From 415856bdd4f48ab4f2732996f0bae58595092bbe Mon Sep 17 00:00:00 2001
From: Parabola <dev@list.parabolagnulinux.org>
Date: Tue, 5 Apr 2011 14:26:38 +0000
Subject: Tue Apr  5 14:26:38 UTC 2011

---
 extra/cvs/PKGBUILD                        |  39 +++++++
 extra/cvs/cvs-1.11.23-cve-2010-3846.patch | 167 ++++++++++++++++++++++++++++++
 extra/cvs/cvs-1.11.23-getline64.patch     |  34 ++++++
 extra/cvs/cvs.install                     |  20 ++++
 4 files changed, 260 insertions(+)
 create mode 100644 extra/cvs/PKGBUILD
 create mode 100644 extra/cvs/cvs-1.11.23-cve-2010-3846.patch
 create mode 100644 extra/cvs/cvs-1.11.23-getline64.patch
 create mode 100644 extra/cvs/cvs.install

(limited to 'extra/cvs')

diff --git a/extra/cvs/PKGBUILD b/extra/cvs/PKGBUILD
new file mode 100644
index 000000000..380e93f2e
--- /dev/null
+++ b/extra/cvs/PKGBUILD
@@ -0,0 +1,39 @@
+# $Id: PKGBUILD 101751 2010-12-01 14:33:51Z stephane $
+# Contributor: dorphell <dorphell@archlinux.org>
+
+pkgname=cvs
+pkgver=1.11.23
+pkgrel=6
+pkgdesc="Concurrent Versions System - a source control system"
+arch=(i686 x86_64)
+url="http://cvs.nongnu.org"
+license=('GPL')
+depends=('heimdal>=1.3.1')
+optdepends=('openssh: for using cvs over ssh' 'inetutils: for using cvs over rsh')
+install=cvs.install
+source=(ftp://ftp.gnu.org/non-gnu/cvs/source/stable/${pkgver}/${pkgname}-${pkgver}.tar.bz2
+	     cvs-1.11.23-getline64.patch
+        cvs-1.11.23-cve-2010-3846.patch)
+sha256sums=('400f51b59d85116e79b844f2d5dbbad4759442a789b401a94aa5052c3d7a4aa9'
+            '9126d7992ace943980ad8a10d5a09aeb6f1eeeb9b921fc796fe31de7b1c220cf'
+            'c6506d0a5efc7b0cab6415f26e070ec214fb9781fac8d295506f4d0825431a8f')
+
+build() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  unset EDITOR VISUAL
+
+  patch -Np1 -i ../cvs-1.11.23-getline64.patch
+
+  # CVE-2010-3864, see https://www.redhat.com/security/data/cve/CVE-2010-3846.html
+  patch -Np1 -i ../cvs-1.11.23-cve-2010-3846.patch
+
+  ./configure --prefix=/usr
+  make
+}
+
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  make DESTDIR=${pkgdir} install
+  rm ${pkgdir}/usr/share/info/dir
+}
diff --git a/extra/cvs/cvs-1.11.23-cve-2010-3846.patch b/extra/cvs/cvs-1.11.23-cve-2010-3846.patch
new file mode 100644
index 000000000..e1560cef8
--- /dev/null
+++ b/extra/cvs/cvs-1.11.23-cve-2010-3846.patch
@@ -0,0 +1,167 @@
+From b122edcb68ff05bb6eb22f6e50423e7f1050841b Mon Sep 17 00:00:00 2001
+From: Larry Jones <lawrence.jones@siemens.com>
+Date: Thu, 21 Oct 2010 10:08:16 +0200
+Subject: [PATCH] Fix for CVE-2010-3846
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Mallformed RCS revision (delete after the end of input file, or overlayed
+deleted regions) screws output file image size computation. This leads to
+write attempt after the allocated memory opening hiden memory corruption
+driven by CVS server.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ src/rcs.c |   52 +++++++++++++++++++++++++++++-----------------------
+ 1 files changed, 29 insertions(+), 23 deletions(-)
+
+diff --git a/src/rcs.c b/src/rcs.c
+index 7d0d078..2f88f85 100644
+--- a/src/rcs.c
++++ b/src/rcs.c
+@@ -7128,7 +7128,7 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
+     struct deltafrag *dfhead;
+     struct deltafrag **dftail;
+     struct deltafrag *df;
+-    unsigned long numlines, lastmodline, offset;
++    unsigned long numlines, offset;
+     struct linevector lines;
+     int err;
+ 
+@@ -7202,12 +7202,12 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
+ 
+     /* New temp data structure to hold new org before
+        copy back into original structure. */
+-    lines.nlines = lines.lines_alloced = numlines;
++    lines.lines_alloced = numlines;
+     lines.vector = xmalloc (numlines * sizeof *lines.vector);
+ 
+     /* We changed the list order to first to last -- so the
+        list never gets larger than the size numlines. */
+-    lastmodline = 0; 
++    lines.nlines = 0; 
+ 
+     /* offset created when adding/removing lines
+        between new and original structure */
+@@ -7216,25 +7216,24 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
+     for (df = dfhead; df != NULL; )
+     {
+ 	unsigned int ln;
+-	unsigned long deltaend;
++	unsigned long newpos = df->pos - offset;
+ 
+-	if (df->pos > orig_lines->nlines)
++	if (newpos < lines.nlines || newpos > numlines)
+ 	    err = 1;
+ 
+ 	/* On error, just free the rest of the list.  */
+ 	if (!err)
+ 	{
+-	    /* Here we need to get to the line where the next insert will
++	    /* Here we need to get to the line where the next change will
+ 	       begin, which is DF->pos in ORIG_LINES.  We will fill up to
+ 	       DF->pos - OFFSET in LINES with original items.  */
+-	    for (deltaend = df->pos - offset;
+-		 lastmodline < deltaend;
+-		 lastmodline++)
++	    while (lines.nlines < newpos)
+ 	    {
+ 		/* we need to copy from the orig structure into new one */
+-		lines.vector[lastmodline] =
+-			orig_lines->vector[lastmodline + offset];
+-		lines.vector[lastmodline]->refcount++;
++		lines.vector[lines.nlines] =
++			orig_lines->vector[lines.nlines + offset];
++		lines.vector[lines.nlines]->refcount++;
++		lines.nlines++;
+ 	    }
+ 
+ 	    switch (df->type)
+@@ -7246,7 +7245,12 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
+ 		    struct line *q;
+ 		    int nextline_newline;
+ 		    size_t nextline_len;
+-		
++
++		    if (newpos + df->nlines > numlines)
++		    {
++			err = 1;
++			break;
++		    }
+ 		    textend = df->new_lines + df->len;
+ 		    nextline_newline = 0;
+ 		    nextline_text = df->new_lines;
+@@ -7271,8 +7275,7 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
+ 			    q->has_newline = nextline_newline;
+ 			    q->refcount = 1;
+ 			    memcpy (q->text, nextline_text, nextline_len);
+-			    lines.vector[lastmodline++] = q;
+-			    offset--;
++			    lines.vector[lines.nlines++] = q;
+ 		    
+ 			    nextline_text = (char *)p + 1;
+ 			    nextline_newline = 0;
+@@ -7286,11 +7289,11 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
+ 		    q->has_newline = nextline_newline;
+ 		    q->refcount = 1;
+ 		    memcpy (q->text, nextline_text, nextline_len);
+-		    lines.vector[lastmodline++] = q;
++		    lines.vector[lines.nlines++] = q;
+ 
+ 		    /* For each line we add the offset between the #'s
+ 		       decreases. */
+-		    offset--;
++		    offset -= df->nlines;
+ 		    break;
+ 		}
+ 
+@@ -7301,7 +7304,9 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
+ 		    if (df->pos + df->nlines > orig_lines->nlines)
+ 			err = 1;
+ 		    else if (delvers)
++		    {
+ 			for (ln = df->pos; ln < df->pos + df->nlines; ++ln)
++			{
+ 			    if (orig_lines->vector[ln]->refcount > 1)
+ 				/* Annotate needs this but, since the original
+ 				 * vector is disposed of before returning from
+@@ -7309,6 +7314,8 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
+ 				 * there are multiple references.
+ 				 */
+ 				orig_lines->vector[ln]->vers = delvers;
++			}
++		    }
+ 		    break;
+ 	    }
+ 	}
+@@ -7328,21 +7335,20 @@ apply_rcs_changes (orig_lines, diffbuf, difflen, name, addvers, delvers)
+     else
+     {
+ 	/* add the rest of the remaining lines to the data vector */
+-	for (; lastmodline < numlines; lastmodline++)
++	while (lines.nlines < numlines)
+ 	{
+ 	    /* we need to copy from the orig structure into new one */
+-	    lines.vector[lastmodline] = orig_lines->vector[lastmodline
++	    lines.vector[lines.nlines] = orig_lines->vector[lines.nlines
+ 							   + offset];
+-	    lines.vector[lastmodline]->refcount++;
++	    lines.vector[lines.nlines]->refcount++;
++	    lines.nlines++;
+ 	}
+ 
+ 	/* Move the lines vector to the original structure for output,
+ 	 * first deleting the old.
+ 	 */
+ 	linevector_free (orig_lines);
+-	orig_lines->vector = lines.vector;
+-	orig_lines->lines_alloced = numlines;
+-	orig_lines->nlines = lines.nlines;
++	*orig_lines = lines;
+     }
+ 
+     return !err;
+-- 
+1.7.2.3
+
diff --git a/extra/cvs/cvs-1.11.23-getline64.patch b/extra/cvs/cvs-1.11.23-getline64.patch
new file mode 100644
index 000000000..99942e058
--- /dev/null
+++ b/extra/cvs/cvs-1.11.23-getline64.patch
@@ -0,0 +1,34 @@
+--- cvs-1.11.23/lib/getline.c	2005-04-04 22:46:05.000000000 +0200
++++ cvs-1.11.23/lib/getline.c.old	2008-06-03 19:06:25.000000000 +0200
+@@ -154,7 +154,7 @@
+   return ret;
+ }
+ 
+-int
++ssize_t
+ getline (lineptr, n, stream)
+      char **lineptr;
+      size_t *n;
+@@ -163,7 +163,7 @@
+   return getstr (lineptr, n, stream, '\n', 0, GETLINE_NO_LIMIT);
+ }
+ 
+-int
++ssize_t
+ getline_safe (lineptr, n, stream, limit)
+      char **lineptr;
+      size_t *n;
+--- cvs-1.11.23/lib/getline.h	2005-04-04 22:46:05.000000000 +0200
++++ cvs-1.11.23/lib/getline.h.old	2008-06-03 19:06:27.000000000 +0200
+@@ -11,9 +11,9 @@
+ 
+ #define GETLINE_NO_LIMIT -1
+ 
+-int
++ssize_t
+   getline __PROTO ((char **_lineptr, size_t *_n, FILE *_stream));
+-int
++ssize_t
+   getline_safe __PROTO ((char **_lineptr, size_t *_n, FILE *_stream,
+                          int limit));
+ int
diff --git a/extra/cvs/cvs.install b/extra/cvs/cvs.install
new file mode 100644
index 000000000..f1cdd1f3e
--- /dev/null
+++ b/extra/cvs/cvs.install
@@ -0,0 +1,20 @@
+infodir=/usr/share/info
+filelist=(cvs.info cvs-info-1 cvs-info-2 cvsclient.info)
+
+post_install() {
+  for file in ${filelist[@]}; do
+    install-info $infodir/$file $infodir/dir 2> /dev/null
+  done
+}
+
+post_upgrade() {
+  post_install $1
+}
+
+pre_remove() {
+  for file in ${filelist[@]}; do
+    install-info --delete $infodir/$file $infodir/dir 2> /dev/null
+  done
+}
+
+# vim:set ts=2 sw=2 et:
-- 
cgit v1.2.3-54-g00ecf