Module Name:	pkgsrc
Committed By:	salo
Date:		Thu Aug 24 22:02:02 UTC 2006

Modified Files:
	pkgsrc/devel/cscope: Makefile distinfo
	pkgsrc/devel/cscope/patches: patch-aa patch-ae patch-af patch-ag
	    patch-ah patch-ai patch-aj
Added Files:
	pkgsrc/devel/cscope/patches: patch-ap

Log Message:
Security fix for SA21601:

"Will Drewry has reported some vulnerabilities in Cscope, which
 potentially can be exploited by malicious people to compromise
 a vulnerable system.

 1) Various boundary errors within the parsing of file lists or
    the expansion of environment variables can be exploited to
    cause stack-based buffer overflows when parsing specially
    crafted "cscope.lists" files or directories.

 2) A boundary error within the parsing of command line arguments
    can be exploited to cause a stack-based buffer overflow when
    supplying an overly long "reffile" argument.

 Successful exploitation may allow execution of arbitrary code."

Patches adapted from cscope CVS.  Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -r1.44 -r1.45 pkgsrc/devel/cscope/Makefile
cvs rdiff -r1.14 -r1.15 pkgsrc/devel/cscope/distinfo
cvs rdiff -r1.10 -r1.11 pkgsrc/devel/cscope/patches/patch-aa
cvs rdiff -r1.8 -r1.9 pkgsrc/devel/cscope/patches/patch-ae
cvs rdiff -r1.7 -r1.8 pkgsrc/devel/cscope/patches/patch-af
cvs rdiff -r1.4 -r1.5 pkgsrc/devel/cscope/patches/patch-ag \
    pkgsrc/devel/cscope/patches/patch-ah pkgsrc/devel/cscope/patches/patch-ai
cvs rdiff -r1.2 -r1.3 pkgsrc/devel/cscope/patches/patch-aj
cvs rdiff -r0 -r1.1 pkgsrc/devel/cscope/patches/patch-ap

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.