diff options
author | peter <peter@FreeBSD.org> | 2004-04-15 01:54:28 +0000 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 2004-04-15 01:54:28 +0000 |
commit | 8669a5b76291862cb2cf54eb6dc20ed25daef756 (patch) | |
tree | a3abf516d27600164e5f83cddf2486efe8f1bb43 /gnu/usr.bin/cvs | |
parent | f38d95d3031d07e05282d962231482b7cb1d3442 (diff) | |
download | FreeBSD-src-8669a5b76291862cb2cf54eb6dc20ed25daef756.zip FreeBSD-src-8669a5b76291862cb2cf54eb6dc20ed25daef756.tar.gz |
Update bmake glue for cvs-1.11.15, with apologies to Jacques for messing
up his day. The *.patch files are still fine for MFC'ing.
Diffstat (limited to 'gnu/usr.bin/cvs')
-rw-r--r-- | gnu/usr.bin/cvs/cvs/Makefile | 15 | ||||
-rw-r--r-- | gnu/usr.bin/cvs/cvs/client.patch | 30 | ||||
-rw-r--r-- | gnu/usr.bin/cvs/cvs/modules.patch | 25 |
3 files changed, 4 insertions, 66 deletions
diff --git a/gnu/usr.bin/cvs/cvs/Makefile b/gnu/usr.bin/cvs/cvs/Makefile index 2e79c22..f683009 100644 --- a/gnu/usr.bin/cvs/cvs/Makefile +++ b/gnu/usr.bin/cvs/cvs/Makefile @@ -13,15 +13,16 @@ PROG= cvs MAN= cvs.1 cvs.5 SRCS= add.c admin.c annotate.c buffer.c \ - checkin.c checkout.c classify.c client_P.c \ + checkin.c checkout.c classify.c client.c \ commit.c create_adm.c cvsrc.c diff.c edit.c entries.c error.c \ expand_path.c fileattr.c filesubr.c find_names.c \ hardlink.c hash.c history.c \ ignore.c import.c lock.c log.c login.c logmsg.c main.c mkmodules.c \ - modules_P.c myndbm.c no_diff.c parseinfo.c patch.c prepend_args.c \ + modules.c myndbm.c no_diff.c parseinfo.c patch.c prepend_args.c \ rcs.c rcscmds.c \ recurse.c release.c remove.c repos.c root.c run.c scramble.c \ - server.c status.c subr.c tag.c update.c vers_ts.c version.c watch.c \ + server.c stack.c status.c subr.c \ + tag.c update.c vers_ts.c version.c watch.c \ wrapper.c zlib.c # gnu must be before lib to pick correct regex.h @@ -62,12 +63,4 @@ regress: .endif .endif -# XXX Temporary until next CVS import: patch security issues -.for f in client modules -CLEANFILES+= ${f}_P.c - -${f}_P.c: ${f}.c ${f}.patch - patch -t -s -p3 -o ${.TARGET} ${.ALLSRC:M*.c} ${.ALLSRC:M*.patch} -.endfor - .include <bsd.prog.mk> diff --git a/gnu/usr.bin/cvs/cvs/client.patch b/gnu/usr.bin/cvs/cvs/client.patch deleted file mode 100644 index c5599c8..0000000 --- a/gnu/usr.bin/cvs/cvs/client.patch +++ /dev/null @@ -1,30 +0,0 @@ -$FreeBSD$ -Index: contrib/cvs/src/client.c -=================================================================== -RCS file: /home/ncvs/src/contrib/cvs/src/client.c,v -retrieving revision 1.10 -diff -c -r1.10 client.c -*** contrib/cvs/src/client.c 21 Jan 2003 22:01:38 -0000 1.10 ---- contrib/cvs/src/client.c 14 Apr 2004 15:51:51 -0000 -*************** -*** 1054,1059 **** ---- 1054,1072 ---- - char *rdirp; - int reposdirname_absolute; - -+ /* For security reasons, if PATHNAME is absolute or attemps to ascend -+ * outside of the current sanbbox, we abort. The server should not send us -+ * anything but relative paths which remain inside the sandbox here. -+ * Anything less means a trojan CVS server could create and edit arbitrary -+ * files on the client. -+ */ -+ if (isabsolute (pathname) || pathname_levels (pathname) > 0) -+ { -+ error (0, 0, -+ "Server attempted to update a file via an invalid pathname:"); -+ error (1, 0, "`%s'.", pathname); -+ } -+ - reposname = NULL; - read_line (&reposname); - assert (reposname != NULL); diff --git a/gnu/usr.bin/cvs/cvs/modules.patch b/gnu/usr.bin/cvs/cvs/modules.patch deleted file mode 100644 index 99a34fd..0000000 --- a/gnu/usr.bin/cvs/cvs/modules.patch +++ /dev/null @@ -1,25 +0,0 @@ -$FreeBSD$ -Index: contrib/cvs/src/modules.c -=================================================================== -RCS file: /home/ncvs/src/contrib/cvs/src/modules.c,v -retrieving revision 1.1.1.9 -diff -c -r1.1.1.9 modules.c -*** contrib/cvs/src/modules.c 21 Jan 2004 16:27:56 -0000 1.1.1.9 ---- contrib/cvs/src/modules.c 14 Apr 2004 15:54:51 -0000 -*************** -*** 170,175 **** ---- 170,183 ---- - if (isabsolute (mname)) - error (1, 0, "Absolute module reference invalid: `%s'", mname); - -+ /* Similarly for directories that attempt to step above the root of the -+ * repository. -+ */ -+ if (pathname_levels (mname) > 0) -+ error (1, 0, "up-level in module reference (`..') invalid: `%s'.", -+ mname); -+ -+ - /* if this is a directory to ignore, add it to that list */ - if (mname[0] == '!' && mname[1] != '\0') - { |