head 1.2; access; symbols OPENPKG_2_STABLE_MP:1.2 OPENPKG_E1_MP_HEAD:1.2 OPENPKG_E1_MP:1.2 OPENPKG_E1_MP_2_STABLE:1.2 OPENPKG_E1_FP:1.2 OPENPKG_2_STABLE_20061018:1.2 OPENPKG_2_STABLE:1.2.0.14 OPENPKG_2_STABLE_BP:1.2 OPENPKG_2_5_SOLID:1.2.0.12 OPENPKG_2_5_SOLID_BP:1.2 OPENPKG_2_4_RELEASE:1.2 OPENPKG_2_4_SOLID:1.2.0.10 OPENPKG_2_4_SOLID_BP:1.2 OPENPKG_2_3_RELEASE:1.2 OPENPKG_2_3_SOLID:1.2.0.8 OPENPKG_2_3_SOLID_BP:1.2 OPENPKG_2_2_RELEASE:1.2 OPENPKG_2_2_SOLID:1.2.0.6 OPENPKG_2_2_SOLID_BP:1.2 OPENPKG_2_1_RELEASE:1.2 OPENPKG_2_1_SOLID:1.2.0.4 OPENPKG_2_1_SOLID_BP:1.2 OPENPKG_2_0_RELEASE:1.2 OPENPKG_2_0_SOLID:1.2.0.2 OPENPKG_2_0_SOLID_BP:1.2 OPENPKG_1_3_RELEASE:1.1.2.1 OPENPKG_1_3_SOLID:1.1.2.1.0.2 OPENPKG_1_3_SOLID_BP:1.1.2.1 OPENPKG_1_2_RELEASE:1.1 OPENPKG_1_2_SOLID:1.1.0.4 OPENPKG_1_2_SOLID_BP:1.1 OPENPKG_1_STABLE:1.1.0.2 OPENPKG_1_STABLE_BP:1.1; locks; strict; comment @# @; 1.2 date 2003.05.27.09.35.42; author rse; state dead; branches; next 1.1; 1.1 date 2002.10.02.13.48.02; author ms; state Exp; branches 1.1.2.1 1.1.4.1; next ; 1.1.2.1 date 2003.07.24.20.41.53; author rse; state dead; branches; next ; 1.1.4.1 date 2003.12.12.16.57.18; author ms; state Exp; branches; next 1.1.4.2; 1.1.4.2 date 2004.01.08.13.21.48; author thl; state Exp; branches; next ; desc @@ 1.2 log @upgrade to 1.11.6 (including updated RSE patch set) @ text @--- src/server.c.orig Wed Oct 2 15:37:29 2002 +++ src/server.c Wed Oct 2 15:37:21 2002 @@@@ -124,6 +124,7 @@@@ #include #include #include +#include #include #endif @ 1.1 log @Port the RSE patches to SVR4 safely this time. @ text @@ 1.1.4.1 log @backport fix for filesystem violation, OpenPKG-SA-2003.052 @ text @a10 21 diff -Naur cvs-1.11.5.orig/cvs-1.11.5/src/modules.c cvs-1.11.5/cvs-1.11.5/src/modules.c --- src/modules.c.orig Thu Jun 21 23:23:09 2001 +++ src/modules.c Fri Dec 12 17:44:14 2003 @@@@ -159,6 +159,17 @@@@ } #endif + /* Don't process absolute directories. Anything else could be a security + * problem. Before this check was put in place: + * + * $ cvs -d:fork:/cvsroot co /foo + * cvs server: warning: cannot make directory CVS in /: Permission denied + * cvs [server aborted]: cannot make directory /foo: Permission denied + * $ + */ + if (isabsolute (mname)) + error (1, 0, "Absolute module reference invalid: `%s'", mname); + /* if this is a directory to ignore, add it to that list */ if (mname[0] == '!' && mname[1] != '\0') { @ 1.1.4.2 log @relocate previous patch to standard patch file; Extracted bugfixes and security enhancement from Stable CVS 1.11.11 @ text @d11 21 @ 1.1.2.1 log @mass Merge-From-CURRENT (MFC) in preparation for OpenPKG 1.3 [class CORE only] @ text @@