diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2006-08-09 02:04:55 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2006-08-09 02:04:55 +0000 |
commit | da4cf5839aabe0deb0118e899eac9588bd8d44d3 (patch) | |
tree | 6177cbb34f7e25c0a0a56daf6d33965529319f67 /dev-util/cvs | |
parent | stable on ppc (Bug #141388) (diff) | |
download | gentoo-2-da4cf5839aabe0deb0118e899eac9588bd8d44d3.tar.gz gentoo-2-da4cf5839aabe0deb0118e899eac9588bd8d44d3.tar.bz2 gentoo-2-da4cf5839aabe0deb0118e899eac9588bd8d44d3.zip |
Add custom patch designed for helping CVS servers to block specific inputs, to be used for anoncvs.gentoo.org ;-).
(Portage version: 2.1.1_pre4-r3)
Diffstat (limited to 'dev-util/cvs')
-rw-r--r-- | dev-util/cvs/ChangeLog | 10 | ||||
-rw-r--r-- | dev-util/cvs/cvs-1.12.12-r4.ebuild | 77 | ||||
-rw-r--r-- | dev-util/cvs/files/cvs-1.12.12-block-requests.patch | 140 | ||||
-rw-r--r-- | dev-util/cvs/files/cvs-1.12.12-cvs-custom.c | 58 | ||||
-rw-r--r-- | dev-util/cvs/files/digest-cvs-1.12.12-r4 | 12 |
5 files changed, 296 insertions, 1 deletions
diff --git a/dev-util/cvs/ChangeLog b/dev-util/cvs/ChangeLog index 43b5150f5fb4..8d8d7f55c998 100644 --- a/dev-util/cvs/ChangeLog +++ b/dev-util/cvs/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for dev-util/cvs # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/ChangeLog,v 1.108 2006/05/27 00:26:59 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/ChangeLog,v 1.109 2006/08/09 02:04:54 robbat2 Exp $ + +*cvs-1.12.12-r4 (09 Aug 2006) + + 09 Aug 2006; Robin H. Johnson <robbat2@gentoo.org> + +files/cvs-1.12.12-block-requests.patch, +files/cvs-1.12.12-cvs-custom.c, + +cvs-1.12.12-r4.ebuild: + Add custom patch designed for helping CVS servers to block specific inputs, + to be used for anoncvs.gentoo.org ;-). 27 May 2006; Robin H. Johnson <robbat2@gentoo.org> -cvs-1.12.13.ebuild, cvs-1.12.13-r1.ebuild: diff --git a/dev-util/cvs/cvs-1.12.12-r4.ebuild b/dev-util/cvs/cvs-1.12.12-r4.ebuild new file mode 100644 index 000000000000..8dd8e1eb537a --- /dev/null +++ b/dev-util/cvs/cvs-1.12.12-r4.ebuild @@ -0,0 +1,77 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/cvs-1.12.12-r4.ebuild,v 1.1 2006/08/09 02:04:54 robbat2 Exp $ + +inherit eutils pam + +DESCRIPTION="Concurrent Versions System - source code revision control tools" +HOMEPAGE="http://www.nongnu.org/cvs/" + +SRC_URI="mirror://gnu/non-gnu/cvs/source/feature/${PV}/${P}.tar.bz2 + doc? ( mirror://gnu/non-gnu/cvs/source/feature/${PV}/cederqvist-${PV}.html.tar.bz2 + mirror://gnu/non-gnu/cvs/source/feature/${PV}/cederqvist-${PV}.pdf + mirror://gnu/non-gnu/cvs/source/feature/${PV}/cederqvist-${PV}.ps )" + +LICENSE="GPL-2 LGPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" + +IUSE="crypt doc emacs kerberos nls pam server" + +DEPEND=">=sys-libs/zlib-1.1.4 + kerberos? ( virtual/krb5 ) + pam? ( virtual/pam )" + +src_unpack() { + unpack ${P}.tar.bz2 + use doc && unpack cederqvist-${PV}.html.tar.bz2 + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${P}-cvsbug-tmpfix.patch + epatch ${FILESDIR}/${P}-openat.patch + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${P}-block-requests.patch +} + +src_compile() { + econf \ + --with-external-zlib \ + --with-tmpdir=/tmp \ + $(use_enable crypt encryption) \ + $(use_with kerberos gssapi) \ + $(use_enable nls) \ + $(use_enable pam) \ + $(use_enable server) \ + || die + emake || die "emake failed" +} + +src_install() { + einstall || die + + insinto /etc/xinetd.d + newins ${FILESDIR}/cvspserver.xinetd.d cvspserver || die "newins failed" + + dodoc BUGS ChangeLog* DEVEL* FAQ HACKING \ + MINOR* NEWS PROJECTS README* TESTS TODO + + if use emacs; then + insinto /usr/share/emacs/site-lisp + doins cvs-format.el || die "doins failed" + fi + + use server && newdoc ${FILESDIR}/cvs-1.12.12-cvs-custom.c cvs-custom.c + + if use doc; then + dodoc ${DISTDIR}/cederqvist-${PV}.pdf + dodoc ${DISTDIR}/cederqvist-${PV}.ps + tar xjf ${DISTDIR}/cederqvist-${PV}.html.tar.bz2 + dohtml -r cederqvist-${PV}.html/* + cd ${D}/usr/share/doc/${PF}/html/ + ln -s cvs.html index.html + fi + + + newpamd ${FILESDIR}/cvs.pam-include-1.12.12 cvs +} + +src_test() { + einfo "FEATURES=\"maketest\" has been disabled for dev-util/cvs" +} diff --git a/dev-util/cvs/files/cvs-1.12.12-block-requests.patch b/dev-util/cvs/files/cvs-1.12.12-block-requests.patch new file mode 100644 index 000000000000..9c9b49db8f62 --- /dev/null +++ b/dev-util/cvs/files/cvs-1.12.12-block-requests.patch @@ -0,0 +1,140 @@ +Author: Robin H. Johnson <robbat2@gentoo.org> +Date: 2006-08-09 + +This patch allows a CVS server to deny usage of specific commands, based on +input in the environment. + +Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want, +seperated by spaces. Eg: +CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents" +would block ALL usage of compression. + +Please see the array 'struct request requests[]' in src/server.c for a full +list of commands. + +Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients +may fail! (This includes 'ci'!). + +See the companion cvs-custom.c for a wrapper that can enforce the environment variable for pserver setups. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> + +diff -Nuar --exclude '*~' -U 10 cvs-1.12.12.orig/src/server.c cvs-1.12.12/src/server.c +--- cvs-1.12.12.orig/src/server.c 2005-04-14 14:13:29.000000000 +0000 ++++ cvs-1.12.12/src/server.c 2006-08-09 01:40:44.000000000 +0000 +@@ -5836,43 +5836,90 @@ + #undef REQ_LINE + }; + #endif /* SERVER_SUPPORT or CLIENT_SUPPORT */ + + + + #ifdef SERVER_SUPPORT + /* + * This server request is not ignored by the secondary. + */ ++ ++/* Hack by Robin H. Johnson <robbat2@gentoo.org>. ++ * Allow the server ENV to specify what request types are to be ignored. ++ */ ++ ++static char blocked_requests[BUFSIZ] = " "; ++ ++static void build_blocked_requests() { ++ char *tmp = getenv("CVS_BLOCK_REQUESTS"); ++ ++ if (tmp != NULL && strlen(tmp) > 0) { ++ // move to our custom buffer ++ strncat(blocked_requests, tmp, sizeof(blocked_requests)-strlen(blocked_requests)); ++ //add a space on the end as well for searching ++ strncat(blocked_requests, " ", sizeof(blocked_requests)-strlen(blocked_requests)); ++ } ++ ++ // now blocked_requests contains the list of every request that we do not ++ // want to serve ++} ++ ++// returns 0 if we should serve this request ++// use as if(checker(FOO)) continue; ++static int serve_valid_requests_checker(char *reqname) { ++ char needle[BUFSIZ] = " "; ++ char *tmp; ++ ++ if(!blocked_requests || strlen(blocked_requests) < 2) ++ return 0; ++ ++ // we want to look for ' 'reqname' ' ++ snprintf(needle, sizeof(needle), " %s ", reqname); ++ ++ // now do the search ++ tmp = strstr(blocked_requests, needle); ++ ++ if (tmp != NULL) ++ return 1; ++ ++ return 0; ++ ++} ++ + static void + serve_valid_requests (char *arg) + { + struct request *rq; + + /* Since this is processed in the first pass, don't reprocess it in the + * second. + * + * We still print errors since new errors could have been generated in the + * second pass. + */ + if (print_pending_error () + #ifdef PROXY_SUPPORT + || reprocessing + #endif /* PROXY_SUPPORT */ + ) + return; ++ ++ build_blocked_requests(); + + buf_output0 (buf_to_net, "Valid-requests"); + for (rq = requests; rq->name != NULL; rq++) + { + if (rq->func != NULL) + { ++ if(serve_valid_requests_checker(rq->name)) ++ continue; + buf_append_char (buf_to_net, ' '); + buf_output0 (buf_to_net, rq->name); + } + } + buf_output0 (buf_to_net, "\nok\n"); + + /* The client is waiting for the list of valid requests, so we + must send the output now. */ + buf_flush (buf_to_net, 1); + } +@@ -6353,20 +6400,24 @@ + cmd += len; + else if (cmd[len] == ' ') + cmd += len + 1; + else + /* + * The first len characters match, but it's a different + * command. e.g. the command is "cooperate" but we matched + * "co". + */ + continue; ++ // Ignore commands that we are supposed to ignore. ++ if(serve_valid_requests_checker(rq->name)) ++ continue; ++ + + if (!(rq->flags & RQ_ROOTLESS) + && current_parsed_root == NULL) + { + /* For commands which change the way in which data + is sent and received, for example Gzip-stream, + this does the wrong thing. Since the client + assumes that everything is being compressed, + unconditionally, there is no way to give this + error to the client without turning on diff --git a/dev-util/cvs/files/cvs-1.12.12-cvs-custom.c b/dev-util/cvs/files/cvs-1.12.12-cvs-custom.c new file mode 100644 index 000000000000..597f6de8dbdb --- /dev/null +++ b/dev-util/cvs/files/cvs-1.12.12-cvs-custom.c @@ -0,0 +1,58 @@ +/* +Author: Robin H. Johnson <robbat2@gentoo.org> +Date: 2006-08-09 + +This patch allows a CVS server to deny usage of specific commands, based on +input in the environment. + +Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want, +seperated by spaces. Eg: +CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents" +would block ALL usage of compression. + +Please see the array 'struct request requests[]' in src/server.c for a full +list of commands. + +Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients +may fail! (This includes 'ci'!). + +See the companion cvs-custom.c for a wrapper that can enforce the environment variable for pserver setups. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> +*/ + +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> +#include <malloc.h> + + +#define REAL_CVS "/bin/cvs" +#define CVS_TMPDIR "/tmp" +#define CMDS_BLOCKED " Gzip-stream gzip-file-contents Kerberos-encrypt Gssapi-encrypt Gssapi-authenticate add remove admin import init history watch-on watch-off watch-add watch-remove watchers editors edit version tag rtag " + +int main(int argc, char* argv[]) { + char** newargv; + int newargc, offset; + int i; + // 0 for argv[0] we must copy + offset = 0+0; + // +1 for trailing NULL + newargc = argc+offset+1; + newargv = (char**) malloc(newargc*sizeof(char*)); + newargv[0] = "cvs"; + //newargv[1] = "-T"; + //newargv[2] = CVS_TMPDIR; + //newargv[3] = "-R"; + for(i=1;i<argc;i++) { + newargv[i+offset] = argv[i]; + } + newargv[newargc-1] = NULL; + setenv("CVS_BLOCK_REQUESTS",CMDS_BLOCKED ,1); + //for(i =0;i<newargc;i++) { + // printf("[%d]='%s'\n",i,newargv[i] != NULL ? newargv[i] : "NULL"); + //} + execv(REAL_CVS,newargv); + free(newargv); + return 0; +} diff --git a/dev-util/cvs/files/digest-cvs-1.12.12-r4 b/dev-util/cvs/files/digest-cvs-1.12.12-r4 new file mode 100644 index 000000000000..50aa76954e41 --- /dev/null +++ b/dev-util/cvs/files/digest-cvs-1.12.12-r4 @@ -0,0 +1,12 @@ +MD5 320f956b8f079587f938955cc34b03bc cederqvist-1.12.12.html.tar.bz2 137581 +RMD160 4b98b01dce9554dc5191f82c5df54e784934dd2b cederqvist-1.12.12.html.tar.bz2 137581 +SHA256 6bdd66581ec363e05313a14db27cd3c201b547cdfc9ea2f8edde74e78301f0f6 cederqvist-1.12.12.html.tar.bz2 137581 +MD5 642cf710f7f57f448a5d92abf1f712f5 cederqvist-1.12.12.pdf 1252423 +RMD160 61b82c41cc365c03ee3a483cb7200a6dce2c9ffc cederqvist-1.12.12.pdf 1252423 +SHA256 211c5792d24bfd5694f23bc217a161d880bfb2447c41016fab6f657168b041ce cederqvist-1.12.12.pdf 1252423 +MD5 75eca4292b58b711f995386ed1eb4efb cederqvist-1.12.12.ps 1262208 +RMD160 49fc79c627cd4b590381a6b0f609f55495546df8 cederqvist-1.12.12.ps 1262208 +SHA256 0e14189614e2c5ead49bfe0ecd187239f8adc3e66371b49d52163be821e44cab cederqvist-1.12.12.ps 1262208 +MD5 e930ce9a6e75c06555cadb13796d04c4 cvs-1.12.12.tar.bz2 3197171 +RMD160 7275686576957e016b4f671ad5d52d8961d2d7d2 cvs-1.12.12.tar.bz2 3197171 +SHA256 9fb9176d268b9019768fc57dedc2920c28fbeda5ba224c2348550d4f25043edc cvs-1.12.12.tar.bz2 3197171 |