Security bump to fix bugs detailed in #86476.

(Portage version: 2.0.51.19)

8 files changed, 331 insertions, 11 deletions

diff --git a/dev-util/cvs/ChangeLog b/dev-util/cvs/ChangeLog
index 17d5941f2970..29bf5877f7c7 100644
--- a/dev-util/cvs/ChangeLog
+++ b/dev-util/cvs/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for dev-util/cvs
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/ChangeLog,v 1.74 2005/02/04 15:59:05 scandium Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/ChangeLog,v 1.75 2005/04/18 17:40:38 tigger Exp $
+
+*cvs-1.12.11-r1 (18 Apr 2005)
+*cvs-1.11.18-r1 (18 Apr 2005)
+
+  18 Apr 2005; Rob Holland <tigger@gentoo.org>
+  +files/cvs-1.11.18-klocwork.patch, +files/cvs-1.12.11-klocwork.patch,
+  +cvs-1.11.18-r1.ebuild, +cvs-1.12.11-r1.ebuild:
+  Security bump to fix bugs detailed in #86476.
 
 *cvs-1.11.19 (04 Feb 2005)
 
diff --git a/dev-util/cvs/Manifest b/dev-util/cvs/Manifest
index b455c074d72b..95c99fe14174 100644
--- a/dev-util/cvs/Manifest
+++ b/dev-util/cvs/Manifest
@@ -1,7 +1,5 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 MD5 a3e041898daf24fb40cce19270eed884 cvs-1.11.17.ebuild 1533
+MD5 6c764a480e24743c52249bb060cb5135 cvs-1.11.18-r1.ebuild 1632
 MD5 38a8d2c12313066d0beac1f55938e6b8 cvs-1.12.11.ebuild 1815
 MD5 564712f52275d437bf8157808acc0599 cvs-1.11.19.ebuild 1542
 MD5 fafb837bf0bbed3109031c46e57af431 ChangeLog 8705
@@ -9,18 +7,16 @@ MD5 33a7e30d11aa6acd3ec97af48d434231 cvs-1.12.10.ebuild 1815
 MD5 7164d2a546785fee1e77dac8839fdeaa metadata.xml 224
 MD5 9cdc57174771018a08d7d3b8066e4ebd cvs-1.11.18.ebuild 1531
 MD5 a87570259fad7192265d4bb554a87280 cvs-1.12.9.ebuild 1814
+MD5 7f662465f47122f9f3c14fcbe615f949 cvs-1.12.11-r1.ebuild 1918
 MD5 2d50778e9aededb1c08b84c8e8b62ad3 files/cvs.pam 124
+MD5 f508ce9e581877cbd33e11fbac72fc59 files/digest-cvs-1.11.18-r1 276
+MD5 095478e305f4d67487e546a1038fe354 files/cvs-1.11.18-klocwork.patch 2987
 MD5 cc3afaf974475188ce0d80b0b919f611 files/digest-cvs-1.12.9 272
+MD5 2d7e539e53af2be97ecf96f0ba454a18 files/digest-cvs-1.12.11-r1 276
+MD5 29a53f7939c0d2ea2b7457d59daee7c0 files/cvs-1.12.11-klocwork.patch 2824
 MD5 a156ed2cb03477a919f3a5faa80cb2a4 files/cvspserver.xinetd.d 282
 MD5 0c0c93104720c2efffe1046ec8db290f files/digest-cvs-1.11.17 276
 MD5 f508ce9e581877cbd33e11fbac72fc59 files/digest-cvs-1.11.18 276
 MD5 a3b61b72d72962b0f4149a53c5d44671 files/digest-cvs-1.11.19 276
 MD5 b20f44a825bed58f0e28635b827cb7fd files/digest-cvs-1.12.10 276
 MD5 2d7e539e53af2be97ecf96f0ba454a18 files/digest-cvs-1.12.11 276
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.0 (GNU/Linux)
-
-iD8DBQFCA5vUPgS8WLD64cERAjbbAKCM/QEiFxaHMX4FwmsdBJrfJMzxlQCfaUQJ
-PGxIR/fHIL3SQrjmPDLtrsI=
-=OVXX
------END PGP SIGNATURE-----
diff --git a/dev-util/cvs/cvs-1.11.18-r1.ebuild b/dev-util/cvs/cvs-1.11.18-r1.ebuild
new file mode 100644
index 000000000000..43e5d40a87ef
--- /dev/null
+++ b/dev-util/cvs/cvs-1.11.18-r1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/cvs-1.11.18-r1.ebuild,v 1.1 2005/04/18 17:40:38 tigger Exp $
+
+inherit eutils
+
+DESCRIPTION="Concurrent Versions System - source code revision control tools"
+HOMEPAGE="http://www.cvshome.org/"
+SRC_URI="http://ccvs.cvshome.org/files/documents/19/534/${P}.tar.bz2
+	doc? ( http://ccvs.cvshome.org/files/documents/19/531/cederqvist-${PV}.html.tar.bz2
+		http://ccvs.cvshome.org/files/documents/19/532/cederqvist-${PV}.pdf
+		http://ccvs.cvshome.org/files/documents/19/533/cederqvist-${PV}.ps )"
+
+LICENSE="GPL-2 LGPL-2"
+SLOT="0"
+KEYWORDS="x86 ppc sparc ~mips alpha ~arm ~hppa amd64 ~ia64 ppc64 ~s390"
+IUSE="doc emacs"
+
+DEPEND="virtual/libc
+	>=sys-libs/zlib-1.1.4"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${P}-klocwork.patch
+}
+
+src_compile() {
+	econf --with-tmpdir=/tmp || die
+	emake || die "emake failed"
+}
+
+src_install() {
+	einstall || die
+
+	insinto /etc/xinetd.d
+	newins ${FILESDIR}/cvspserver.xinetd.d cvspserver || die "newins failed"
+
+	dodoc BUGS ChangeLog* DEVEL* FAQ HACKING \
+		MINOR* NEWS PROJECTS README* TESTS TODO
+
+	if use emacs; then
+		insinto /usr/share/emacs/site-lisp
+		doins cvs-format.el || die "doins failed"
+	fi
+
+	if use doc; then
+		dodoc ${DISTDIR}/cederqvist-${PV}.pdf
+		dodoc ${DISTDIR}/cederqvist-${PV}.ps
+		tar xjf ${DISTDIR}/cederqvist-${PV}.html.tar.bz2
+		dohtml -r cederqvist-${PV}.html/*
+		cd ${D}/usr/share/doc/${PF}/html/
+		ln -s cvs.html index.html
+	fi
+}
+
+src_test() {
+	einfo "FEATURES=\"maketest\" has been disabled for dev-util/cvs"
+}
diff --git a/dev-util/cvs/cvs-1.12.11-r1.ebuild b/dev-util/cvs/cvs-1.12.11-r1.ebuild
new file mode 100644
index 000000000000..d631e56ea54c
--- /dev/null
+++ b/dev-util/cvs/cvs-1.12.11-r1.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/cvs-1.12.11-r1.ebuild,v 1.1 2005/04/18 17:40:38 tigger Exp $
+
+inherit eutils
+
+DESCRIPTION="Concurrent Versions System - source code revision control tools"
+HOMEPAGE="http://www.cvshome.org/"
+
+SRC_URI="http://ccvs.cvshome.org/files/documents/19/610/${P}.tar.bz2
+	doc? ( http://ccvs.cvshome.org/files/documents/19/606/cederqvist-${PV}.html.tar.bz2
+		http://ccvs.cvshome.org/files/documents/19/607/cederqvist-${PV}.pdf
+		http://ccvs.cvshome.org/files/documents/19/608/cederqvist-${PV}.ps )"
+
+LICENSE="GPL-2 LGPL-2"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~mips ~alpha ~arm ~hppa ~amd64 ~ia64 ~ppc64 ~s390"
+
+IUSE="crypt doc emacs kerberos pam"
+
+DEPEND="virtual/libc
+	>=sys-libs/zlib-1.1.4
+	kerberos? ( virtual/krb5 )
+	pam? ( >=sys-libs/pam-0.73
+		>=sys-apps/shadow-4.0.2-r2 )"
+
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/cvs-1.12.11-klocwork.patch
+}
+
+src_compile() {
+	econf \
+		--with-external-zlib \
+		--with-tmpdir=/tmp \
+		`use_enable crypt encryption` \
+		`use_enable pam` \
+		|| die
+	emake || die "emake failed"
+}
+
+src_install() {
+	einstall || die
+
+	insinto /etc/xinetd.d
+	newins ${FILESDIR}/cvspserver.xinetd.d cvspserver || die "newins failed"
+
+	dodoc BUGS ChangeLog* DEVEL* FAQ HACKING \
+		MINOR* NEWS PROJECTS README* TESTS TODO
+
+	if use emacs; then
+		insinto /usr/share/emacs/site-lisp
+		doins cvs-format.el || die "doins failed"
+	fi
+
+	if use doc; then
+		dodoc ${DISTDIR}/cederqvist-${PV}.pdf
+		dodoc ${DISTDIR}/cederqvist-${PV}.ps
+		tar xjf ${DISTDIR}/cederqvist-${PV}.html.tar.bz2
+		dohtml -r cederqvist-${PV}.html/*
+		cd ${D}/usr/share/doc/${PF}/html/
+		ln -s cvs.html index.html
+	fi
+
+	if use pam; then
+		insinto /etc/pam.d
+		newins ${FILESDIR}/cvs.pam cvs
+	fi
+}
+
+src_test() {
+	einfo "FEATURES=\"maketest\" has been disabled for dev-util/cvs"
+}
diff --git a/dev-util/cvs/files/cvs-1.11.18-klocwork.patch b/dev-util/cvs/files/cvs-1.11.18-klocwork.patch
new file mode 100644
index 000000000000..ccf4d023fb9c
--- /dev/null
+++ b/dev-util/cvs/files/cvs-1.11.18-klocwork.patch
@@ -0,0 +1,87 @@
+diff -Nrup cvs-1.11.18.orig/src/login.c cvs-1.11.18/src/login.c
+--- cvs-1.11.18.orig/src/login.c	2004-03-29 16:56:44.000000000 +0000
++++ cvs-1.11.18/src/login.c	2005-03-24 17:29:13.000000000 +0000
+@@ -114,7 +114,7 @@ password_entry_parseline (cvsroot_canoni
+ 
+ 	if (isspace(*(linebuf + 1)))
+ 	    /* special case since strtoul ignores leading white space */
+-	    entry_version = 0;
++	    q = linebuf + 1;
+ 	else
+ 	    entry_version = strtoul (linebuf + 1, &q, 10);
+ 
+diff -Nrup cvs-1.11.18.orig/src/patch.c cvs-1.11.18/src/patch.c
+--- cvs-1.11.18.orig/src/patch.c	2004-04-02 19:25:32.000000000 +0000
++++ cvs-1.11.18/src/patch.c	2005-03-24 17:30:42.000000000 +0000
+@@ -385,6 +385,7 @@ patch_fileproc (callerdat, finfo)
+     struct utimbuf t;
+     char *vers_tag, *vers_head;
+     char *rcs = NULL;
++    char *rcs_orig = NULL;
+     RCSNode *rcsfile;
+     FILE *fp1, *fp2, *fp3;
+     int ret = 0;
+@@ -415,7 +416,7 @@ patch_fileproc (callerdat, finfo)
+     if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC))
+ 	isattic = 1;
+ 
+-    rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
++    rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
+     (void) sprintf (rcs, "%s%s", finfo->file, RCSEXT);
+ 
+     /* if vers_head is NULL, may have been removed from the release */
+@@ -757,8 +758,8 @@ failed to read diff file header %s for %
+ 	free (vers_tag);
+     if (vers_head != NULL)
+ 	free (vers_head);
+-    if (rcs != NULL)
+-	free (rcs);
++    if (rcs_orig)
++	free (rcs_orig);
+     return ret;
+ }
+ 
+diff -Nrup cvs-1.11.18.orig/src/rcs.c cvs-1.11.18/src/rcs.c
+--- cvs-1.11.18.orig/src/rcs.c	2004-10-29 19:55:14.000000000 +0000
++++ cvs-1.11.18/src/rcs.c	2005-03-24 17:29:13.000000000 +0000
+@@ -3024,8 +3024,7 @@ RCS_getdate (rcs, date, force_tag_match)
+     if (retval != NULL)
+ 	return (retval);
+ 
+-    if (!force_tag_match ||
+-	(vers != NULL && RCS_datecmp (vers->date, date) <= 0))
++    if (vers && (!force_tag_match || RCS_datecmp (vers->date, date) <= 0))
+ 	return xstrdup (vers->version);
+     else
+ 	return NULL;
+@@ -4112,7 +4111,7 @@ RCS_checkout (rcs, workfile, rev, nameta
+     size_t len;
+     int free_value = 0;
+     char *log = NULL;
+-    size_t loglen;
++    size_t loglen = 0;
+     Node *vp = NULL;
+ #ifdef PRESERVE_PERMISSIONS_SUPPORT
+     uid_t rcs_owner = (uid_t) -1;
+@@ -7437,7 +7436,7 @@ RCS_deltas (rcs, fp, rcsbuf, version, op
+ 
+ 		for (ln = 0; ln < headlines.nlines; ++ln)
+ 		{
+-		    char buf[80];
++		    char *buf;
+ 		    /* Period which separates year from month in date.  */
+ 		    char *ym;
+ 		    /* Period which separates month from day in date.  */
+@@ -7448,10 +7447,12 @@ RCS_deltas (rcs, fp, rcsbuf, version, op
+ 		    if (prvers == NULL)
+ 			prvers = vers;
+ 
++		    buf = xmalloc (strlen (prvers->version) + 24);
+ 		    sprintf (buf, "%-12s (%-8.8s ",
+ 			     prvers->version,
+ 			     prvers->author);
+ 		    cvs_output (buf, 0);
++		    free (buf);
+ 
+ 		    /* Now output the date.  */
+ 		    ym = strchr (prvers->date, '.');
diff --git a/dev-util/cvs/files/cvs-1.12.11-klocwork.patch b/dev-util/cvs/files/cvs-1.12.11-klocwork.patch
new file mode 100644
index 000000000000..9f8c3cd9544e
--- /dev/null
+++ b/dev-util/cvs/files/cvs-1.12.11-klocwork.patch
@@ -0,0 +1,87 @@
+diff -Nurp src/login.c src/login.c
+--- src/login.c	2004-12-07 10:33:47.000000000 -0500
++++ src/login.c	2005-03-24 10:36:45.000000000 -0500
+@@ -114,7 +114,7 @@ password_entry_parseline (const char *cv
+ 
+ 	if (isspace(*(linebuf + 1)))
+ 	    /* special case since strtoul ignores leading white space */
+-	    entry_version = 0;
++	    q = linebuf + 1;
+ 	else
+ 	    entry_version = strtoul (linebuf + 1, &q, 10);
+ 
+diff -Nurp src/patch.c src/patch.c
+--- src/patch.c	2004-11-01 09:53:55.000000000 -0500
++++ src/patch.c	2005-03-24 10:38:50.000000000 -0500
+@@ -379,6 +379,7 @@ patch_fileproc (void *callerdat, struct 
+     struct utimbuf t;
+     char *vers_tag, *vers_head;
+     char *rcs = NULL;
++    char *rcs_orig = NULL;
+     RCSNode *rcsfile;
+     FILE *fp1, *fp2, *fp3;
+     int ret = 0;
+@@ -409,7 +410,7 @@ patch_fileproc (void *callerdat, struct 
+     if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC))
+ 	isattic = 1;
+ 
+-    rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
++    rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
+     (void)sprintf (rcs, "%s%s", finfo->file, RCSEXT);
+ 
+     /* if vers_head is NULL, may have been removed from the release */
+@@ -748,8 +749,8 @@ failed to read diff file header %s for %
+ 	free (vers_tag);
+     if (vers_head != NULL)
+ 	free (vers_head);
+-    if (rcs != NULL)
+-	free (rcs);
++    if (rcs_orig)
++	free (rcs_orig);
+     return ret;
+ }
+ 
+diff -Nurp src/rcs.c src/rcs.c
+--- src/rcs.c	2004-11-30 11:06:07.000000000 -0500
++++ src/rcs.c	2005-03-24 10:36:45.000000000 -0500
+@@ -2946,8 +2946,7 @@ RCS_getdate (RCSNode *rcs, const char *d
+     if (retval != NULL)
+ 	return retval;
+ 
+-    if (!force_tag_match ||
+-	(vers != NULL && RCS_datecmp (vers->date, date) <= 0))
++    if (vers && (!force_tag_match || RCS_datecmp (vers->date, date) <= 0))
+ 	return xstrdup (vers->version);
+     else
+ 	return NULL;
+@@ -4093,7 +4092,7 @@ RCS_checkout (RCSNode *rcs, const char *
+     size_t len;
+     int free_value = 0;
+     char *log = NULL;
+-    size_t loglen;
++    size_t loglen = 0;
+     Node *vp = NULL;
+ #ifdef PRESERVE_PERMISSIONS_SUPPORT
+     uid_t rcs_owner = (uid_t) -1;
+@@ -7357,7 +7356,7 @@ RCS_deltas (RCSNode *rcs, FILE *fp, stru
+ 
+ 		for (ln = 0; ln < headlines.nlines; ++ln)
+ 		{
+-		    char buf[80];
++		    char *buf;
+ 		    /* Period which separates year from month in date.  */
+ 		    char *ym;
+ 		    /* Period which separates month from day in date.  */
+@@ -7368,10 +7367,12 @@ RCS_deltas (RCSNode *rcs, FILE *fp, stru
+ 		    if (prvers == NULL)
+ 			prvers = vers;
+ 
++		    buf = xmalloc (strlen (prvers->version) + 24);
+ 		    sprintf (buf, "%-12s (%-8.8s ",
+ 			     prvers->version,
+ 			     prvers->author);
+ 		    cvs_output (buf, 0);
++		    free (buf);
+ 
+ 		    /* Now output the date.  */
+ 		    ym = strchr (prvers->date, '.');
diff --git a/dev-util/cvs/files/digest-cvs-1.11.18-r1 b/dev-util/cvs/files/digest-cvs-1.11.18-r1
new file mode 100644
index 000000000000..9f25f9f50fbb
--- /dev/null
+++ b/dev-util/cvs/files/digest-cvs-1.11.18-r1
@@ -0,0 +1,4 @@
+MD5 1dd5c16064906617e4358738bfe59b66 cvs-1.11.18.tar.bz2 2378013
+MD5 7c9dbcb4ec18e45a5e3944b17f64d337 cederqvist-1.11.18.html.tar.bz2 114284
+MD5 74629bb1b09892133a8133367a8ae960 cederqvist-1.11.18.pdf 1084665
+MD5 6a6e02aafee9387ee2558ca47d26b6a7 cederqvist-1.11.18.ps 1090403
diff --git a/dev-util/cvs/files/digest-cvs-1.12.11-r1 b/dev-util/cvs/files/digest-cvs-1.12.11-r1
new file mode 100644
index 000000000000..3b29f050d597
--- /dev/null
+++ b/dev-util/cvs/files/digest-cvs-1.12.11-r1
@@ -0,0 +1,4 @@
+MD5 f35e7da174b306d07f335d287c2af939 cvs-1.12.11.tar.bz2 2906959
+MD5 9d54930c1ccce61f3d3c46a44d1e8bc1 cederqvist-1.12.11.html.tar.bz2 135385
+MD5 b260aed98ecc41383a5836ff339cdcf9 cederqvist-1.12.11.pdf 1240028
+MD5 19408f0bec39ce2172d33086a9b5f988 cederqvist-1.12.11.ps 1241432