
+ ' --enable-nls'
+ ' --enable-pam'
+ ' --enable-server'
+ )
+
+ def policy(r):
+ r.addSource('cvspserver.xinetd.d',
+ dest='%(sysconfdir)s/xinetd.d/cvspserver')
+
+ r.Doc('BUGS', 'ChangeLog*', 'DEVEL*', 'FAQ', 'HACKING',
+ 'MINOR*', 'NEWS', 'PROJECTS', 'README*', 'TESTS',
+ 'TODO')
+
+ # it clobbers normal C indentation, don't install if it to emacs
site-lisp
+ r.Doc('cvs-format.el')
+
+ r.addSource('cvs-1.12.12-cvs-custom.c',
+ dest='%(thisdocdir)s/cvs-custom.c')
+
+ r.Doc('cederqvist-%(version)s.pdf')
+ r.Doc('cederqvist-%(version)s.ps')
+ r.Doc('../cederqvist-%(version)s.html/*', dir='html')
+ r.Symlink('%(thisdocdir)s/html/cvs.html',
+ '%(thisdocdir)s/html/index.html')
+
+ r.addSource('cvs.pam-include-1.12.12',
+ dest='%(sysconfdir)s/pam.d/cvs')
+
+ r.BadInterpreterPaths(exceptions='%(datadir)s/cvs/contrib/sccs2rcs')
cederqvist-1.12.12.ps: new
cederqvist-1.12.12.pdf: new
cvs-1.12.12-cvs-custom.c: new
--- /dev/null
+++ cvs-1.12.12-cvs-custom.c
@@ -0,0 +58 @@
+/*
+Author: Robin H. Johnson <robbat2@xxxxxxxxxx>
+Date: 2006-08-09
+
+This patch allows a CVS server to deny usage of specific commands, based on
+input in the environment.
+
+Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want,
+seperated by spaces. Eg:
+CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents"
+would block ALL usage of compression.
+
+Please see the array 'struct request requests[]' in src/server.c for a full
+list of commands.
+
+Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients
+may fail! (This includes 'ci'!).
+
+See the companion cvs-custom.c for a wrapper that can enforce the environment
variable for pserver setups.
+
+Signed-off-by: Robin H. Johnson <robbat2@xxxxxxxxxx>
+*/
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <malloc.h>
+
+
+#define REAL_CVS "/bin/cvs"
+#define CVS_TMPDIR "/tmp"
+#define CMDS_BLOCKED " Gzip-stream gzip-file-contents Kerberos-encrypt
Gssapi-encrypt Gssapi-authenticate add remove admin import init history
watch-on watch-off watch-add watch-remove watchers editors edit version tag
rtag "
+
+int main(int argc, char* argv[]) {
+ char** newargv;
+ int newargc, offset;
+ int i;
+ // 0 for argv[0] we must copy
+ offset = 0+0;
+ // +1 for trailing NULL
+ newargc = argc+offset+1;
+ newargv = (char**) malloc(newargc*sizeof(char*));
+ newargv[0] = "cvs";
+ //newargv[1] = "-T";
+ //newargv[2] = CVS_TMPDIR;
+ //newargv[3] = "-R";
+ for(i=1;i<argc;i++) {
+ newargv[i+offset] = argv[i];
+ }
+ newargv[newargc-1] = NULL;
+ setenv("CVS_BLOCK_REQUESTS",CMDS_BLOCKED ,1);
+ //for(i =0;i<newargc;i++) {
+ // printf("[%d]='%s'\n",i,newargv[i] != NULL ?
newargv[i] : "NULL");
+ //}
+ execv(REAL_CVS,newargv);
+ free(newargv);
+ return 0;
+}
cvs-1.12.12-cvs-gnulib-vasnprintf.patch: new
--- /dev/null
+++ cvs-1.12.12-cvs-gnulib-vasnprintf.patch
@@ -0,0 +34 @@
+http://bugs.gentoo.org/213833
+
+commit 913c09becd9df89dbd9b9f386e7f35c240d5efe8
+Author: Bruno Haible <bruno@xxxxxxxxx>
+Date: Fri Oct 19 01:50:42 2007 +0200
+
+ Don't use %n on glibc >= 2.3 systems.
+
+diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
+index f563823..5d818aa 100644
+--- a/lib/vasnprintf.c
++++ b/lib/vasnprintf.c
+@@ -3385,9 +3385,21 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp,
+ #endif
+ *p = dp->conversion;
+ #if USE_SNPRINTF
++# if !(__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3))
+ p[1] = '%';
+ p[2] = 'n';
+ p[3] = '\0';
++# else
++ /* On glibc2 systems from glibc >= 2.3 - probably also older
++ ones - we know that snprintf's returns value conforms to
++ ISO C 99: the gl_SNPRINTF_DIRECTIVE_N test passes.
++ Therefore we can avoid using %n in this situation.
++ On glibc2 systems from 2004-10-18 or newer, the use of %n
++ in format strings in writable memory may crash the program
++ (if compiled with _FORTIFY_SOURCE=2), so we should avoid it
++ in this situation. */
++ p[1] = '\0';
++# endif
+ #else
+ p[1] = '\0';
+ #endif
cvs-1.12.12-openat.patch: new
--- /dev/null
+++ cvs-1.12.12-openat.patch
@@ -0,0 +21 @@
+Index: cvs-1.12.12/lib/openat.c
+===================================================================
+--- cvs-1.12.12.orig/lib/openat.c
++++ cvs-1.12.12/lib/openat.c
+@@ -55,9 +55,13 @@ rpl_openat (int fd, char const *filename
+ va_list arg;
+ va_start (arg, flags);
+
+- /* Assume that mode_t is passed compatibly with mode_t's type
+- after argument promotion. */
+- mode = va_arg (arg, mode_t);
++ /* If mode_t is narrower than int, use the promoted type (int),
++ not mode_t. Use sizeof to guess whether mode_t is nerrower;
++ we don't know of any practical counterexamples. */
++ if (sizeof (mode_t) < sizeof (int))
++ mode = va_arg (arg, int);
++ else
++ mode = va_arg (arg, mode_t);
+
+ va_end (arg);
+ }
cvspserver.xinetd.d: new
--- /dev/null
+++ cvspserver.xinetd.d
@@ -0,0 +14 @@
+service cvspserver
+{
+ disable = yes
+ socket_type = stream
+ wait = no
+ user = root
+ log_type = FILE /var/log/cvspserver
+ protocol = tcp
+ env = HOME=/var/cvsroot
+ log_on_failure += USERID
+ port = 2401
+ server = /usr/bin/cvs
+ server_args = -f --allow-root=/var/cvsroot pserver
+}
cvs-1.12.12.tar.bz2: new
cvs-1.12.12-block-requests.patch: new
--- /dev/null
+++ cvs-1.12.12-block-requests.patch
@@ -0,0 +140 @@
+Author: Robin H. Johnson <robbat2@xxxxxxxxxx>
+Date: 2006-08-09
+
+This patch allows a CVS server to deny usage of specific commands, based on
+input in the environment.
+
+Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want,
+seperated by spaces. Eg:
+CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents"
+would block ALL usage of compression.
+
+Please see the array 'struct request requests[]' in src/server.c for a full
+list of commands.
+
+Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients
+may fail! (This includes 'ci'!).
+
+See the companion cvs-custom.c for a wrapper that can enforce the environment
variable for pserver setups.
+
+Signed-off-by: Robin H. Johnson <robbat2@xxxxxxxxxx>
+
+diff -Nuar --exclude '*~' -U 10 cvs-1.12.12.orig/src/server.c
cvs-1.12.12/src/server.c
+--- cvs-1.12.12.orig/src/server.c 2005-04-14 14:13:29.000000000 +0000
++++ cvs-1.12.12/src/server.c 2006-08-09 01:40:44.000000000 +0000
+@@ -5836,43 +5836,90 @@
+ #undef REQ_LINE
+ };
+ #endif /* SERVER_SUPPORT or CLIENT_SUPPORT */
+
+
+
+ #ifdef SERVER_SUPPORT
+ /*
+ * This server request is not ignored by the secondary.
+ */
++
++/* Hack by Robin H. Johnson <robbat2@xxxxxxxxxx>.
++ * Allow the server ENV to specify what request types are to be ignored.
++ */
++
++static char blocked_requests[BUFSIZ] = " ";
++
++static void build_blocked_requests() {
++ char *tmp = getenv("CVS_BLOCK_REQUESTS");
++
++ if (tmp != NULL && strlen(tmp) > 0) {
++ // move to our custom buffer
++ strncat(blocked_requests, tmp,
sizeof(blocked_requests)-strlen(blocked_requests));
++ //add a space on the end as well for searching
++ strncat(blocked_requests, " ",
sizeof(blocked_requests)-strlen(blocked_requests));
++ }
++
++ // now blocked_requests contains the list of every request that we do
not
++ // want to serve
++}
++
++// returns 0 if we should serve this request
++// use as if(checker(FOO)) continue;
++static int serve_valid_requests_checker(char *reqname) {
++ char needle[BUFSIZ] = " ";
++ char *tmp;
++
++ if(!blocked_requests || strlen(blocked_requests) < 2)
++ return 0;
++
++ // we want to look for ' 'reqname' '
++ snprintf(needle, sizeof(needle), " %s ", reqname);
++
++ // now do the search
++ tmp = strstr(blocked_requests, needle);
++
++ if (tmp != NULL)
++ return 1;
++
++ return 0;
++
++}
++
+ static void
+ serve_valid_requests (char *arg)
+ {
+ struct request *rq;
+
+ /* Since this is processed in the first pass, don't reprocess it in the
+ * second.
+ *
+ * We still print errors since new errors could have been generated in the
+ * second pass.
+ */
+ if (print_pending_error ()
+ #ifdef PROXY_SUPPORT
+ || reprocessing
+ #endif /* PROXY_SUPPORT */
+ )
+ return;
++
++ build_blocked_requests();
+
+ buf_output0 (buf_to_net, "Valid-requests");
+ for (rq = requests; rq->name != NULL; rq++)
+ {
+ if (rq->func != NULL)
+ {
++ if(serve_valid_requests_checker(rq->name))
++ continue;
+ buf_append_char (buf_to_net, ' ');
+ buf_output0 (buf_to_net, rq->name);
+ }
+ }
+ buf_output0 (buf_to_net, "\nok\n");
+
+ /* The client is waiting for the list of valid requests, so we
+ must send the output now. */
+ buf_flush (buf_to_net, 1);
+ }
+@@ -6353,20 +6400,24 @@
+ cmd += len;
+ else if (cmd[len] == ' ')
+ cmd += len + 1;
+ else
+ /*
+ * The first len characters match, but it's a different
+ * command. e.g. the command is "cooperate" but we matched
+ * "co".
+ */
+ continue;
++ // Ignore commands that we are supposed to ignore.
++ if(serve_valid_requests_checker(rq->name))
++ continue;
++
+
+ if (!(rq->flags & RQ_ROOTLESS)
+ && current_parsed_root == NULL)
+ {
+ /* For commands which change the way in which data
+ is sent and received, for example Gzip-stream,
+ this does the wrong thing. Since the client
+ assumes that everything is being compressed,
+ unconditionally, there is no way to give this
+ error to the client without turning on
Committed by: brcha
Other related posts:
