Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 977BB7A2AF
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Mon, 25 Jul 2016 05:10:05 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 1328885F46; Mon, 25 Jul 2016 05:10:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 9835D85E82
	for <pkgsrc-changes@NetBSD.org>; Mon, 25 Jul 2016 05:10:04 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id ZjliOk9zK4mr for <pkgsrc-changes@netbsd.org>;
	Mon, 25 Jul 2016 05:10:04 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id D190F85E44
	for <pkgsrc-changes@NetBSD.org>; Mon, 25 Jul 2016 05:10:03 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id C83E6FBB5; Mon, 25 Jul 2016 05:10:03 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1469423403238460"
MIME-Version: 1.0
Date: Mon, 25 Jul 2016 01:10:03 -0400
From: "Christos Zoulas" <christos@netbsd.org>
Subject: CVS commit: pkgsrc/devel/cvsps
To: pkgsrc-changes@NetBSD.org
Reply-To: christos@netbsd.org
X-Mailer: log_accum
Message-Id: <20160725051003.C83E6FBB5@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1469423403238460
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	christos
Date:		Mon Jul 25 05:10:03 UTC 2016

Modified Files:
	pkgsrc/devel/cvsps: Makefile distinfo
	pkgsrc/devel/cvsps/patches: patch-ag

Log Message:
Fix buffer overflow on long lines


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/devel/cvsps/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/cvsps/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/devel/cvsps/patches/patch-ag

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1469423403238460
Content-Disposition: inline
Content-Length: 4818
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/devel/cvsps/Makefile
diff -u pkgsrc/devel/cvsps/Makefile:1.26 pkgsrc/devel/cvsps/Makefile:1.27
--- pkgsrc/devel/cvsps/Makefile:1.26	Thu Oct  9 10:06:08 2014
+++ pkgsrc/devel/cvsps/Makefile	Mon Jul 25 01:10:03 2016
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.26 2014/10/09 14:06:08 wiz Exp $
+# $NetBSD: Makefile,v 1.27 2016/07/25 05:10:03 christos Exp $
 #
 
 DISTNAME=	cvsps-2.1
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	devel scm
 MASTER_SITES=	${HOMEPAGE}
 

Index: pkgsrc/devel/cvsps/distinfo
diff -u pkgsrc/devel/cvsps/distinfo:1.13 pkgsrc/devel/cvsps/distinfo:1.14
--- pkgsrc/devel/cvsps/distinfo:1.13	Mon Nov  2 22:27:21 2015
+++ pkgsrc/devel/cvsps/distinfo	Mon Jul 25 01:10:03 2016
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2015/11/03 03:27:21 agc Exp $
+$NetBSD: distinfo,v 1.14 2016/07/25 05:10:03 christos Exp $
 
 SHA1 (cvsps-2.1.tar.gz) = a53a62b121e7b86e07a393bcb8aa4f0492a747c4
 RMD160 (cvsps-2.1.tar.gz) = a3063f638fbf1136761549658432d5842e4a766f
@@ -10,4 +10,4 @@ SHA1 (patch-ac) = 07f6d1955c0fde42784f88
 SHA1 (patch-ad) = 20d84dc236a5c259677fdf68268de5bb64e6d26f
 SHA1 (patch-ae) = 345036b4021f90a2f6629a5d32e85caa786d961f
 SHA1 (patch-af) = d32eb67ede1d81ee3abe55a7f94515fcf3ea93cf
-SHA1 (patch-ag) = 38ea212acde5e07aee33413c79f893e311ebb85e
+SHA1 (patch-ag) = c68adbb42938ecb2f42c55bc9be0aa6db3b013f9

Index: pkgsrc/devel/cvsps/patches/patch-ag
diff -u pkgsrc/devel/cvsps/patches/patch-ag:1.1 pkgsrc/devel/cvsps/patches/patch-ag:1.2
--- pkgsrc/devel/cvsps/patches/patch-ag:1.1	Fri Jun 29 10:59:24 2012
+++ pkgsrc/devel/cvsps/patches/patch-ag	Mon Jul 25 01:10:03 2016
@@ -1,14 +1,96 @@
-$NetBSD: patch-ag,v 1.1 2012/06/29 14:59:24 christos Exp $
+$NetBSD: patch-ag,v 1.2 2016/07/25 05:10:03 christos Exp $
 
---- cvs_direct.c.orig	2012-06-28 17:52:13.000000000 -0400
-+++ cvs_direct.c	2012-06-28 17:52:51.000000000 -0400
-@@ -916,7 +916,9 @@
+Keep reading for M
+Avoid buffer overflow (truncate).
+
+--- cvs_direct.c.orig	2005-05-25 23:39:40.000000000 -0400
++++ cvs_direct.c	2016-07-25 01:06:39.000000000 -0400
+@@ -45,7 +45,7 @@
+ static void send_string(CvsServerCtx *, const char *, ...);
+ static int read_response(CvsServerCtx *, const char *);
+ static void ctx_to_fp(CvsServerCtx * ctx, FILE * fp);
+-static int read_line(CvsServerCtx * ctx, char * p);
++static int read_line(CvsServerCtx * ctx, char * p, size_t);
+ 
+ static CvsServerCtx * open_ctx_pserver(CvsServerCtx *, const char *);
+ static CvsServerCtx * open_ctx_forked(CvsServerCtx *, const char *);
+@@ -131,7 +131,7 @@
+ 	send_string(ctx, "valid-requests\n");
+ 
+ 	/* check for the commands we will issue */
+-	read_line(ctx, buff);
++	read_line(ctx, buff, sizeof(buff));
+ 	if (strncmp(buff, "Valid-requests", 14) != 0)
+ 	{
+ 	    debug(DEBUG_APPERROR, "cvs_direct: bad response to valid-requests command");
+@@ -150,7 +150,7 @@
+ 	    return NULL;
+ 	}
+ 	
+-	read_line(ctx, buff);
++	read_line(ctx, buff, sizeof(buff));
+ 	if (strcmp(buff, "ok") != 0)
+ 	{
+ 	    debug(DEBUG_APPERROR, "cvs_direct: bad ok trailer to valid-requests command");
+@@ -661,7 +661,7 @@
+     return len;
+ }
+ 
+-static int read_line(CvsServerCtx * ctx, char * p)
++static int read_line(CvsServerCtx * ctx, char * p, size_t size)
+ {
+     int len = 0;
+     while (1)
+@@ -672,7 +672,7 @@
+ 
+ 	*p = *ctx->head++;
+ 
+-	if (*p == '\n')
++	if (*p == '\n' || len >= size - 1)
+ 	{
+ 	    *p = 0;
+ 	    break;
+@@ -689,7 +689,7 @@
+     /* FIXME: more than 1 char at a time */
+     char resp[BUFSIZ];
+ 
+-    if (read_line(ctx, resp) < 0)
++    if (read_line(ctx, resp, sizeof(resp)) < 0)
+ 	return 0;
+ 
+     debug(DEBUG_TCP, "response '%s' read", resp);
+@@ -703,7 +703,7 @@
+ 
+     while (1)
+     {
+-	read_line(ctx, line);
++	read_line(ctx, line, sizeof(line));
+ 	debug(DEBUG_TCP, "ctx_to_fp: %s", line);
+ 	if (memcmp(line, "M ", 2) == 0)
+ 	{
+@@ -879,7 +879,7 @@
+     char lbuff[BUFSIZ];
+     int len;
+ 
+-    len = read_line(ctx, lbuff);
++    len = read_line(ctx, lbuff, sizeof(lbuff));
+     debug(DEBUG_TCP, "cvs_direct: rlog: read %s", lbuff);
+ 
+     if (memcmp(lbuff, "M ", 2) == 0)
+@@ -910,13 +910,15 @@
+     char lbuff[BUFSIZ];
+     strcpy(client_version, "Client: Concurrent Versions System (CVS) 99.99.99 (client/server) cvs-direct");
+     send_string(ctx, "version\n");
+-    read_line(ctx, lbuff);
++    read_line(ctx, lbuff, sizeof(lbuff));
+     if (memcmp(lbuff, "M ", 2) == 0)
+ 	sprintf(server_version, "Server: %s", lbuff + 2);
      else
  	debug(DEBUG_APPERROR, "cvs_direct: didn't read version: %s", lbuff);
      
 -    read_line(ctx, lbuff);
 +    do
-+	read_line(ctx, lbuff);
++	read_line(ctx, lbuff, sizeof(lbuff));
 +    while(memcmp(lbuff, "M ", 2) == 0);
      if (strcmp(lbuff, "ok") != 0)
  	debug(DEBUG_APPERROR, "cvs_direct: protocol error reading version");


--_----------=_1469423403238460--