This commit was generated by cvs2svn to compensate for changes in r130303,

which included commits to RCS files with non-trunk default branches.

9 files changed, 328 insertions, 58 deletions

diff --git a/contrib/cvs/src/ChangeLog b/contrib/cvs/src/ChangeLog
index f7e9470..87caf76 100644
--- a/contrib/cvs/src/ChangeLog
+++ b/contrib/cvs/src/ChangeLog
@@ -1,3 +1,111 @@
+2004-06-09  Derek Price  <derek@ximbiot.com>
+
+	* commit.c, filesubr.c, history.c, server.c, wrapper.c: Various
+	security fixes.
+	(Original patch from Stefan Essler <s.esser@e-matters.de> & Sebastian
+	Krahmer <krahmer@suse.de>.)
+
+	* cvs.h: Include xsize.h.
+
+2004-06-09  Derek Price  <derek@ximbiot.com>
+
+	* server.c (serve_entry, serve_is_modified, serve_unchanged): Protect
+	against malformed entries.
+	* sanity.sh (server): Tests for same.
+
+2004-06-07  Larry Jones  <lawrence.jones@ugsplm.com>
+
+	* sanity.sh (basica): More tests for string-based revision inc.
+
+2004-06-04  Larry Jones  <lawrence.jones@ugsplm.com>
+
+	* subr.c (increment_revnum): Rewrite ala RCS to work directly on
+	the string rather than converting to int to avoid overflow.
+	* sanity.sh (basica): New tests for above, update others to match.
+
+2004-05-19  Derek Price  <derek@ximbiot.com>
+
+	* server.c (serve_unchanged, serve_is_modified): Overwrite existing
+	data in timefields.  Fixes CAN-2004-0396.
+
+2004-05-14  Derek Price  <derek@ximbiot.com>
+
+	* subr.c (file_has_conflict), vers_ts.c (time_stamp_server): Don't
+	require '=' to be the only character here, as this is potentially
+	destabilizing.
+
+2004-05-14  Mark D. Baushke  <mdb@cvshome.org>
+
+	* sanity.sh (trailingslashes): During cleanup remove topfile,v to
+	avoid problems in later tests (editor-1).
+
+2004-05-13  Derek Price  <derek@ximbiot.com>
+
+	* sanity.sh (trailingslashes): Note TODO item #205 in the comment.
+
+2004-05-13  Derek Price  <derek@ximbiot.com>
+
+	* sanity.sh (trailingslashes): New tests to expose a bug in CVS when
+	paths are specified with trailing slashes.  This relates to TODO #205.
+
+2004-05-12  Derek Price  <derek@ximbiot.com>
+
+	* subr.c (file_has_conflict), vers_ts.c (time_stamp_server): Only
+	special case "=" when it is the only character in a timestamp field.
+	Gratuitous reformatting.
+	* vers_ts.c (time_stamp_server): Check for NULL in a consistent manner.
+	Gratuitous reformatting.
+
+2004-05-10  Derek Price  <derek@ximbiot.com>
+
+	* sanity.sh (top-level): Rename to...
+	(rstar-toplevel): ...this for clarity.
+
+2004-05-10  Derek Price  <derek@ximbiot.com>
+
+	* sanity.sh (dirs2-10ar): Remove unnecessary empty argument.
+
+2004-05-02  Larry Jones  <lawrence.jones@ugsplm.com>
+
+	* log.c (log_expand_revlist): Suppress warnings if really_quiet.
+
+2004-05-07  Derek Price  <derek@ximbiot.com>
+
+	* sanity.sh (basica): Remove unnecessary empty arguments.
+
+2004-05-07  Derek Price  <derek@ximbiot.com>
+
+	* cvs.h (fopen_case): Remove obsolescent prototype.
+
+2004-05-05  Derek Price  <derek@ximbiot.com>
+
+	* sanity.sh: Wait a second and retry if cvs-serv* directories are
+	discovered to avoid race conditions on some systems.
+	(Patch from Pavel Roskin <proski@gnu.org>.)
+
+2004-05-05  Derek Price  <derek@ximbiot.com>
+
+	* commit.c: Some gratuitous reformatting.
+
+2004-05-04  Derek Price  <derek@ximbiot.com>
+
+	* update.c: Some gratuitous reformatting.
+
+2004-05-04  Derek Price  <derek@ximbiot.com>
+
+	* add.c (add): Remove obsolete FIXME comment.
+	(*): Some gratuitous reformatting.
+
+2004-04-26  Derek Price  <derek@ximbiot.com>
+
+	* client.c (start_rsh_server): Don't rely on GNU argument processing
+	capabilities in the RSH command.
+	(Report from Mark Andrews <Mark_Andrews@isc.org>.)
+
+2004-04-19  Derek Price  <derek@ximbiot.com>
+
+	* ignore.c: Gratuitous reformatting.
+
 2004-04-11  Derek Price  <derek@ximbiot.com>
 
 	* client.c (call_in_directory): Check paths the server sends us to make
diff --git a/contrib/cvs/src/add.c b/contrib/cvs/src/add.c
index d71716b..4f3f55e 100644
--- a/contrib/cvs/src/add.c
+++ b/contrib/cvs/src/add.c
@@ -187,16 +187,6 @@ add (argc, argv)
 	    /* FIXME: Does this erroneously call Create_Admin in error
 	       conditions which are only detected once the server gets its
 	       hands on things?  */
-	    /* FIXME-also: if filenames are case-insensitive on the
-	       client, and the directory in the repository already
-	       exists and is named "foo", and the command is "cvs add
-	       FOO", this call to Create_Admin puts the wrong thing in
-	       CVS/Repository and so a subsequent "cvs update" will
-	       give an error.  The fix will be to have the server report
-	       back what it actually did (e.g. use tagged text for the
-	       "Directory %s added" message), and then Create_Admin,
-	       which should also fix the error handling concerns.  */
-
 	    if (isdir (argv[j]))
 	    {
 		char *tag;
@@ -698,9 +688,11 @@ cannot resurrect %s; RCS file removed by second party", finfo.fullname);
     if (options)
 	free (options);
 
-    return (err);
+    return err;
 }
 
+
+
 /*
  * The specified user file is really a directory.  So, let's make sure that
  * it is created in the RCS source repository, and that the user's directory
@@ -728,12 +720,12 @@ add_directory (finfo)
 	/* "Can't happen".  */
 	error (0, 0,
 	       "directory %s not added; must be a direct sub-directory", dir);
-	return (1);
+	return 1;
     }
     if (fncmp (dir, CVSADM) == 0)
     {
 	error (0, 0, "cannot add a `%s' directory", CVSADM);
-	return (1);
+	return 1;
     }
 
     /* before we do anything else, see if we have any per-directory tags */
@@ -875,7 +867,7 @@ out:
     free_cwd (&cwd);
     if (rcsdir != NULL)
 	free (rcsdir);
-    return (0);
+    return 0;
 }
 
 
@@ -898,7 +890,7 @@ build_entry (repository, user, options, message, entries, tag)
     FILE *fp;
 
     if (noexec)
-	return (0);
+	return 0;
 
     /*
      * The requested log is read directly from the user and stored in the
@@ -923,5 +915,5 @@ build_entry (repository, user, options, message, entries, tag)
     (void) sprintf (line, "Initial %s", user);
     Register (entries, user, "0", line, options, tag, (char *) 0, (char *) 0);
     free (line);
-    return (0);
+    return 0;
 }
diff --git a/contrib/cvs/src/history.c b/contrib/cvs/src/history.c
index 8e8d607..154c2de 100644
--- a/contrib/cvs/src/history.c
+++ b/contrib/cvs/src/history.c
@@ -416,8 +416,11 @@ history (argc, argv)
 		working = 1;
 		break;
 	    case 'X':			/* Undocumented debugging flag */
+#ifdef DEBUG
 		histfile = optarg;
+#endif
 		break;
+
 	    case 'D':			/* Since specified date */
 		if (*since_rev || *since_tag || *backto)
 		{
@@ -906,9 +909,13 @@ save_user (name)
 {
     if (user_count == user_max)
     {
-	user_max += USER_INCREMENT;
-	user_list = (char **) xrealloc ((char *) user_list,
-					(int) user_max * sizeof (char *));
+	user_max = xsum (user_max, USER_INCREMENT);
+	if (size_overflow_p (xtimes (user_max, sizeof (char *))))
+	{
+	    error (0, 0, "save_user: too many users");
+	    return;
+	}
+	user_list = xrealloc (user_list, xtimes (user_max, sizeof (char *)));
     }
     user_list[user_count++] = xstrdup (name);
 }
@@ -936,9 +943,13 @@ save_file (dir, name, module)
 
     if (file_count == file_max)
     {
-	file_max += FILE_INCREMENT;
-	file_list = (struct file_list_str *) xrealloc ((char *) file_list,
-						   file_max * sizeof (*fl));
+	file_max = xsum (file_max, FILE_INCREMENT);
+	if (size_overflow_p (xtimes (file_max, sizeof (*fl))))
+	{
+	    error (0, 0, "save_file: too many files");
+	    return;
+	}
+	file_list = xrealloc (file_list, xtimes (file_max, sizeof (*fl)));
     }
     fl = &file_list[file_count++];
     fl->l_file = cp = xmalloc (strlen (dir) + strlen (name) + 2);
@@ -977,9 +988,13 @@ save_module (module)
 {
     if (mod_count == mod_max)
     {
-	mod_max += MODULE_INCREMENT;
-	mod_list = (char **) xrealloc ((char *) mod_list,
-				       mod_max * sizeof (char *));
+	mod_max = xsum (mod_max, MODULE_INCREMENT);
+	if (size_overflow_p (xtimes (mod_max, sizeof (char *))))
+	{
+	    error (0, 0, "save_module: too many modules");
+	    return;
+	}
+	mod_list = xrealloc (mod_list, xtimes (mod_max, sizeof (char *)));
     }
     mod_list[mod_count++] = xstrdup (module);
 }
diff --git a/contrib/cvs/src/ignore.c b/contrib/cvs/src/ignore.c
index 26c39e7..e9bcf79 100644
--- a/contrib/cvs/src/ignore.c
+++ b/contrib/cvs/src/ignore.c
@@ -44,6 +44,8 @@ const char *ign_default = ". .. core RCSLOG tags TAGS RCS SCCS .make.state\
    no longer ask the server about what is in CVSROOTADM_IGNORE.  */
 int ign_inhibit_server;
 
+
+
 /*
  * To the "ignore list", add the hard-coded default ignored wildcards above,
  * the wildcards found in $CVSROOT/CVSROOT/cvsignore, the wildcards found in
@@ -100,6 +102,8 @@ ign_setup ()
     /* Later, add ignore entries found in -I arguments */
 }
 
+
+
 /*
  * Open a file and read lines, feeding each line to a line parser. Arrange
  * for keeping a temporary list of wildcards at the end, if the "hold"
diff --git a/contrib/cvs/src/log.c b/contrib/cvs/src/log.c
index 1de1b94..9e10bd9 100644
--- a/contrib/cvs/src/log.c
+++ b/contrib/cvs/src/log.c
@@ -1078,7 +1078,7 @@ log_expand_revlist (rcs, revlist, default_branch)
 		    free (branch);
 		}
 	    }
-	    if (nr->first == NULL)
+	    if (nr->first == NULL && !really_quiet)
 	    {
 		error (0, 0, "warning: no branch `%s' in `%s'",
 		       r->first, rcs->path);
@@ -1101,7 +1101,7 @@ log_expand_revlist (rcs, revlist, default_branch)
 		    nr->first = RCS_whatbranch (rcs, r->first);
 		else
 		    nr->first = RCS_gettag (rcs, r->first, 1, (int *) NULL);
-		if (nr->first == NULL)
+		if (nr->first == NULL && !really_quiet)
 		{
 		    error (0, 0, "warning: no revision `%s' in `%s'",
 			   r->first, rcs->path);
@@ -1119,7 +1119,7 @@ log_expand_revlist (rcs, revlist, default_branch)
 		    nr->last = RCS_whatbranch (rcs, r->last);
 		else
 		    nr->last = RCS_gettag (rcs, r->last, 1, (int *) NULL);
-		if (nr->last == NULL)
+		if (nr->last == NULL && !really_quiet)
 		{
 		    error (0, 0, "warning: no revision `%s' in `%s'",
 			   r->last, rcs->path);
diff --git a/contrib/cvs/src/sanity.sh b/contrib/cvs/src/sanity.sh
index 015d83e..acbb8d0 100755
--- a/contrib/cvs/src/sanity.sh
+++ b/contrib/cvs/src/sanity.sh
@@ -792,7 +792,7 @@ if test x"$*" = x; then
 	tests="${tests} modules modules2 modules3 modules4 modules5 modules6"
 	tests="${tests} mkmodules co-d"
 	tests="${tests} cvsadm emptydir abspath abspath2 toplevel toplevel2"
-        tests="${tests} top-level checkout_repository"
+        tests="${tests} rstar-toplevel trailingslashes checkout_repository"
 	# Log messages, error messages.
 	tests="${tests} mflag editor errmsg1 errmsg2 adderrmsg opterrmsg"
 	# Watches, binary files, history browsing, &c.
@@ -1920,12 +1920,45 @@ done"
 ${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v  <--  ssfile
 new revision: 2\.0; previous revision: 1\.3
 done"
+	  dotest basica-8a1a "${testcvs} -q ci -m bump-it -r 2.9" \
+"Checking in ssfile;
+${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v  <--  ssfile
+new revision: 2\.9; previous revision: 2\.0
+done"
+	  # Test string-based revion number increment rollover
+	  dotest basica-8a1b "${testcvs} -q ci -m bump-it -f -r 2" \
+"Checking in ssfile;
+${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v  <--  ssfile
+new revision: 2\.10; previous revision: 2\.9
+done"
+	  dotest basica-8a1c "${testcvs} -q ci -m bump-it -r 2.99" \
+"Checking in ssfile;
+${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v  <--  ssfile
+new revision: 2\.99; previous revision: 2\.10
+done"
+	  # Test string-based revion number increment rollover
+	  dotest basica-8a1d "${testcvs} -q ci -m bump-it -f -r 2" \
+"Checking in ssfile;
+${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v  <--  ssfile
+new revision: 2\.100; previous revision: 2\.99
+done"
+	  dotest basica-8a1e "${testcvs} -q ci -m bump-it -r 2.1099" \
+"Checking in ssfile;
+${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v  <--  ssfile
+new revision: 2\.1099; previous revision: 2\.100
+done"
+	  # Test string-based revion number increment rollover
+	  dotest basica-8a1f "${testcvs} -q ci -m bump-it -f -r 2" \
+"Checking in ssfile;
+${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v  <--  ssfile
+new revision: 2\.1100; previous revision: 2\.1099
+done"
 	  # -f should not be necessary, but it should be harmless.
 	  # Also test the "-r 3" (rather than "-r 3.0") usage.
 	  dotest basica-8a2 "${testcvs} -q ci -m bump-it -f -r 3" \
 "Checking in ssfile;
 ${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v  <--  ssfile
-new revision: 3\.1; previous revision: 2\.0
+new revision: 3\.1; previous revision: 2\.1100
 done"
 
 	  # Test using -r to create a branch
@@ -1943,9 +1976,8 @@ done"
 	  dotest basica-8a5 "${testcvs} -q up -A ./" "[UP] ssfile"
 
 	  cd ../..
-	  dotest basica-8b "${testcvs} -q diff -r1.2 -r1.3" ''
-	  dotest basica-8b1 "${testcvs} -q diff -r1.2 -r1.3 -C 3isacrowd" \
-''
+	  dotest basica-8b "${testcvs} -q diff -r1.2 -r1.3"
+	  dotest basica-8b1 "${testcvs} -q diff -r1.2 -r1.3 -C 3isacrowd"
 
 	  # The .* here will normally be "No such file or directory",
 	  # but if memory serves some systems (AIX?) have a different message.
@@ -2013,11 +2045,23 @@ done"
 done"
 	  dotest basica-o5a "${testcvs} -n admin -o 1.2::3.1 ssfile" \
 "RCS file: ${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v
+deleting revision 2\.1100
+deleting revision 2\.1099
+deleting revision 2\.100
+deleting revision 2\.99
+deleting revision 2\.10
+deleting revision 2\.9
 deleting revision 2\.0
 deleting revision 1\.3
 done"
 	  dotest basica-o6 "${testcvs} admin -o 1.2::3.1 ssfile" \
 "RCS file: ${CVSROOT_DIRNAME}/first-dir/sdir/ssdir/ssfile,v
+deleting revision 2\.1100
+deleting revision 2\.1099
+deleting revision 2\.100
+deleting revision 2\.99
+deleting revision 2\.10
+deleting revision 2\.9
 deleting revision 2\.0
 deleting revision 1\.3
 done"
@@ -6018,8 +6062,7 @@ ${QUESTION} sdir"
 "${QUESTION} sdir
 ${PROG} \[update aborted\]: no such tag br"
 	    dotest dirs2-10ar \
-"${testcvs} -q rdiff -u -r 1.1 -r br first-dir/sdir/file1" \
-""
+"${testcvs} -q rdiff -u -r 1.1 -r br first-dir/sdir/file1"
 	    dotest_fail dirs2-10-again "${testcvs} update -d -r br" \
 "${QUESTION} sdir
 ${PROG} update: Updating \.
@@ -13849,14 +13892,14 @@ ${PROG} commit: Rebuilding administrative file database"
 
 
 
-	top-level)
+	rstar-toplevel)
 	  # FIXCVS:
 	  # This test confirms a bug that exists in the r* commands currently
 	  # when run against the top-level project.
 	  #
 	  # The assertion failure is something like:
 	  # do_recursion: Assertion \`strstr (repository, \"/\./\") == ((void \*)0)' failed\..*"
-	  dotest_fail top-level-1 "$testcvs rlog ." \
+	  dotest_fail rstar-toplevel-1 "$testcvs rlog ." \
 "${DOTSTAR}ssertion.*failed${DOTSTAR}" "${DOTSTAR}failed assertion${DOTSTAR}"
 
 	  if $keep; then
@@ -13867,6 +13910,52 @@ ${PROG} commit: Rebuilding administrative file database"
 
 
 
+	trailingslashes)
+	  # Some tests of CVS's reactions to path specifications containing
+	  # trailing slashes.
+	  mkdir trailingslashes; cd trailingslashes
+	  dotest trailingslashes-init-1 "$testcvs -Q co -ldt ."
+	  dotest trailingslashes-init-2 "$testcvs -Q co -dt2 ."
+	  cd t
+	  echo "Ahh'll be baaack." >topfile
+	  dotest trailingslashes-init-3 "$testcvs -Q add topfile"
+	  dotest trailingslashes-init-4 "$testcvs -Q ci -mto-top" \
+"RCS file: $CVSROOT_DIRNAME/topfile,v
+done
+Checking in topfile;
+$CVSROOT_DIRNAME/topfile,v  <--  topfile
+initial revision: 1\.1
+done"
+
+	  # First, demonstrate the usual case.
+	  cd ../t2
+	  dotest trailingslashes-1 "$testcvs -q up CVSROOT"
+	  dotest_fail trailingslashes-1a "test -f topfile"
+
+	  # FIXCVS:
+	  # Now the one that fails in remote mode.
+	  # This highlights one of the failure cases mentioned in TODO item
+	  # #205.
+	  if $remote; then
+		  dotest trailingslashes-2 "$testcvs -q up CVSROOT/" \
+"U topfile"
+		  dotest trailingslashes-2a "test -f topfile"
+	  else
+		  dotest trailingslashes-2 "$testcvs -q up CVSROOT/"
+		  dotest_fail trailingslashes-2a "test -f topfile"
+	  fi
+
+	  if $keep; then
+	    echo Keeping $TESTDIR and exiting due to --keep
+	    exit 0
+	  fi
+
+	  cd ../..
+	  rm -rf trailingslashes $CVSROOT_DIRNAME/topfile,v
+	  ;;
+
+
+
         checkout_repository)
           dotest_fail checkout_repository-1 \
 "${testcvs} co -d ${CVSROOT_DIRNAME} CVSROOT" \
@@ -26973,6 +27062,27 @@ Global_option -l
 noop
 EOF
 
+	    # There used to be some exploits based on malformed Entry requests
+	    dotest server-17 "$testcvs server" \
+"E protocol error: Malformed Entry
+error  " <<EOF
+Root $TESTDIR/crerepos
+Directory .
+$TESTDIR/crerepos/dir1
+Entry X/file1/1.1////
+noop
+EOF
+
+	    dotest server-18 "$testcvs server" \
+"E protocol error: Malformed Entry
+error  " <<EOF
+Root $TESTDIR/crerepos
+Directory .
+$TESTDIR/crerepos/dir1
+Entry /CC/CC/CC
+noop
+EOF
+
 	    if $keep; then
 	      echo Keeping ${TESTDIR} and exiting due to --keep
 	      exit 0
@@ -27494,7 +27604,11 @@ done"
     # files.  We would like to not leave any behind.
     if $remote && ls $TMPDIR/cvs-serv* >/dev/null 2>&1; then
 	# A true value means ls found files/directories with these names.
-	fail "Found cvs-serv* directories in $TMPDIR."
+	# Give the server some time to finish, then retry.
+	sleep 1
+	if ls $TMPDIR/cvs-serv* >/dev/null 2>&1; then
+	    fail "Found cvs-serv* directories in $TMPDIR."
+	fi
     fi
     if ls $TMPDIR/cvs?????? >/dev/null 2>&1; then
 	# A true value means ls found files/directories with these names.
diff --git a/contrib/cvs/src/subr.c b/contrib/cvs/src/subr.c
index 94f5bbd..da8d478 100644
--- a/contrib/cvs/src/subr.c
+++ b/contrib/cvs/src/subr.c
@@ -311,6 +311,9 @@ compare_revnums (rev1, rev2)
     return result;
 }
 
+/* Increment a revision number.  Working on the string is a bit awkward,
+   but it avoid problems with integer overflow should the revision numbers
+   get really big.  */
 char *
 increment_revnum (rev)
     const char *rev;
@@ -319,17 +322,29 @@ increment_revnum (rev)
     int lastfield;
     size_t len = strlen (rev);
 
-    newrev = (char *) xmalloc (len + 2);
+    newrev = xmalloc (len + 2);
     memcpy (newrev, rev, len + 1);
-    p = strrchr (newrev, '.');
-    if (p == NULL)
+    for (p = newrev + len; p != newrev; )
     {
-	free (newrev);
-	return NULL;
+	--p;
+	if (!isdigit(*p))
+	{
+	    ++p;
+	    break;
+	}
+	if (*p != '9')
+	{
+	    ++*p;
+	    return newrev;
+	}
+	*p = '0';
     }
-    lastfield = atoi (++p);
-    sprintf (p, "%d", lastfield + 1);
-
+    /* The number was all 9s, so change the first character to 1 and add
+       a 0 to the end.  */
+    *p = '1';
+    p = newrev + len;
+    *p++ = '0';
+    *p = '\0';
     return newrev;
 }
 
@@ -659,7 +674,7 @@ file_has_conflict (finfo, ts_conflict)
     /* If ts_conflict is NULL, there was no merge since the last
      * commit and there can be no conflict.
      */
-    assert ( ts_conflict );
+    assert (ts_conflict);
 
     /*
      * If the timestamp has changed and no
@@ -668,14 +683,14 @@ file_has_conflict (finfo, ts_conflict)
      */
 
 #ifdef SERVER_SUPPORT
-    if ( server_active )
+    if (server_active)
 	retcode = ts_conflict[0] == '=';
     else 
 #endif /* SERVER_SUPPORT */
     {
-	filestamp = time_stamp ( finfo->file );
-	retcode = !strcmp ( ts_conflict, filestamp );
-	free ( filestamp );
+	filestamp = time_stamp (finfo->file);
+	retcode = !strcmp (ts_conflict, filestamp);
+	free (filestamp);
     }
 
     return retcode;
diff --git a/contrib/cvs/src/vers_ts.c b/contrib/cvs/src/vers_ts.c
index 8ad9c4e..69eaa4c 100644
--- a/contrib/cvs/src/vers_ts.c
+++ b/contrib/cvs/src/vers_ts.c
@@ -287,7 +287,7 @@ time_stamp_server (file, vers_ts, entdata)
 	else if (entdata->timestamp
 		 && entdata->timestamp[0] == '=')
 	    mark_unchanged (vers_ts);
-	else if (entdata->timestamp != NULL
+	else if (entdata->timestamp
 		 && (entdata->timestamp[0] == 'M'
 		     || entdata->timestamp[0] == 'D')
 		 && entdata->timestamp[1] == '\0')
diff --git a/contrib/cvs/src/wrapper.c b/contrib/cvs/src/wrapper.c
index 8d7a8ef..548b3a5 100644
--- a/contrib/cvs/src/wrapper.c
+++ b/contrib/cvs/src/wrapper.c
@@ -237,6 +237,30 @@ wrap_unparse_rcs_options (line, first_call_p)
 #endif /* SERVER_SUPPORT || CLIENT_SUPPORT */
 
 /*
+ * Remove fmt str specifier other than %% or %s. And allow
+ * only max_s %s specifiers
+ */
+wrap_clean_fmt_str(char *fmt, int max_s)
+{
+    while (*fmt) {
+	if (fmt[0] == '%' && fmt[1])
+	{
+	    if (fmt[1] == '%') 
+		fmt++;
+	    else
+		if (fmt[1] == 's' && max_s > 0)
+		{
+		    max_s--;
+		    fmt++;
+		} else 
+		    *fmt = ' ';
+	}
+	fmt++;
+    }
+    return;
+}
+
+/*
  * Open a file and read lines, feeding each line to a line parser. Arrange
  * for keeping a temporary list of wrappers at the end, if the "temp"
  * argument is set.
@@ -556,9 +580,8 @@ wrap_tocvs_process_file(fileName)
     args = xmalloc (strlen (e->tocvsFilter)
 		    + strlen (fileName)
 		    + strlen (buf));
-    /* FIXME: sprintf will blow up if the format string contains items other
-       than %s, or contains too many %s's.  We should instead be parsing
-       e->tocvsFilter ourselves and giving a real error.  */
+
+    wrap_clean_fmt_str(e->tocvsFilter, 2);
     sprintf (args, e->tocvsFilter, fileName, buf);
     run_setup (args);
     run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL|RUN_REALLY );
@@ -590,9 +613,8 @@ wrap_fromcvs_process_file(fileName)
 
     args = xmalloc (strlen (e->fromcvsFilter)
 		    + strlen (fileName));
-    /* FIXME: sprintf will blow up if the format string contains items other
-       than %s, or contains too many %s's.  We should instead be parsing
-       e->fromcvsFilter ourselves and giving a real error.  */
+
+    wrap_clean_fmt_str(e->fromcvsFilter, 1);
     sprintf (args, e->fromcvsFilter, fileName);
     run_setup (args);
     run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL );