Add custom patch designed for helping CVS servers to block specific inputs, to be used for anoncvs.gentoo.org ;-).

Package-Manager: portage-2.1.1_pre4-r3

6 files changed, 315 insertions, 5 deletions

diff --git a/dev-util/cvs/ChangeLog b/dev-util/cvs/ChangeLog
index 43b5150f5fb4..8d8d7f55c998 100644
--- a/dev-util/cvs/ChangeLog
+++ b/dev-util/cvs/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for dev-util/cvs
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/ChangeLog,v 1.108 2006/05/27 00:26:59 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/ChangeLog,v 1.109 2006/08/09 02:04:54 robbat2 Exp $
+
+*cvs-1.12.12-r4 (09 Aug 2006)
+
+  09 Aug 2006; Robin H. Johnson <robbat2@gentoo.org>
+  +files/cvs-1.12.12-block-requests.patch, +files/cvs-1.12.12-cvs-custom.c,
+  +cvs-1.12.12-r4.ebuild:
+  Add custom patch designed for helping CVS servers to block specific inputs,
+  to be used for anoncvs.gentoo.org ;-).
 
   27 May 2006; Robin H. Johnson <robbat2@gentoo.org> -cvs-1.12.13.ebuild,
   cvs-1.12.13-r1.ebuild:
diff --git a/dev-util/cvs/Manifest b/dev-util/cvs/Manifest
index af37216b1d60..cab4da85c7c4 100644
--- a/dev-util/cvs/Manifest
+++ b/dev-util/cvs/Manifest
@@ -1,3 +1,11 @@
+AUX cvs-1.12.12-block-requests.patch 4006 RMD160 47be05434e53c25fc6dd1fa6848d25d155dc307a SHA1 a4e77d76457a3047c19945d53f3b2aca572d1da4 SHA256 70bbf745815d1e01582329160a10f5cdd9c11051e4e62d331686dd5124e01294
+MD5 ff9b7f29f0615cb168c1ce387fdc5809 files/cvs-1.12.12-block-requests.patch 4006
+RMD160 47be05434e53c25fc6dd1fa6848d25d155dc307a files/cvs-1.12.12-block-requests.patch 4006
+SHA256 70bbf745815d1e01582329160a10f5cdd9c11051e4e62d331686dd5124e01294 files/cvs-1.12.12-block-requests.patch 4006
+AUX cvs-1.12.12-cvs-custom.c 1735 RMD160 c4c1dea5b3656061a2eb0678acaa95c1b58b2e87 SHA1 409184599eb9b311a91066d75b2833ee455bbd4d SHA256 bd288a9484c4c26569a44e71f0935cf310e4b02e25e7e9ba564c9fc3f5121054
+MD5 7e1b59621c1a80508dc12ccf19e49794 files/cvs-1.12.12-cvs-custom.c 1735
+RMD160 c4c1dea5b3656061a2eb0678acaa95c1b58b2e87 files/cvs-1.12.12-cvs-custom.c 1735
+SHA256 bd288a9484c4c26569a44e71f0935cf310e4b02e25e7e9ba564c9fc3f5121054 files/cvs-1.12.12-cvs-custom.c 1735
 AUX cvs-1.12.12-cvsbug-tmpfix.patch 624 RMD160 c580f653ef9f294676aa4d766decaac50298b3c5 SHA1 bb00a168e604940bdbc38baf10f0a8c1e3f5d862 SHA256 061c26d140e1195200f1cc76217b2e7c2ff7f0c4dcbbb31124b386e8e756938e
 MD5 6b8fde892bfbca3d39d848430e5f4012 files/cvs-1.12.12-cvsbug-tmpfix.patch 624
 RMD160 c580f653ef9f294676aa4d766decaac50298b3c5 files/cvs-1.12.12-cvsbug-tmpfix.patch 624
@@ -58,14 +66,18 @@ EBUILD cvs-1.12.12-r3.ebuild 2069 RMD160 7b6f8512ad06cce6548b93cbf704a93c430a1a7
 MD5 055b52a1fdc4483bf0c87746a69265ac cvs-1.12.12-r3.ebuild 2069
 RMD160 7b6f8512ad06cce6548b93cbf704a93c430a1a70 cvs-1.12.12-r3.ebuild 2069
 SHA256 482b7fca761039136f8d133d72b871a5517a923c0f5931c8e40fb2f81209a668 cvs-1.12.12-r3.ebuild 2069
+EBUILD cvs-1.12.12-r4.ebuild 2214 RMD160 d3817fd0aa4cb906a3912f6a447122cb7a4eedd2 SHA1 a8598e0446254346ac7fb4ede7536ea3e1d5393d SHA256 8079e35807b15f9b4894355e4e0e9c01364f677d69fe083c899ea8f22cdb4289
+MD5 eec129377a540155296c95ebd5e1a92c cvs-1.12.12-r4.ebuild 2214
+RMD160 d3817fd0aa4cb906a3912f6a447122cb7a4eedd2 cvs-1.12.12-r4.ebuild 2214
+SHA256 8079e35807b15f9b4894355e4e0e9c01364f677d69fe083c899ea8f22cdb4289 cvs-1.12.12-r4.ebuild 2214
 EBUILD cvs-1.12.13-r1.ebuild 3880 RMD160 e9329ff8427606c73fb06e40a3e052b0faaecc9b SHA1 53a7170db537a5a77686cef12f87ba28bfacc92e SHA256 c5b11e425820b0315edbe638c0238a37859a16951008ba278b61c5ff649b16d3
 MD5 4d3ee42d22d37569f166cd7fe161cd29 cvs-1.12.13-r1.ebuild 3880
 RMD160 e9329ff8427606c73fb06e40a3e052b0faaecc9b cvs-1.12.13-r1.ebuild 3880
 SHA256 c5b11e425820b0315edbe638c0238a37859a16951008ba278b61c5ff649b16d3 cvs-1.12.13-r1.ebuild 3880
-MISC ChangeLog 13913 RMD160 911cb9309331fdf9cd625ec71f6de648774acad9 SHA1 8422dde427edf981e547e6d8251271c3886fc9fb SHA256 30aa6c28f17e25dd2dff4d51197e4f1be25434df4d91657e80f62013091f0f17
-MD5 35dfc5f260492ddc148c8c2c1a9aa866 ChangeLog 13913
-RMD160 911cb9309331fdf9cd625ec71f6de648774acad9 ChangeLog 13913
-SHA256 30aa6c28f17e25dd2dff4d51197e4f1be25434df4d91657e80f62013091f0f17 ChangeLog 13913
+MISC ChangeLog 14219 RMD160 1536f68ffa4a53ca6c06865a4321aa46d75aa7ec SHA1 8bc93a5935ed2e0efaa8bf09508abeb73ef8f15c SHA256 c9ac4543f5e631cbca28ad24d06fe08fda369c27cc185cc3fe8ee3ffa8ac5f3d
+MD5 e28a4db618c9490864e41f9dd40055fc ChangeLog 14219
+RMD160 1536f68ffa4a53ca6c06865a4321aa46d75aa7ec ChangeLog 14219
+SHA256 c9ac4543f5e631cbca28ad24d06fe08fda369c27cc185cc3fe8ee3ffa8ac5f3d ChangeLog 14219
 MISC metadata.xml 162 RMD160 4860626303bc1113a855a556455d3bdc9f21db79 SHA1 92320acf140a0b265e4e502238e53f194bf89670 SHA256 932a0c3bfb1ea371074cdf017dae98bb229959e68e98d4d19378564db2cfa3d3
 MD5 5013179b1f3eab5b3127de8372c57a1a metadata.xml 162
 RMD160 4860626303bc1113a855a556455d3bdc9f21db79 metadata.xml 162
@@ -82,6 +94,9 @@ SHA256 688739cfb729212f81a739675ceb1be468c3a19ed19ce6b1c1d20d59f9e47872 files/di
 MD5 e240800ff9082680c7851638e8dd6b33 files/digest-cvs-1.12.12-r3 1012
 RMD160 44e8be6ab35ff4e7e00eb86bf59a53319f4bead6 files/digest-cvs-1.12.12-r3 1012
 SHA256 47a57651971dc4c081e8ea30a7d244cc94c5a2386020bf8acf5a1a6906c972db files/digest-cvs-1.12.12-r3 1012
+MD5 e96995d8fd572022d1c89868163a901a files/digest-cvs-1.12.12-r4 1012
+RMD160 c5b3a89dce9319a981e2a07f55e9df095ebea7a1 files/digest-cvs-1.12.12-r4 1012
+SHA256 688739cfb729212f81a739675ceb1be468c3a19ed19ce6b1c1d20d59f9e47872 files/digest-cvs-1.12.12-r4 1012
 MD5 3a6f27aa076ef6598b6e12fcbaca3a9c files/digest-cvs-1.12.13-r1 1012
 RMD160 978bfb729ec4a8bff0ac851393d2b0d5b161ec8d files/digest-cvs-1.12.13-r1 1012
 SHA256 1e99eefe36659d1e6a9f690003de8ecafd0d9d057e814acf48e57b80cdc999a5 files/digest-cvs-1.12.13-r1 1012
diff --git a/dev-util/cvs/cvs-1.12.12-r4.ebuild b/dev-util/cvs/cvs-1.12.12-r4.ebuild
new file mode 100644
index 000000000000..8dd8e1eb537a
--- /dev/null
+++ b/dev-util/cvs/cvs-1.12.12-r4.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-util/cvs/cvs-1.12.12-r4.ebuild,v 1.1 2006/08/09 02:04:54 robbat2 Exp $
+
+inherit eutils pam
+
+DESCRIPTION="Concurrent Versions System - source code revision control tools"
+HOMEPAGE="http://www.nongnu.org/cvs/"
+
+SRC_URI="mirror://gnu/non-gnu/cvs/source/feature/${PV}/${P}.tar.bz2
+	doc? ( mirror://gnu/non-gnu/cvs/source/feature/${PV}/cederqvist-${PV}.html.tar.bz2
+		mirror://gnu/non-gnu/cvs/source/feature/${PV}/cederqvist-${PV}.pdf
+		mirror://gnu/non-gnu/cvs/source/feature/${PV}/cederqvist-${PV}.ps )"
+
+LICENSE="GPL-2 LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+
+IUSE="crypt doc emacs kerberos nls pam server"
+
+DEPEND=">=sys-libs/zlib-1.1.4
+	kerberos? ( virtual/krb5 )
+	pam? ( virtual/pam )"
+
+src_unpack() {
+	unpack ${P}.tar.bz2
+	use doc && unpack cederqvist-${PV}.html.tar.bz2
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${P}-cvsbug-tmpfix.patch
+	epatch ${FILESDIR}/${P}-openat.patch
+	EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${P}-block-requests.patch
+}
+
+src_compile() {
+	econf \
+		--with-external-zlib \
+		--with-tmpdir=/tmp \
+		$(use_enable crypt encryption) \
+		$(use_with kerberos gssapi) \
+		$(use_enable nls) \
+		$(use_enable pam) \
+		$(use_enable server) \
+		|| die
+	emake || die "emake failed"
+}
+
+src_install() {
+	einstall || die
+
+	insinto /etc/xinetd.d
+	newins ${FILESDIR}/cvspserver.xinetd.d cvspserver || die "newins failed"
+
+	dodoc BUGS ChangeLog* DEVEL* FAQ HACKING \
+		MINOR* NEWS PROJECTS README* TESTS TODO
+
+	if use emacs; then
+		insinto /usr/share/emacs/site-lisp
+		doins cvs-format.el || die "doins failed"
+	fi
+	
+	use server && newdoc ${FILESDIR}/cvs-1.12.12-cvs-custom.c cvs-custom.c
+
+	if use doc; then
+		dodoc ${DISTDIR}/cederqvist-${PV}.pdf
+		dodoc ${DISTDIR}/cederqvist-${PV}.ps
+		tar xjf ${DISTDIR}/cederqvist-${PV}.html.tar.bz2
+		dohtml -r cederqvist-${PV}.html/*
+		cd ${D}/usr/share/doc/${PF}/html/
+		ln -s cvs.html index.html
+	fi
+
+
+	newpamd ${FILESDIR}/cvs.pam-include-1.12.12 cvs
+}
+
+src_test() {
+	einfo "FEATURES=\"maketest\" has been disabled for dev-util/cvs"
+}
diff --git a/dev-util/cvs/files/cvs-1.12.12-block-requests.patch b/dev-util/cvs/files/cvs-1.12.12-block-requests.patch
new file mode 100644
index 000000000000..9c9b49db8f62
--- /dev/null
+++ b/dev-util/cvs/files/cvs-1.12.12-block-requests.patch
@@ -0,0 +1,140 @@
+Author: Robin H. Johnson <robbat2@gentoo.org>
+Date: 2006-08-09
+
+This patch allows a CVS server to deny usage of specific commands, based on
+input in the environment.
+
+Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want,
+seperated by spaces. Eg:
+CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents"
+would block ALL usage of compression.
+
+Please see the array 'struct request requests[]' in src/server.c for a full
+list of commands.
+
+Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients
+may fail! (This includes 'ci'!).
+
+See the companion cvs-custom.c for a wrapper that can enforce the environment variable for pserver setups.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+
+diff -Nuar --exclude '*~' -U 10 cvs-1.12.12.orig/src/server.c cvs-1.12.12/src/server.c
+--- cvs-1.12.12.orig/src/server.c	2005-04-14 14:13:29.000000000 +0000
++++ cvs-1.12.12/src/server.c	2006-08-09 01:40:44.000000000 +0000
+@@ -5836,43 +5836,90 @@
+ #undef REQ_LINE
+ };
+ #endif /* SERVER_SUPPORT or CLIENT_SUPPORT */
+ 
+ 
+ 
+ #ifdef SERVER_SUPPORT
+ /*
+  * This server request is not ignored by the secondary.
+  */
++
++/* Hack by Robin H. Johnson <robbat2@gentoo.org>.
++ * Allow the server ENV to specify what request types are to be ignored.
++ */
++
++static char blocked_requests[BUFSIZ] = " ";
++
++static void build_blocked_requests() {
++	char *tmp = getenv("CVS_BLOCK_REQUESTS");
++
++	if (tmp != NULL && strlen(tmp) > 0) {
++		// move to our custom buffer
++		strncat(blocked_requests, tmp, sizeof(blocked_requests)-strlen(blocked_requests));
++		//add a space on the end as well for searching
++		strncat(blocked_requests, " ", sizeof(blocked_requests)-strlen(blocked_requests));
++	}
++
++	// now blocked_requests contains the list of every request that we do not
++	// want to serve
++}
++
++// returns 0 if we should serve this request
++// use as if(checker(FOO)) continue;
++static int serve_valid_requests_checker(char *reqname) {
++	char needle[BUFSIZ] = " ";
++	char *tmp;
++
++	if(!blocked_requests || strlen(blocked_requests) < 2)
++		return 0;
++
++	// we want to look for ' 'reqname' '
++	snprintf(needle, sizeof(needle), " %s ", reqname);
++
++	// now do the search
++	tmp = strstr(blocked_requests, needle);
++
++	if (tmp != NULL)
++		return 1;
++
++	return 0;
++	
++}
++
+ static void
+ serve_valid_requests (char *arg)
+ {
+     struct request *rq;
+ 
+     /* Since this is processed in the first pass, don't reprocess it in the
+      * second.
+      *
+      * We still print errors since new errors could have been generated in the
+      * second pass.
+      */
+     if (print_pending_error ()
+ #ifdef PROXY_SUPPORT
+ 	|| reprocessing
+ #endif /* PROXY_SUPPORT */
+        )
+ 	return;
++	
++    build_blocked_requests();
+ 
+     buf_output0 (buf_to_net, "Valid-requests");
+     for (rq = requests; rq->name != NULL; rq++)
+     {
+ 	if (rq->func != NULL)
+ 	{
++		if(serve_valid_requests_checker(rq->name)) 
++			continue;
+ 	    buf_append_char (buf_to_net, ' ');
+ 	    buf_output0 (buf_to_net, rq->name);
+ 	}
+     }
+     buf_output0 (buf_to_net, "\nok\n");
+ 
+     /* The client is waiting for the list of valid requests, so we
+        must send the output now.  */
+     buf_flush (buf_to_net, 1);
+ }
+@@ -6353,20 +6400,24 @@
+ 		    cmd += len;
+ 		else if (cmd[len] == ' ')
+ 		    cmd += len + 1;
+ 		else
+ 		    /*
+ 		     * The first len characters match, but it's a different
+ 		     * command.  e.g. the command is "cooperate" but we matched
+ 		     * "co".
+ 		     */
+ 		    continue;
++		// Ignore commands that we are supposed to ignore.
++		if(serve_valid_requests_checker(rq->name))
++				continue;
++
+ 
+ 		if (!(rq->flags & RQ_ROOTLESS)
+ 		    && current_parsed_root == NULL)
+ 		{
+ 		    /* For commands which change the way in which data
+ 		       is sent and received, for example Gzip-stream,
+ 		       this does the wrong thing.  Since the client
+ 		       assumes that everything is being compressed,
+ 		       unconditionally, there is no way to give this
+ 		       error to the client without turning on
diff --git a/dev-util/cvs/files/cvs-1.12.12-cvs-custom.c b/dev-util/cvs/files/cvs-1.12.12-cvs-custom.c
new file mode 100644
index 000000000000..597f6de8dbdb
--- /dev/null
+++ b/dev-util/cvs/files/cvs-1.12.12-cvs-custom.c
@@ -0,0 +1,58 @@
+/*
+Author: Robin H. Johnson <robbat2@gentoo.org>
+Date: 2006-08-09
+
+This patch allows a CVS server to deny usage of specific commands, based on
+input in the environment.
+
+Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want,
+seperated by spaces. Eg:
+CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents"
+would block ALL usage of compression.
+
+Please see the array 'struct request requests[]' in src/server.c for a full
+list of commands.
+
+Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients
+may fail! (This includes 'ci'!).
+
+See the companion cvs-custom.c for a wrapper that can enforce the environment variable for pserver setups.
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+*/
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <malloc.h>
+
+
+#define REAL_CVS "/bin/cvs"
+#define CVS_TMPDIR "/tmp"
+#define CMDS_BLOCKED " Gzip-stream gzip-file-contents Kerberos-encrypt Gssapi-encrypt Gssapi-authenticate add remove admin import init history watch-on watch-off watch-add watch-remove watchers editors edit version tag rtag "
+
+int main(int argc, char* argv[]) {
+		char** newargv;
+		int newargc, offset;
+		int i;
+		// 0 for argv[0] we must copy
+		offset = 0+0;
+		// +1 for trailing NULL
+		newargc = argc+offset+1;
+		newargv = (char**) malloc(newargc*sizeof(char*));
+		newargv[0] = "cvs";
+		//newargv[1] = "-T";
+		//newargv[2] = CVS_TMPDIR;
+		//newargv[3] = "-R";
+		for(i=1;i<argc;i++) {
+				newargv[i+offset] = argv[i];
+		}
+		newargv[newargc-1] = NULL;
+		setenv("CVS_BLOCK_REQUESTS",CMDS_BLOCKED ,1);
+		//for(i =0;i<newargc;i++) {
+		//		printf("[%d]='%s'\n",i,newargv[i] != NULL ? newargv[i] : "NULL");
+		//}
+		execv(REAL_CVS,newargv);
+		free(newargv);
+		return 0;
+}
diff --git a/dev-util/cvs/files/digest-cvs-1.12.12-r4 b/dev-util/cvs/files/digest-cvs-1.12.12-r4
new file mode 100644
index 000000000000..50aa76954e41
--- /dev/null
+++ b/dev-util/cvs/files/digest-cvs-1.12.12-r4
@@ -0,0 +1,12 @@
+MD5 320f956b8f079587f938955cc34b03bc cederqvist-1.12.12.html.tar.bz2 137581
+RMD160 4b98b01dce9554dc5191f82c5df54e784934dd2b cederqvist-1.12.12.html.tar.bz2 137581
+SHA256 6bdd66581ec363e05313a14db27cd3c201b547cdfc9ea2f8edde74e78301f0f6 cederqvist-1.12.12.html.tar.bz2 137581
+MD5 642cf710f7f57f448a5d92abf1f712f5 cederqvist-1.12.12.pdf 1252423
+RMD160 61b82c41cc365c03ee3a483cb7200a6dce2c9ffc cederqvist-1.12.12.pdf 1252423
+SHA256 211c5792d24bfd5694f23bc217a161d880bfb2447c41016fab6f657168b041ce cederqvist-1.12.12.pdf 1252423
+MD5 75eca4292b58b711f995386ed1eb4efb cederqvist-1.12.12.ps 1262208
+RMD160 49fc79c627cd4b590381a6b0f609f55495546df8 cederqvist-1.12.12.ps 1262208
+SHA256 0e14189614e2c5ead49bfe0ecd187239f8adc3e66371b49d52163be821e44cab cederqvist-1.12.12.ps 1262208
+MD5 e930ce9a6e75c06555cadb13796d04c4 cvs-1.12.12.tar.bz2 3197171
+RMD160 7275686576957e016b4f671ad5d52d8961d2d7d2 cvs-1.12.12.tar.bz2 3197171
+SHA256 9fb9176d268b9019768fc57dedc2920c28fbeda5ba224c2348550d4f25043edc cvs-1.12.12.tar.bz2 3197171