From e55ffa5cf445b1c4048bb86a08297685ad12c7fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Sun, 5 May 2024 17:52:35 +0700
Subject: [PATCH] cvs: import patches from Gentoo

While we are at it, fix build with newer gcc
---
 srcpkgs/cvs/patches/CVE-2012-0804.patch |  25 ++++++
 srcpkgs/cvs/patches/autoconf.patch      | 107 ++++++++++++++++++++++++
 srcpkgs/cvs/patches/no-krb.patch        |  72 ++++++++++++++++
 srcpkgs/cvs/patches/openat.patch        |  19 +++++
 srcpkgs/cvs/patches/ssh.patch           |  20 ++---
 srcpkgs/cvs/template                    |  13 ++-
 6 files changed, 243 insertions(+), 13 deletions(-)
 create mode 100644 srcpkgs/cvs/patches/CVE-2012-0804.patch
 create mode 100644 srcpkgs/cvs/patches/autoconf.patch
 create mode 100644 srcpkgs/cvs/patches/no-krb.patch
 create mode 100644 srcpkgs/cvs/patches/openat.patch

diff --git a/srcpkgs/cvs/patches/CVE-2012-0804.patch b/srcpkgs/cvs/patches/CVE-2012-0804.patch
new file mode 100644
index 00000000000000..97f3aae5ad295e
--- /dev/null
+++ b/srcpkgs/cvs/patches/CVE-2012-0804.patch
@@ -0,0 +1,25 @@
+[CVE-2012-0804] Fix proxy response parser
+
+If proxy sends overlong HTTP vesion string, the string will be copied
+to unallocatd space (write_buf) causing heap overflow.
+
+This patch fixes it by ignoring the HTTP version string and checking
+the response line has been parsed correctly.
+
+See <https://bugzilla.redhat.com/show_bug.cgi?id=773699> for more
+details.
+
+--- a/src/client.c
++++ b/src/client.c
+@@ -3558,9 +3558,9 @@ connect_to_pserver (cvsroot_t *root, str
+          * code.
+          */
+ 	read_line_via (from_server, to_server, &read_buf);
+-	sscanf (read_buf, "%s %d", write_buf, &codenum);
++	count = sscanf (read_buf, "%*s %d", &codenum);
+ 
+-	if ((codenum / 100) != 2)
++	if (count != 1 || (codenum / 100) != 2)
+ 	    error (1, 0, "proxy server %s:%d does not support http tunnelling",
+ 		   root->proxy_hostname, proxy_port_number);
+ 	free (read_buf);
diff --git a/srcpkgs/cvs/patches/autoconf.patch b/srcpkgs/cvs/patches/autoconf.patch
new file mode 100644
index 00000000000000..69dcfd61290346
--- /dev/null
+++ b/srcpkgs/cvs/patches/autoconf.patch
@@ -0,0 +1,107 @@
+--- a/configure.in
++++ b/configure.in
+@@ -33,6 +33,15 @@ gl_EARLY
+ AC_PROG_CC
+ AM_PROG_CC_C_O
+ 
++AC_TYPE_LONG_LONG_INT
++
++if test "$ac_cv_type_long_long_int" = yes; then
++  ac_cv_type_long_long=yes
++  AC_DEFINE(HAVE_LONG_LONG, 1, [Define if you have the 'long long' type.])
++else
++  ac_cv_type_long_long=no
++fi
++
+ # Find the posix library needed on INTERACTIVE UNIX (ISC)
+ dnl
+ dnl From the Autoconf 2.53 manual (AC_ISC_POSIX):
+@@ -150,7 +159,7 @@ AM_CONDITIONAL(MAKE_TARGETS_IN_VPATH, \
+ 		|| test $srcdir = .)
+ 
+ AC_HEADER_DIRENT
+-AC_HEADER_STDC
++AC_DEFINE(STDC_HEADERS, 1, "stdc headers")
+ AC_HEADER_SYS_WAIT
+ AC_CHECK_HEADERS(\
+ 	direct.h \
+@@ -180,6 +189,7 @@ AC_CHECK_MEMBERS([struct stat.st_blksize
+ AC_CHECK_MEMBERS([struct stat.st_rdev])
+ 
+ AC_FUNC_FSEEKO
++AC_CHECK_FUNCS(fseeko)
+ if test $ac_cv_func_fseeko = no; then
+     AC_LIBOBJ(fseeko)
+     AC_LIBOBJ(ftello)
+@@ -207,7 +217,7 @@ gl_INIT
+ dnl For one reason or another, the autogenerated m4/gnulib.m4 wants
+ dnl AM_GNU_GETTEXT([external]) called directly from here.
+ AM_GNU_GETTEXT([external])
+-AM_GNU_GETTEXT_VERSION dnl work around for autoconf-2.57 bug.
++AM_GNU_GETTEXT_VERSION(0.19.8) dnl work around for autoconf-2.57 bug.
+ # The error module still poses merge problems.
+ AC_FUNC_STRERROR_R
+ dnl The following macros can be called by other GNULIB macros but are also
+@@ -220,8 +230,8 @@ AC_REQUIRE([gt_TYPE_WCHAR_T])
+ AC_REQUIRE([gt_TYPE_WINT_T])
+ AC_REQUIRE([gl_AC_TYPE_INTMAX_T])
+ AC_REQUIRE([gl_FUNC_MMAP_ANON])
+-AC_REQUIRE([gl_AC_TYPE_LONG_LONG])])
++])
+ CCVS_CALL_GNULIB_MACROS_ONCE()
+ dnl Until I persuade the GNULIB folks to integrate this module.
+ gl_GLOB
+ 
+--- a/m4/allocsa.m4
++++ b/m4/allocsa.m4
+@@ -10,6 +10,5 @@ AC_DEFUN([gl_ALLOCSA],
+   dnl @ALLOCA@ and @LTALLOCA@.
+   AC_REQUIRE([gl_FUNC_ALLOCA])
+   AC_REQUIRE([gl_EEMALLOC])
+-  AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+   AC_REQUIRE([gt_TYPE_LONGDOUBLE])
+ ])
+--- a/m4/intmax_t.m4
++++ b/m4/intmax_t.m4
+@@ -18,7 +18,6 @@ AC_DEFUN([gl_AC_TYPE_INTMAX_T],
+   AC_REQUIRE([gl_AC_HEADER_INTTYPES_H])
+   AC_REQUIRE([gl_AC_HEADER_STDINT_H])
+   if test $gl_cv_header_inttypes_h = no && test $gl_cv_header_stdint_h = no; then
+-    AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+     test $ac_cv_type_long_long = yes \
+       && ac_type='long long' \
+       || ac_type='long'
+@@ -51,7 +50,6 @@ AC_DEFUN([gt_AC_TYPE_INTMAX_T],
+     AC_DEFINE(HAVE_INTMAX_T, 1,
+       [Define if you have the 'intmax_t' type in <stdint.h> or <inttypes.h>.])
+   else
+-    AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+     test $ac_cv_type_long_long = yes \
+       && ac_type='long long' \
+       || ac_type='long'
+--- a/m4/vasnprintf.m4
++++ b/m4/vasnprintf.m4
+@@ -23,7 +23,6 @@ AC_DEFUN([gl_FUNC_VASNPRINTF],
+ AC_DEFUN([gl_PREREQ_PRINTF_ARGS],
+ [
+   AC_REQUIRE([bh_C_SIGNED])
+-  AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+   AC_REQUIRE([gt_TYPE_LONGDOUBLE])
+   AC_REQUIRE([gt_TYPE_WCHAR_T])
+   AC_REQUIRE([gt_TYPE_WINT_T])
+@@ -32,7 +31,6 @@ AC_DEFUN([gl_PREREQ_PRINTF_ARGS],
+ # Prequisites of lib/printf-parse.h, lib/printf-parse.c.
+ AC_DEFUN([gl_PREREQ_PRINTF_PARSE],
+ [
+-  AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+   AC_REQUIRE([gt_TYPE_LONGDOUBLE])
+   AC_REQUIRE([gt_TYPE_WCHAR_T])
+   AC_REQUIRE([gt_TYPE_WINT_T])
+@@ -45,7 +43,6 @@ AC_DEFUN([gl_PREREQ_PRINTF_PARSE],
+ AC_DEFUN([gl_PREREQ_VASNPRINTF],
+ [
+   AC_REQUIRE([AC_FUNC_ALLOCA])
+-  AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+   AC_REQUIRE([gt_TYPE_LONGDOUBLE])
+   AC_REQUIRE([gt_TYPE_WCHAR_T])
+   AC_REQUIRE([gt_TYPE_WINT_T])
diff --git a/srcpkgs/cvs/patches/no-krb.patch b/srcpkgs/cvs/patches/no-krb.patch
new file mode 100644
index 00000000000000..8b4ed04b02163e
--- /dev/null
+++ b/srcpkgs/cvs/patches/no-krb.patch
@@ -0,0 +1,72 @@
+--- a/configure.in
++++ b/configure.in
+@@ -563,69 +563,6 @@ AC_MSG_RESULT([])
+ AC_SUBST(KRB4)])dnl
+ WITH_KRB4
+ 
+-krb_h=
+-AC_MSG_CHECKING([for krb.h])
+-if test "$cross_compiling" != yes && test -r $KRB4/include/krb.h; then
+-   hold_cflags=$CFLAGS
+-   CFLAGS="$CFLAGS -I$KRB4/include"
+-   AC_TRY_LINK([#include <krb.h>],[int i;],
+-          [krb_h=yes krb_incdir=$KRB4/include],
+-          [CFLAGS=$hold_cflags
+-           AC_TRY_LINK([#include <krb.h>],[int i;],
+-             [krb_h=yes krb_incdir=])])
+-   CFLAGS=$hold_cflags
+-else
+-   AC_TRY_LINK([#include <krb.h>],[int i;],
+-             [krb_h=yes krb_incdir=])
+-fi
+-if test -z "$krb_h"; then
+-  AC_TRY_LINK([#include <krb.h>],[int i;],
+-    [krb_h=yes krb_incdir=],
+-    [if test "$cross_compiling" != yes && test -r $KRB4/include/kerberosIV/krb.h; then
+-       hold_cflags=$CFLAGS
+-       CFLAGS="$CFLAGS -I$KRB4/include/kerberosIV"
+-       AC_TRY_LINK([#include <krb.h>],[int i;],
+-	 [krb_h=yes krb_incdir=$KRB4/include/kerberosIV])
+-       CFLAGS=$hold_cflags
+-     fi])
+-fi
+-AC_MSG_RESULT($krb_h)
+-
+-if test -n "$krb_h"; then
+-  krb_lib=
+-  if test "$cross_compiling" != yes && test -r $KRB4/lib/libkrb.a; then
+-       hold_ldflags=$LDFLAGS
+-       LDFLAGS="-L${KRB4}/lib $LDFLAGS"
+-       AC_CHECK_LIB(krb,printf,[krb_lib=yes krb_libdir=${KRB4}/lib],
+-           [LDFLAGS=$hold_ldflags
+-            # Using open here instead of printf so we don't
+-            # get confused by the cached value for printf from above.
+-            AC_CHECK_LIB(krb,open,[krb_lib=yes krb_libdir=])])
+-       LDFLAGS=$hold_ldflags
+-  else
+-       AC_CHECK_LIB(krb,printf,[krb_lib=yes krb_libdir=])
+-       AC_CHECK_FUNC(krb_recvauth,[krb_lib=yes krb_libdir=])
+-  fi
+-  if test -n "$krb_lib"; then
+-    AC_DEFINE([HAVE_KERBEROS], 1,
+-	      [Define if you have MIT Kerberos version 4 available.])
+-    cvs_client_objects="$cvs_client_objects kerberos4-client.o"
+-    test -n "${krb_libdir}" && LIBS="${LIBS} -L${krb_libdir}"
+-    # Put -L${krb_libdir} in LDFLAGS temporarily so that it appears before
+-    # -ldes in the command line.  Don't do it permanently so that we honor
+-    # the user's setting for LDFLAGS
+-    hold_ldflags=$LDFLAGS
+-    test -n "${krb_libdir}" && LDFLAGS="$LDFLAGS -L${krb_libdir}"
+-    AC_CHECK_LIB(des,printf,[LIBS="${LIBS} -ldes"])
+-    AC_CHECK_LIB(krb,krb_recvauth)
+-    AC_CHECK_LIB(krb4,krb_recvauth)
+-    LDFLAGS=$hold_ldflags
+-    if test -n "$krb_incdir"; then
+-      CPPFLAGS="$CPPFLAGS -I$krb_incdir"
+-    fi
+-  fi
+-fi
+-AC_CHECK_FUNCS(krb_get_err_text)
+ 
+ 
+ dnl
diff --git a/srcpkgs/cvs/patches/openat.patch b/srcpkgs/cvs/patches/openat.patch
new file mode 100644
index 00000000000000..829b07644dd141
--- /dev/null
+++ b/srcpkgs/cvs/patches/openat.patch
@@ -0,0 +1,19 @@
+--- a/lib/openat.c
++++ b/lib/openat.c
+@@ -57,9 +57,13 @@ rpl_openat (int fd, char const *file, in
+       va_list arg;
+       va_start (arg, flags);
+ 
+-      /* Assume that mode_t is passed compatibly with mode_t's type
+-	 after argument promotion.  */
+-      mode = va_arg (arg, mode_t);
++      /* If mode_t is narrower than int, use the promoted type (int),
++         not mode_t.  Use sizeof to guess whether mode_t is nerrower;
++         we don't know of any practical counterexamples.  */
++      if (sizeof (mode_t) < sizeof (int))
++	mode = va_arg (arg, int);
++      else
++	mode = va_arg (arg, mode_t);
+ 
+       va_end (arg);
+     }
diff --git a/srcpkgs/cvs/patches/ssh.patch b/srcpkgs/cvs/patches/ssh.patch
index 193bbc2171a425..1ab317730e6de3 100644
--- a/srcpkgs/cvs/patches/ssh.patch
+++ b/srcpkgs/cvs/patches/ssh.patch
@@ -1,9 +1,9 @@
 Fix for CVE-2017-12836, extracted from MirBSD repository.
 
---- a/src/rsh-client.c	2017/03/26 15:54:10	1.6
-+++ b/src/rsh-client.c	2017/08/11 20:41:40	1.7
-@@ -107,6 +108,9 @@ start_rsh_server (cvsroot_t *root, struc
- 	rsh_argv[i++] = argvport;
+--- a/src/rsh-client.c
++++ b/src/rsh-client.c
+@@ -97,6 +97,9 @@ start_rsh_server (cvsroot_t *root, struc
+ 	rsh_argv[i++] = root->username;
      }
  
 +    /* Only non-option arguments from here. (CVE-2017-12836) */
@@ -11,13 +11,13 @@ Fix for CVE-2017-12836, extracted from MirBSD repository.
 +
      rsh_argv[i++] = root->hostname;
      rsh_argv[i++] = cvs_server;
-     if (readonlyfs)
-@@ -190,6 +194,8 @@ start_rsh_server (cvsroot_t *root, struc
- 		*p++ = "-p";
- 		*p++ = argvport;
+     rsh_argv[i++] = "server";
+@@ -171,6 +174,8 @@ start_rsh_server (cvsroot_t *root, struc
+ 	    *p++ = root->username;
  	}
-+
-+	*p++ = "--";
  
++	*p++ = "--";
++
  	*p++ = root->hostname;
  	*p++ = command;
+ 	*p++ = NULL;
diff --git a/srcpkgs/cvs/template b/srcpkgs/cvs/template
index 803d3e420ef7b1..85ab77a3419ba1 100644
--- a/srcpkgs/cvs/template
+++ b/srcpkgs/cvs/template
@@ -1,20 +1,27 @@
 # Template file for 'cvs'
 pkgname=cvs
 version=1.12.13
-revision=7
+revision=8
 build_style=gnu-configure
 configure_args="--with-editor=/usr/bin/vi --with-external-zlib
  ac_cv_func_working_mktime=yes"  # broken test upstream
-hostmakedepends="nvi openssh"
+hostmakedepends="nvi openssh automake libtool gettext-devel-tools"
 makedepends="mit-krb5-devel openssh"
 depends="openssh>=6.1p1"
 short_desc="Concurrent Versions System"
 maintainer="Orphaned <orphan@voidlinux.org>"
 homepage="http://www.nongnu.org/cvs/"
-license="GPL-1, LGPL-2"
+license="GPL-1.0-or-later, LGPL-2.0-or-later"
 distfiles="http://ftp.gnu.org/non-gnu/cvs/source/feature/$version/cvs-$version.tar.bz2"
 checksum=78853613b9a6873a30e1cc2417f738c330e75f887afdaf7b3d0800cb19ca515e
 
 if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
 	makedepends+=" libxcrypt-devel"
 fi
+CFLAGS="-D_GNU_SOURCE=1"
+
+pre_configure() {
+	cp configure.in configure.ac
+	autoupdate
+	autoreconf -fi
+}