pyrox.dev / nixpkgs
lol
fork atom

cvs: fetch up to date version of the debian patchset (#364035)

Vladimír Čunát a0535fa4 73621525

+22 -61
-16
pkgs/by-name/cv/cvs/CVE-2012-0804.patch
··· 1 - diff --git a/src/client.c b/src/client.c 2 - index 751406b..b45d89c 100644 3 - --- a/src/client.c 4 - +++ b/src/client.c 5 - @@ -3558,9 +3558,9 @@ connect_to_pserver (cvsroot_t *root, struct buffer **to_server_p, 6 - * code. 7 - */ 8 - read_line_via (from_server, to_server, &read_buf); 9 - - sscanf (read_buf, "%s %d", write_buf, &codenum); 10 - + count = sscanf (read_buf, "%*s %d", &codenum); 11 - 12 - - if ((codenum / 100) != 2) 13 - + if (count != 1 || (codenum / 100) != 2) 14 - error (1, 0, "proxy server %s:%d does not support http tunnelling", 15 - root->proxy_hostname, proxy_port_number); 16 - free (read_buf);
-29
pkgs/by-name/cv/cvs/CVE-2017-12836.patch
··· 1 - --- a/src/rsh-client.c.orig 2005-10-02 17:17:21.000000000 +0200 2 - +++ b/src/rsh-client.c 2017-11-07 16:56:06.957370469 +0100 3 - @@ -53,7 +53,7 @@ 4 - char *cvs_server = (root->cvs_server != NULL 5 - ? root->cvs_server : getenv ("CVS_SERVER")); 6 - int i = 0; 7 - - /* This needs to fit "rsh", "-b", "-l", "USER", "host", 8 - + /* This needs to fit "rsh", "-b", "-l", "USER", "--", "host", 9 - "cmd (w/ args)", and NULL. We leave some room to grow. */ 10 - char *rsh_argv[10]; 11 - 12 - @@ -97,6 +97,9 @@ 13 - rsh_argv[i++] = root->username; 14 - } 15 - 16 - + /* Only non-option arguments from here. (CVE-2017-12836) */ 17 - + rsh_argv[i++] = "--"; 18 - + 19 - rsh_argv[i++] = root->hostname; 20 - rsh_argv[i++] = cvs_server; 21 - rsh_argv[i++] = "server"; 22 - @@ -171,6 +174,7 @@ 23 - *p++ = root->username; 24 - } 25 - 26 - + *p++ = "--"; 27 - *p++ = root->hostname; 28 - *p++ = command; 29 - *p++ = NULL;
+22 -16
pkgs/by-name/cv/cvs/package.nix
··· 1 - { lib, stdenv, fetchurl, fetchpatch, nano }: 1 + { lib, stdenv, fetchurl, fetchpatch, texinfo, nano, autoreconfHook }: 2 2 3 - stdenv.mkDerivation rec { 3 + let 4 + version = "1.12.13"; 5 + debianRevision = "real-30"; 6 + in 7 + 8 + stdenv.mkDerivation { 4 9 pname = "cvs"; 5 - version = "1.12.13"; 10 + version = "${version}+${debianRevision}"; 6 11 7 12 src = fetchurl { 8 13 url = "mirror://savannah/cvs/source/feature/${version}/cvs-${version}.tar.bz2"; ··· 11 16 12 17 patches = [ 13 18 ./getcwd-chroot.patch 14 - ./CVE-2012-0804.patch 15 - ./CVE-2017-12836.patch 16 19 (fetchpatch { 17 20 url = "https://raw.githubusercontent.com/Homebrew/formula-patches/24118ec737c7/cvs/vasnprintf-high-sierra-fix.diff"; 18 21 sha256 = "1ql6aaia7xkfq3vqhlw5bd2z2ywka82zk01njs1b2szn699liymg"; 19 22 }) 23 + # Debian Patchset, 24 + # contains patches for CVE-2017-12836 and CVE-2012-0804 among other things 25 + (fetchurl { 26 + url = "http://deb.debian.org/debian/pool/main/c/cvs/cvs_1.12.13+${debianRevision}.diff.gz"; 27 + sha256 = "085124619dfdcd3e53c726e049235791b67dcb9f71619f1e27c5f1cbdef0063e"; 28 + }) 20 29 ]; 21 30 22 31 hardeningDisable = [ "fortify" "format" ]; 23 32 24 - preConfigure = '' 25 - # Apply the Debian patches. 26 - for p in "debian/patches/"*; do 27 - echo "applying \`$p' ..." 28 - patch --verbose -p1 < "$p" 29 - done 30 - ''; 33 + nativeBuildInputs = [ autoreconfHook texinfo ]; 31 34 32 35 configureFlags = [ 33 36 "--with-editor=${nano}/bin/nano" 34 37 35 38 # Required for cross-compilation. 36 39 "cvs_cv_func_printf_ptr=yes" 40 + ] ++ lib.optionals (stdenv.hostPlatform.libc == "glibc") [ 41 + # So that fputs_unlocked is defined 42 + "CFLAGS=-D_GNU_SOURCE" 37 43 ]; 38 44 39 45 makeFlags = [ 40 46 "AR=${stdenv.cc.targetPrefix}ar" 47 + ] ++ lib.optionals (!stdenv.cc.bintools.isGNU) [ 48 + # Don't pass --as-needed to linkers that don't support it 49 + # (introduced in debian patchset) 50 + "cvs_LDFLAGS=" 41 51 ]; 42 - 43 - env = lib.optionalAttrs (stdenv.hostPlatform.isDarwin && stdenv.cc.isClang) { 44 - NIX_CFLAGS_COMPILE = "-Wno-implicit-function-declaration"; 45 - }; 46 52 47 53 doCheck = false; # fails 1 of 1 tests 48 54