[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SECURITY BUG in CVS 1.11.1
|
From: |
Larry Jones |
|
Subject: |
Re: SECURITY BUG in CVS 1.11.1 |
|
Date: |
Tue, 12 Feb 2002 16:55:22 -0500 (EST) |
Douglas Finkle writes:
>
> Is there any chance of you offering this as a smaller step by publishing the
> fix as a patch? I'd feel much more comfortable applying a small patch
> vs replacing the entire tool w/ a development version. I imagine many
> others would feel similarly.
For what it's worth, the current development version is entirely stable
and contains many bug fixes; I have no qualms about suggesting that
people run it. On the other hand:
> A cvs diff of the files requiring the fix would be most appreciatiated.
Index: main.c
===================================================================
RCS file: /cvs/ccvs/src/main.c,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -r1.168 -r1.169
--- main.c 4 Sep 2001 22:43:23 -0000 1.168
+++ main.c 8 Feb 2002 18:06:36 -0000 1.169
@@ -332,6 +332,8 @@
if (strcmp (cmd_name, cm->fullname) == 0)
break;
}
+ if (!cm->fullname)
+ error (1, 0, "unknown command: %s", cmd_name);
return cm->attr;
}
Index: server.c
===================================================================
RCS file: /cvs/ccvs/src/server.c,v
retrieving revision 1.271
retrieving revision 1.272
diff -u -r1.271 -r1.272
--- server.c 30 Jan 2002 16:53:06 -0000 1.271
+++ server.c 8 Feb 2002 18:06:36 -0000 1.272
@@ -3666,7 +3666,7 @@
serve_tag (arg)
char *arg;
{
- do_cvs_command ("cvstag", cvstag);
+ do_cvs_command ("tag", cvstag);
}
static void
-Larry Jones
What a waste to be going to school on a morning like this. -- Calvin