* [PR PATCH] cvs: import patches from Gentoo
@ 2024-05-05 10:53 sgn
0 siblings, 0 replies; only message in thread
From: sgn @ 2024-05-05 10:53 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1308 bytes --]
There is a new pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages cvs-fix-build
https://github.com/void-linux/void-packages/pull/50199
cvs: import patches from Gentoo
While we are at it, fix build with newer gcc
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**|**briefly**|**NO**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/50199.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-cvs-fix-build-50199.patch --]
[-- Type: text/x-diff, Size: 11781 bytes --]
From e55ffa5cf445b1c4048bb86a08297685ad12c7fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Sun, 5 May 2024 17:52:35 +0700
Subject: [PATCH] cvs: import patches from Gentoo
While we are at it, fix build with newer gcc
---
srcpkgs/cvs/patches/CVE-2012-0804.patch | 25 ++++++
srcpkgs/cvs/patches/autoconf.patch | 107 ++++++++++++++++++++++++
srcpkgs/cvs/patches/no-krb.patch | 72 ++++++++++++++++
srcpkgs/cvs/patches/openat.patch | 19 +++++
srcpkgs/cvs/patches/ssh.patch | 20 ++---
srcpkgs/cvs/template | 13 ++-
6 files changed, 243 insertions(+), 13 deletions(-)
create mode 100644 srcpkgs/cvs/patches/CVE-2012-0804.patch
create mode 100644 srcpkgs/cvs/patches/autoconf.patch
create mode 100644 srcpkgs/cvs/patches/no-krb.patch
create mode 100644 srcpkgs/cvs/patches/openat.patch
diff --git a/srcpkgs/cvs/patches/CVE-2012-0804.patch b/srcpkgs/cvs/patches/CVE-2012-0804.patch
new file mode 100644
index 00000000000000..97f3aae5ad295e
--- /dev/null
+++ b/srcpkgs/cvs/patches/CVE-2012-0804.patch
@@ -0,0 +1,25 @@
+[CVE-2012-0804] Fix proxy response parser
+
+If proxy sends overlong HTTP vesion string, the string will be copied
+to unallocatd space (write_buf) causing heap overflow.
+
+This patch fixes it by ignoring the HTTP version string and checking
+the response line has been parsed correctly.
+
+See <https://bugzilla.redhat.com/show_bug.cgi?id=773699> for more
+details.
+
+--- a/src/client.c
++++ b/src/client.c
+@@ -3558,9 +3558,9 @@ connect_to_pserver (cvsroot_t *root, str
+ * code.
+ */
+ read_line_via (from_server, to_server, &read_buf);
+- sscanf (read_buf, "%s %d", write_buf, &codenum);
++ count = sscanf (read_buf, "%*s %d", &codenum);
+
+- if ((codenum / 100) != 2)
++ if (count != 1 || (codenum / 100) != 2)
+ error (1, 0, "proxy server %s:%d does not support http tunnelling",
+ root->proxy_hostname, proxy_port_number);
+ free (read_buf);
diff --git a/srcpkgs/cvs/patches/autoconf.patch b/srcpkgs/cvs/patches/autoconf.patch
new file mode 100644
index 00000000000000..69dcfd61290346
--- /dev/null
+++ b/srcpkgs/cvs/patches/autoconf.patch
@@ -0,0 +1,107 @@
+--- a/configure.in
++++ b/configure.in
+@@ -33,6 +33,15 @@ gl_EARLY
+ AC_PROG_CC
+ AM_PROG_CC_C_O
+
++AC_TYPE_LONG_LONG_INT
++
++if test "$ac_cv_type_long_long_int" = yes; then
++ ac_cv_type_long_long=yes
++ AC_DEFINE(HAVE_LONG_LONG, 1, [Define if you have the 'long long' type.])
++else
++ ac_cv_type_long_long=no
++fi
++
+ # Find the posix library needed on INTERACTIVE UNIX (ISC)
+ dnl
+ dnl From the Autoconf 2.53 manual (AC_ISC_POSIX):
+@@ -150,7 +159,7 @@ AM_CONDITIONAL(MAKE_TARGETS_IN_VPATH, \
+ || test $srcdir = .)
+
+ AC_HEADER_DIRENT
+-AC_HEADER_STDC
++AC_DEFINE(STDC_HEADERS, 1, "stdc headers")
+ AC_HEADER_SYS_WAIT
+ AC_CHECK_HEADERS(\
+ direct.h \
+@@ -180,6 +189,7 @@ AC_CHECK_MEMBERS([struct stat.st_blksize
+ AC_CHECK_MEMBERS([struct stat.st_rdev])
+
+ AC_FUNC_FSEEKO
++AC_CHECK_FUNCS(fseeko)
+ if test $ac_cv_func_fseeko = no; then
+ AC_LIBOBJ(fseeko)
+ AC_LIBOBJ(ftello)
+@@ -207,7 +217,7 @@ gl_INIT
+ dnl For one reason or another, the autogenerated m4/gnulib.m4 wants
+ dnl AM_GNU_GETTEXT([external]) called directly from here.
+ AM_GNU_GETTEXT([external])
+-AM_GNU_GETTEXT_VERSION dnl work around for autoconf-2.57 bug.
++AM_GNU_GETTEXT_VERSION(0.19.8) dnl work around for autoconf-2.57 bug.
+ # The error module still poses merge problems.
+ AC_FUNC_STRERROR_R
+ dnl The following macros can be called by other GNULIB macros but are also
+@@ -220,8 +230,8 @@ AC_REQUIRE([gt_TYPE_WCHAR_T])
+ AC_REQUIRE([gt_TYPE_WINT_T])
+ AC_REQUIRE([gl_AC_TYPE_INTMAX_T])
+ AC_REQUIRE([gl_FUNC_MMAP_ANON])
+-AC_REQUIRE([gl_AC_TYPE_LONG_LONG])])
++])
+ CCVS_CALL_GNULIB_MACROS_ONCE()
+ dnl Until I persuade the GNULIB folks to integrate this module.
+ gl_GLOB
+
+--- a/m4/allocsa.m4
++++ b/m4/allocsa.m4
+@@ -10,6 +10,5 @@ AC_DEFUN([gl_ALLOCSA],
+ dnl @ALLOCA@ and @LTALLOCA@.
+ AC_REQUIRE([gl_FUNC_ALLOCA])
+ AC_REQUIRE([gl_EEMALLOC])
+- AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+ AC_REQUIRE([gt_TYPE_LONGDOUBLE])
+ ])
+--- a/m4/intmax_t.m4
++++ b/m4/intmax_t.m4
+@@ -18,7 +18,6 @@ AC_DEFUN([gl_AC_TYPE_INTMAX_T],
+ AC_REQUIRE([gl_AC_HEADER_INTTYPES_H])
+ AC_REQUIRE([gl_AC_HEADER_STDINT_H])
+ if test $gl_cv_header_inttypes_h = no && test $gl_cv_header_stdint_h = no; then
+- AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+ test $ac_cv_type_long_long = yes \
+ && ac_type='long long' \
+ || ac_type='long'
+@@ -51,7 +50,6 @@ AC_DEFUN([gt_AC_TYPE_INTMAX_T],
+ AC_DEFINE(HAVE_INTMAX_T, 1,
+ [Define if you have the 'intmax_t' type in <stdint.h> or <inttypes.h>.])
+ else
+- AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+ test $ac_cv_type_long_long = yes \
+ && ac_type='long long' \
+ || ac_type='long'
+--- a/m4/vasnprintf.m4
++++ b/m4/vasnprintf.m4
+@@ -23,7 +23,6 @@ AC_DEFUN([gl_FUNC_VASNPRINTF],
+ AC_DEFUN([gl_PREREQ_PRINTF_ARGS],
+ [
+ AC_REQUIRE([bh_C_SIGNED])
+- AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+ AC_REQUIRE([gt_TYPE_LONGDOUBLE])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+ AC_REQUIRE([gt_TYPE_WINT_T])
+@@ -32,7 +31,6 @@ AC_DEFUN([gl_PREREQ_PRINTF_ARGS],
+ # Prequisites of lib/printf-parse.h, lib/printf-parse.c.
+ AC_DEFUN([gl_PREREQ_PRINTF_PARSE],
+ [
+- AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+ AC_REQUIRE([gt_TYPE_LONGDOUBLE])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+ AC_REQUIRE([gt_TYPE_WINT_T])
+@@ -45,7 +43,6 @@ AC_DEFUN([gl_PREREQ_PRINTF_PARSE],
+ AC_DEFUN([gl_PREREQ_VASNPRINTF],
+ [
+ AC_REQUIRE([AC_FUNC_ALLOCA])
+- AC_REQUIRE([gl_AC_TYPE_LONG_LONG])
+ AC_REQUIRE([gt_TYPE_LONGDOUBLE])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+ AC_REQUIRE([gt_TYPE_WINT_T])
diff --git a/srcpkgs/cvs/patches/no-krb.patch b/srcpkgs/cvs/patches/no-krb.patch
new file mode 100644
index 00000000000000..8b4ed04b02163e
--- /dev/null
+++ b/srcpkgs/cvs/patches/no-krb.patch
@@ -0,0 +1,72 @@
+--- a/configure.in
++++ b/configure.in
+@@ -563,69 +563,6 @@ AC_MSG_RESULT([])
+ AC_SUBST(KRB4)])dnl
+ WITH_KRB4
+
+-krb_h=
+-AC_MSG_CHECKING([for krb.h])
+-if test "$cross_compiling" != yes && test -r $KRB4/include/krb.h; then
+- hold_cflags=$CFLAGS
+- CFLAGS="$CFLAGS -I$KRB4/include"
+- AC_TRY_LINK([#include <krb.h>],[int i;],
+- [krb_h=yes krb_incdir=$KRB4/include],
+- [CFLAGS=$hold_cflags
+- AC_TRY_LINK([#include <krb.h>],[int i;],
+- [krb_h=yes krb_incdir=])])
+- CFLAGS=$hold_cflags
+-else
+- AC_TRY_LINK([#include <krb.h>],[int i;],
+- [krb_h=yes krb_incdir=])
+-fi
+-if test -z "$krb_h"; then
+- AC_TRY_LINK([#include <krb.h>],[int i;],
+- [krb_h=yes krb_incdir=],
+- [if test "$cross_compiling" != yes && test -r $KRB4/include/kerberosIV/krb.h; then
+- hold_cflags=$CFLAGS
+- CFLAGS="$CFLAGS -I$KRB4/include/kerberosIV"
+- AC_TRY_LINK([#include <krb.h>],[int i;],
+- [krb_h=yes krb_incdir=$KRB4/include/kerberosIV])
+- CFLAGS=$hold_cflags
+- fi])
+-fi
+-AC_MSG_RESULT($krb_h)
+-
+-if test -n "$krb_h"; then
+- krb_lib=
+- if test "$cross_compiling" != yes && test -r $KRB4/lib/libkrb.a; then
+- hold_ldflags=$LDFLAGS
+- LDFLAGS="-L${KRB4}/lib $LDFLAGS"
+- AC_CHECK_LIB(krb,printf,[krb_lib=yes krb_libdir=${KRB4}/lib],
+- [LDFLAGS=$hold_ldflags
+- # Using open here instead of printf so we don't
+- # get confused by the cached value for printf from above.
+- AC_CHECK_LIB(krb,open,[krb_lib=yes krb_libdir=])])
+- LDFLAGS=$hold_ldflags
+- else
+- AC_CHECK_LIB(krb,printf,[krb_lib=yes krb_libdir=])
+- AC_CHECK_FUNC(krb_recvauth,[krb_lib=yes krb_libdir=])
+- fi
+- if test -n "$krb_lib"; then
+- AC_DEFINE([HAVE_KERBEROS], 1,
+- [Define if you have MIT Kerberos version 4 available.])
+- cvs_client_objects="$cvs_client_objects kerberos4-client.o"
+- test -n "${krb_libdir}" && LIBS="${LIBS} -L${krb_libdir}"
+- # Put -L${krb_libdir} in LDFLAGS temporarily so that it appears before
+- # -ldes in the command line. Don't do it permanently so that we honor
+- # the user's setting for LDFLAGS
+- hold_ldflags=$LDFLAGS
+- test -n "${krb_libdir}" && LDFLAGS="$LDFLAGS -L${krb_libdir}"
+- AC_CHECK_LIB(des,printf,[LIBS="${LIBS} -ldes"])
+- AC_CHECK_LIB(krb,krb_recvauth)
+- AC_CHECK_LIB(krb4,krb_recvauth)
+- LDFLAGS=$hold_ldflags
+- if test -n "$krb_incdir"; then
+- CPPFLAGS="$CPPFLAGS -I$krb_incdir"
+- fi
+- fi
+-fi
+-AC_CHECK_FUNCS(krb_get_err_text)
+
+
+ dnl
diff --git a/srcpkgs/cvs/patches/openat.patch b/srcpkgs/cvs/patches/openat.patch
new file mode 100644
index 00000000000000..829b07644dd141
--- /dev/null
+++ b/srcpkgs/cvs/patches/openat.patch
@@ -0,0 +1,19 @@
+--- a/lib/openat.c
++++ b/lib/openat.c
+@@ -57,9 +57,13 @@ rpl_openat (int fd, char const *file, in
+ va_list arg;
+ va_start (arg, flags);
+
+- /* Assume that mode_t is passed compatibly with mode_t's type
+- after argument promotion. */
+- mode = va_arg (arg, mode_t);
++ /* If mode_t is narrower than int, use the promoted type (int),
++ not mode_t. Use sizeof to guess whether mode_t is nerrower;
++ we don't know of any practical counterexamples. */
++ if (sizeof (mode_t) < sizeof (int))
++ mode = va_arg (arg, int);
++ else
++ mode = va_arg (arg, mode_t);
+
+ va_end (arg);
+ }
diff --git a/srcpkgs/cvs/patches/ssh.patch b/srcpkgs/cvs/patches/ssh.patch
index 193bbc2171a425..1ab317730e6de3 100644
--- a/srcpkgs/cvs/patches/ssh.patch
+++ b/srcpkgs/cvs/patches/ssh.patch
@@ -1,9 +1,9 @@
Fix for CVE-2017-12836, extracted from MirBSD repository.
---- a/src/rsh-client.c 2017/03/26 15:54:10 1.6
-+++ b/src/rsh-client.c 2017/08/11 20:41:40 1.7
-@@ -107,6 +108,9 @@ start_rsh_server (cvsroot_t *root, struc
- rsh_argv[i++] = argvport;
+--- a/src/rsh-client.c
++++ b/src/rsh-client.c
+@@ -97,6 +97,9 @@ start_rsh_server (cvsroot_t *root, struc
+ rsh_argv[i++] = root->username;
}
+ /* Only non-option arguments from here. (CVE-2017-12836) */
@@ -11,13 +11,13 @@ Fix for CVE-2017-12836, extracted from MirBSD repository.
+
rsh_argv[i++] = root->hostname;
rsh_argv[i++] = cvs_server;
- if (readonlyfs)
-@@ -190,6 +194,8 @@ start_rsh_server (cvsroot_t *root, struc
- *p++ = "-p";
- *p++ = argvport;
+ rsh_argv[i++] = "server";
+@@ -171,6 +174,8 @@ start_rsh_server (cvsroot_t *root, struc
+ *p++ = root->username;
}
-+
-+ *p++ = "--";
++ *p++ = "--";
++
*p++ = root->hostname;
*p++ = command;
+ *p++ = NULL;
diff --git a/srcpkgs/cvs/template b/srcpkgs/cvs/template
index 803d3e420ef7b1..85ab77a3419ba1 100644
--- a/srcpkgs/cvs/template
+++ b/srcpkgs/cvs/template
@@ -1,20 +1,27 @@
# Template file for 'cvs'
pkgname=cvs
version=1.12.13
-revision=7
+revision=8
build_style=gnu-configure
configure_args="--with-editor=/usr/bin/vi --with-external-zlib
ac_cv_func_working_mktime=yes" # broken test upstream
-hostmakedepends="nvi openssh"
+hostmakedepends="nvi openssh automake libtool gettext-devel-tools"
makedepends="mit-krb5-devel openssh"
depends="openssh>=6.1p1"
short_desc="Concurrent Versions System"
maintainer="Orphaned <orphan@voidlinux.org>"
homepage="http://www.nongnu.org/cvs/"
-license="GPL-1, LGPL-2"
+license="GPL-1.0-or-later, LGPL-2.0-or-later"
distfiles="http://ftp.gnu.org/non-gnu/cvs/source/feature/$version/cvs-$version.tar.bz2"
checksum=78853613b9a6873a30e1cc2417f738c330e75f887afdaf7b3d0800cb19ca515e
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
fi
+CFLAGS="-D_GNU_SOURCE=1"
+
+pre_configure() {
+ cp configure.in configure.ac
+ autoupdate
+ autoreconf -fi
+}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-05-05 10:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-05 10:53 [PR PATCH] cvs: import patches from Gentoo sgn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).