Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-dev:musl commit in: dev-vcs/cvs/, dev-vcs/cvs/files/
Date: Sat, 22 Feb 2014 14:27:32
Message-Id: 1393079276.18906a4e3a58b3a9ebf081fbf5e1b575b04b735e.blueness@gentoo
1 commit: 18906a4e3a58b3a9ebf081fbf5e1b575b04b735e
2 Author: Felix Janda <felix.janda <AT> posteo <DOT> de>
3 AuthorDate: Sun Feb 16 21:23:41 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Feb 22 14:27:56 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=18906a4e
7
8 dev-vcs/cvs: move to tree
9
10 ---
11 dev-vcs/cvs/cvs-1.12.12-r99.ebuild | 86 +++++++++++++
12 dev-vcs/cvs/files/cvs-1.12.12-block-requests.patch | 140 +++++++++++++++++++++
13 .../files/cvs-1.12.12-cvs-gnulib-vasnprintf.patch | 34 +++++
14 dev-vcs/cvs/files/cvs-1.12.12-cvsbug-tmpfix.patch | 22 ++++
15 dev-vcs/cvs/files/cvs-1.12.12-install-sh.patch | 12 ++
16 dev-vcs/cvs/files/cvs-1.12.12-mktime-x32.patch | 29 +++++
17 dev-vcs/cvs/files/cvs-1.12.12-openat.patch | 21 ++++
18 dev-vcs/cvs/files/cvs-1.12.12-regex.patch | 11 ++
19 dev-vcs/cvs/files/cvs.pam-include-1.12.12 | 4 +
20 dev-vcs/cvs/files/cvspserver.xinetd.d | 14 +++
21 dev-vcs/cvs/metadata.xml | 8 ++
22 11 files changed, 381 insertions(+)
23
24 diff --git a/dev-vcs/cvs/cvs-1.12.12-r99.ebuild b/dev-vcs/cvs/cvs-1.12.12-r99.ebuild
25 new file mode 100644
26 index 0000000..27ed6e5
27 --- /dev/null
28 +++ b/dev-vcs/cvs/cvs-1.12.12-r99.ebuild
29 @@ -0,0 +1,86 @@
30 +# Copyright 1999-2014 Gentoo Foundation
31 +# Distributed under the terms of the GNU General Public License v2
32 +# $Header: /var/cvsroot/gentoo-x86/dev-vcs/cvs/cvs-1.12.12-r6.ebuild,v 1.4 2014/01/19 10:30:16 vapier Exp $
33 +
34 +inherit eutils pam toolchain-funcs
35 +
36 +DESCRIPTION="Concurrent Versions System - source code revision control tools"
37 +HOMEPAGE="http://www.nongnu.org/cvs/"
38 +
39 +SRC_URI="mirror://gnu/non-gnu/cvs/source/feature/${PV}/${P}.tar.bz2
40 + doc? ( mirror://gnu/non-gnu/cvs/source/feature/${PV}/cederqvist-${PV}.html.tar.bz2
41 + mirror://gnu/non-gnu/cvs/source/feature/${PV}/cederqvist-${PV}.pdf
42 + mirror://gnu/non-gnu/cvs/source/feature/${PV}/cederqvist-${PV}.ps )"
43 +
44 +LICENSE="GPL-2 LGPL-2"
45 +SLOT="0"
46 +KEYWORDS="amd64 arm x86"
47 +
48 +IUSE="crypt doc kerberos nls pam server"
49 +
50 +DEPEND=">=sys-libs/zlib-1.1.4
51 + kerberos? ( virtual/krb5 )
52 + pam? ( virtual/pam )"
53 +
54 +src_unpack() {
55 + unpack ${P}.tar.bz2
56 + use doc && unpack cederqvist-${PV}.html.tar.bz2
57 + EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${P}-cvsbug-tmpfix.patch
58 + epatch "${FILESDIR}"/${P}-openat.patch
59 + EPATCH_OPTS="-p1 -d ${S}" epatch "${FILESDIR}"/${P}-block-requests.patch
60 + cd "${S}"
61 + epatch "${FILESDIR}"/${P}-cvs-gnulib-vasnprintf.patch
62 + epatch "${FILESDIR}"/${P}-install-sh.patch
63 + epatch "${FILESDIR}"/${P}-regex.patch
64 + epatch "${FILESDIR}"/${P}-mktime-x32.patch # 395641
65 + use server || elog "If you want any CVS server functionality, you MUST emerge with USE=server!"
66 +}
67 +
68 +src_compile() {
69 + if tc-is-cross-compiler ; then
70 + # Sane defaults when cross-compiling (as these tests want to
71 + # try and execute code).
72 + export cvs_cv_func_printf_ptr="yes"
73 + fi
74 + econf \
75 + --with-external-zlib \
76 + --with-tmpdir=/tmp \
77 + $(use_enable crypt encryption) \
78 + $(use_with kerberos gssapi) \
79 + $(use_enable nls) \
80 + $(use_enable pam) \
81 + $(use_enable server) \
82 + || die
83 + emake || die "emake failed"
84 +}
85 +
86 +src_install() {
87 + emake install DESTDIR="${D}" || die
88 +
89 + insinto /etc/xinetd.d
90 + newins "${FILESDIR}"/cvspserver.xinetd.d cvspserver || die "newins failed"
91 +
92 + dodoc BUGS ChangeLog* DEVEL* FAQ HACKING \
93 + MINOR* NEWS PROJECTS README* TESTS TODO
94 +
95 + # Not installed into emacs site-lisp because it clobbers the normal C
96 + # indentations.
97 + dodoc cvs-format.el || die "dodoc failed"
98 +
99 + use server && newdoc "${FILESDIR}"/cvs-1.12.12-cvs-custom.c cvs-custom.c
100 +
101 + if use doc; then
102 + dodoc "${DISTDIR}"/cederqvist-${PV}.pdf
103 + dodoc "${DISTDIR}"/cederqvist-${PV}.ps
104 + tar xjf "${DISTDIR}"/cederqvist-${PV}.html.tar.bz2
105 + dohtml -r cederqvist-${PV}.html/*
106 + cd "${D}"/usr/share/doc/${PF}/html/
107 + ln -s cvs.html index.html
108 + fi
109 +
110 + newpamd "${FILESDIR}"/cvs.pam-include-1.12.12 cvs
111 +}
112 +
113 +src_test() {
114 + einfo "FEATURES=\"maketest\" has been disabled for dev-vcs/cvs"
115 +}
116
117 diff --git a/dev-vcs/cvs/files/cvs-1.12.12-block-requests.patch b/dev-vcs/cvs/files/cvs-1.12.12-block-requests.patch
118 new file mode 100644
119 index 0000000..9c9b49d
120 --- /dev/null
121 +++ b/dev-vcs/cvs/files/cvs-1.12.12-block-requests.patch
122 @@ -0,0 +1,140 @@
123 +Author: Robin H. Johnson <robbat2@g.o>
124 +Date: 2006-08-09
125 +
126 +This patch allows a CVS server to deny usage of specific commands, based on
127 +input in the environment.
128 +
129 +Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want,
130 +seperated by spaces. Eg:
131 +CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents"
132 +would block ALL usage of compression.
133 +
134 +Please see the array 'struct request requests[]' in src/server.c for a full
135 +list of commands.
136 +
137 +Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients
138 +may fail! (This includes 'ci'!).
139 +
140 +See the companion cvs-custom.c for a wrapper that can enforce the environment variable for pserver setups.
141 +
142 +Signed-off-by: Robin H. Johnson <robbat2@g.o>
143 +
144 +diff -Nuar --exclude '*~' -U 10 cvs-1.12.12.orig/src/server.c cvs-1.12.12/src/server.c
145 +--- cvs-1.12.12.orig/src/server.c 2005-04-14 14:13:29.000000000 +0000
146 ++++ cvs-1.12.12/src/server.c 2006-08-09 01:40:44.000000000 +0000
147 +@@ -5836,43 +5836,90 @@
148 + #undef REQ_LINE
149 + };
150 + #endif /* SERVER_SUPPORT or CLIENT_SUPPORT */
151 +
152 +
153 +
154 + #ifdef SERVER_SUPPORT
155 + /*
156 + * This server request is not ignored by the secondary.
157 + */
158 ++
159 ++/* Hack by Robin H. Johnson <robbat2@g.o>.
160 ++ * Allow the server ENV to specify what request types are to be ignored.
161 ++ */
162 ++
163 ++static char blocked_requests[BUFSIZ] = " ";
164 ++
165 ++static void build_blocked_requests() {
166 ++ char *tmp = getenv("CVS_BLOCK_REQUESTS");
167 ++
168 ++ if (tmp != NULL && strlen(tmp) > 0) {
169 ++ // move to our custom buffer
170 ++ strncat(blocked_requests, tmp, sizeof(blocked_requests)-strlen(blocked_requests));
171 ++ //add a space on the end as well for searching
172 ++ strncat(blocked_requests, " ", sizeof(blocked_requests)-strlen(blocked_requests));
173 ++ }
174 ++
175 ++ // now blocked_requests contains the list of every request that we do not
176 ++ // want to serve
177 ++}
178 ++
179 ++// returns 0 if we should serve this request
180 ++// use as if(checker(FOO)) continue;
181 ++static int serve_valid_requests_checker(char *reqname) {
182 ++ char needle[BUFSIZ] = " ";
183 ++ char *tmp;
184 ++
185 ++ if(!blocked_requests || strlen(blocked_requests) < 2)
186 ++ return 0;
187 ++
188 ++ // we want to look for ' 'reqname' '
189 ++ snprintf(needle, sizeof(needle), " %s ", reqname);
190 ++
191 ++ // now do the search
192 ++ tmp = strstr(blocked_requests, needle);
193 ++
194 ++ if (tmp != NULL)
195 ++ return 1;
196 ++
197 ++ return 0;
198 ++
199 ++}
200 ++
201 + static void
202 + serve_valid_requests (char *arg)
203 + {
204 + struct request *rq;
205 +
206 + /* Since this is processed in the first pass, don't reprocess it in the
207 + * second.
208 + *
209 + * We still print errors since new errors could have been generated in the
210 + * second pass.
211 + */
212 + if (print_pending_error ()
213 + #ifdef PROXY_SUPPORT
214 + || reprocessing
215 + #endif /* PROXY_SUPPORT */
216 + )
217 + return;
218 ++
219 ++ build_blocked_requests();
220 +
221 + buf_output0 (buf_to_net, "Valid-requests");
222 + for (rq = requests; rq->name != NULL; rq++)
223 + {
224 + if (rq->func != NULL)
225 + {
226 ++ if(serve_valid_requests_checker(rq->name))
227 ++ continue;
228 + buf_append_char (buf_to_net, ' ');
229 + buf_output0 (buf_to_net, rq->name);
230 + }
231 + }
232 + buf_output0 (buf_to_net, "\nok\n");
233 +
234 + /* The client is waiting for the list of valid requests, so we
235 + must send the output now. */
236 + buf_flush (buf_to_net, 1);
237 + }
238 +@@ -6353,20 +6400,24 @@
239 + cmd += len;
240 + else if (cmd[len] == ' ')
241 + cmd += len + 1;
242 + else
243 + /*
244 + * The first len characters match, but it's a different
245 + * command. e.g. the command is "cooperate" but we matched
246 + * "co".
247 + */
248 + continue;
249 ++ // Ignore commands that we are supposed to ignore.
250 ++ if(serve_valid_requests_checker(rq->name))
251 ++ continue;
252 ++
253 +
254 + if (!(rq->flags & RQ_ROOTLESS)
255 + && current_parsed_root == NULL)
256 + {
257 + /* For commands which change the way in which data
258 + is sent and received, for example Gzip-stream,
259 + this does the wrong thing. Since the client
260 + assumes that everything is being compressed,
261 + unconditionally, there is no way to give this
262 + error to the client without turning on
263
264 diff --git a/dev-vcs/cvs/files/cvs-1.12.12-cvs-gnulib-vasnprintf.patch b/dev-vcs/cvs/files/cvs-1.12.12-cvs-gnulib-vasnprintf.patch
265 new file mode 100644
266 index 0000000..d7d6e6b
267 --- /dev/null
268 +++ b/dev-vcs/cvs/files/cvs-1.12.12-cvs-gnulib-vasnprintf.patch
269 @@ -0,0 +1,34 @@
270 +http://bugs.gentoo.org/213833
271 +
272 +commit 913c09becd9df89dbd9b9f386e7f35c240d5efe8
273 +Author: Bruno Haible <bruno@×××××.org>
274 +Date: Fri Oct 19 01:50:42 2007 +0200
275 +
276 + Don't use %n on glibc >= 2.3 systems.
277 +
278 +diff --git a/lib/vasnprintf.c b/lib/vasnprintf.c
279 +index f563823..5d818aa 100644
280 +--- a/lib/vasnprintf.c
281 ++++ b/lib/vasnprintf.c
282 +@@ -3385,9 +3385,21 @@ VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp,
283 + #endif
284 + *p = dp->conversion;
285 + #if USE_SNPRINTF
286 ++# if !(__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3))
287 + p[1] = '%';
288 + p[2] = 'n';
289 + p[3] = '\0';
290 ++# else
291 ++ /* On glibc2 systems from glibc >= 2.3 - probably also older
292 ++ ones - we know that snprintf's returns value conforms to
293 ++ ISO C 99: the gl_SNPRINTF_DIRECTIVE_N test passes.
294 ++ Therefore we can avoid using %n in this situation.
295 ++ On glibc2 systems from 2004-10-18 or newer, the use of %n
296 ++ in format strings in writable memory may crash the program
297 ++ (if compiled with _FORTIFY_SOURCE=2), so we should avoid it
298 ++ in this situation. */
299 ++ p[1] = '\0';
300 ++# endif
301 + #else
302 + p[1] = '\0';
303 + #endif
304
305 diff --git a/dev-vcs/cvs/files/cvs-1.12.12-cvsbug-tmpfix.patch b/dev-vcs/cvs/files/cvs-1.12.12-cvsbug-tmpfix.patch
306 new file mode 100644
307 index 0000000..fcd4431
308 --- /dev/null
309 +++ b/dev-vcs/cvs/files/cvs-1.12.12-cvsbug-tmpfix.patch
310 @@ -0,0 +1,22 @@
311 +Index: cvs-1.12.12/src/cvsbug.in
312 +===================================================================
313 +--- cvs-1.12.12.orig/src/cvsbug.in
314 ++++ cvs-1.12.12/src/cvsbug.in
315 +@@ -109,14 +109,14 @@ elif [ -f /bin/domainname ]; then
316 + /usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:" |
317 + cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
318 + ORIGINATOR="`cat $TEMP`"
319 +- rm -f $TEMP
320 ++ > $TEMP
321 + fi
322 + fi
323 +
324 + if [ "$ORIGINATOR" = "" ]; then
325 + grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
326 + ORIGINATOR="`cat $TEMP`"
327 +- rm -f $TEMP
328 ++ > $TEMP
329 + fi
330 +
331 + if [ -n "$ORGANIZATION" ]; then
332 +
333
334 diff --git a/dev-vcs/cvs/files/cvs-1.12.12-install-sh.patch b/dev-vcs/cvs/files/cvs-1.12.12-install-sh.patch
335 new file mode 100644
336 index 0000000..825c0ee
337 --- /dev/null
338 +++ b/dev-vcs/cvs/files/cvs-1.12.12-install-sh.patch
339 @@ -0,0 +1,12 @@
340 +diff -ur a/build-aux/install-sh b/build-aux/install-sh
341 +--- a/build-aux/install-sh 2006-03-25 20:04:46 +0000
342 ++++ b/build-aux/install-sh 2007-09-14 10:53:29 +0100
343 +@@ -246,7 +246,7 @@
344 + fi
345 +
346 + if test -n "$dir_arg"; then
347 +- $doit $mkdircmd "$dst" \
348 ++ { test -d "$dst" || $doit $mkdircmd -p "$dst"; } \
349 + && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \
350 + && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \
351 + && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \
352
353 diff --git a/dev-vcs/cvs/files/cvs-1.12.12-mktime-x32.patch b/dev-vcs/cvs/files/cvs-1.12.12-mktime-x32.patch
354 new file mode 100644
355 index 0000000..948fa4d
356 --- /dev/null
357 +++ b/dev-vcs/cvs/files/cvs-1.12.12-mktime-x32.patch
358 @@ -0,0 +1,29 @@
359 +back port changes from upstream gnulib to make this work on x32
360 +
361 +https://bugs.gentoo.org/395641
362 +
363 +--- cvs-1.12.12/lib/mktime.c
364 ++++ cvs-1.12.12/lib/mktime.c
365 +@@ -115,6 +115,13 @@
366 + #define TM_YEAR_BASE 1900
367 + verify (base_year_is_a_multiple_of_100, TM_YEAR_BASE % 100 == 0);
368 +
369 ++#if INT_MAX <= LONG_MAX / 2
370 ++typedef long int long_int;
371 ++#else
372 ++typedef long long int long_int;
373 ++#endif
374 ++verify (long_int_is_wide_enough, INT_MAX == INT_MAX * (long_int) 2 / 2);
375 ++
376 + /* Return 1 if YEAR + TM_YEAR_BASE is a leap year. */
377 + static inline int
378 + leapyear (long int year)
379 +@@ -167,8 +174,6 @@
380 + int year0, int yday0, int hour0, int min0, int sec0)
381 + {
382 + verify (C99_integer_division, -1 / 2 == 0);
383 +- verify (long_int_year_and_yday_are_wide_enough,
384 +- INT_MAX <= LONG_MAX / 2 || TIME_T_MAX <= UINT_MAX);
385 +
386 + /* Compute intervening leap days correctly even if year is negative.
387 + Take care to avoid integer overflow here. */
388
389 diff --git a/dev-vcs/cvs/files/cvs-1.12.12-openat.patch b/dev-vcs/cvs/files/cvs-1.12.12-openat.patch
390 new file mode 100644
391 index 0000000..fdb406a
392 --- /dev/null
393 +++ b/dev-vcs/cvs/files/cvs-1.12.12-openat.patch
394 @@ -0,0 +1,21 @@
395 +Index: cvs-1.12.12/lib/openat.c
396 +===================================================================
397 +--- cvs-1.12.12.orig/lib/openat.c
398 ++++ cvs-1.12.12/lib/openat.c
399 +@@ -55,9 +55,13 @@ rpl_openat (int fd, char const *filename
400 + va_list arg;
401 + va_start (arg, flags);
402 +
403 +- /* Assume that mode_t is passed compatibly with mode_t's type
404 +- after argument promotion. */
405 +- mode = va_arg (arg, mode_t);
406 ++ /* If mode_t is narrower than int, use the promoted type (int),
407 ++ not mode_t. Use sizeof to guess whether mode_t is nerrower;
408 ++ we don't know of any practical counterexamples. */
409 ++ if (sizeof (mode_t) < sizeof (int))
410 ++ mode = va_arg (arg, int);
411 ++ else
412 ++ mode = va_arg (arg, mode_t);
413 +
414 + va_end (arg);
415 + }
416
417 diff --git a/dev-vcs/cvs/files/cvs-1.12.12-regex.patch b/dev-vcs/cvs/files/cvs-1.12.12-regex.patch
418 new file mode 100644
419 index 0000000..4e69953
420 --- /dev/null
421 +++ b/dev-vcs/cvs/files/cvs-1.12.12-regex.patch
422 @@ -0,0 +1,11 @@
423 +--- a/cvs-1.12.12/lib/regex.c
424 ++++ b/cvs-1.12.12/lib/regex.c
425 +@@ -8184,7 +8184,7 @@
426 + if (msg_size > errbuf_size)
427 + {
428 + #if defined HAVE_MEMPCPY || defined _LIBC
429 +- *((char *) __mempcpy (errbuf, msg, errbuf_size - 1)) = '\0';
430 ++ *((char *) mempcpy (errbuf, msg, errbuf_size - 1)) = '\0';
431 + #else
432 + memcpy (errbuf, msg, errbuf_size - 1);
433 + errbuf[errbuf_size - 1] = 0;
434
435 diff --git a/dev-vcs/cvs/files/cvs.pam-include-1.12.12 b/dev-vcs/cvs/files/cvs.pam-include-1.12.12
436 new file mode 100644
437 index 0000000..f401ec0
438 --- /dev/null
439 +++ b/dev-vcs/cvs/files/cvs.pam-include-1.12.12
440 @@ -0,0 +1,4 @@
441 +#%PAM-1.0
442 +auth include system-auth
443 +account include system-auth
444 +session include system-auth
445
446 diff --git a/dev-vcs/cvs/files/cvspserver.xinetd.d b/dev-vcs/cvs/files/cvspserver.xinetd.d
447 new file mode 100644
448 index 0000000..0f2edb0
449 --- /dev/null
450 +++ b/dev-vcs/cvs/files/cvspserver.xinetd.d
451 @@ -0,0 +1,14 @@
452 +service cvspserver
453 +{
454 + disable = yes
455 + socket_type = stream
456 + wait = no
457 + user = root
458 + log_type = FILE /var/log/cvspserver
459 + protocol = tcp
460 + env = HOME=/var/cvsroot
461 + log_on_failure += USERID
462 + port = 2401
463 + server = /usr/bin/cvs
464 + server_args = -f --allow-root=/var/cvsroot pserver
465 +}
466
467 diff --git a/dev-vcs/cvs/metadata.xml b/dev-vcs/cvs/metadata.xml
468 new file mode 100644
469 index 0000000..4432750
470 --- /dev/null
471 +++ b/dev-vcs/cvs/metadata.xml
472 @@ -0,0 +1,8 @@
473 +<?xml version="1.0" encoding="UTF-8"?>
474 +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
475 +<pkgmetadata>
476 + <herd>cvs-utils</herd>
477 + <use>
478 + <flag name="server">Enable server support</flag>
479 + </use>
480 +</pkgmetadata>
Report Message
Find on MARC Find on Google Groups