[CVS] OpenPKG: OPENPKG_1_2_SOLID: openpkg-src/cvs/ cvs.patches.msvb cv...

Fri, 12 Dec 2003 10:00:10 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Michael Schloh
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   12-Dec-2003 17:57:19
  Branch: OPENPKG_1_2_SOLID                Handle: 2003121216571800

  Modified files:           (Branch: OPENPKG_1_2_SOLID)
    openpkg-src/cvs         cvs.patches.msvb cvs.spec

  Log:
    backport fix for filesystem violation, OpenPKG-SA-2003.052

  Summary:
    Revision    Changes     Path
    1.1.4.1     +21 -0      openpkg-src/cvs/cvs.patches.msvb
    1.48.2.1.2.5+1  -1      openpkg-src/cvs/cvs.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/cvs/cvs.patches.msvb
  ============================================================================
  $ cvs diff -u -r1.1 -r1.1.4.1 cvs.patches.msvb
  --- openpkg-src/cvs/cvs.patches.msvb  2 Oct 2002 13:48:02 -0000       1.1
  +++ openpkg-src/cvs/cvs.patches.msvb  12 Dec 2003 16:57:18 -0000      1.1.4.1
  @@ -8,3 +8,24 @@
    #include <netdb.h>
    #endif
    
  +diff -Naur cvs-1.11.5.orig/cvs-1.11.5/src/modules.c 
cvs-1.11.5/cvs-1.11.5/src/modules.c
  +--- src/modules.c.orig       Thu Jun 21 23:23:09 2001
  ++++ src/modules.c    Fri Dec 12 17:44:14 2003
  +@@ -159,6 +159,17 @@
  +     }
  + #endif
  + 
  ++    /* Don't process absolute directories.  Anything else could be a security
  ++     * problem.  Before this check was put in place:
  ++     *
  ++     *   $ cvs -d:fork:/cvsroot co /foo
  ++     *   cvs server: warning: cannot make directory CVS in /: Permission denied
  ++     *   cvs [server aborted]: cannot make directory /foo: Permission denied
  ++     *   $
  ++     */
  ++    if (isabsolute (mname))
  ++    error (1, 0, "Absolute module reference invalid: `%s'", mname);
  ++
  +     /* if this is a directory to ignore, add it to that list */
  +     if (mname[0] == '!' && mname[1] != '\0')
  +     {
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/cvs/cvs.spec
  ============================================================================
  $ cvs diff -u -r1.48.2.1.2.4 -r1.48.2.1.2.5 cvs.spec
  --- openpkg-src/cvs/cvs.spec  8 May 2003 10:22:08 -0000       1.48.2.1.2.4
  +++ openpkg-src/cvs/cvs.spec  12 Dec 2003 16:57:18 -0000      1.48.2.1.2.5
  @@ -37,7 +37,7 @@
   Group:        SCM
   License:      GPL
   Version:      %{V_cvs}
  -Release:      1.2.2
  +Release:      1.2.3
   
   #   optional support for applying the RSE patches
   %option       with_rse_patches              no
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to