From MAILER-DAEMON Sun May 07 10:21:52 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Fck8u-00014m-AZ for mharc-cvs-dev@gnu.org; Sun, 07 May 2006 10:21:52 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Fck8s-00013a-1i for cvs-dev@nongnu.org; Sun, 07 May 2006 10:21:50 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Fck8q-000124-C4 for cvs-dev@nongnu.org; Sun, 07 May 2006 10:21:49 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fck8q-00011r-7w for cvs-dev@nongnu.org; Sun, 07 May 2006 10:21:48 -0400 Received: from [64.233.207.25] (helo=pop-7.dnv.wideopenwest.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1Fck9S-0005Vd-Ug for cvs-dev@nongnu.org; Sun, 07 May 2006 10:22:27 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-7.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k47EOVdd008152 for ; Sun, 7 May 2006 09:24:35 -0500 Message-ID: <445E0294.7000207@ximbiot.com> Date: Sun, 07 May 2006 10:22:12 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: cvs-dev@nongnu.org X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [Cvs-dev] Re: The dev mailing list X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: cvs-dev.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 May 2006 14:21:50 -0000 Based on this thread, I've created the new email list and I took the liberty of subscribing everyone who was on the list: * conrad@pino.com * brian@murphy.dk * derek@ximbiot.com * fred_maranhao@yahoo.com.br * jhyslop@dreampossible.ca * jim@meyering.net * lawrence.jones@ugs.com * mdb@gnu.org I will update DEVEL-CVS, HACKING, and any other files that seem appropriate shortly. Regards, Derek -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 From MAILER-DAEMON Sun May 07 11:00:49 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Fckkb-0001sz-IV for mharc-cvs-dev@gnu.org; Sun, 07 May 2006 11:00:49 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FckkZ-0001s2-KE for cvs-dev@nongnu.org; Sun, 07 May 2006 11:00:47 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FckkX-0001oc-UD for cvs-dev@nongnu.org; Sun, 07 May 2006 11:00:47 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FckkX-0001oR-OL for cvs-dev@nongnu.org; Sun, 07 May 2006 11:00:45 -0400 Received: from [64.233.207.6] (helo=pop-1.dnv.wideopenwest.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FcklA-00008T-OT for cvs-dev@nongnu.org; Sun, 07 May 2006 11:01:24 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-1.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k47FACec006856; Sun, 7 May 2006 10:10:14 -0500 Message-ID: <445E0BAF.1050903@ximbiot.com> Date: Sun, 07 May 2006 11:01:03 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Arthur Barrett References: <946E76E38BC1E2448B68F32FAEA2BA58249985@2ksrvr01.march-hare.local> In-Reply-To: <946E76E38BC1E2448B68F32FAEA2BA58249985@2ksrvr01.march-hare.local> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cvs-dev@nongnu.org, cvsnt-dev Subject: [Cvs-dev] Re: new cvs-passwd patch X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 May 2006 15:00:47 -0000 Hi Arthur, Tony, Glen, Per discussion on this end, I've created to take the place of . Please use instead of in the future. The subscriber list is the same: * conrad@pino.com * brian@murphy.dk * derek@ximbiot.com * fred_maranhao@yahoo.com.br * jhyslop@dreampossible.ca * jim@meyering.net * lawrence.jones@ugs.com * mdb@gnu.org The list is read-only to new and non subscribers by default, but I've added arthur.barrett@march-hare.com and tony.hoyle@march-hare.com to the auto-approve list. I can add Glen too, but someone will have to forward his email address. Thanks. Regards, Derek Arthur Barrett wrote: > Mark, > > Thanks for cc'ing us on this. > > I've created a new group here cvsnt-dev@march-hare.com which includes > Tony, Glen and myself. Can you send such e-mails to that address in > future. > > I agree that communication on "design" would be beneficial to both > teams. > > Regards, > > > Arthur -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 From MAILER-DAEMON Sun May 07 23:34:44 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FcwWC-00031B-BL for mharc-cvs-dev@gnu.org; Sun, 07 May 2006 23:34:44 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FcwWA-00030r-F2 for cvs-dev@nongnu.org; Sun, 07 May 2006 23:34:42 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FcwW8-00030S-U4 for cvs-dev@nongnu.org; Sun, 07 May 2006 23:34:41 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FcwW8-00030P-PT for cvs-dev@nongnu.org; Sun, 07 May 2006 23:34:40 -0400 Received: from [64.233.207.6] (helo=pop-1.dnv.wideopenwest.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FcwWs-0002Ta-Vc for cvs-dev@nongnu.org; Sun, 07 May 2006 23:35:27 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-1.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k483iQec007888; Sun, 7 May 2006 22:44:28 -0500 Message-ID: <445EBC6E.4060806@ximbiot.com> Date: Sun, 07 May 2006 23:35:10 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Larry Jones , cvs-dev@nongnu.org References: <200605020030.k420Ui120024@thor.net.plm.eds.com> In-Reply-To: <200605020030.k420Ui120024@thor.net.plm.eds.com> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/mixed; boundary="------------030405070000040503090904" Cc: Subject: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 03:34:42 -0000 This is a multi-part message in MIME format. --------------030405070000040503090904 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Larry Jones wrote: > Derek R. Price writes: >> Have you had a chance to try this patch out? > > No, not yet Hi all, I noticed that the only test that should fail using gnupg 1.0.3 is openpgp-5 and tweaked my original patch to set a var and only skip that test when this is detected. I don't have a system with gnupg 1.0.3 here, and was about to commit this and let Larry's nightly testing catch any problems, when the following occurred to me (based on something Mark Baushke said to me earlier): Given the sensitive nature of gnupg, do we really want to cater to a gnupg that is over 5 years old (it was released 2000-09-20) in the test suite? I'm inclined to say no. I'm actually very tempted to make the test suite fail completely when very old versions of gnupg are discovered, with some sort of warnings about the sensitive nature of gnupg and the frequency of serious security fixes in gnupg, but keeping our tests and warnings up-to-date might become a nightmare. Therefore, I came up with a documentation patch instead. Both the most recent version of my patch to deal with GPG 1.0.3 and earlier as well as the documentation patch are attached. Does anyone have any ideas about how to warn about old GPG's in a more general way, short of gpg --version and bumping some hard-coded rev when we notice updates or polling the gpg website for new release notices? Perhaps a target that only runs with - --enable-maintainer-mode (better yet, as part of a maintainercheck or the distcheck target) that polls gnupg.org for the latest release and warns if the "latest gpg" version number is out of date? Am I going overboard? Regards, Derek - -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEXrxtLD1OTBfyMaQRAmGbAJ9+d2vKItoQsCUUMbyAbXXghOASeACgoqzF la6AQfhgMMS5+wbnJo6pLew= =cFJ7 -----END PGP SIGNATURE----- --------------030405070000040503090904 Content-Type: text/plain; name="disable-old-gpg-testing2.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="disable-old-gpg-testing2.diff" Index: ChangeLog =================================================================== RCS file: /cvsroot/cvs/ccvs/ChangeLog,v retrieving revision 1.1296 diff -u -p -r1.1296 ChangeLog --- ChangeLog 27 Apr 2006 18:42:25 -0000 1.1296 +++ ChangeLog 8 May 2006 03:15:17 -0000 @@ -1,3 +1,8 @@ +2006-05-07 Derek Price + + * configure.in: Substitute DEFAULT_SIGN_TEMPLATE and + DEFAULT_SIGN_TEXTMODE in addition to #defining. + 2006-04-27 Derek Price * NEWS: Note that GSSAPI builds under HP-UX. Index: configure.in =================================================================== RCS file: /cvsroot/cvs/ccvs/configure.in,v retrieving revision 1.365 diff -u -p -r1.365 configure.in --- configure.in 25 Apr 2006 20:02:45 -0000 1.365 +++ configure.in 8 May 2006 03:15:18 -0000 @@ -121,18 +121,23 @@ fi dnl These are defined by configure so that if the above is ever expanded to dnl look for OpenPGP capable programs other than `gpg', the default templates dnl can also be detected and substituted here. +DEFAULT_SIGN_TEMPLATE="$GPG --detach-sign --output - %t %a -- %s" +AC_SUBST([DEFAULT_SIGN_TEMPLATE]) AC_DEFINE_UNQUOTED([DEFAULT_SIGN_TEMPLATE], - ["$GPG --detach-sign --output - %t %a -- %s"], + ["$DEFAULT_SIGN_TEMPLATE"], [Define to a command line template that will write an OpenPGP signature for the file `%s' to its standard out. `%t' is substituted at run time with an option which flags files as text files, when necessary, and the empty string, otherwise. `%a' is substituted with a list of arguments provided by the user.]) -AC_DEFINE([DEFAULT_SIGN_TEXTMODE], ["--textmode"], - [Define to the option string that the OpenPGP program used in the - DEFAULT_SIGN_TEMPLATE would like to see for text files (substituted - at run time in place of `%t' in the DEFAULT_SIGN_TEMPLATE).]) +DEFAULT_SIGN_TEXTMODE=--textmode +AC_SUBST([DEFAULT_SIGN_TEXTMODE]) +AC_DEFINE_UNQUOTED([DEFAULT_SIGN_TEXTMODE], ["$DEFAULT_SIGN_TEXTMODE"], + [Define to the option string that the OpenPGP program used + in the DEFAULT_SIGN_TEMPLATE would like to see for text + files (substituted at run time in place of `%t' in the + DEFAULT_SIGN_TEMPLATE).]) DEFAULT_VERIFY_TEMPLATE="$GPG --verify %t %a -- %S %s" AC_SUBST([DEFAULT_VERIFY_TEMPLATE]) AC_DEFINE_UNQUOTED([DEFAULT_VERIFY_TEMPLATE], Index: src/ChangeLog =================================================================== RCS file: /cvsroot/cvs/ccvs/src/ChangeLog,v retrieving revision 1.3400 diff -u -p -r1.3400 ChangeLog --- src/ChangeLog 5 May 2006 18:34:58 -0000 1.3400 +++ src/ChangeLog 8 May 2006 03:15:20 -0000 @@ -1,3 +1,10 @@ +2006-05-07 Derek Price + + * sanity.config.sh.in: Add DEFAULT_SIGN_TEMPLATE & + DEFAULT_SIGN_TEXTMODE. + * sanity.sh: Test verification of concatenated signatures. + (openpgp-5): Skip when only first concatenated signature is reported. + 2006-05-05 Derek Price * base.c: SERVER_ACTIVE isn't a macro, but SERVER_SUPPORT is. Index: src/sanity.config.sh.in =================================================================== RCS file: /cvsroot/cvs/ccvs/src/sanity.config.sh.in,v retrieving revision 1.4 diff -u -p -r1.4 sanity.config.sh.in --- src/sanity.config.sh.in 24 Apr 2006 18:50:27 -0000 1.4 +++ src/sanity.config.sh.in 8 May 2006 03:15:20 -0000 @@ -1,3 +1,17 @@ +# Copyright (C) 2006 The Free Software Foundation, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + RSH_DFLT="@RSH_DFLT@" GPG="@GPG@" DEFAULT_VERIFY_TEMPLATE="@DEFAULT_VERIFY_TEMPLATE@" +DEFAULT_SIGN_TEMPLATE="@DEFAULT_SIGN_TEMPLATE@" +DEFAULT_SIGN_TEXTMODE="@DEFAULT_SIGN_TEXTMODE@" Index: src/sanity.sh =================================================================== RCS file: /cvsroot/cvs/ccvs/src/sanity.sh,v retrieving revision 1.1136 diff -u -p -r1.1136 sanity.sh --- src/sanity.sh 1 May 2006 20:38:28 -0000 1.1136 +++ src/sanity.sh 8 May 2006 03:15:24 -0000 @@ -1925,6 +1925,40 @@ if $gpg; then F1D6D5842814BC3A264BE7068E0C2C7EF133BDE9:6: EOF + # Very old versions of GPG (1.0.3, at least), only report the first signature + # when concatenated signatures are discovered. Set a var to skip tests that + # care. + echo whatever >$TESTDIR/signme + sign_cmd=`echo $DEFAULT_SIGN_TEMPLATE \ + |sed -e "s/%t/$DEFAULT_SIGN_TEXTMODE/" \ + -e s/%a// \ + -e "s#%s#$TESTDIR/signme#"` + $sign_cmd >$TESTDIR/signme.sig 2>>$LOGFILE + $sign_cmd >>$TESTDIR/signme.sig 2>>$LOGFILE + + vrfy_cmd=`echo $DEFAULT_VERIFY_TEMPLATE \ + |sed -e "s/%t/$DEFAULT_SIGN_TEXTMODE/" \ + -e s/%a// \ + -e "s#%S#$TESTDIR/signme.sig#" \ + -e "s#%s#$TESTDIR/signme#"` + $vrfy_cmd >$TESTDIR/gpgtmp 2>&1 + cat $TESTDIR/gpgtmp >>$LOGFILE 2>&1 + if expr "`cat $TESTDIR/gpgtmp`" : \ +"$DOTSTAR Good signature from \"CVS Test Script $DOTSTAR +$DOTSTAR Good signature from \"CVS Test Script $DOTSTAR" >/dev/null 2>&1 + then + gpg_reports_multiple_signatures=: + else + gpg_reports_multiple_signatures=false + + echo "WARNING: Your OpenPGP implementation ($GPG) is very old. Its" >&2 + echo "functionality will be tested inasmuch as possible, but, due to" >&2 + echo "the sensitive nature of OpenPGP implementations, if you intend" >&2 + echo "to employ OpenPGP commit signatures as a security precaution," >&2 + echo "we recommend you upgrade to a more recent version." >&2 + fi + rm $TESTDIR/signme* $TESTDIR/gpgtmp + # Some tests check the content of the RCS file and whether there is a # signature phrase or not depends on whether they were being generated. # The trailing EOL is important. @@ -32947,9 +32981,13 @@ EOF dotest openpgp-4 "$testcvs sign file1" \ "$DOTSTAR Good signature from \"CVS Test Script $DOTSTAR" - dotest openpgp-5 "$testcvs verify file1" \ + if $gpg_reports_multiple_signatures; then + dotest openpgp-5 "$testcvs verify file1" \ "$DOTSTAR Good signature from \"CVS Test Script $DOTSTAR $DOTSTAR Good signature from \"CVS Test Script $DOTSTAR" + else + skip openpgp-5 "GPG only reports the first concatenated signature." + fi dotest openpgp-6 "$testcvs sign -d0xF133BDE9 file1" dotest_fail openpgp-7 "$testcvs verify file1" \ --------------030405070000040503090904 Content-Type: text/plain; name="doc-recent-gpg.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="doc-recent-gpg.diff" Index: doc/ChangeLog =================================================================== RCS file: /cvsroot/cvs/ccvs/doc/ChangeLog,v retrieving revision 1.954 diff -u -p -r1.954 ChangeLog --- doc/ChangeLog 24 Apr 2006 18:50:24 -0000 1.954 +++ doc/ChangeLog 8 May 2006 03:15:05 -0000 @@ -1,3 +1,8 @@ +2006-05-07 Derek Price + + * cvs.texinfo (Global options, The connection method): Add warnings + about keeping gnupg up-to-date. + 2006-01-20 Derek Price * cvsclient.text (Requests): Document Base-diff response. Index: doc/cvs.texinfo =================================================================== RCS file: /cvsroot/cvs/ccvs/doc/cvs.texinfo,v retrieving revision 1.680 diff -u -p -r1.680 cvs.texinfo --- doc/cvs.texinfo 24 Apr 2006 18:50:25 -0000 1.680 +++ doc/cvs.texinfo 8 May 2006 03:15:08 -0000 @@ -2334,6 +2334,12 @@ options, CVS will autonegotiate signing, server supports it. May be overridden by the @samp{--sign} and @samp{--no-sign} global options (@pxref{Global options}). +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} + @item sign-template=@var{template} Use @var{template} as the command line template to generate OpenPGP signatures. Format strings in this template are substituted before the command is run: @@ -2356,11 +2362,23 @@ IS overridden by the @samp{--sign-templa @pxref{Global options} and defaults to @samp{/usr/bin/gpg --detach-sign --output - %t %a %s}. +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} + @item textmode The value passed to both in place of %t in both the OpenPGP signature and the OpenPGP verification command line templates. Defaults to @samp{--textmode}. +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} + @item verify @itemx no-verify Force OpenPGP signature verification on checkout off, or set the failure mode. @@ -2371,6 +2389,12 @@ received. If the server does not suppor of @samp{fatal} will disallow the entire checkout. May be overridden by the @samp{--verify} and @samp{--no-verify} global options (@pxref{Global options}). +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} + @item verify-template=@var{template} Use @var{template} as the command line template to verify OpenPGP signatures. Format strings in this template are substituted before the command is run: @@ -2396,6 +2420,12 @@ for the signed file and a non-zero exit overridden by the @samp{--verify-template} global command line option @pxref{Global options} and defaults to something like @samp{/usr/bin/gpg --detach-sign --output - %t %a %S %s}. + +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} @end table As a further example, to combine both the @code{CVS_RSH} and @code{CVS_SERVER} @@ -8608,6 +8638,12 @@ of these options, CVS will autonegotiate when the server supports it. Overrides the @samp{sign} and @samp{no-sign} method options. +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} + @item --sign-template @var{template} Use @var{template} as the command line template to generate OpenPGP signatures. Format strings in this template are substituted before the commit is run: @@ -8629,11 +8665,23 @@ This template should send the generated Overrides the @samp{sign-template} method option and defaults to something like @samp{/usr/bin/gpg --detach-sign --output - %t %a %s}. +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} + @item --textmode The value passed to both in place of %t in both the OpenPGP signature and the OpenPGP verification command line templates. Defaults to @samp{--textmode}. +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} + @item --verify @itemx --no-verify Force OpenPGP signature verification on checkout off, or set the failure mode. @@ -8644,6 +8692,12 @@ received. If the server does not suppor of @samp{fatal} will disallow the entire checkout. Overrides the @samp{verify} and @samp{no-verify} method options (@pxref{The connection method}). +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} + @item --verify-template=@var{template} Use @var{template} as the command line template to verify OpenPGP signatures. Format strings in this template are substituted before the command is run: @@ -8669,6 +8723,12 @@ for the signed file and a non-zero exit @samp{verify-template} method option @pxref{The connection method} and defaults to something like @samp{/usr/bin/gpg --detach-sign --output - %t %a %S %s}. + +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} @end table @c - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --------------030405070000040503090904-- From MAILER-DAEMON Mon May 08 13:16:48 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Fd9Lk-0004YE-Nf for mharc-cvs-dev@gnu.org; Mon, 08 May 2006 13:16:48 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Fd9Li-0004Y6-OH for cvs-dev@nongnu.org; Mon, 08 May 2006 13:16:46 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Fd9Lh-0004Xu-8p for cvs-dev@nongnu.org; Mon, 08 May 2006 13:16:45 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fd9Lh-0004Xr-47 for cvs-dev@nongnu.org; Mon, 08 May 2006 13:16:45 -0400 Received: from [209.226.175.4] (helo=tomts16-srv.bellnexxia.net) by monty-python.gnu.org with esmtp (Exim 4.52) id 1Fd9MZ-0005Au-KA for cvs-dev@nongnu.org; Mon, 08 May 2006 13:17:39 -0400 Received: from [127.0.0.1] ([70.49.58.172]) by tomts16-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20060508171643.NOEE27612.tomts16-srv.bellnexxia.net@[127.0.0.1]>; Mon, 8 May 2006 13:16:43 -0400 Message-ID: <445F7CFB.1000506@dreampossible.ca> Date: Mon, 08 May 2006 13:16:43 -0400 From: Jim Hyslop Organization: Dreampossible Inc. User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Derek R. Price" Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> In-Reply-To: <445EBC6E.4060806@ximbiot.com> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 17:16:47 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek R. Price wrote: > Given the sensitive nature of gnupg, do we really want to cater to a > gnupg that is over 5 years old (it was released 2000-09-20) in the > test suite? I'm inclined to say no. I agree. > Perhaps a target that only runs with > --enable-maintainer-mode (better yet, as part of a maintainercheck or > the distcheck target) that polls gnupg.org for the latest release and > warns if the "latest gpg" version number is out of date? Am I going > overboard? Depends on your perspective :=) From the security point of view, not in the least. Some paranoi^H^H^H^H^H^H^H conscientious security people might say you aren't going far enough. I think we should not test for a specific revision of GPG. Keeping GPG up to date is outside the scope of CVS. We should take every reasonable effort to ensure that CVS works properly with the latest version of GPG, and to that extent we should ensure that sanity.sh tests pass properly. It would probably be helpful to have a reminder for the maintainers to make sure it's up to date, and possibly allow the reminder to be user-configurable for those users who may want to be reminded as well. - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEX3z7LdDyDwyJw+MRAsIBAKCWQWrRRtJecZgEx6k7YFq1byIvTgCg7Xnk l/vtADydRb7+Hx85glNtCdw= =rRm7 -----END PGP SIGNATURE----- From MAILER-DAEMON Mon May 08 13:35:59 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Fd9eJ-0004TD-Nl for mharc-cvs-dev@gnu.org; Mon, 08 May 2006 13:35:59 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Fd9eI-0004Sr-U3 for cvs-dev@nongnu.org; Mon, 08 May 2006 13:35:58 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Fd9eH-0004S1-Hs for cvs-dev@nongnu.org; Mon, 08 May 2006 13:35:58 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fd9eH-0004Rt-Ek for cvs-dev@nongnu.org; Mon, 08 May 2006 13:35:57 -0400 Received: from [64.233.207.9] (helo=pop-4.dnv.wideopenwest.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1Fd9f9-00072W-VH for cvs-dev@nongnu.org; Mon, 08 May 2006 13:36:52 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-4.dnv.wideopenwest.com (8.12.11/8.12.11) with ESMTP id k48HZZUT023882; Mon, 8 May 2006 12:35:36 -0500 Message-ID: <445F819C.8090606@ximbiot.com> Date: Mon, 08 May 2006 13:36:28 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Jim Hyslop Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> <445F7CFB.1000506@dreampossible.ca> In-Reply-To: <445F7CFB.1000506@dreampossible.ca> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 17:35:59 -0000 Jim Hyslop wrote: > >warns if the "latest gpg" version number is out of date? Am I going > > overboard? > > > Depends on your perspective :=) From the security point of view, not in > the least. Some paranoi^H^H^H^H^H^H^H conscientious security people > might say you aren't going far enough. What about the doc patch? Acceptable? > I think we should not test for a specific revision of GPG. Keeping GPG > up to date is outside the scope of CVS. We should take every reasonable > effort to ensure that CVS works properly with the latest version of GPG, > and to that extent we should ensure that sanity.sh tests pass properly. I agree that actually keeping GPG up-to-date is outside the scope of CVS, but I do still feel that if I'm going to advertise a new feature as secure, it would be polite to at least warn potentially new users who might be somewhat ignorant of security matters and inclined to trust CVS that there may be issues involved in keeping their GPG up-to-date. At least, those users savvy enough to read the CVS manual or run sanity.sh, anyhow. :) > It would probably be helpful to have a reminder for the maintainers to > make sure it's up to date, and possibly allow the reminder to be > user-configurable for those users who may want to be reminded as well. Well, a reminder means a --version test, doesn't it? What about, like I said, a hard-coded value in sanity.sh that only causes a loud warning to be printed about updating GPG, with a hook in `make distcheck' to poll gnupg.org and see if there is a more recent general release version available for download than is specified in sanity.sh? Regards, Derek -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 From MAILER-DAEMON Mon May 08 14:27:38 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdASI-0003w8-2g for mharc-cvs-dev@gnu.org; Mon, 08 May 2006 14:27:38 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdASG-0003vr-2j for cvs-dev@nongnu.org; Mon, 08 May 2006 14:27:36 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdASE-0003vL-8B for cvs-dev@nongnu.org; Mon, 08 May 2006 14:27:35 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdASE-0003vI-3c for cvs-dev@nongnu.org; Mon, 08 May 2006 14:27:34 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FdAT7-0003e9-2o for cvs-dev@nongnu.org; Mon, 08 May 2006 14:28:29 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k48IRVX76814; Mon, 8 May 2006 11:27:31 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k48IRP591370; Mon, 8 May 2006 11:27:25 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: "Derek R. Price" Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) In-Reply-To: <445EBC6E.4060806@ximbiot.com> References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> Comments: In-reply-to: "Derek R. Price" message dated "Sun, 07 May 2006 23:35:10 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 08 May 2006 11:27:25 -0700 Message-ID: <26501.1147112845@juniper.net> Sender: mdb@juniper.net Cc: Larry Jones , cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 18:27:36 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek R. Price writes: > Larry Jones wrote: > > Derek R. Price writes: > >> Have you had a chance to try this patch out? > > > > No, not yet >=20 > Hi all, >=20 > I noticed that the only test that should fail using gnupg 1.0.3 is > openpgp-5 and tweaked my original patch to set a var and only skip > that test when this is detected. Okay. > I don't have a system with gnupg 1.0.3 here, and was about to commit > this and let Larry's nightly testing catch any problems, when the > following occurred to me (based on something Mark Baushke said to me > earlier): >=20 > Given the sensitive nature of gnupg, do we really want to cater to a > gnupg that is over 5 years old (it was released 2000-09-20) in the > test suite? Generally, no. We should not need to cater to ancient versions GnuPG (or the commercial PGP or any of the other OpenPGP implementations that may arise in the future.) > I'm inclined to say no. I'm actually very tempted to > make the test suite fail completely when very old versions of gnupg > are discovered, with some sort of warnings about the sensitive nature > of gnupg and the frequency of serious security fixes in gnupg, but > keeping our tests and warnings up-to-date might become a nightmare. Agreed. > Therefore, I came up with a documentation patch instead. Both the > most recent version of my patch to deal with GPG 1.0.3 and earlier as > well as the documentation patch are attached. Okay. > Does anyone have any ideas about how to warn about old GPG's in a more > general way, short of gpg --version and bumping some hard-coded rev > when we notice updates or polling the gpg website for new release > notices? Perhaps a target that only runs with > --enable-maintainer-mode (better yet, as part of a maintainercheck or > the distcheck target) that polls gnupg.org for the latest release and > warns if the "latest gpg" version number is out of date?=20=20 In general, it is not possible to know if a '1.2.3-99' version of GnuPG contains all of the needed security patches for GnuPG 1.4.3 or not. So, it may be that some GNU/Linux distributions continue to ship patched or forked versions of GnuPG that are completely adequate. For example, from a security point of view 1.4.2.2 contains all security fixes to GnuPG. The latest version, GnuPG 1.4.3 contains some new enhancments that are nice to have, but a client or server could still be using 1.4.2.2 without any real problems. Also, given the plethora of distributions, there are lots of variations on gnupg 1.x.y-n.m distributions that may contian patches to fix the same vulnerabilities that the 'latest' version of GnuPG provides while keeping to the older and less volatile releases from a feature point of view. > Am I going overboard? Not really, but I am not sure a static check when CVS is built or tested is sufficient in the general case. I suggest that --enable-maintainer-mode might care about this more than the general revision a user is using and might want to tell the user what revisions have been found and point to web sites like gnupg.org, rpmfind.net, pgpi.org or any others folks might know to help them make a more informed choice about the version to use. Also, it should be up to the judgement of the cvs administrator if they wish to accept or reject signatures provided by a given version of OpenPGP. To that end, it may be desirable for the 'cvs sign' phase to be able to make a decision on the version of OpenPGP being used to do the signing. (By the way, should 'cvs --help-commands' print out a line about the 'sign' and 'verify' commands?) To that end, it may be desirable for both the client and the server to send the version of OpenPGP each is using in case a particular policy needs to issue rejections All of this said, there are a few questions worth asking about the new mode. If I need to use a number of different versions of CVS servers, why should I need to set CVS_VERIFY_CHECKOUTS=3Doff to do a checkout from a cvs 1.11.x server using a cvs 1.12.13.1 client? Using a top-of-tree cvs executable against the mdb@cvs.savannah.nongnu.org:/cvsroot/cvs repository which is running 1.12.9, I can get doing a 'cvs update base.c' to pick up the last change that went into the CVS sources. cvs [update aborted]: No signature for `base.c'. message unless I specify CVS_VERIFY_CHECKOUTS=3Doff in my environment. Does it make sense to consider adding command-line glue for CVS_VERIFY_CHECKOUTS to impact only servers that are able to support signauture so that I as a user could transition more easily among all of the different CVS servers they may be trying to use? -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEX42NCg7APGsDnFERAqPCAJ9KdcJPXBawy7n3lWoO9JMhDYYAUACdHnJ6 DJGQe5BJPhJc60vDkuuHO90=3D =3DxMFy =2D----END PGP SIGNATURE----- From MAILER-DAEMON Mon May 08 15:01:05 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdAyf-0001xf-2J for mharc-cvs-dev@gnu.org; Mon, 08 May 2006 15:01:05 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdAyc-0001uW-KB for cvs-dev@nongnu.org; Mon, 08 May 2006 15:01:02 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdAya-0001ro-TB for cvs-dev@nongnu.org; Mon, 08 May 2006 15:01:02 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdAya-0001re-Np for cvs-dev@nongnu.org; Mon, 08 May 2006 15:01:00 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FdAzT-0006D7-RR for cvs-dev@nongnu.org; Mon, 08 May 2006 15:01:56 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k48J0wX77437; Mon, 8 May 2006 12:00:58 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k48J0r598707; Mon, 8 May 2006 12:00:53 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: "Derek R. Price" Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) In-Reply-To: <445F819C.8090606@ximbiot.com> References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> <445F7CFB.1000506@dreampossible.ca> <445F819C.8090606@ximbiot.com> Comments: In-reply-to: "Derek R. Price" message dated "Mon, 08 May 2006 13:36:28 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 08 May 2006 12:00:53 -0700 Message-ID: <29180.1147114853@juniper.net> Sender: mdb@juniper.net Cc: Jim Hyslop , cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 19:01:03 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek R. Price writes: > Jim Hyslop wrote: > > >warns if the "latest gpg" version number is out of date? Am I going > > > overboard? > >=20=20=20 > > > > Depends on your perspective :=3D) From the security point of view, not = in > > the least. Some paranoi^H^H^H^H^H^H^H conscientious security people > > might say you aren't going far enough. >=20 > What about the doc patch? Acceptable? I think I would rather see a single copy of the @strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you intend to employ CVS commit signatures as a security precaution, it is recommended that you make sure you are using an OpenPGP implementation with all the available security fixes. Check with the vendor of your OpenPGP implementation for information on its latest version.} text that is referenced rather than ten distinct copies of it. > > I think we should not test for a specific > > revision of GPG. Keeping GPG up to date is > > outside the scope of CVS. We should take every > > reasonable effort to ensure that CVS works > > properly with the latest version of GPG, and > > to that extent we should ensure that sanity.sh > > tests pass properly. >=20 > I agree that actually keeping GPG up-to-date is > outside the scope of CVS, but I do still feel > that if I'm going to advertise a new feature as > secure, it would be polite to at least warn > potentially new users who might be somewhat > ignorant of security matters and inclined to > trust CVS that there may be issues involved in > keeping their GPG up-to-date. >=20 > At least, those users savvy enough to read the > CVS manual or run sanity.sh, anyhow. :) >=20 > > It would probably be helpful to have a > > reminder for the maintainers to make sure it's > > up to date, and possibly allow the reminder to > > be user-configurable for those users who may > > want to be reminded as well. >=20 > Well, a reminder means a --version test, doesn't > it? No. It does not.=20 1) There are at least two viable implementations of the OpenPGP standard as provided by RFC 2440. One is under the GPL and the other is a commercial product. The OpenPGP should try to be agnostic as to the particular implementation chosen. 2) Some vendors have been known to patch security concerns into down-revision releases of software. There is no way to know if 'gpg --version' which returns a '1.2.3' is or is not the latest version of the tool for a particular host operating system or not. > What about, like I said, a hard-coded value in > sanity.sh that only causes a loud warning to be > printed about updating GPG, with a hook in `make > distcheck' to poll gnupg.org and see if there is > a more recent general release version available > for download than is specified in sanity.sh? If you know that it is 'gnupg.org' that you can check, maybe you could print out the latest version if you can figure it out easily.=20 However, what if it is pgp from NAI (www.pgp.com)? The pgp.com folks are interesting in telling you the latest, but you need to fill out a form which includes the hardware and operating system and name of the user asking.... Also, I know that www.pgpi.org is not always accepting connecitons. The last time I looked (last month), they still had 2002/12/03 PGP 8.0 released as the 'Latest news' on the front page and their download site had: GnuPG 1.0.7 PGP 2.6.3i PGP 5.0i PGP 6.5.1i PGP 6.5.8 as the Freeware versions of UNIX available for download. -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEX5VjCg7APGsDnFERAu3ZAKDSv25DOPWueuS36rX/CQzuADcQPACfVlrw JXfzaGhhv708f8zI6+S0I/U=3D =3DqcP6 =2D----END PGP SIGNATURE----- From MAILER-DAEMON Mon May 08 15:52:28 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdBmO-00015G-Ck for mharc-cvs-dev@gnu.org; Mon, 08 May 2006 15:52:28 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdBmN-00014v-3p for cvs-dev@nongnu.org; Mon, 08 May 2006 15:52:27 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdBmM-00014X-7J for cvs-dev@nongnu.org; Mon, 08 May 2006 15:52:26 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdBmM-00014S-4K for cvs-dev@nongnu.org; Mon, 08 May 2006 15:52:26 -0400 Received: from [64.233.207.26] (helo=pop-8.dnv.wideopenwest.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FdBnC-0003Rg-EG; Mon, 08 May 2006 15:53:18 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-8.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k48JmhOM013325; Mon, 8 May 2006 14:48:45 -0500 Message-ID: <445FA173.3040206@ximbiot.com> Date: Mon, 08 May 2006 15:52:19 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: "Mark D. Baushke" Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> <445F7CFB.1000506@dreampossible.ca> <445F819C.8090606@ximbiot.com> <29180.1147114853@juniper.net> In-Reply-To: <29180.1147114853@juniper.net> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/mixed; boundary="------------020300090807040605050203" Cc: Jim Hyslop , cvs-dev X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 19:52:27 -0000 This is a multi-part message in MIME format. --------------020300090807040605050203 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark D. Baushke wrote: > I think I would rather see a single copy of the > > @strong{WARNING: Due to the sensitive nature of OpenPGP > implementations, if you intend to employ CVS commit signatures as a > security precaution, it is recommended that you make sure you are > using an OpenPGP implementation with all the available security > fixes. Check with the vendor of your OpenPGP implementation for > information on its latest version.} > > text that is referenced rather than ten distinct copies of it. Okay. I've attached a new patch. I noticed while I was working on it that I neglected to document the `sign' and `verify' commands, but I will work on that with the sign/verify help patch you suggested. >>> Well, a reminder means a --version test, doesn't it? > > No. It does not. > > 1) There are at least two viable implementations of the OpenPGP > standard as provided by RFC 2440. One is under the GPL and the > other is a commercial product. The OpenPGP should try to be > agnostic as to the particular implementation chosen. At the moment, I'm inclined to only test GPG. Perhaps, if the executable does not appear to be GPG, then sanity.sh should just print a generic warning about the tests being intended for GPG and running anyhow and remember to keep your implementation up-to-date if you are relying on it for security. > 2) Some vendors have been known to patch security concerns into > down-revision releases of software. There is no way to know if 'gpg > --version' which returns a '1.2.3' is or is not the latest version > of the tool for a particular host operating system or not. True, but since this is only a warning, it shouldn't hurt to ignore that and remind the user to check when the version doesn't look up-to-date as far as we knew as of the CVS release date. It occurs to me that it isn't uncommon for a user to be running a 5 year old version of CVS, which would only warn about versions of GPG also at least 5 years old, making this whole exercise seem a bit pointless anyhow. Then again, at least there would be potentially useful warnings for people who kept up with CVS. Regards, Derek-- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEX6FyLD1OTBfyMaQRAvUfAKDp51FlkKFbg8BCMC+hjYgm+eF6GwCg15lG HLw8fveeGxSuV2Q3MRiPmV0= =Ju+2 -----END PGP SIGNATURE----- --------------020300090807040605050203 Content-Type: text/plain; name="doc-recent-gpg2.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="doc-recent-gpg2.diff" Index: doc/ChangeLog =================================================================== RCS file: /cvsroot/cvs/ccvs/doc/ChangeLog,v retrieving revision 1.954 diff -u -p -r1.954 ChangeLog --- doc/ChangeLog 24 Apr 2006 18:50:24 -0000 1.954 +++ doc/ChangeLog 8 May 2006 19:49:33 -0000 @@ -1,3 +1,8 @@ +2006-05-08 Derek Price + + * cvs.texinfo (OpenPGP Signed Commits): New node. + (Global options, The connection method): Reference new node. + 2006-01-20 Derek Price * cvsclient.text (Requests): Document Base-diff response. Index: doc/cvs.texinfo =================================================================== RCS file: /cvsroot/cvs/ccvs/doc/cvs.texinfo,v retrieving revision 1.680 diff -u -p -r1.680 cvs.texinfo --- doc/cvs.texinfo 24 Apr 2006 18:50:25 -0000 1.680 +++ doc/cvs.texinfo 8 May 2006 19:49:36 -0000 @@ -170,6 +170,7 @@ CVS and the Real World. * Tracking sources:: Tracking third-party sources * Builds:: Issues related to CVS and builds * Special Files:: Devices, links and other non-regular files +* OpenPGP Signed Commits:: Knowing who committed a revision, securely References. ----------- @@ -2334,6 +2335,9 @@ options, CVS will autonegotiate signing, server supports it. May be overridden by the @samp{--sign} and @samp{--no-sign} global options (@pxref{Global options}). +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} + @item sign-template=@var{template} Use @var{template} as the command line template to generate OpenPGP signatures. Format strings in this template are substituted before the command is run: @@ -2356,11 +2360,17 @@ IS overridden by the @samp{--sign-templa @pxref{Global options} and defaults to @samp{/usr/bin/gpg --detach-sign --output - %t %a %s}. +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} + @item textmode The value passed to both in place of %t in both the OpenPGP signature and the OpenPGP verification command line templates. Defaults to @samp{--textmode}. +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} + @item verify @itemx no-verify Force OpenPGP signature verification on checkout off, or set the failure mode. @@ -2371,6 +2381,9 @@ received. If the server does not suppor of @samp{fatal} will disallow the entire checkout. May be overridden by the @samp{--verify} and @samp{--no-verify} global options (@pxref{Global options}). +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} + @item verify-template=@var{template} Use @var{template} as the command line template to verify OpenPGP signatures. Format strings in this template are substituted before the command is run: @@ -2396,6 +2409,9 @@ for the signed file and a non-zero exit overridden by the @samp{--verify-template} global command line option @pxref{Global options} and defaults to something like @samp{/usr/bin/gpg --detach-sign --output - %t %a %S %s}. + +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} @end table As a further example, to combine both the @code{CVS_RSH} and @code{CVS_SERVER} @@ -8176,6 +8192,24 @@ supported. @end ignore @c --------------------------------------------------------------------- +@node OpenPGP Signed Commits +@chapter OpenPGP Signed Commits + +@cindex OpenPGP Signatures +@cindex Commit Signatures +OpenPGP signatures can be used at commit time to securely record the author of +a change using public key encryption and at checkout time to verify the author +of the revision being checked out is trusted. + +See @ref{Global options} and @ref{The connection method} for more. + +@strong{WARNING: Due to the sensitive nature of OpenPGP implementations, if you +intend to employ CVS commit signatures as a security precaution, it is +recommended that you make sure you are using an OpenPGP implementation with all +the available security fixes. Check with the vendor of your OpenPGP +implementation for information on its latest version.} + +@c --------------------------------------------------------------------- @c ----- START MAN 1 ----- @node CVS commands @appendix Guide to CVS commands @@ -8608,6 +8642,9 @@ of these options, CVS will autonegotiate when the server supports it. Overrides the @samp{sign} and @samp{no-sign} method options. +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} + @item --sign-template @var{template} Use @var{template} as the command line template to generate OpenPGP signatures. Format strings in this template are substituted before the commit is run: @@ -8629,11 +8666,17 @@ This template should send the generated Overrides the @samp{sign-template} method option and defaults to something like @samp{/usr/bin/gpg --detach-sign --output - %t %a %s}. +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} + @item --textmode The value passed to both in place of %t in both the OpenPGP signature and the OpenPGP verification command line templates. Defaults to @samp{--textmode}. +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} + @item --verify @itemx --no-verify Force OpenPGP signature verification on checkout off, or set the failure mode. @@ -8644,6 +8687,9 @@ received. If the server does not suppor of @samp{fatal} will disallow the entire checkout. Overrides the @samp{verify} and @samp{no-verify} method options (@pxref{The connection method}). +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} + @item --verify-template=@var{template} Use @var{template} as the command line template to verify OpenPGP signatures. Format strings in this template are substituted before the command is run: @@ -8669,6 +8715,9 @@ for the signed file and a non-zero exit @samp{verify-template} method option @pxref{The connection method} and defaults to something like @samp{/usr/bin/gpg --detach-sign --output - %t %a %S %s}. + +@strong{WARNING: @ref{OpenPGP Signed Commits} for more on using OpenPGP +signatures securely.} @end table @c - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --------------020300090807040605050203-- From MAILER-DAEMON Mon May 08 16:05:50 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdBzK-0003d8-OU for mharc-cvs-dev@gnu.org; Mon, 08 May 2006 16:05:50 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdBzJ-0003cq-1o for cvs-dev@nongnu.org; Mon, 08 May 2006 16:05:49 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdBzH-0003ca-N2 for cvs-dev@nongnu.org; Mon, 08 May 2006 16:05:48 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdBzH-0003cX-Fb for cvs-dev@nongnu.org; Mon, 08 May 2006 16:05:47 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FdC0B-0004bi-B6 for cvs-dev@nongnu.org; Mon, 08 May 2006 16:06:43 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k48K5ZX78502; Mon, 8 May 2006 13:05:35 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k48K5R511852; Mon, 8 May 2006 13:05:27 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: "Derek R. Price" Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) In-Reply-To: <445FA173.3040206@ximbiot.com> References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> <445F7CFB.1000506@dreampossible.ca> <445F819C.8090606@ximbiot.com> <29180.1147114853@juniper.net> <445FA173.3040206@ximbiot.com> Comments: In-reply-to: "Derek R. Price" message dated "Mon, 08 May 2006 15:52:19 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 08 May 2006 13:05:27 -0700 Message-ID: <35603.1147118727@juniper.net> Sender: mdb@juniper.net Cc: Jim Hyslop , cvs-dev X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 20:05:49 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek R. Price writes: > Okay. I've attached a new patch. I noticed while I was working on it > that I neglected to document the `sign' and `verify' commands, but I > will work on that with the sign/verify help patch you suggested. Okay. > At the moment, I'm inclined to only test GPG. Perhaps, if the > executable does not appear to be GPG, then sanity.sh should just print > a generic warning about the tests being intended for GPG and running > anyhow and remember to keep your implementation up-to-date if you are > relying on it for security. Yes, this seems reasonable. > > 2) Some vendors have been known to patch security concerns into > > down-revision releases of software. There is no way to know if 'gpg > > --version' which returns a '1.2.3' is or is not the latest version > > of the tool for a particular host operating system or not. >=20 > True, but since this is only a warning, it shouldn't hurt to ignore > that and remind the user to check when the version doesn't look > up-to-date as far as we knew as of the CVS release date. Good point. > It occurs to me that it isn't uncommon for a user to be running a 5 > year old version of CVS, which would only warn about versions of GPG > also at least 5 years old, making this whole exercise seem a bit > pointless anyhow. Then again, at least there would be potentially > useful warnings for people who kept up with CVS. Yup. [...patch elided...] The patch looks good to me. Thanks, -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEX6SHCg7APGsDnFERAky9AKDkVUXF+7TuIsz9Z+4kdnHM2/qj1wCgkTiu IvuHtD5dmAEM41LfSwYP8c4=3D =3DP0eA =2D----END PGP SIGNATURE----- From MAILER-DAEMON Mon May 08 16:34:17 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdCQr-000207-NU for mharc-cvs-dev@gnu.org; Mon, 08 May 2006 16:34:17 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdCQp-000202-VN for cvs-dev@nongnu.org; Mon, 08 May 2006 16:34:16 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdCQp-0001zh-2g for cvs-dev@nongnu.org; Mon, 08 May 2006 16:34:15 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdCQo-0001ze-Rh for cvs-dev@nongnu.org; Mon, 08 May 2006 16:34:14 -0400 Received: from [64.233.207.26] (helo=pop-8.dnv.wideopenwest.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FdCRj-0007Ix-3l for cvs-dev@nongnu.org; Mon, 08 May 2006 16:35:11 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-8.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k48KUXOM017572 for ; Mon, 8 May 2006 15:30:37 -0500 Message-ID: <445FAB41.40505@ximbiot.com> Date: Mon, 08 May 2006 16:34:09 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: cvs-dev Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> <26501.1147112845@juniper.net> In-Reply-To: <26501.1147112845@juniper.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 20:34:16 -0000 Mark D. Baushke wrote: > I suggest that --enable-maintainer-mode might care about this more than > the general revision a user is using and might want to tell the user Actually, I think `make distcheck' is probably a better place since the version number would only really need updating prior to a release (assuming as I am that having sanity.sh probe the internet would be a bad thing), and a simple warning for all users from sanity.sh does not seem harmful. > Also, it should be up to the judgement of the cvs administrator if they > wish to accept or reject signatures provided by a given version of Well, the CVS administrator doesn't have much say about it, as things stand, other than making sure a version of the CVS server is installed than can record signature data. I thought about making a provision for having the server verify commits, and it might very well be useful, but I haven't actually written anything yet. As things stand, it is up to each client to set whether they want their checkouts verified against their key chain or not. > OpenPGP. To that end, it may be desirable for the 'cvs sign' phase to be > able to make a decision on the version of OpenPGP being used to do the > signing. Well, it can be set as a global option, a connection option, or an environment variable. Did you think the user needs more control than this or were you referring to something else? > (By the way, should 'cvs --help-commands' print out a line about > the 'sign' and 'verify' commands?) Yes. I'll get to it with the rest of the sign and verify documentation. > To that end, it may be desirable for both the client and the server to > send the version of OpenPGP each is using in case a particular policy > needs to issue rejections I'm not so sure. In at least one sense, signatures never have security flaws, only verifications. Or at least, if the signature was insecure, a sufficiently up-to-date gpg should be able to spot it and report it as an invalid signature during the verify stage. There is version information stored in the OpenPGP packets as well, if an actual OpenPGP format is ever somehow deemed innately insecure, though it seems more likely that individual hash algorithms, etc would fail and these are also noted in the packet information as well, by necessity. > If I need to use a number of different versions of CVS servers, why > should I need to set CVS_VERIFY_CHECKOUTS=off to do a checkout from > a cvs 1.11.x server using a cvs 1.12.13.1 client? Because I opted for the more secure route as opposed to the one with easier setup and decided that a naive checkout should fail without signature data. Setting CVS_VERIFY_CHECKOUTS=off in the environment or in the CVSROOT spec simple enough and explicit enough that the user would at least have to know they had disabled a security measure. I'd feel fairly secure changing the default to `warn' instead of `fatal', however this should never be auto-negotiated with the server because a compromised server could then just tell the client it didn't support signatures and the user might never notice verify-on-checkout had been disabled. Signing is auto-negotiated by default. The CVS client will not attempt to sign commits if the server does not report support for signatures. > Does it make sense to consider adding command-line glue for > CVS_VERIFY_CHECKOUTS to impact only servers that are able to support > signauture so that I as a user could transition more easily among all of > the different CVS servers they may be trying to use? Again, no. The user can change their own default in their environment, but I'd rather not ship with a default mode that basically circumvents most of what OpenPGP signatures were designed to prevent. Regards, Derek -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 From MAILER-DAEMON Mon May 08 18:13:25 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdDyn-0007Gg-Fu for mharc-cvs-dev@gnu.org; Mon, 08 May 2006 18:13:25 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdDyl-0007GY-Dt for cvs-dev@nongnu.org; Mon, 08 May 2006 18:13:23 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdDyj-0007GM-Rx for cvs-dev@nongnu.org; Mon, 08 May 2006 18:13:22 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdDyj-0007GJ-N0 for cvs-dev@nongnu.org; Mon, 08 May 2006 18:13:21 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FdDze-0006aB-T1 for cvs-dev@nongnu.org; Mon, 08 May 2006 18:14:19 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k48MDJX80708; Mon, 8 May 2006 15:13:19 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k48MDE538160; Mon, 8 May 2006 15:13:14 -0700 (PDT) (envelope-from mdb@juniper.net) To: "Derek R. Price" Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) In-Reply-To: <445FAB41.40505@ximbiot.com> References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> <26501.1147112845@juniper.net> <445FAB41.40505@ximbiot.com> Comments: In-reply-to: "Derek R. Price" message dated "Mon, 08 May 2006 16:34:09 -0400." From: "Mark D. Baushke" X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 08 May 2006 15:13:14 -0700 Message-ID: <45103.1147126394@juniper.net> Sender: mdb@juniper.net Cc: cvs-dev X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 May 2006 22:13:23 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek R. Price writes: > Mark D. Baushke wrote: > Actually, I think `make distcheck' is probably a better place since the > version number would only really need updating prior to a release > (assuming as I am that having sanity.sh probe the internet would be a > bad thing), and a simple warning for all users from sanity.sh does not > seem harmful. Good idea. > > Also, it should be up to the judgement of the cvs administrator if they > > wish to accept or reject signatures provided by a given version of >=20 > Well, the CVS administrator doesn't have much say about it, as things > stand, other than making sure a version of the CVS server is installed > than can record signature data. I thought about making a provision for > having the server verify commits, and it might very well be useful, but > I haven't actually written anything yet. As things stand, it is up to > each client to set whether they want their checkouts verified against > their key chain or not. Okay. > > OpenPGP. To that end, it may be desirable for the 'cvs sign' phase to be > > able to make a decision on the version of OpenPGP being used to do the > > signing. >=20 > Well, it can be set as a global option, a connection option, or an > environment variable. Did you think the user needs more control than > this or were you referring to something else? I guess a connection option is good enough for what I was considering. > > To that end, it may be desirable for both the client and the server to > > send the version of OpenPGP each is using in case a particular policy > > needs to issue rejections >=20 > I'm not so sure. In at least one sense, signatures never have security > flaws, only verifications. Actually, this is not necessarily true in the general case. If the hash algorithm is compromised, it is possible that an entire class of signatures could have security flaws from a trust point of view. It is also true that signing a delta with a compromised key that has been revoked on the server could also be a flaw. > Or at least, if the signature was insecure, a sufficiently up-to-date > gpg should be able to spot it and report it as an invalid signature > during the verify stage. Revoked keys that are not part of the current keyring do not help the user much. > There is version information stored in the OpenPGP packets as well, if > an actual OpenPGP format is ever somehow deemed innately insecure, > though it seems more likely that individual hash algorithms, etc would > fail and these are also noted in the packet information as well, by > necessity. I believe you will find that the version text is explicitly outside of the text that gets hashed for signature validation. There are format revision fields in the packets too, but it does not relate to the version of the protocol, but rather the version of the standard to be used when deocding. > > If I need to use a number of different versions of CVS servers, why > > should I need to set CVS_VERIFY_CHECKOUTS=3Doff to do a checkout from > > a cvs 1.11.x server using a cvs 1.12.13.1 client? >=20 > Because I opted for the more secure route as opposed to the one with > easier setup and decided that a naive checkout should fail without > signature data. Setting CVS_VERIFY_CHECKOUTS=3Doff in the environment or > in the CVSROOT spec simple enough and explicit enough that the user > would at least have to know they had disabled a security measure. >=20 > I'd feel fairly secure changing the default to `warn' instead of > `fatal', however this should never be auto-negotiated with the server > because a compromised server could then just tell the client it didn't > support signatures and the user might never notice verify-on-checkout > had been disabled. >=20 > Signing is auto-negotiated by default. The CVS client will not attempt > to sign commits if the server does not report support for signatures. Okay, I guess I can live with it... > > Does it make sense to consider adding command-line glue for > > CVS_VERIFY_CHECKOUTS to impact only servers that are able to support > > signauture so that I as a user could transition more easily among all of > > the different CVS servers they may be trying to use? >=20 > Again, no. The user can change their own default in their environment, > but I'd rather not ship with a default mode that basically circumvents > most of what OpenPGP signatures were designed to prevent. Okay. -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEX8J6Cg7APGsDnFERAga9AJ9gB397gAOY6GokZUHS4AJZOOd90wCgh9wd o1XwfDaoi52/FWa6Qzi0ki8=3D =3DEQvQ =2D----END PGP SIGNATURE----- From MAILER-DAEMON Mon May 08 21:45:09 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdHHh-0006HY-Ej for mharc-cvs-dev@gnu.org; Mon, 08 May 2006 21:45:09 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdHHf-0006HC-5s for cvs-dev@nongnu.org; Mon, 08 May 2006 21:45:07 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdHHc-0006H0-L9 for cvs-dev@nongnu.org; Mon, 08 May 2006 21:45:05 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdHHc-0006Gx-FA for cvs-dev@nongnu.org; Mon, 08 May 2006 21:45:04 -0400 Received: from [64.233.207.9] (helo=pop-4.dnv.wideopenwest.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FdHIX-0004z6-8w; Mon, 08 May 2006 21:46:01 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-4.dnv.wideopenwest.com (8.12.11/8.12.11) with ESMTP id k491iZKp027820; Mon, 8 May 2006 20:44:38 -0500 Message-ID: <445FF417.8000409@ximbiot.com> Date: Mon, 08 May 2006 21:44:55 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: cvs-dev Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> <26501.1147112845@juniper.net> <445FAB41.40505@ximbiot.com> <45103.1147126394@juniper.net> In-Reply-To: <45103.1147126394@juniper.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "Mark D. Baushke" , Jim Hyslop X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2006 01:45:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark D. Baushke wrote: >>> I'm not so sure. In at least one sense, signatures never have > security >>> flaws, only verifications. > > Actually, this is not necessarily true in the general case. If the > hash algorithm is compromised, it is possible that an entire class > of signatures could have security flaws from a trust point of view. > Well, yes. I may have phrased that badly, but what I was trying to get at is that a sufficiently up-to-date client should recognize the compromised hash and report the signature as invalid, regardless of whether it was once valid. > It is also true that signing a delta with a compromised key that > has been revoked on the server could also be a flaw. One that would also be detected with a client with an up-to-date key chain. > I believe you will find that the version text is explicitly outside > of the text that gets hashed for signature validation. Maybe - I can't recall off the top of my head, but if the data were incorrect then the client wouldn't be able to interpret the hashes correctly and it would be found to be an invalid signature once again. >>> I'd feel fairly secure changing the default to `warn' instead >>> of `fatal', however this should never be auto-negotiated with >>> the server because a compromised server could then just tell >>> the client it > didn't >>> support signatures and the user might never notice >>> verify-on-checkout had been disabled. >>> >>> Signing is auto-negotiated by default. The CVS client will not >>> > attempt >>> to sign commits if the server does not report support for >>> signatures. > > Okay, I guess I can live with it... You can live with it or you think I am right? :) I'm thinking it wouldn't be so bad to switch the default to "warn". I doubt you will be the only person to complain about this. Of course, how much flak will we get when a lack-of-server-signature-support warning scrolls off the top of the screen during a big checkout and some compromised code sneaks through. I'm not sure we can win with this one. :( Regards, Derek - -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEX/QXLD1OTBfyMaQRAh7cAJwPoqR9XQWQNMyxlpuFF89HoA0KNACdE+en h5OTppJmrzZQ4XlRzzVPqsg= =lDpP -----END PGP SIGNATURE----- From MAILER-DAEMON Tue May 09 01:35:36 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FdKsi-0005dR-4D for mharc-cvs-dev@gnu.org; Tue, 09 May 2006 01:35:36 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FdKsh-0005cw-2d for cvs-dev@nongnu.org; Tue, 09 May 2006 01:35:35 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FdKsg-0005cU-EA for cvs-dev@nongnu.org; Tue, 09 May 2006 01:35:34 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FdKsg-0005cR-AV for cvs-dev@nongnu.org; Tue, 09 May 2006 01:35:34 -0400 Received: from [207.17.137.64] (helo=colo-dns-ext2.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FdKtf-0004A8-IB for cvs-dev@nongnu.org; Tue, 09 May 2006 01:36:36 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext2.juniper.net (8.12.3/8.12.3) with ESMTP id k495ZO1Z069849; Mon, 8 May 2006 22:35:31 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k495ZM500821; Mon, 8 May 2006 22:35:22 -0700 (PDT) (envelope-from mdb@juniper.net) To: "Derek R. Price" Subject: Re: [Cvs-dev] Re: [Cvs-test-results] CVS trunk testing results (BSDI BSD/OS) In-Reply-To: <445FF417.8000409@ximbiot.com> References: <200605020030.k420Ui120024@thor.net.plm.eds.com> <445EBC6E.4060806@ximbiot.com> <26501.1147112845@juniper.net> <445FAB41.40505@ximbiot.com> <45103.1147126394@juniper.net> <445FF417.8000409@ximbiot.com> Comments: In-reply-to: "Derek R. Price" message dated "Mon, 08 May 2006 21:44:55 -0400." From: "Mark D. Baushke" X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 08 May 2006 22:35:22 -0700 Message-ID: <61483.1147152922@juniper.net> Sender: mdb@juniper.net Cc: cvs-dev X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2006 05:35:35 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek R. Price writes: > Mark D. Baushke wrote: > >>> I'm not so sure. In at least one sense, signatures never have > > security > >>> flaws, only verifications. > > > > Actually, this is not necessarily true in the general case. If the > > hash algorithm is compromised, it is possible that an entire class > > of signatures could have security flaws from a trust point of view. > > > Well, yes. I may have phrased that badly, but what I was trying to > get at is that a sufficiently up-to-date client should recognize the > compromised hash and report the signature as invalid, regardless of > whether it was once valid. Yes. > > It is also true that signing a delta with a compromised key that > > has been revoked on the server could also be a flaw. >=20 > One that would also be detected with a client with an up-to-date key > chain. True. > > I believe you will find that the version text is explicitly outside > > of the text that gets hashed for signature validation. >=20 > Maybe - I can't recall off the top of my head, but if the data were > incorrect then the client wouldn't be able to interpret the hashes > correctly and it would be found to be an invalid signature once again. The hash and signature types are encoded in the base64 text rather than in the human readable parts. So, you may see 'Hash: xxx' but it is not actually used by OpenPGP to do the comparison encryption. > >>> I'd feel fairly secure changing the default > >>> to `warn' instead of `fatal', however this > >>> should never be auto-negotiated with the > >>> server because a compromised server could > >>> then just tell the client it didn't support > >>> signatures and the user might never notice > >>> verify-on-checkout had been disabled. > >>> > >>> Signing is auto-negotiated by default. The > >>> CVS client will not attempt to sign commits > >>> if the server does not report support for > >>> signatures. > > > > Okay, I guess I can live with it... >=20 > You can live with it or you think I am right? :) I understand why you have chosen this as the default. If someone has compromised the server you want it to be in-the-face right away rather than potentially ignored by the user. I believe that we will see a number of GUIs that sit on top of CVS just tell people to disable the signatures to make things 'easier' or even actively disable them because they won't have the support initially to deal with signatures. Then it becomes more difficult to transition to folks using signatures as they become available. For myself, I might have thought to allow for a command-line switch to allow the checkout/update of a particular file or directory on the command line and included something in the CVS/Entries file that indicated if the file had been verified yet or not. > I'm thinking it wouldn't be so bad to switch the > default to "warn". I'd like to see one release that allows users to configure with a switch to tell if the client should warn or fail when the server does not have OpenPGP support and note in the documentation that the default for 1.12.14 is warn and 1.12.15 will be fail. > I doubt you will be the only person to complain > about this. Of course, how much flak will we get > when a lack-of-server-signature-support warning > scrolls off the top of the screen during a big > checkout and some compromised code sneaks > through. I'm not sure we can win with this one. > :( Yup, it has all the makings of a lose-lose kind of situation. -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEYCoZCg7APGsDnFERAmiZAJkBYiSIpr906pdDLo8L8vBNJqMIfgCePTDD R620KEXel21gSn/kwEhSAnw=3D =3D6UKh =2D----END PGP SIGNATURE----- From MAILER-DAEMON Thu May 11 13:26:09 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FeEvQ-0004Of-TE for mharc-cvs-dev@gnu.org; Thu, 11 May 2006 13:26:08 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeEvQ-0004Oa-DG for cvs-dev@nongnu.org; Thu, 11 May 2006 13:26:08 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeEvP-0004OG-OS for cvs-dev@nongnu.org; Thu, 11 May 2006 13:26:08 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeEvP-0004OD-IV for cvs-dev@nongnu.org; Thu, 11 May 2006 13:26:07 -0400 Received: from [207.17.137.64] (helo=colo-dns-ext2.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FeEwx-0006Sp-KK for cvs-dev@nongnu.org; Thu, 11 May 2006 13:27:44 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext2.juniper.net (8.12.3/8.12.3) with ESMTP id k4BHQ21Z031142; Thu, 11 May 2006 10:26:02 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4BHPk586237; Thu, 11 May 2006 10:25:46 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: christos@zoulas.com (Christos Zoulas) In-Reply-To: <20060504164820.14A1056534@rebar.astron.com> References: <20060504164820.14A1056534@rebar.astron.com> Comments: In-reply-to: christos@zoulas.com (Christos Zoulas) message dated "Thu, 04 May 2006 12:48:19 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU Date: Thu, 11 May 2006 10:25:46 -0700 Message-ID: <67659.1147368346@juniper.net> Sender: mdb@juniper.net Cc: Hubert Feyrer , Thomas Klausner , CVS Development Subject: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2006 17:26:08 -0000 Hi Christos, I have addressed more of the Coverity bugs from run 22: CID Checker Status 632 DEADCODE FALSE 924 FORWARD_NULL BUG 994 FORWARD_NULL BUG 995 FORWARD_NULL BUG 996 FORWARD_NULL BUG 997 FORWARD_NULL BUG 1053 FORWARD_NULL BUG 1054 FORWARD_NULL BUG 1055 FORWARD_NULL BUG 1056 FORWARD_NULL FALSE 1057 FORWARD_NULL IGNORE 2427 REVERSE_NULL BUG 2428 REVERSE_NULL BUG All of CIDs 994, 995, 1055 and 1057 were fixed by the patch to the Entnode_Create function in entries.c rather than in the location where the error was reported. I have applied this fix to both the cvs-1.11.x (STABLE) and cvs-1.12.x (FEATURE) branches in the main cvs repository. The following patch is against the :pserver:anoncvs@anoncvs.netbsd.org:/cvsroot src/gnu/dist/xcvs/src top-of-tree sources. I will continue to work through the list of remaining problems as time permits. None of these fixes appear to have any security implications. Enjoy! -- Mark [BTW: The CVS development team address has changed to .] Note: The change to the previous ChangeLog entry was to remove an extra initial space character that appeared before the first TAB. Index: ChangeLog =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/ChangeLog,v retrieving revision 1.2 diff -u -p -r1.2 ChangeLog --- ChangeLog 4 May 2006 15:39:34 -0000 1.2 +++ ChangeLog 11 May 2006 09:45:20 -0000 @@ -1,18 +1,45 @@ +2006-05-11 Mark D. Baushke + + * add.c (add_directory): Protect tag from NULL dereference. + [Fixes NetBSD cid-1054.] + + * client.c (handle_mt): Deal with missing text argument. + [Fixes NetBSD cid-924.] + + * entries.c (Entnode_Create): Protect date, tag and ts_conflict + from possible NULL dereference. + [Fixes NetBSD coverity cid-994, cid-995, cid-1055, cid-1057.] + + * entries.c (Entries_Open): Protect dirtag and dirdate from + possible NULL dereference. + [Fixes NetBSD coverity cid-996.] + + * log.c (cvslog): Validate start and end args to + date_to_internet(). + [Fixes NetBSD coverity cid-2427 and cid-2428.] + + * logmsg.c (fmt_proc): Protect li->tag from NULL dereference. + [Fixes NetBSD coverity cid-997.] + + * vers_ts.c (Version_TS): Protect tag and vers_ts->tag from NULL + dereference. + [Fixes NetBSD coverity cid-1053.] + 2006-05-04 Mark D. Baushke - * filesubr.c (cvs_temp_file): Avoid keeping pointers to free()'d - storage laying around. - * commit.c (commit): Handle possible NULL filename values - returned from cvs_temp_file(). - * filesubr.c (cvs_temp_name): Ditto. - * import.c (import): Ditto. - * login.c (password_entry_operation): Ditto. - * logmsg.c (do_verify): Ditto. - * patch.c (patch_fileproc): Ditto. - [Fixes NetBSD coverity cid-2545.] + * filesubr.c (cvs_temp_file): Avoid keeping pointers to free()'d + storage laying around. + * commit.c (commit): Handle possible NULL filename values + returned from cvs_temp_file(). + * filesubr.c (cvs_temp_name): Ditto. + * import.c (import): Ditto. + * login.c (password_entry_operation): Ditto. + * logmsg.c (do_verify): Ditto. + * patch.c (patch_fileproc): Ditto. + [Fixes NetBSD coverity cid-2545.] - * buffer.c (packetizing_buffer_output): Initialize outdata. - [Fixes NetBSD coverity cid-2474.] + * buffer.c (packetizing_buffer_output): Initialize outdata. + [Fixes NetBSD coverity cid-2474.] * server.c (server_updated): Fix NetBSD coverity cid-1352 NetBSD-sparc64 of 2006-May-02 03:02:46. Index: add.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/add.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 add.c --- add.c 4 Feb 2006 15:54:55 -0000 1.1.1.1 +++ add.c 11 May 2006 09:45:20 -0000 @@ -852,7 +852,7 @@ add_directory (finfo) p->key = xstrdup ("- New directory"); li = (struct logfile_info *) xmalloc (sizeof (struct logfile_info)); li->type = T_TITLE; - li->tag = xstrdup (tag); + li->tag = tag ? xstrdup (tag) : NULL; li->rev_old = li->rev_new = NULL; p->data = li; (void) addnode (ulist, p); Index: client.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/client.c,v retrieving revision 1.3 diff -u -p -r1.3 client.c --- client.c 19 Mar 2006 22:58:14 -0000 1.3 +++ client.c 11 May 2006 09:45:20 -0000 @@ -3277,7 +3277,7 @@ handle_mt (args, len) cvs_output ("\n", 1); free (updated_fname); } - updated_fname = xstrdup (text); + updated_fname = text ? xstrdup (text) : NULL; } /* Swallow all other tags. Either they are extraneous or they reflect future extensions that we can @@ -3286,13 +3286,13 @@ handle_mt (args, len) else if (importmergecmd.seen) { if (strcmp (tag, "conflicts") == 0) - importmergecmd.conflicts = atoi (text); + importmergecmd.conflicts = text ? atoi (text) : -1; else if (strcmp (tag, "mergetag1") == 0) - importmergecmd.mergetag1 = xstrdup (text); + importmergecmd.mergetag1 = text ? xstrdup (text) : NULL; else if (strcmp (tag, "mergetag2") == 0) - importmergecmd.mergetag2 = xstrdup (text); + importmergecmd.mergetag2 = text ? xstrdup (text) : NULL; else if (strcmp (tag, "repository") == 0) - importmergecmd.repository = xstrdup (text); + importmergecmd.repository = text ? xstrdup (text) : NULL; /* Swallow all other tags. Either they are text for which we are going to print our own version when we see -importmergecmd, or they are future extensions Index: entries.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/entries.c,v retrieving revision 1.2 diff -u -p -r1.2 entries.c --- entries.c 4 Feb 2006 16:29:56 -0000 1.2 +++ entries.c 11 May 2006 09:45:20 -0000 @@ -59,9 +59,9 @@ Entnode_Create(type, user, vn, ts, optio ent->version = xstrdup (vn); ent->timestamp = xstrdup (ts ? ts : ""); ent->options = xstrdup (options ? options : ""); - ent->tag = xstrdup (tag); - ent->date = xstrdup (date); - ent->conflict = xstrdup (ts_conflict); + ent->tag = tag ? xstrdup (tag) : NULL; + ent->date = date ? xstrdup (date) : NULL; + ent->conflict = ts_conflict ? xstrdup (ts_conflict) : NULL; return ent; } @@ -491,8 +491,8 @@ Entries_Open (aflag, update_dir) sdtp = (struct stickydirtag *) xmalloc (sizeof (*sdtp)); memset ((char *) sdtp, 0, sizeof (*sdtp)); sdtp->aflag = aflag; - sdtp->tag = xstrdup (dirtag); - sdtp->date = xstrdup (dirdate); + sdtp->tag = dirtag ? xstrdup (dirtag) : NULL; + sdtp->date = dirdate ? xstrdup (dirdate) : NULL; sdtp->nonbranch = dirnonbranch; /* feed it into the list-private area */ Index: log.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/log.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 log.c --- log.c 4 Feb 2006 15:55:23 -0000 1.1.1.1 +++ log.c 11 May 2006 09:45:20 -0000 @@ -316,17 +316,20 @@ cvslog (argc, argv) { p = log_data.datelist; log_data.datelist = p->next; - send_to_server ("Argument -d\012", 0); - send_to_server ("Argument ", 0); - date_to_internet (datetmp, p->start); - send_to_server (datetmp, 0); - if (p->inclusive) - send_to_server ("<=", 0); - else - send_to_server ("<", 0); - date_to_internet (datetmp, p->end); - send_to_server (datetmp, 0); - send_to_server ("\012", 0); + if (p->start != NULL && p->end != NULL) + { + send_to_server ("Argument -d\012", 0); + send_to_server ("Argument ", 0); + date_to_internet (datetmp, p->start); + send_to_server (datetmp, 0); + if (p->inclusive) + send_to_server ("<=", 0); + else + send_to_server ("<", 0); + date_to_internet (datetmp, p->end); + send_to_server (datetmp, 0); + send_to_server ("\012", 0); + } if (p->start) free (p->start); if (p->end) @@ -337,13 +340,15 @@ cvslog (argc, argv) { p = log_data.singledatelist; log_data.singledatelist = p->next; - send_to_server ("Argument -d\012", 0); - send_to_server ("Argument ", 0); - date_to_internet (datetmp, p->end); - send_to_server (datetmp, 0); - send_to_server ("\012", 0); if (p->end) + { + send_to_server ("Argument -d\012", 0); + send_to_server ("Argument ", 0); + date_to_internet (datetmp, p->end); + send_to_server (datetmp, 0); + send_to_server ("\012", 0); free (p->end); + } free (p); } Index: logmsg.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/logmsg.c,v retrieving revision 1.3 diff -u -p -r1.3 logmsg.c --- logmsg.c 4 May 2006 15:39:34 -0000 1.3 +++ logmsg.c 11 May 2006 09:45:20 -0000 @@ -155,7 +155,7 @@ fmt_proc (p, closure) if (tag != NULL) free (tag); - tag = xstrdup (li->tag); + tag = li->tag ? xstrdup (li->tag) : NULL; /* Force a new line. */ col = 70; Index: vers_ts.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/vers_ts.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 vers_ts.c --- vers_ts.c 4 Feb 2006 15:55:48 -0000 1.1.1.1 +++ vers_ts.c 11 May 2006 09:45:20 -0000 @@ -155,8 +155,8 @@ Version_TS (finfo, options, tag, date, f */ if (tag || date) { - vers_ts->tag = xstrdup (tag); - vers_ts->date = xstrdup (date); + vers_ts->tag = tag ? xstrdup (tag) : NULL; + vers_ts->date = date ? xstrdup (date) : NULL; } else if (!vers_ts->entdata && (sdtp && sdtp->aflag == 0)) { @@ -200,7 +200,7 @@ Version_TS (finfo, options, tag, date, f if (vers_ts->vn_rcs == NULL) vers_ts->vn_tag = NULL; else if (simple) - vers_ts->vn_tag = xstrdup (vers_ts->tag); + vers_ts->vn_tag = vers_ts->tag ? xstrdup (vers_ts->tag) : NULL; else vers_ts->vn_tag = xstrdup (vers_ts->vn_rcs); } From MAILER-DAEMON Thu May 11 13:36:31 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FeF5T-0000F9-NO for mharc-cvs-dev@gnu.org; Thu, 11 May 2006 13:36:31 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeF5S-0000Dq-Fr for cvs-dev@nongnu.org; Thu, 11 May 2006 13:36:30 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeF5P-0000C4-OI for cvs-dev@nongnu.org; Thu, 11 May 2006 13:36:29 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeF5P-0000C1-L2 for cvs-dev@nongnu.org; Thu, 11 May 2006 13:36:27 -0400 Received: from [168.144.1.52] (helo=xrelay01.mail2web.com) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FeF6v-0007Kb-1j; Thu, 11 May 2006 13:38:01 -0400 Received: from [168.144.251.132] (helo=M2W028.mail2web.com) by xrelay01.mail2web.com with smtp (Exim 4.50) id 1FeF5I-0003hm-Bk; Thu, 11 May 2006 13:36:22 -0400 Message-ID: <380-220065411173620467@M2W028.mail2web.com> X-Priority: 3 X-Originating-IP: 12.41.112.201 X-URL: http://mail2web.com/ Sender: scjones@jones.homeip.net From: "lawrence.jones@ugs.com" To: mdb@gnu.org, christos@zoulas.com (christos zoulas), hubertf@netbsd.org, wiz@netbsd.org, cvs-dev@nongnu.org Date: Thu, 11 May 2006 13:36:20 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Subject: RE: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD Cc: X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2006 17:36:30 -0000 Mark D=2E Baushke writes: > > I have addressed more of the Coverity bugs from run 22: I notice that many of the fixes are testing to be sure pointers are not null before dereferencing them=2E Those pointers should never be null -- if they are, it indicates something seriously wrong, either with the code or the RCS file data=2E A better fix might be adding assert()s to make such problems obvious rather than quietly continuing as if nothing were wrong=2E -Larry Jones -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web=2Ecom/ =2E From MAILER-DAEMON Thu May 11 14:00:46 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FeFSw-000129-LG for mharc-cvs-dev@gnu.org; Thu, 11 May 2006 14:00:46 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeFSv-00011a-DT for cvs-dev@nongnu.org; Thu, 11 May 2006 14:00:45 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeFSt-000115-Me for cvs-dev@nongnu.org; Thu, 11 May 2006 14:00:44 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeFSt-000112-Ct for cvs-dev@nongnu.org; Thu, 11 May 2006 14:00:43 -0400 Received: from [207.17.137.64] (helo=colo-dns-ext2.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FeFUR-00015u-QZ for cvs-dev@nongnu.org; Thu, 11 May 2006 14:02:20 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext2.juniper.net (8.12.3/8.12.3) with ESMTP id k4BI0d1Z031669; Thu, 11 May 2006 11:00:39 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4BI0d596050; Thu, 11 May 2006 11:00:39 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: "lawrence.jones@ugs.com" Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD In-Reply-To: <380-220065411173620467@M2W028.mail2web.com> References: <380-220065411173620467@M2W028.mail2web.com> Comments: In-reply-to: "lawrence.jones@ugs.com" message dated "Thu, 11 May 2006 13:36:20 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Thu, 11 May 2006 11:00:39 -0700 Message-ID: <81027.1147370439@juniper.net> Sender: mdb@juniper.net Cc: hubertf@netbsd.org, christos zoulas , wiz@netbsd.org, cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2006 18:00:45 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Larry, lawrence.jones@ugs.com writes: > Mark D. Baushke writes: > > > > I have addressed more of the Coverity bugs from run 22: >=20 > I notice that many of the fixes are testing to be sure pointers > are not null before dereferencing them. Those pointers should > never be null -- if they are, it indicates something seriously > wrong, either with the code or the RCS file data.=20=20 Either that, or that someone has sent garbage across the wire in the client/server protocol (i.e., see the changes to handle_mt()). Good point. > A better fix might be adding assert()s to make such problems obvious > rather than quietly continuing as if nothing were wrong. According to coverity, most of those fixes do really have a possible code path where the values could legitmately be NULL. In a few cases, the Coverity code is getting the idea that they could be NULL because a later check after the dereference was made to see if they were NULL before they were in a call to free(). I suppose an assert() before the free() might be more reasonable in those few cases. If you have particular places where you think I should be putting asserts(), please let me know. I'll bear the use of assert() in mind as I move through the rest of the problems that have been reported. Thanks, -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEY3vHCg7APGsDnFERAh6MAKC5uGThGsH3pKKoMf7aW6vnWsfIeACgnon2 nZLbTwB9jZhr725wGRVw9q8=3D =3D78EH =2D----END PGP SIGNATURE----- From MAILER-DAEMON Thu May 11 14:11:38 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FeFdS-0003Yk-Hw for mharc-cvs-dev@gnu.org; Thu, 11 May 2006 14:11:38 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeFdQ-0003Yf-Jm for cvs-dev@nongnu.org; Thu, 11 May 2006 14:11:36 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeFdO-0003YS-36 for cvs-dev@nongnu.org; Thu, 11 May 2006 14:11:35 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeFdN-0003YP-Ty for cvs-dev@nongnu.org; Thu, 11 May 2006 14:11:33 -0400 Received: from [168.144.1.52] (helo=xrelay01.mail2web.com) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FeFeu-0001rD-Tp; Thu, 11 May 2006 14:13:09 -0400 Received: from [168.144.251.186] (helo=M2W076.mail2web.com) by xrelay01.mail2web.com with smtp (Exim 4.50) id 1FeFdG-0006wB-8b; Thu, 11 May 2006 14:11:31 -0400 Message-ID: <380-220065411181126241@M2W076.mail2web.com> X-Priority: 3 X-Originating-IP: 12.41.112.201 X-URL: http://mail2web.com/ Sender: scjones@jones.homeip.net From: "lawrence.jones@ugs.com" To: mdb@gnu.org, christos@zoulas.com (christos zoulas), hubertf@netbsd.org, wiz@netbsd.org, cvs-dev@nongnu.org Date: Thu, 11 May 2006 14:11:26 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD Cc: X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2006 18:11:36 -0000 Mark D=2E Baushke writes: > > According to coverity, most of those fixes do really have a possible > code path where the values could legitmately be NULL=2E I find that hard to believe=2E Since dereferencing a null pointer will crash on most platforms, I would have thought we'd have noticed them by now if there was a legitimate case where they could be null=2E > In a few cases, the Coverity code is getting the idea that they could be= > NULL because a later check after the dereference was made to see if they= > were NULL before they were in a call to free()=2E I'd have made the opposite assumption, that the check before the free is redundant rather than that the lack of a prior check is dangerous=2E :-) > If you have particular places where you think I should be putting > asserts(), please let me know=2E I don't=2E I have unfortunately not had time to even look at the coverity results or more than glance at your fixes=2E :-( > I'll bear the use of assert() in mind as I move through the rest of the > problems that have been reported=2E Thanks=2E -Larry Jones -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web=2Ecom/ =2E From MAILER-DAEMON Thu May 11 14:35:31 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FeG0Z-0005YL-RC for mharc-cvs-dev@gnu.org; Thu, 11 May 2006 14:35:31 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeG0X-0005Xa-IS for cvs-dev@nongnu.org; Thu, 11 May 2006 14:35:29 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeG0W-0005Wz-Cy for cvs-dev@nongnu.org; Thu, 11 May 2006 14:35:29 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeG0W-0005Wo-8O for cvs-dev@nongnu.org; Thu, 11 May 2006 14:35:28 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FeG24-0004HP-Sp for cvs-dev@nongnu.org; Thu, 11 May 2006 14:37:05 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4BIZQX66396; Thu, 11 May 2006 11:35:26 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4BIZK503290; Thu, 11 May 2006 11:35:20 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: "lawrence.jones@ugs.com" Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD In-Reply-To: <380-220065411173620467@M2W028.mail2web.com> References: <380-220065411173620467@M2W028.mail2web.com> Comments: In-reply-to: "lawrence.jones@ugs.com" message dated "Thu, 11 May 2006 13:36:20 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Thu, 11 May 2006 11:35:20 -0700 Message-ID: <92698.1147372520@juniper.net> Sender: mdb@juniper.net Cc: hubertf@netbsd.org, christos zoulas , wiz@netbsd.org, cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2006 18:35:30 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Folks, I just noticed something when I put in some assert () statements instead of checking arguments to xstdup in my last change. The asserts started aborting the 'make check' regression tests. It seems that the mode Coverity is using for xstrdup() is from the NetBSD src/usr.bin/xlint/common/mem.c file: 84 char * 85 xstrdup(const char *s) 86 { 87 char *s2; 88=09 Event deref_parm_in_call: Dereferenced parameter "s" in the function "strdu= p" 89 if ((s2 =3D strdup(s)) =3D=3D NULL) 90 nomem(); 91 return (s2); 92 } This is NOT the same function provided by cvs 1.11.x in src/subr.c /* * Duplicate a string, calling xmalloc to allocate some dynamic space */ char * xstrdup (str) const char *str; { char *s; if (str =3D=3D NULL) return ((char *) NULL); s =3D xmalloc (strlen (str) + 1); (void) strcpy (s, str); return (s); } The interesting thing is that in cvs 1.12.x, the xstrdup () is the one =2D From GNULIB xmalloc.c which does NOT properly handle NULL (the one that properly handles a NULL argument is now called Xstrdup()). /* Clone an object P of size S, with error checking. There's no need for xnmemdup (P, N, S), since xmemdup (P, N * S) works without any need for an arithmetic overflow check. */ void * xmemdup (void const *p, size_t s) { return memcpy (xmalloc (s), p, s); } /* Clone STRING. */ char * xstrdup (char const *string) { return xmemdup (string, strlen (string) + 1); } So, many of my recent changes are protecting an xstrdup from a NULL argument that is not a problem in cvs 1.11.x in any case. However, it is not clear that the same holds true of the cvs 1.12.x merged code. -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEY4PoCg7APGsDnFERAnnoAJ9UH6mNS8cRW+P6FCeNiNQ6jlW0aQCeOwv/ I9lwYNMczSya7EKzRDMoO7U=3D =3DJu44 =2D----END PGP SIGNATURE----- From MAILER-DAEMON Fri May 12 08:23:38 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FeWgD-0000go-Rg for mharc-cvs-dev@gnu.org; Fri, 12 May 2006 08:23:37 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeFGf-0004H8-TF for cvs-dev@nongnu.org; Thu, 11 May 2006 13:48:06 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeFGe-0004Gm-9D for cvs-dev@nongnu.org; Thu, 11 May 2006 13:48:05 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeFGd-0004Ge-Vo for cvs-dev@nongnu.org; Thu, 11 May 2006 13:48:04 -0400 Received: from [38.117.134.202] (helo=rebar.astron.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FeFIC-0008EB-AF for cvs-dev@nongnu.org; Thu, 11 May 2006 13:49:40 -0400 Received: by rebar.astron.com (Postfix, from userid 10080) id 536F556534; Thu, 11 May 2006 17:48:01 +0000 (UTC) From: christos@zoulas.com (Christos Zoulas) Date: Thu, 11 May 2006 13:48:01 -0400 In-Reply-To: <67659.1147368346@juniper.net> from "Mark D. Baushke" (May 11, 10:25am) Organization: Astron Software X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103) To: "Mark D. Baushke" Message-Id: <20060511174801.536F556534@rebar.astron.com> X-Mailman-Approved-At: Fri, 12 May 2006 08:23:36 -0400 Cc: Hubert Feyrer , Thomas Klausner , CVS Development Subject: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 May 2006 17:48:06 -0000 On May 11, 10:25am, mdb@gnu.org ("Mark D. Baushke") wrote: -- Subject: Re: Result of CVS Coverity scan, via NetBSD | Hi Christos, | | I have addressed more of the Coverity bugs from run 22: | | CID Checker Status | 632 DEADCODE FALSE | 924 FORWARD_NULL BUG | 994 FORWARD_NULL BUG | 995 FORWARD_NULL BUG | 996 FORWARD_NULL BUG | 997 FORWARD_NULL BUG | 1053 FORWARD_NULL BUG | 1054 FORWARD_NULL BUG | 1055 FORWARD_NULL BUG | 1056 FORWARD_NULL FALSE | 1057 FORWARD_NULL IGNORE | 2427 REVERSE_NULL BUG | 2428 REVERSE_NULL BUG | | All of CIDs 994, 995, 1055 and 1057 were fixed by the patch to the | Entnode_Create function in entries.c rather than in the location where | the error was reported. | | I have applied this fix to both the cvs-1.11.x (STABLE) and cvs-1.12.x | (FEATURE) branches in the main cvs repository. The following patch is | against the :pserver:anoncvs@anoncvs.netbsd.org:/cvsroot | src/gnu/dist/xcvs/src top-of-tree sources. | | I will continue to work through the list of remaining problems as time | permits. | | None of these fixes appear to have any security implications. Thanks! christos From MAILER-DAEMON Fri May 12 09:09:57 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FeXP3-0005Y2-HJ for mharc-cvs-dev@gnu.org; Fri, 12 May 2006 09:09:57 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeXP1-0005Wp-Sn for cvs-dev@nongnu.org; Fri, 12 May 2006 09:09:55 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeXP0-0005Ua-4g for cvs-dev@nongnu.org; Fri, 12 May 2006 09:09:55 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeXOz-0005UH-VT for cvs-dev@nongnu.org; Fri, 12 May 2006 09:09:54 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FeXQk-000404-0M for cvs-dev@nongnu.org; Fri, 12 May 2006 09:11:42 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4CD9qX78063; Fri, 12 May 2006 06:09:52 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4CD9k560532; Fri, 12 May 2006 06:09:46 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: christos@zoulas.com (Christos Zoulas) Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD In-Reply-To: <20060511174801.536F556534@rebar.astron.com> References: <20060511174801.536F556534@rebar.astron.com> Comments: In-reply-to: christos@zoulas.com (Christos Zoulas) message dated "Thu, 11 May 2006 13:48:01 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Fri, 12 May 2006 06:09:46 -0700 Message-ID: <53727.1147439386@juniper.net> Sender: mdb@juniper.net Cc: Hubert Feyrer , Thomas Klausner , CVS Development X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 13:09:56 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christos, Is it possible for the Coverity folks to re-run the checks for xcvs, but for them to use the correct model for xstrdup (the one from the src/subr.c file) rather than the one from src/usr.bin/xlint/common/mem.c which it somehow believes is correct?=20 Many of these CIDs are actually false positivies due to xcvs using a version of xstrdup that handles a NULL argument without dereferencing it. -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEZIkaCg7APGsDnFERAmzjAJ9UDFWXYWAXLEJZH4cmwdHQOZTWJACdF4ld 7nNh0WtDOeB/3zIPo3kIepw=3D =3DtcgH =2D----END PGP SIGNATURE----- From MAILER-DAEMON Fri May 12 09:35:29 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FeXnk-0000HD-Lw for mharc-cvs-dev@gnu.org; Fri, 12 May 2006 09:35:28 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeXnh-0000FZ-Hw for cvs-dev@nongnu.org; Fri, 12 May 2006 09:35:25 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeXnf-0000Ea-Pp for cvs-dev@nongnu.org; Fri, 12 May 2006 09:35:25 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeXnf-0000EI-2D for cvs-dev@nongnu.org; Fri, 12 May 2006 09:35:23 -0400 Received: from [207.17.137.64] (helo=colo-dns-ext2.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FeXpP-0006Qh-5k for cvs-dev@nongnu.org; Fri, 12 May 2006 09:37:11 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext2.juniper.net (8.12.3/8.12.3) with ESMTP id k4CDZJ1Z041080; Fri, 12 May 2006 06:35:20 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4CDZJ563925; Fri, 12 May 2006 06:35:19 -0700 (PDT) (envelope-from mdb@juniper.net) To: christos@zoulas.com (Christos Zoulas) From: "Mark D. Baushke" Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD In-Reply-To: <20060512131637.8B0B556534@rebar.astron.com> References: <20060512131637.8B0B556534@rebar.astron.com> Comments: In-reply-to: christos@zoulas.com (Christos Zoulas) message dated "Fri, 12 May 2006 09:16:37 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Fri, 12 May 2006 06:35:19 -0700 Message-ID: <54437.1147440919@juniper.net> Sender: mdb@juniper.net Cc: Hubert Feyrer , Thomas Klausner , CVS Development X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 13:35:26 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christos, Would it make sense to modify src/gnu/usr.bin/cvs/include/config.h so that it does a /* Functions defined in src/gnu/dist/xcvs/src/subr.c */ #define xasprintf cvs_xasprintf #define xmalloc cvs_xmalloc #define xrealloc cvs_xrealloc #define xstrdup cvs_xstrdup or, does the coverity model processing not handle macro processing correctly? For what it is worth, I have not finished going through all of the run 22 reported problems. I know that there is at least a few more that are 'real' bugs (cid-1058 and cid-1061 are both such). Given that our xstrdup() is safe, I will probably be considering reverting the=20 var =3D str ? xstrdup (str) : NULL; changes back into var =3D xstrdup (str); in the CVS STABLE and CVS FEATURE source bases. (It turns out that CVS FEATURE uses Xstrdup to do the NULL check before calling the real xstrdup () function, but has a '#define xstrdup Xstrdup' to hide it.) -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEZI8XCg7APGsDnFERAllDAJ9oF3OCzGoyJgY/IuBwqGFBUiCo/ACeOxBS +ghUiwcNiRrUOM1gJmf1FDQ=3D =3Dy5N2 =2D----END PGP SIGNATURE----- From MAILER-DAEMON Fri May 12 11:18:49 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FeZPl-0005C0-3g for mharc-cvs-dev@gnu.org; Fri, 12 May 2006 11:18:49 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeZPj-0005AC-4j for cvs-dev@nongnu.org; Fri, 12 May 2006 11:18:47 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeZPh-00057t-EL for cvs-dev@nongnu.org; Fri, 12 May 2006 11:18:45 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeZPh-00057m-Bp for cvs-dev@nongnu.org; Fri, 12 May 2006 11:18:45 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FeZRS-0008If-4B for cvs-dev@nongnu.org; Fri, 12 May 2006 11:20:34 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4CFIhX80062; Fri, 12 May 2006 08:18:43 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4CFIb579250; Fri, 12 May 2006 08:18:37 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: christos@zoulas.com (Christos Zoulas) Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD In-Reply-To: <20060512141217.0C03656534@rebar.astron.com> References: <20060512141217.0C03656534@rebar.astron.com> Comments: In-reply-to: christos@zoulas.com (Christos Zoulas) message dated "Fri, 12 May 2006 10:12:16 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU Sender: mdb@juniper.net Cc: Hubert Feyrer , Thomas Klausner , CVS Development X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 15:18:47 -0000 Hi Christos, Christos Zoulas writes: > On May 12, 6:35am, mdb@gnu.org ("Mark D. Baushke") wrote: > -- Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD > > | Would it make sense to modify src/gnu/usr.bin/cvs/include/config.h > | so that it does a > | > | /* Functions defined in src/gnu/dist/xcvs/src/subr.c */ > | #define xasprintf cvs_xasprintf > | #define xmalloc cvs_xmalloc > | #define xrealloc cvs_xrealloc > | #define xstrdup cvs_xstrdup > | > | or, does the coverity model processing not handle macro processing > | correctly? > > It does, and it will work properly [provided it compiles :-)] You might give it a try and see if it works for you. > | For what it is worth, I have not finished going through all of the run > | 22 reported problems. I know that there is at least a few more that are > | 'real' bugs (cid-1058 and cid-1061 are both such). > | > | Given that our xstrdup() is safe, I will probably be considering reverting > | the=20 > | > | var = str ? xstrdup (str) : NULL; > | > | changes back into > | > | var = xstrdup (str); > > Yes, we should revert the changes. Agreed. The patch below reverts those changes and adds a few asserts to deal with the other cases. I have committed it to the CVS STABLE branch (1.11.x). > | in the CVS STABLE and CVS FEATURE source bases. (It turns out that CVS > | FEATURE uses Xstrdup to do the NULL check before calling the real > | xstrdup () function, but has a '#define xstrdup Xstrdup' to hide it.) > > Ouch, pre-processor macro hell... Indeed. -- Mark Index: ChangeLog =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/ChangeLog,v retrieving revision 1.2 diff -u -p -r1.2 ChangeLog --- ChangeLog 4 May 2006 15:39:34 -0000 1.2 +++ ChangeLog 12 May 2006 14:28:53 -0000 @@ -1,18 +1,67 @@ +2006-05-12 Mark D. Baushke + + * rcs.c (RCS_isdead): Assert that the first argument is not NULL. + [Fixes NetBSD cid-1058.] + + * commit.c (checkaddfile): Do not dereference NULL on call to + error(). + [Fixes NetBSD cid-1061.] + + * log.c (cvslog): Assert p->start && p->end instead of masking the + problem. + * server.c (server_updated): Assert findnode_fn results instead of + masking the problem. + + * add.c (add_directory): Revert previous change. The xstrdup() + function already deals a NULL argument. + * client.c (handle_mt): Ditto. + * entries.c (Entnode_Create): Ditto. + (Entries_Open): Ditto. + * logmsg.c (fmt_proc): Ditto. + * vers_ts.c (Version_TS): Ditto. + +2006-05-11 Mark D. Baushke + + * add.c (add_directory): Protect tag from NULL dereference. + [Fixes NetBSD cid-1054.] + + * client.c (handle_mt): Deal with missing text argument. + [Fixes NetBSD cid-924.] + + * entries.c (Entnode_Create): Protect date, tag and ts_conflict + from possible NULL dereference. + [Fixes NetBSD coverity cid-994, cid-995, cid-1055, cid-1057.] + + * entries.c (Entries_Open): Protect dirtag and dirdate from + possible NULL dereference. + [Fixes NetBSD coverity cid-996.] + + * log.c (cvslog): Validate start and end args to + date_to_internet(). + [Fixes NetBSD coverity cid-2427 and cid-2428.] + + * logmsg.c (fmt_proc): Protect li->tag from NULL dereference. + [Fixes NetBSD coverity cid-997.] + + * vers_ts.c (Version_TS): Protect tag and vers_ts->tag from NULL + dereference. + [Fixes NetBSD coverity cid-1053.] + 2006-05-04 Mark D. Baushke - * filesubr.c (cvs_temp_file): Avoid keeping pointers to free()'d - storage laying around. - * commit.c (commit): Handle possible NULL filename values - returned from cvs_temp_file(). - * filesubr.c (cvs_temp_name): Ditto. - * import.c (import): Ditto. - * login.c (password_entry_operation): Ditto. - * logmsg.c (do_verify): Ditto. - * patch.c (patch_fileproc): Ditto. - [Fixes NetBSD coverity cid-2545.] + * filesubr.c (cvs_temp_file): Avoid keeping pointers to free()'d + storage laying around. + * commit.c (commit): Handle possible NULL filename values + returned from cvs_temp_file(). + * filesubr.c (cvs_temp_name): Ditto. + * import.c (import): Ditto. + * login.c (password_entry_operation): Ditto. + * logmsg.c (do_verify): Ditto. + * patch.c (patch_fileproc): Ditto. + [Fixes NetBSD coverity cid-2545.] - * buffer.c (packetizing_buffer_output): Initialize outdata. - [Fixes NetBSD coverity cid-2474.] + * buffer.c (packetizing_buffer_output): Initialize outdata. + [Fixes NetBSD coverity cid-2474.] * server.c (server_updated): Fix NetBSD coverity cid-1352 NetBSD-sparc64 of 2006-May-02 03:02:46. Index: add.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/add.c,v retrieving revision 1.2 diff -u -p -r1.2 add.c --- add.c 11 May 2006 17:47:49 -0000 1.2 +++ add.c 12 May 2006 14:28:53 -0000 @@ -852,7 +852,7 @@ add_directory (finfo) p->key = xstrdup ("- New directory"); li = (struct logfile_info *) xmalloc (sizeof (struct logfile_info)); li->type = T_TITLE; - li->tag = tag ? xstrdup (tag) : NULL; + li->tag = xstrdup (tag); li->rev_old = li->rev_new = NULL; p->data = li; (void) addnode (ulist, p); Index: client.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/client.c,v retrieving revision 1.4 diff -u -p -r1.4 client.c --- client.c 11 May 2006 17:47:49 -0000 1.4 +++ client.c 12 May 2006 14:28:54 -0000 @@ -3277,7 +3277,7 @@ handle_mt (args, len) cvs_output ("\n", 1); free (updated_fname); } - updated_fname = text ? xstrdup (text) : NULL; + updated_fname = xstrdup (text); } /* Swallow all other tags. Either they are extraneous or they reflect future extensions that we can @@ -3288,11 +3288,11 @@ handle_mt (args, len) if (strcmp (tag, "conflicts") == 0) importmergecmd.conflicts = text ? atoi (text) : -1; else if (strcmp (tag, "mergetag1") == 0) - importmergecmd.mergetag1 = text ? xstrdup (text) : NULL; + importmergecmd.mergetag1 = xstrdup (text); else if (strcmp (tag, "mergetag2") == 0) - importmergecmd.mergetag2 = text ? xstrdup (text) : NULL; + importmergecmd.mergetag2 = xstrdup (text); else if (strcmp (tag, "repository") == 0) - importmergecmd.repository = text ? xstrdup (text) : NULL; + importmergecmd.repository = xstrdup (text); /* Swallow all other tags. Either they are text for which we are going to print our own version when we see -importmergecmd, or they are future extensions Index: commit.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/commit.c,v retrieving revision 1.3 diff -u -p -r1.3 commit.c --- commit.c 4 May 2006 15:39:34 -0000 1.3 +++ commit.c 12 May 2006 14:28:54 -0000 @@ -2127,7 +2127,7 @@ checkaddfile (file, repository, tag, opt rcs = RCS_parse (file, repository); if (rcs == NULL) { - error (0, 0, "could not read %s", rcs->path); + error (0, 0, "could not read %s in %s", file, repository); goto out; } *rcsnode = rcs; Index: entries.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/entries.c,v retrieving revision 1.3 diff -u -p -r1.3 entries.c --- entries.c 11 May 2006 17:47:49 -0000 1.3 +++ entries.c 12 May 2006 14:28:54 -0000 @@ -59,9 +59,9 @@ Entnode_Create(type, user, vn, ts, optio ent->version = xstrdup (vn); ent->timestamp = xstrdup (ts ? ts : ""); ent->options = xstrdup (options ? options : ""); - ent->tag = tag ? xstrdup (tag) : NULL; - ent->date = date ? xstrdup (date) : NULL; - ent->conflict = ts_conflict ? xstrdup (ts_conflict) : NULL; + ent->tag = xstrdup (tag); + ent->date = xstrdup (date); + ent->conflict = xstrdup (ts_conflict); return ent; } @@ -491,8 +491,8 @@ Entries_Open (aflag, update_dir) sdtp = (struct stickydirtag *) xmalloc (sizeof (*sdtp)); memset ((char *) sdtp, 0, sizeof (*sdtp)); sdtp->aflag = aflag; - sdtp->tag = dirtag ? xstrdup (dirtag) : NULL; - sdtp->date = dirdate ? xstrdup (dirdate) : NULL; + sdtp->tag = xstrdup (dirtag); + sdtp->date = xstrdup (dirdate); sdtp->nonbranch = dirnonbranch; /* feed it into the list-private area */ Index: log.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/log.c,v retrieving revision 1.2 diff -u -p -r1.2 log.c --- log.c 11 May 2006 17:47:49 -0000 1.2 +++ log.c 12 May 2006 14:28:54 -0000 @@ -316,39 +316,33 @@ cvslog (argc, argv) { p = log_data.datelist; log_data.datelist = p->next; - if (p->start != NULL && p->end != NULL) - { - send_to_server ("Argument -d\012", 0); - send_to_server ("Argument ", 0); - date_to_internet (datetmp, p->start); - send_to_server (datetmp, 0); - if (p->inclusive) - send_to_server ("<=", 0); - else - send_to_server ("<", 0); - date_to_internet (datetmp, p->end); - send_to_server (datetmp, 0); - send_to_server ("\012", 0); - } - if (p->start) - free (p->start); - if (p->end) - free (p->end); + assert (p->start != NULL && p->end != NULL); + send_to_server ("Argument -d\012", 0); + send_to_server ("Argument ", 0); + date_to_internet (datetmp, p->start); + send_to_server (datetmp, 0); + if (p->inclusive) + send_to_server ("<=", 0); + else + send_to_server ("<", 0); + date_to_internet (datetmp, p->end); + send_to_server (datetmp, 0); + send_to_server ("\012", 0); + free (p->start); + free (p->end); free (p); } while (log_data.singledatelist != NULL) { p = log_data.singledatelist; log_data.singledatelist = p->next; - if (p->end) - { - send_to_server ("Argument -d\012", 0); - send_to_server ("Argument ", 0); - date_to_internet (datetmp, p->end); - send_to_server (datetmp, 0); - send_to_server ("\012", 0); - free (p->end); - } + assert (p->end != NULL); + send_to_server ("Argument -d\012", 0); + send_to_server ("Argument ", 0); + date_to_internet (datetmp, p->end); + send_to_server (datetmp, 0); + send_to_server ("\012", 0); + free (p->end); free (p); } Index: logmsg.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/logmsg.c,v retrieving revision 1.4 diff -u -p -r1.4 logmsg.c --- logmsg.c 11 May 2006 17:47:49 -0000 1.4 +++ logmsg.c 12 May 2006 14:28:54 -0000 @@ -155,7 +155,7 @@ fmt_proc (p, closure) if (tag != NULL) free (tag); - tag = li->tag ? xstrdup (li->tag) : NULL; + tag = xstrdup (li->tag); /* Force a new line. */ col = 70; Index: rcs.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/rcs.c,v retrieving revision 1.2 diff -u -p -r1.2 rcs.c --- rcs.c 4 Feb 2006 16:29:56 -0000 1.2 +++ rcs.c 12 May 2006 14:28:54 -0000 @@ -3487,6 +3487,8 @@ RCS_isdead (rcs, tag) Node *p; RCSVers *version; + assert (rcs != NULL); + if (rcs->flags & PARTIAL) RCS_reparsercsfile (rcs, (FILE **) NULL, (struct rcsbuffer *) NULL); Index: server.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/server.c,v retrieving revision 1.4 diff -u -p -r1.4 server.c --- server.c 4 May 2006 15:39:34 -0000 1.4 +++ server.c 12 May 2006 14:28:54 -0000 @@ -4235,6 +4235,7 @@ CVS server internal error: no mode in se in case we end up processing it again (e.g. modules3-6 in the testsuite). */ node = findnode_fn (finfo->entries, finfo->file); + assert (node != NULL); if (node != NULL) { Entnode *entnode = node->data; Index: vers_ts.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/vers_ts.c,v retrieving revision 1.2 diff -u -p -r1.2 vers_ts.c --- vers_ts.c 11 May 2006 17:47:49 -0000 1.2 +++ vers_ts.c 12 May 2006 14:28:54 -0000 @@ -155,8 +155,8 @@ Version_TS (finfo, options, tag, date, f */ if (tag || date) { - vers_ts->tag = tag ? xstrdup (tag) : NULL; - vers_ts->date = date ? xstrdup (date) : NULL; + vers_ts->tag = xstrdup (tag); + vers_ts->date = xstrdup (date); } else if (!vers_ts->entdata && (sdtp && sdtp->aflag == 0)) { @@ -200,7 +200,7 @@ Version_TS (finfo, options, tag, date, f if (vers_ts->vn_rcs == NULL) vers_ts->vn_tag = NULL; else if (simple) - vers_ts->vn_tag = vers_ts->tag ? xstrdup (vers_ts->tag) : NULL; + vers_ts->vn_tag = xstrdup (vers_ts->tag); else vers_ts->vn_tag = xstrdup (vers_ts->vn_rcs); } From MAILER-DAEMON Fri May 12 13:26:23 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FebPD-0003sp-3P for mharc-cvs-dev@gnu.org; Fri, 12 May 2006 13:26:23 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FebPC-0003sO-73 for cvs-dev@nongnu.org; Fri, 12 May 2006 13:26:22 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FebPA-0003s1-Aw for cvs-dev@nongnu.org; Fri, 12 May 2006 13:26:21 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FebPA-0003ru-5u for cvs-dev@nongnu.org; Fri, 12 May 2006 13:26:20 -0400 Received: from [146.122.22.36] (helo=uscimgate001.ugs.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FebQw-0004u2-I8 for cvs-dev@nongnu.org; Fri, 12 May 2006 13:28:10 -0400 Received: from sunlist.sdrc.com ([146.122.142.20]) by uscimgate001.ugs.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 12 May 2006 13:26:18 -0400 Received: from thor.net.plm.eds.com (thor.net.plm.eds.com [146.122.201.250]) by sunlist.sdrc.com (8.11.6+Sun/8.11.6) with ESMTP id k4CHQHr06182; Fri, 12 May 2006 13:26:17 -0400 (EDT) Received: (from scjones@localhost) by thor.net.plm.eds.com (8.11.6/8.10.1) id k4CHQGe26626; Fri, 12 May 2006 13:26:16 -0400 (EDT) Message-Id: <200605121726.k4CHQGe26626@thor.net.plm.eds.com> Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD To: mdb@gnu.org (Mark D. Baushke) Date: Fri, 12 May 2006 13:26:16 -0400 (EDT) In-Reply-To: <81027.1147370439@juniper.net> from "Mark D. Baushke" at May 11, 2006 11:00:39 AM From: lawrence.jones@ugs.com (Larry Jones) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 12 May 2006 17:26:18.0389 (UTC) FILETIME=[2DDC7450:01C675E9] Cc: hubertf@netbsd.org, christos zoulas , wiz@netbsd.org, cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 17:26:22 -0000 Mark D. Baushke writes: > > Either that, or that someone has sent garbage across the wire in the > client/server protocol (i.e., see the changes to handle_mt()). Hmmm, I hadn't thought about that. For those cases, it would probably be better to issue a fatal error() rather than calling assert() since it's the client that's screwed up, not the server. -Larry Jones Philistines. -- Calvin From MAILER-DAEMON Fri May 12 17:45:17 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FefRl-000209-BB for mharc-cvs-dev@gnu.org; Fri, 12 May 2006 17:45:17 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FefRj-0001zH-Qt for cvs-dev@nongnu.org; Fri, 12 May 2006 17:45:15 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FefRi-0001yx-0Q for cvs-dev@nongnu.org; Fri, 12 May 2006 17:45:15 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FefRh-0001yu-PC for cvs-dev@nongnu.org; Fri, 12 May 2006 17:45:13 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FefTW-0003tk-7Q for cvs-dev@nongnu.org; Fri, 12 May 2006 17:47:06 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4CLjBX91866; Fri, 12 May 2006 14:45:11 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4CLj2561387; Fri, 12 May 2006 14:45:02 -0700 (PDT) (envelope-from mdb@juniper.net) To: christos@zoulas.com (Christos Zoulas) Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD In-Reply-To: <20060512154552.833C356534@rebar.astron.com> References: <20060512154552.833C356534@rebar.astron.com> Comments: In-reply-to: christos@zoulas.com (Christos Zoulas) message dated "Fri, 12 May 2006 11:45:52 -0400." From: "Mark D. Baushke" X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU Sender: mdb@juniper.net Cc: Hubert Feyrer , Thomas Klausner , CVS Development X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 21:45:16 -0000 Hi Christos, Here is the fourth installment in our series of fixes to NetBSD xcvs. [Should I just ignore the ChangeLog patches? You don't seem to be applying them...] I have applied this patch to CVS STABLE. I am doing a check before installing the same patch into the CVS FEATURE branch. Enjoy! -- Mark Log message: * log.c (log_expand_revlist): Add assert (r->first). It should only be possible for both r->first == NULL && r->last == NULL which would have been handled. [Fixes NetBSD coverity cid-1063.] * server.c (do_cvs_command): Protect close (dev_null_fd) against invalid fd value in error_exit. [Fixes NetBSD coverity cid-1307.] Index: ChangeLog =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/ChangeLog,v retrieving revision 1.2 diff -u -p -r1.2 ChangeLog --- ChangeLog 4 May 2006 15:39:34 -0000 1.2 +++ ChangeLog 12 May 2006 21:38:24 -0000 @@ -1,18 +1,76 @@ +2006-05-12 Mark D. Baushke + + * log.c (log_expand_revlist): Add assert (r->first). It should + only be possible for both r->first == NULL && r->last == NULL + which would have been handled. + [Fixes NetBSD coverity cid-1063.] + + * server.c (do_cvs_command): Protect close (dev_null_fd) against + invalid fd value in error_exit. + [Fixes NetBSD coverity cid-1307.] + + * rcs.c (RCS_isdead): Assert that the first argument is not NULL. + [Fixes NetBSD coverity cid-1058.] + + * commit.c (checkaddfile): Do not dereference NULL on call to + error(). + [Fixes NetBSD coverity cid-1061.] + + * log.c (cvslog): Assert p->start && p->end instead of masking the + problem. + * server.c (server_updated): Assert findnode_fn results instead of + masking the problem. + + * add.c (add_directory): Revert previous change. The xstrdup() + function already deals a NULL argument. + * client.c (handle_mt): Ditto. + * entries.c (Entnode_Create): Ditto. + (Entries_Open): Ditto. + * logmsg.c (fmt_proc): Ditto. + * vers_ts.c (Version_TS): Ditto. + +2006-05-11 Mark D. Baushke + + * add.c (add_directory): Protect tag from NULL dereference. + [Fixes NetBSD cid-1054.] + + * client.c (handle_mt): Deal with missing text argument. + [Fixes NetBSD cid-924.] + + * entries.c (Entnode_Create): Protect date, tag and ts_conflict + from possible NULL dereference. + [Fixes NetBSD coverity cid-994, cid-995, cid-1055, cid-1057.] + + * entries.c (Entries_Open): Protect dirtag and dirdate from + possible NULL dereference. + [Fixes NetBSD coverity cid-996.] + + * log.c (cvslog): Validate start and end args to + date_to_internet(). + [Fixes NetBSD coverity cid-2427 and cid-2428.] + + * logmsg.c (fmt_proc): Protect li->tag from NULL dereference. + [Fixes NetBSD coverity cid-997.] + + * vers_ts.c (Version_TS): Protect tag and vers_ts->tag from NULL + dereference. + [Fixes NetBSD coverity cid-1053.] + 2006-05-04 Mark D. Baushke - * filesubr.c (cvs_temp_file): Avoid keeping pointers to free()'d - storage laying around. - * commit.c (commit): Handle possible NULL filename values - returned from cvs_temp_file(). - * filesubr.c (cvs_temp_name): Ditto. - * import.c (import): Ditto. - * login.c (password_entry_operation): Ditto. - * logmsg.c (do_verify): Ditto. - * patch.c (patch_fileproc): Ditto. - [Fixes NetBSD coverity cid-2545.] + * filesubr.c (cvs_temp_file): Avoid keeping pointers to free()'d + storage laying around. + * commit.c (commit): Handle possible NULL filename values + returned from cvs_temp_file(). + * filesubr.c (cvs_temp_name): Ditto. + * import.c (import): Ditto. + * login.c (password_entry_operation): Ditto. + * logmsg.c (do_verify): Ditto. + * patch.c (patch_fileproc): Ditto. + [Fixes NetBSD coverity cid-2545.] - * buffer.c (packetizing_buffer_output): Initialize outdata. - [Fixes NetBSD coverity cid-2474.] + * buffer.c (packetizing_buffer_output): Initialize outdata. + [Fixes NetBSD coverity cid-2474.] * server.c (server_updated): Fix NetBSD coverity cid-1352 NetBSD-sparc64 of 2006-May-02 03:02:46. Index: log.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/log.c,v retrieving revision 1.3 diff -u -p -r1.3 log.c --- log.c 12 May 2006 15:33:17 -0000 1.3 +++ log.c 12 May 2006 21:38:24 -0000 @@ -1092,6 +1092,8 @@ log_expand_revlist (rcs, baserev, revlis { char *branch; + assert (r->first != NULL); + /* Print just the head of the branch. */ if (isdigit ((unsigned char) r->first[0])) nr->first = RCS_getbranch (rcs, r->first, 1); Index: server.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/server.c,v retrieving revision 1.5 diff -u -p -r1.5 server.c --- server.c 12 May 2006 15:33:18 -0000 1.5 +++ server.c 12 May 2006 21:38:24 -0000 @@ -3041,6 +3041,7 @@ error \n"); { buf_output0 (buf_to_net, "E close failed\n"); print_error (errno); + dev_null_fd = -1; /* Do not try to close it again. */ goto error_exit; } dev_null_fd = -1; @@ -3378,7 +3379,8 @@ E CVS locks may need cleaning up.\n"); command_pid = -1; } - close (dev_null_fd); + if (dev_null_fd >= 0) + close (dev_null_fd); close (protocol_pipe[0]); close (protocol_pipe[1]); close (stderr_pipe[0]); From MAILER-DAEMON Sat May 13 15:55:56 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Ff0DU-0003Qs-Gn for mharc-cvs-dev@gnu.org; Sat, 13 May 2006 15:55:56 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Ff0DS-0003QB-Et for cvs-dev@nongnu.org; Sat, 13 May 2006 15:55:54 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Ff0DR-0003Pk-PJ for cvs-dev@nongnu.org; Sat, 13 May 2006 15:55:54 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Ff0DR-0003Pg-L7 for cvs-dev@nongnu.org; Sat, 13 May 2006 15:55:53 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1Ff0FT-0004y2-0l for cvs-dev@nongnu.org; Sat, 13 May 2006 15:57:59 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4DJtpX01169 for ; Sat, 13 May 2006 12:55:51 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4DJti590211; Sat, 13 May 2006 12:55:44 -0700 (PDT) (envelope-from mdb@juniper.net) To: CVS Development From: "Mark D. Baushke" X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU Date: Sat, 13 May 2006 12:55:44 -0700 Message-ID: <67713.1147550144@juniper.net> Sender: mdb@juniper.net Subject: [Cvs-dev] windows-NT/config.h.in.in changes for CVS FEATURE 1.12.x X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 19:55:54 -0000 "Derek R. Price" wrote: > Mark D. Baushke wrote: > > The windows-NT/config.h.in.in file seems to be missing some of the stuff > > you recently added... > > > > ../config.h.in line 55 has #undef DEFAULT_SIGN_TEMPLATE not found in ./config.h.in.in > > ../config.h.in line 60 has #undef DEFAULT_SIGN_TEXTMODE not found in ./config.h.in.in > > ../config.h.in line 67 has #undef DEFAULT_VERIFY_TEMPLATE not found in ./config.h.in.in > > ../config.h.in line 121 has #undef FULL_PATH_INTTYPES_H not found in ./config.h.in.in > > ../config.h.in line 299 has #undef HAVE_DECL_STRTOIMAX not found in ./config.h.in.in > > ../config.h.in line 303 has #undef HAVE_DECL_STRTOLL not found in ./config.h.in.in > > ../config.h.in line 307 has #undef HAVE_DECL_STRTOULL not found in ./config.h.in.in > > ../config.h.in line 311 has #undef HAVE_DECL_STRTOUMAX not found in ./config.h.in.in > > ../config.h.in line 427 has #undef HAVE_INCLUDE_NEXT not found in ./config.h.in.in > > ../config.h.in line 565 has #undef HAVE_NETDB_H not found in ./config.h.in.in > > ../config.h.in line 576 has #undef HAVE_OPENPGP not found in ./config.h.in.in > > ../config.h.in line 707 has #undef HAVE_STRTOIMAX not found in ./config.h.in.in > > ../config.h.in line 713 has #undef HAVE_STRTOLL not found in ./config.h.in.in > > ../config.h.in line 719 has #undef HAVE_STRTOULL not found in ./config.h.in.in > > ../config.h.in line 722 has #undef HAVE_STRTOUMAX not found in ./config.h.in.in > > ../config.h.in line 747 has #undef HAVE_SYS_BITYPES_H not found in ./config.h.in.in > > ../config.h.in line 779 has #undef HAVE_SYS_SOCKET_H not found in ./config.h.in.in > > ../config.h.in line 887 has #undef HAVE_WINSOCK2_H not found in ./config.h.in.in > > ../config.h.in line 908 has #undef HAVE_WS2TCPIP_H not found in ./config.h.in.in > > > > I suspect that building on the windows platform will be easier if > > those things are properly defined, but I have no ideas as to the > > correct values for them. > > Yes, but I have no idea about correct values either. Conrad's dealt > with it the last few releases. I believe, based on earlier > discussions with Conrad, that if Jim installs Perl on Windows he can > rebuild windows-NT/config.h.in himself and generate the same list of > warnings to give him some idea of what values he needs to figure out > how to define.. Opening up the discussion for other folks who might have windows development experience. As you know, the windows build of 1.12.x is broken at present. It would probably be good to get it working again if possible. I suspect that you will want to have two separate configurations: 1) Where there is no OpenPGP available to the client. 2) Where either PGP or GnuPG is installed on the windows box. Some information that may be useful: DEFAULT_SIGN_TEMPLATE - undef unless OpenPGP exists DEFAULT_SIGN_TEXTMODE - undef unless OpenPGP exists DEFAULT_VERIFY_TEMPLATE - undef unless OpenPGP exists FULL_PATH_INTTYPES_H is C99 and not part of Windows C++ HAVE_DECL_STRTOIMAX HAVE_DECL_STRTOLL HAVE_DECL_STRTOULL HAVE_DECL_STRTOUMAX HAVE_INCLUDE_NEXT - gcc extension not available on Windows HAVE_NETDB_H - use for these structures HAVE_OPENPGP - assume PGP and GPG are not available? HAVE_STRTOIMAX HAVE_STRTOLL HAVE_STRTOULL HAVE_STRTOUMAX HAVE_SYS_BITYPES_H - I doubt it exists HAVE_SYS_SOCKET_H - I doubt it exists HAVE_WINSOCK2_H - seems to exist according to microsoft.com HAVE_WS2TCPIP_H - seems to exist according to microsoft.com If any of the other C99 functions exist, then define them, or let the GNULIB variant do its job if you do not define them. -- Mark Doing a side-by-side comparison of ccvs/config.h.in and windows-NT/config.h.in.in, I suspect the following patch is desirable. If anyone has the ability to test it, that would be great. Index: config.h.in.in =================================================================== RCS file: /cvsroot/cvs/ccvs/windows-NT/config.h.in.in,v retrieving revision 1.43 diff -u -p -u -p -r1.43 config.h.in.in --- config.h.in.in 1 Jan 2006 00:34:27 -0000 1.43 +++ config.h.in.in 13 May 2006 19:49:41 -0000 @@ -53,6 +53,25 @@ /* Define to 1 if using `alloca.c'. */ #undef C_ALLOCA +/* Define to a command line template that will write an OpenPGP signature for + the file `%s' to its standard out. `%M' is substituted at run time with an + option which flags files as text files, when necessary, and the empty + string, otherwise. `%@' is substituted with a list of arguments provided by + the user. */ +#undef DEFAULT_SIGN_TEMPLATE + +/* Define to the option string that the OpenPGP program used in the + DEFAULT_SIGN_TEMPLATE would like to see for text files (substituted at run + time in place of `%M' in the DEFAULT_SIGN_TEMPLATE). */ +#undef DEFAULT_SIGN_TEXTMODE + +/* Define to a command line template that will read an OpenPGP signature from + the file `%s' and use it to verify the integrity of the file `%d'. `%M' is + substituted at run time with an option which flags files as text files, + when necessary, and the empty string, otherwise. `%@' is substituted with a + list of arguments provided by the user. */ +#undef DEFAULT_VERIFY_TEMPLATE + /* Define if there is a member named d_ino in the struct describing directory headers. */ #undef D_INO_IN_DIRENT @@ -97,6 +116,9 @@ message to be appended to the temp file when the editor is started. */ #undef FORCE_USE_EDITOR +/* Define this to the full path to . */ +#undef FULL_PATH_INTTYPES_H + /* Define to an alternative value if GSS_C_NT_HOSTBASED_SERVICE isn't defined in the gssapi.h header file. MIT Kerberos 1.2.1 requires this. Only relevant when using GSSAPI. */ @@ -159,10 +181,6 @@ you don't. */ #undef HAVE_DECL_CLEARERR_UNLOCKED -/* Define to 1 if you have the declaration of `__fpending', and to 0 if you - don't. */ -#define HAVE_DECL___FPENDING 0 - /* Define to 1 if you have the declaration of `feof_unlocked', and to 0 if you don't. */ #undef HAVE_DECL_FEOF_UNLOCKED @@ -275,6 +293,26 @@ don't. */ #undef HAVE_DECL_STRERROR_R +/* Define to 1 if you have the declaration of `strtoimax', and to 0 if you + don't. */ +#undef HAVE_DECL_STRTOIMAX + +/* Define to 1 if you have the declaration of `strtoll', and to 0 if you + don't. */ +#undef HAVE_DECL_STRTOLL + +/* Define to 1 if you have the declaration of `strtoull', and to 0 if you + don't. */ +#undef HAVE_DECL_STRTOULL + +/* Define to 1 if you have the declaration of `strtoumax', and to 0 if you + don't. */ +#undef HAVE_DECL_STRTOUMAX + +/* Define to 1 if you have the declaration of `__fpending', and to 0 if you + don't. */ +#define HAVE_DECL___FPENDING 0 + /* Define to 1 if you have the header file. */ /* Windows has but some functions aren't POSIX compliant */ #undef HAVE_DIRECT_H @@ -385,6 +423,9 @@ /* Define if you have the iconv() function. */ #undef HAVE_ICONV +/* Define if your compiler supports the #include_next directive. */ +#undef HAVE_INCLUDE_NEXT + /* Define to 1 if you have the `initgroups' function. */ #undef HAVE_INITGROUPS @@ -520,12 +561,21 @@ /* Define to 1 if you have the header file, and it defines `DIR'. */ #define HAVE_NDIR_H 1 +/* Define to 1 if you have the header file. */ +/* Use winsock.h as an alternative on Windows. It defines struct hostent. */ +#undef HAVE_NETDB_H + /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_IN_H /* Define to 1 if you have the `openat' function. */ #undef HAVE_OPENAT +/* Define if an OpenPGP capable program is available (and, assumedly, usable + command line templates are in the DEFAULT_SIGN_TEMPLATE and + DEFAULT_VERIFY_TEMPLATE macros). */ +#undef HAVE_OPENPGP + /* Define to 1 if you have the header file. */ #undef HAVE_OS_H @@ -654,12 +704,24 @@ /* Define to 1 if you have the `strncasecmp' function. */ #undef HAVE_STRNCASECMP +/* Define to 1 if you have the `strtoimax' function. */ +#undef HAVE_STRTOIMAX + /* Define to 1 if you have the `strtol' function. */ #define HAVE_STRTOL 1 +/* Define to 1 if you have the `strtoll' function. */ +#undef HAVE_STRTOLL + /* Define to 1 if you have the `strtoul' function. */ #define HAVE_STRTOUL 1 +/* Define to 1 if you have the `strtoull' function. */ +#undef HAVE_STRTOULL + +/* Define to 1 if you have the `strtoumax' function. */ +#undef HAVE_STRTOUMAX + /* Define to 1 if the system has the type `struct addrinfo'. */ #undef HAVE_STRUCT_ADDRINFO @@ -682,6 +744,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_BITYPES_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_BSDTYPES_H @@ -711,6 +776,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SELECT_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKET_H + /* Define to 1 if you have the header file. */ #define HAVE_SYS_STAT_H 1 @@ -816,6 +884,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_WCTYPE_H 1 +/* Define to 1 if you have the header file. */ +#define HAVE_WINSOCK2_H 1 + /* Define if you have the 'wint_t' type. */ #define HAVE_WINT_T 1 @@ -834,6 +905,9 @@ /* Define to 1 if `vfork' works. */ #undef HAVE_WORKING_VFORK +/* Define to 1 if you have the header file. */ +#define HAVE_WS2TCPIP_H 1 + /* Define to 1 if you have the header file. */ #undef HAVE_ZLIB_H @@ -1188,7 +1262,7 @@ #define inline __inline #endif -/* Define to long or long long if and don't define. */ +/* Define to long or long long if and don't define. */ #undef intmax_t /* Define to rpl_localtime if the replacement function should be used. */ From MAILER-DAEMON Mon May 15 10:46:08 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FfeKm-0008V6-9X for mharc-cvs-dev@gnu.org; Mon, 15 May 2006 10:46:08 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeXVY-0008EC-Fe for cvs-dev@nongnu.org; Fri, 12 May 2006 09:16:40 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeXVW-0008Ds-QT for cvs-dev@nongnu.org; Fri, 12 May 2006 09:16:39 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeXVW-0008Dp-Lb for cvs-dev@nongnu.org; Fri, 12 May 2006 09:16:38 -0400 Received: from [38.117.134.202] (helo=rebar.astron.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FeXXG-0004V6-QI for cvs-dev@nongnu.org; Fri, 12 May 2006 09:18:27 -0400 Received: by rebar.astron.com (Postfix, from userid 10080) id 8B0B556534; Fri, 12 May 2006 13:16:37 +0000 (UTC) From: christos@zoulas.com (Christos Zoulas) Date: Fri, 12 May 2006 09:16:37 -0400 In-Reply-To: <53727.1147439386@juniper.net> from "Mark D. Baushke" (May 12, 6:09am) Organization: Astron Software X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103) To: "Mark D. Baushke" Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD Message-Id: <20060512131637.8B0B556534@rebar.astron.com> X-Mailman-Approved-At: Mon, 15 May 2006 10:46:06 -0400 Cc: Hubert Feyrer , Thomas Klausner , CVS Development X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 13:16:40 -0000 On May 12, 6:09am, mdb@gnu.org ("Mark D. Baushke") wrote: -- Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD | Hi Christos, | | Is it possible for the Coverity folks to re-run the checks for xcvs, but | for them to use the correct model for xstrdup (the one from the | src/subr.c file) rather than the one from src/usr.bin/xlint/common/mem.c | which it somehow believes is correct?=20 | | Many of these CIDs are actually false positivies due to xcvs using a | version of xstrdup that handles a NULL argument without dereferencing | it. | | -- Mark We have been trying to get access to the coverity machine that runs the models, but we have not been able to. This is why the runs are so sparse. I hope that soon this will change. In the meantime I've been changing the names of the conflicting functions (buy prefixing them with the local program name instead of x (cvs_strdup() instead of xstrdup() for example). In general this is a more portable practice, but annoying never-the-less. christos From MAILER-DAEMON Mon May 15 10:46:08 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FfeKm-0008VK-JF for mharc-cvs-dev@gnu.org; Mon, 15 May 2006 10:46:08 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeYNR-0000E4-1i for cvs-dev@nongnu.org; Fri, 12 May 2006 10:12:21 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeYNP-0000DW-JK for cvs-dev@nongnu.org; Fri, 12 May 2006 10:12:20 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeYNP-0000DS-F0 for cvs-dev@nongnu.org; Fri, 12 May 2006 10:12:19 -0400 Received: from [38.117.134.202] (helo=rebar.astron.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FeYP9-0002Gm-Kx for cvs-dev@nongnu.org; Fri, 12 May 2006 10:14:07 -0400 Received: by rebar.astron.com (Postfix, from userid 10080) id 0C03656534; Fri, 12 May 2006 14:12:16 +0000 (UTC) From: christos@zoulas.com (Christos Zoulas) Date: Fri, 12 May 2006 10:12:16 -0400 In-Reply-To: <54437.1147440919@juniper.net> from "Mark D. Baushke" (May 12, 6:35am) Organization: Astron Software X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103) To: "Mark D. Baushke" Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD Message-Id: <20060512141217.0C03656534@rebar.astron.com> X-Mailman-Approved-At: Mon, 15 May 2006 10:46:06 -0400 Cc: Hubert Feyrer , Thomas Klausner , CVS Development X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 14:12:21 -0000 On May 12, 6:35am, mdb@gnu.org ("Mark D. Baushke") wrote: -- Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD | -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | Hi Christos, | | Would it make sense to modify src/gnu/usr.bin/cvs/include/config.h | so that it does a | | /* Functions defined in src/gnu/dist/xcvs/src/subr.c */ | #define xasprintf cvs_xasprintf | #define xmalloc cvs_xmalloc | #define xrealloc cvs_xrealloc | #define xstrdup cvs_xstrdup | | or, does the coverity model processing not handle macro processing | correctly? It does, and it will work properly [provided it compiles :-)] | For what it is worth, I have not finished going through all of the run | 22 reported problems. I know that there is at least a few more that are | 'real' bugs (cid-1058 and cid-1061 are both such). | | Given that our xstrdup() is safe, I will probably be considering reverting | the=20 | | var =3D str ? xstrdup (str) : NULL; | | changes back into | | var =3D xstrdup (str); Yes, we should revert the changes. | in the CVS STABLE and CVS FEATURE source bases. (It turns out that CVS | FEATURE uses Xstrdup to do the NULL check before calling the real | xstrdup () function, but has a '#define xstrdup Xstrdup' to hide it.) Ouch, pre-processor macro hell... christos From MAILER-DAEMON Mon May 15 10:46:09 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FfeKm-0008Ve-Uy for mharc-cvs-dev@gnu.org; Mon, 15 May 2006 10:46:09 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FeZq0-0002aI-0X for cvs-dev@nongnu.org; Fri, 12 May 2006 11:45:56 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FeZpy-0002Yl-Po for cvs-dev@nongnu.org; Fri, 12 May 2006 11:45:55 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FeZpy-0002YD-DZ for cvs-dev@nongnu.org; Fri, 12 May 2006 11:45:54 -0400 Received: from [38.117.134.202] (helo=rebar.astron.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FeZrj-0002Xm-Es for cvs-dev@nongnu.org; Fri, 12 May 2006 11:47:43 -0400 Received: by rebar.astron.com (Postfix, from userid 10080) id 833C356534; Fri, 12 May 2006 15:45:52 +0000 (UTC) From: christos@zoulas.com (Christos Zoulas) Date: Fri, 12 May 2006 11:45:52 -0400 In-Reply-To: <62187.1147447117@juniper.net> from "Mark D. Baushke" (May 12, 8:18am) Organization: Astron Software X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103) To: "Mark D. Baushke" Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD Message-Id: <20060512154552.833C356534@rebar.astron.com> X-Mailman-Approved-At: Mon, 15 May 2006 10:46:06 -0400 Cc: Hubert Feyrer , Thomas Klausner , CVS Development X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 15:45:56 -0000 On May 12, 8:18am, mdb@gnu.org ("Mark D. Baushke") wrote: -- Subject: Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD | > | Would it make sense to modify src/gnu/usr.bin/cvs/include/config.h | > | so that it does a | > | | > | /* Functions defined in src/gnu/dist/xcvs/src/subr.c */ | > | #define xasprintf cvs_xasprintf | > | #define xmalloc cvs_xmalloc | > | #define xrealloc cvs_xrealloc | > | #define xstrdup cvs_xstrdup | > | | > | or, does the coverity model processing not handle macro processing | > | correctly? | > | > It does, and it will work properly [provided it compiles :-)] | | You might give it a try and see if it works for you. I've done this and added all the rest of the `x' functions for completeness. It works fine. | Agreed. The patch below reverts those changes and adds a few asserts to | deal with the other cases. I have committed it to the CVS STABLE branch | (1.11.x). Great, I just applied it. Now I need to get the coverity folks to give use a fresh run... Thanks a lot, christos From MAILER-DAEMON Mon May 22 15:06:01 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FiFj7-0001Pd-86 for mharc-cvs-dev@gnu.org; Mon, 22 May 2006 15:06:01 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FiFj6-0001PY-El for cvs-dev@nongnu.org; Mon, 22 May 2006 15:06:00 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FiFj4-0001Oq-Ez for cvs-dev@nongnu.org; Mon, 22 May 2006 15:05:59 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FiFj4-0001Ol-9H for cvs-dev@nongnu.org; Mon, 22 May 2006 15:05:58 -0400 Received: from [64.233.207.24] (helo=pop-6.dnv.wideopenwest.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FiFn7-0006Nz-5g for cvs-dev@nongnu.org; Mon, 22 May 2006 15:10:09 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-6.dnv.wideopenwest.com (8.11.6/8.11.6) with ESMTP id k4MJ5vk14170 for ; Mon, 22 May 2006 14:05:57 -0500 Message-ID: <44720BA6.70501@ximbiot.com> Date: Mon, 22 May 2006 15:06:14 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: cvs-dev Subject: Re: [Cvs-dev] windows-NT/config.h.in.in changes for CVS FEATURE 1.12.x References: <67713.1147550144@juniper.net> In-Reply-To: <67713.1147550144@juniper.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.87, clamav-milter version 0.87 on pop-6.dnv.wideopenwest.com X-Virus-Status: Clean X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 May 2006 19:06:00 -0000 Mark D. Baushke wrote: > DEFAULT_SIGN_TEMPLATE - undef unless OpenPGP exists > DEFAULT_SIGN_TEXTMODE - undef unless OpenPGP exists > DEFAULT_VERIFY_TEMPLATE - undef unless OpenPGP exists > [...snip...] > HAVE_OPENPGP - assume PGP and GPG are not available? > I would recommend defining the OpenPGP DEFAULT_* stuff to the defaults from confiugre.in and leaving HAVE_OPENPGP undefined if you don't want to assume GPG is present. Leaving the DEFAULT stuff defined should mean that a user who installs GPG would only need to add command line switches to cause the client to try GPG operations, as opposed to also passing a useful command line template for the various GPG operations. It might be useful to change the default verify mode to VERIFY_WARN rather than VERIFY_OFF even when HAVE_OPENPGP is not defined, for reasons discussed in the earlier thread. Regards, Derek -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 From MAILER-DAEMON Mon May 22 20:06:36 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FiKQ0-0002w8-Gs for mharc-cvs-dev@gnu.org; Mon, 22 May 2006 20:06:36 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FiKPz-0002w3-H8 for cvs-dev@nongnu.org; Mon, 22 May 2006 20:06:35 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FiKPx-0002vn-Gj for cvs-dev@nongnu.org; Mon, 22 May 2006 20:06:34 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FiKPx-0002vc-8C for cvs-dev@nongnu.org; Mon, 22 May 2006 20:06:33 -0400 Received: from [207.17.137.64] (helo=colo-dns-ext2.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FiKU2-0002ah-NA for cvs-dev@nongnu.org; Mon, 22 May 2006 20:10:47 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext2.juniper.net (8.12.3/8.12.3) with ESMTP id k4N06U1Z088628; Mon, 22 May 2006 17:06:30 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4N06T522512; Mon, 22 May 2006 17:06:29 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: "Derek R. Price" Subject: Re: [Cvs-dev] windows-NT/config.h.in.in changes for CVS FEATURE 1.12.x In-Reply-To: <44720BA6.70501@ximbiot.com> References: <67713.1147550144@juniper.net> <44720BA6.70501@ximbiot.com> Comments: In-reply-to: "Derek R. Price" message dated "Mon, 22 May 2006 15:06:14 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 22 May 2006 17:06:29 -0700 Message-ID: <20888.1148342789@juniper.net> Sender: mdb@juniper.net Cc: cvs-dev X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 May 2006 00:06:35 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek R. Price writes: > Mark D. Baushke wrote: > > DEFAULT_SIGN_TEMPLATE - undef unless OpenPGP exists > > DEFAULT_SIGN_TEXTMODE - undef unless OpenPGP exists > > DEFAULT_VERIFY_TEMPLATE - undef unless OpenPGP exists > >=20=20=20 >=20 > [...snip...] >=20 > > HAVE_OPENPGP - assume PGP and GPG are not available? > >=20=20=20 >=20 > I would recommend defining the OpenPGP DEFAULT_* stuff to the defaults > from confiugre.in and leaving HAVE_OPENPGP undefined if you don't want > to assume GPG is present. Leaving the DEFAULT stuff defined should mean > that a user who installs GPG would only need to add command line > switches to cause the client to try GPG operations, as opposed to also > passing a useful command line template for the various GPG operations. >=20 > It might be useful to change the default verify mode to VERIFY_WARN > rather than VERIFY_OFF even when HAVE_OPENPGP is not defined, for > reasons discussed in the earlier thread. Hmmm... I found that the 'make stamp-chi' command has problems unless #undef HAVE_OPENPGG is present... % cd winwos-NT % make stamp-chi ../config.h.in line 579 has #undef HAVE_OPENPGP not found in ./config.h.in.= in % By the way, it seems that the maint-aux/gnulib-update script does not like this line: trap 'exit $?' SIGINT on Solaris 9 hosts. It generates this result: 'maint-aux/gnulib-update: trap: bad trap' The workaround is to use bash rather than /bin/sh OR to change the 'SIGINT' to the digit form of the trap ('2'). % kill -l 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 6) SIGABRT 7) SIGEMT 8) SIGFPE 9) SIGKILL 10) SIGBUS 11) SIGSEGV 12) SIGSYS 13) SIGPIPE 14) SIGALRM 15) SIGTERM 16) SIGUSR1 17) SIGUSR2 18) SIGCHLD 19) SIGPWR 20) SIGWINCH 21) SIGURG 22) SIGIO 23) SIGSTOP 24) SIGTSTP 25) SIGCONT 26) SIGTTIN 27) SIGTTOU 28) SIGVTALRM 29) SIGPROF 30) SIGXCPU 31) SIGXFSZ 32) SIGWAITING 33) SIGLWP 34) SIGFREEZE 35) SIGTHAW 36) SIGCANCEL 37) SIGLOST 39) SIGRTMIN 40) SIGRTMIN+1 41) SIGRTMIN+2 42) SIGRTMIN+3 43) SIGRTMAX-3 44) SIGRTMAX-2 45) SIGRTMAX-1 46) SIGRTMAX=20=20=20=20 % /bin/sh $ trap $ trap "echo done for now" EXIT $ trap 0: echo done for now $ trap "echo problem ahead" SIGINT trap: bad trap $ trap 0: echo done for now $ trap "echo problem ahead" 2 $ trap 0: echo done for now 2: echo problem ahead $=20 -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEclIFCg7APGsDnFERAuItAJ4q3BEtiFjSshXX2T1INpfBREP7OACginzB qGGrvmbIETY7sSXZl94Jbfc=3D =3DlWLb =2D----END PGP SIGNATURE----- From MAILER-DAEMON Mon May 22 20:36:23 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FiKsp-0004wa-Fq for mharc-cvs-dev@gnu.org; Mon, 22 May 2006 20:36:23 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FiKsn-0004vp-42 for cvs-dev@nongnu.org; Mon, 22 May 2006 20:36:21 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FiKsl-0004vG-F8 for cvs-dev@nongnu.org; Mon, 22 May 2006 20:36:20 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FiKsl-0004vC-Ak for cvs-dev@nongnu.org; Mon, 22 May 2006 20:36:19 -0400 Received: from [64.233.207.6] (helo=pop-1.dnv.wideopenwest.com) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FiKwr-0007dt-Fg for cvs-dev@nongnu.org; Mon, 22 May 2006 20:40:33 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-1.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k4N0oRNn021078 for ; Mon, 22 May 2006 19:50:28 -0500 Message-ID: <44725900.2080103@ximbiot.com> Date: Mon, 22 May 2006 20:36:16 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: cvs-dev Subject: Re: [Cvs-dev] windows-NT/config.h.in.in changes for CVS FEATURE 1.12.x References: <67713.1147550144@juniper.net> <44720BA6.70501@ximbiot.com> <20888.1148342789@juniper.net> In-Reply-To: <20888.1148342789@juniper.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 May 2006 00:36:21 -0000 Mark D. Baushke wrote: > Hmmm... I found that the 'make stamp-chi' command has problems unless > #undef HAVE_OPENPGG is present... Yeah, sorry, that's what I meant. I have a bad habit of being unclear due to trying to keep my emails terse. > OR to change the 'SIGINT' to the digit form of the trap ('2'). Sure. I've installed this change. Regards, Derek -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 From MAILER-DAEMON Mon May 22 20:59:08 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FiLEq-00052s-IT for mharc-cvs-dev@gnu.org; Mon, 22 May 2006 20:59:08 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FiLEo-00052g-KY for cvs-dev@nongnu.org; Mon, 22 May 2006 20:59:06 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FiLEm-00052L-6L for cvs-dev@nongnu.org; Mon, 22 May 2006 20:59:05 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FiLEl-00052I-Lc for cvs-dev@nongnu.org; Mon, 22 May 2006 20:59:04 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FiLIq-00053O-T0 for cvs-dev@nongnu.org; Mon, 22 May 2006 21:03:17 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4N0x0X68315; Mon, 22 May 2006 17:59:00 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4N0wt530968; Mon, 22 May 2006 17:58:55 -0700 (PDT) (envelope-from mdb@juniper.net) To: "Derek R. Price" Subject: Re: [Cvs-dev] windows-NT/config.h.in.in changes for CVS FEATURE 1.12.x In-Reply-To: <44725900.2080103@ximbiot.com> References: <67713.1147550144@juniper.net> <44720BA6.70501@ximbiot.com> <20888.1148342789@juniper.net> <44725900.2080103@ximbiot.com> Comments: In-reply-to: "Derek R. Price" message dated "Mon, 22 May 2006 20:36:16 -0400." From: "Mark D. Baushke" X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 22 May 2006 17:58:55 -0700 Message-ID: <24450.1148345935@juniper.net> Sender: mdb@juniper.net Cc: cvs-dev X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 May 2006 00:59:06 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek R. Price writes: > Mark D. Baushke wrote: > > Hmmm... I found that the 'make stamp-chi' command has problems unless > > #undef HAVE_OPENPGG is present... >=20 > Yeah, sorry, that's what I meant. I have a bad habit of being unclear > due to trying to keep my emails terse. Ahhh.. okay. I already installed that change to config.h config.h.in and config.h.in.in last week. The most recent cvs-test-results message for Windows was building all of the stuff in lib without any problems. However, it had problems with the SUPPORT_OLD_INFO_FMT_STRINGS macro not protecting a config->UseNewInfoFmtStrings refernce in commit.c::commit_fileproc(), so I committed a patch for that this morning. I don't actually have a windows box, so I am waiting to see if the windows executable actually builds tonight or has another problem to be resolved. > > OR to change the 'SIGINT' to the digit form of the trap ('2'). >=20 > Sure. I've installed this change. Thanks! -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEcl5PCg7APGsDnFERApv8AJ98nPT6v2HCuTIFSDhmSwHbaqeyCACg4ydw 3LWqQHLBH0aCbUwRFHodmkc=3D =3D86g+ =2D----END PGP SIGNATURE----- From MAILER-DAEMON Wed May 24 05:07:29 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FipKz-0007hN-CX for mharc-cvs-dev@gnu.org; Wed, 24 May 2006 05:07:29 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FipKy-0007h5-JT for cvs-dev@nongnu.org; Wed, 24 May 2006 05:07:28 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FipKw-0007g0-MU for cvs-dev@nongnu.org; Wed, 24 May 2006 05:07:28 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FipKw-0007fo-AD for cvs-dev@nongnu.org; Wed, 24 May 2006 05:07:26 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FipPL-0008ST-90 for cvs-dev@nongnu.org; Wed, 24 May 2006 05:11:59 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4O97NX98117 for ; Wed, 24 May 2006 02:07:23 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4O97H568340; Wed, 24 May 2006 02:07:17 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: cvs-dev@nongnu.org X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 24 May 2006 02:07:17 -0700 Message-ID: <17651.1148461637@juniper.net> Sender: mdb@juniper.net Subject: [Cvs-dev] C89 vs OpenPGP need for 'long long' X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2006 09:07:28 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Folks, The Windows platform apparently does not support a 'long long' type: .\src\log.c(1710) : error C2632: 'long' followed by 'long' is illegal .\src\log.c(1710) : warning C4244: 'initializing' : conversion from 'unsigned __int64 ' to 'unsigned long ', possible loss of data However, it appears that the current top-of-tree sources are using both 'long long' and 'unsigned long long' now. It should be noted that C89 supports integral types: char signed char unsigned char short, signed short, short int, signed short int unsigned short, or unsigned short int int, signed, signed int unsigned, unsigned int long, signed long, long int, signed long int unsigned long, unsigned long int The extended types: long long, signed long long unsigned long long are extensions introduced by C99. As a part of our sources, we have a HAVE_LONG_LONG macro and a HAVE_UNSIGNED_LONG_LONG macro. The typical method of dealing with a 64-bit quantity in C89 is to use a structure to keep the high and the low part of the integer and use functions to do the math on them. How do you think we should address this situation? -- Mark % grep -R 'long long' src src/rcs.c: finfo->fullname, rev, (unsigned long long)keyid); src/rcs.c: char *hexid1 = Xasprintf ("0x%llx", (unsigned long long) keyid); src/rcs.c: char *hexid2 = Xasprintf ("0x%llx", (unsigned long long) sig.keyid); src/rcs.c: char *hexid = Xasprintf ("0x%llx", (unsigned long long) keyid); src/sign.c: long long tmp; src/subr.c: length = sizeof (long long); src/subr.c: case sizeof(long long): src/subr.c: long long arg_long_long = va_arg (args, long long); src/ChangeLog: * ls.c (dircount): s/long long/long/ for Windows. src/log.c: unsigned long long printablesig = sig.keyid & 0xFFFFFFFF; % -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEdCJFCg7APGsDnFERAjvgAKCYZCk12XDja1e66djrIbrLrXJYAwCfbgN9 c7GeqH4HqAF7/ptjin3Qys0= =5yrm -----END PGP SIGNATURE----- From MAILER-DAEMON Wed May 24 12:39:46 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FiwOg-0004sf-MX for mharc-cvs-dev@gnu.org; Wed, 24 May 2006 12:39:46 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FiwOf-0004sS-Lh for cvs-dev@nongnu.org; Wed, 24 May 2006 12:39:45 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FiwOe-0004qx-2P for cvs-dev@nongnu.org; Wed, 24 May 2006 12:39:45 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FiwOd-0004qo-V1 for cvs-dev@nongnu.org; Wed, 24 May 2006 12:39:43 -0400 Received: from [64.233.207.26] (helo=pop-8.dnv.wideopenwest.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FiwT7-0002Nr-GJ for cvs-dev@nongnu.org; Wed, 24 May 2006 12:44:21 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-8.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k4OGdeC6030515 for ; Wed, 24 May 2006 11:39:41 -0500 Message-ID: <44748C52.1010406@ximbiot.com> Date: Wed, 24 May 2006 12:39:46 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: cvs-dev Subject: Re: [Cvs-dev] C89 vs OpenPGP need for 'long long' References: <17651.1148461637@juniper.net> In-Reply-To: <17651.1148461637@juniper.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2006 16:39:46 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark D. Baushke wrote: > Hi Folks, > > The Windows platform apparently does not support a 'long long' > type: > > .\src\log.c(1710) : error C2632: 'long' followed by 'long' is > illegal .\src\log.c(1710) : warning C4244: 'initializing' : > conversion from 'unsigned __int64 ' to 'unsigned long ', possible > loss of data I've committed a fix. It removes most of the uses of long long as unnecessary and ifdefs the last. It hasn't been tested without HAVE_LONG_LONG. Note that most of the rcs.c changes only run with traces enabled. Regards, Derek - -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEdIxSLD1OTBfyMaQRAlSYAKDFGf+HBqzx0jzM4QWktObtxsaV4gCcCryD BiTM0tOv8w1E1mBHgLrJbrM= =boqS -----END PGP SIGNATURE----- From MAILER-DAEMON Wed May 24 13:30:07 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FixBP-0006vb-N6 for mharc-cvs-dev@gnu.org; Wed, 24 May 2006 13:30:07 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FixBO-0006tt-Az for cvs-dev@nongnu.org; Wed, 24 May 2006 13:30:06 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FixBM-0006sa-RM for cvs-dev@nongnu.org; Wed, 24 May 2006 13:30:05 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FixBM-0006sJ-Mu for cvs-dev@nongnu.org; Wed, 24 May 2006 13:30:04 -0400 Received: from [209.226.175.4] (helo=tomts16-srv.bellnexxia.net) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FixFq-0007Rv-Be for cvs-dev@nongnu.org; Wed, 24 May 2006 13:34:42 -0400 Received: from [127.0.0.1] ([70.49.220.117]) by tomts16-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20060524173001.RDOM27612.tomts16-srv.bellnexxia.net@[127.0.0.1]>; Wed, 24 May 2006 13:30:01 -0400 Message-ID: <44749818.8090806@dreampossible.ca> Date: Wed, 24 May 2006 13:30:00 -0400 From: Jim Hyslop Organization: Dreampossible Inc. User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Derek R. Price" Subject: Re: [Cvs-dev] C89 vs OpenPGP need for 'long long' References: <17651.1148461637@juniper.net> <44748C52.1010406@ximbiot.com> In-Reply-To: <44748C52.1010406@ximbiot.com> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cvs-dev X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2006 17:30:06 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek R. Price wrote: > I've committed a fix. It removes most of the uses of long long as > unnecessary and ifdefs the last. It hasn't been tested without > HAVE_LONG_LONG. Note that most of the rcs.c changes only run with > traces enabled. IIRC the Windows build does not define HAVE_LONG_LONG. I looked over the patch, and on a quick review it looks reasonable. I'll test your changes when I get a chance. - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEdJgYLdDyDwyJw+MRAqd3AKDDnI3iCymFAxXAIbUICYIl4+bqngCgjCHB SwxFkw1dcGUHZ49qB8R9MEg= =t2Ej -----END PGP SIGNATURE----- From MAILER-DAEMON Thu May 25 10:42:58 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjH3C-0002BQ-Bs for mharc-cvs-dev@gnu.org; Thu, 25 May 2006 10:42:58 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjH3B-0002B6-Ej for cvs-dev@nongnu.org; Thu, 25 May 2006 10:42:57 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjH39-0002AW-PV for cvs-dev@nongnu.org; Thu, 25 May 2006 10:42:57 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjH39-0002AR-J4 for cvs-dev@nongnu.org; Thu, 25 May 2006 10:42:55 -0400 Received: from [64.233.207.6] (helo=pop-1.dnv.wideopenwest.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FjH7p-0007A9-Th for cvs-dev@nongnu.org; Thu, 25 May 2006 10:47:46 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-1.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k4PEvlec032090 for ; Thu, 25 May 2006 09:57:50 -0500 Message-ID: <4475C270.6010009@ximbiot.com> Date: Thu, 25 May 2006 10:42:56 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: cvs-dev X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [Cvs-dev] HP remsh X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 May 2006 14:42:57 -0000 If I set configure to favor "remsh" to "rsh" am I likely to get any false positives on platforms other than HP-UX? My brief google search leads me to believe that if remsh exists it will probably do the right thing. Everyone okay with this change, or should I leave well-enough alone? Regards, Derek -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 From MAILER-DAEMON Thu May 25 11:55:04 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjIAy-0000wj-EI for mharc-cvs-dev@gnu.org; Thu, 25 May 2006 11:55:04 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjIAw-0000wM-LI for cvs-dev@nongnu.org; Thu, 25 May 2006 11:55:02 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjIAu-0000wA-Bx for cvs-dev@nongnu.org; Thu, 25 May 2006 11:55:01 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjIAu-0000w7-7I for cvs-dev@nongnu.org; Thu, 25 May 2006 11:55:00 -0400 Received: from [146.122.22.36] (helo=uscimgate001.ugs.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FjIFb-0005vY-9g for cvs-dev@nongnu.org; Thu, 25 May 2006 11:59:51 -0400 Received: from sunlist.sdrc.com ([146.122.142.20]) by uscimgate001.ugs.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 25 May 2006 11:54:58 -0400 Received: from thor.net.plm.eds.com (thor.net.plm.eds.com [146.122.201.250]) by sunlist.sdrc.com (8.11.6+Sun/8.11.6) with ESMTP id k4PFsvr00684; Thu, 25 May 2006 11:54:57 -0400 (EDT) Received: (from scjones@localhost) by thor.net.plm.eds.com (8.11.6/8.10.1) id k4PFswB06851; Thu, 25 May 2006 11:54:58 -0400 (EDT) Message-Id: <200605251554.k4PFswB06851@thor.net.plm.eds.com> Subject: Re: [Cvs-dev] HP remsh To: derek@ximbiot.com (Derek R. Price) Date: Thu, 25 May 2006 11:54:58 -0400 (EDT) In-Reply-To: <4475C270.6010009@ximbiot.com> from "Derek R. Price" at May 25, 2006 10:42:56 AM From: lawrence.jones@ugs.com (Larry Jones) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 25 May 2006 15:54:58.0598 (UTC) FILETIME=[93057460:01C68013] Cc: cvs-dev X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 May 2006 15:55:03 -0000 Derek R. Price writes: > > If I set configure to favor "remsh" to "rsh" am I likely to get any > false positives on platforms other than HP-UX? My experience matches your brief research: if remsh exists, it does the right thing (and the default [or only] rsh usually does not). -Larry Jones My "C-" firmly establishes me on the cutting edge of the avant-garde. -- Calvin From MAILER-DAEMON Thu May 25 14:14:47 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjKMB-0003Ge-Rw for mharc-cvs-dev@gnu.org; Thu, 25 May 2006 14:14:47 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjKMA-0003GI-OB for cvs-dev@nongnu.org; Thu, 25 May 2006 14:14:46 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjKM9-0003G6-UN for cvs-dev@nongnu.org; Thu, 25 May 2006 14:14:46 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjKM9-0003G3-QL for cvs-dev@nongnu.org; Thu, 25 May 2006 14:14:45 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FjKQs-0003u1-7A for cvs-dev@nongnu.org; Thu, 25 May 2006 14:19:38 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4PIEhX22113 for ; Thu, 25 May 2006 11:14:43 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4PIEb501997; Thu, 25 May 2006 11:14:37 -0700 (PDT) (envelope-from mdb@juniper.net) To: cvs-dev@nongnu.org In-Reply-To: References: Comments: In-reply-to: djones@grassvalleysoftware.com message dated "Thu, 25 May 2006 00:03:27 -0700." From: "Mark D. Baushke" X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 25 May 2006 11:14:37 -0700 Message-ID: <68742.1148580877@juniper.net> Sender: mdb@juniper.net Subject: [Cvs-dev] Re: Build CVS (TRUNK) failed messages X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 May 2006 18:14:47 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Folks, It would be nice if someone would update the appropriate .dep, .dsp and .dsw and .mak files so that the new files added for the OpenPGP signing feature would be compiled on the windows-NT target to stop the build in the cvs-test-results from failing every night. Thanks, -- Mark djones@grassvalleysoftware.com writes: ... > client.obj : error LNK2001: unresolved external symbol _get_verify_checkouts_fatal > client.obj : error LNK2001: unresolved external symbol _get_verify_checkouts > client.obj : error LNK2001: unresolved external symbol _strtoumax > client.obj : error LNK2001: unresolved external symbol _next_signature > client.obj : error LNK2001: unresolved external symbol _verify_signature > client.obj : error LNK2001: unresolved external symbol _force_xchmod > client.obj : error LNK2001: unresolved external symbol _translate_exists > client.obj : error LNK2001: unresolved external symbol _merge > client.obj : error LNK2001: unresolved external symbol _force_copy_file > update.obj : error LNK2001: unresolved external symbol _force_copy_file > client.obj : error LNK2001: unresolved external symbol _base_diff > diff.obj : error LNK2001: unresolved external symbol _base_diff > client.obj : error LNK2001: unresolved external symbol _gen_signature > commit.obj : error LNK2001: unresolved external symbol _have_sigfile > import.obj : error LNK2001: unresolved external symbol _have_sigfile > rcs.obj : error LNK2001: unresolved external symbol _have_sigfile > edit.obj : error LNK2001: unresolved external symbol _base_register > edit.obj : error LNK2001: unresolved external symbol _base_deregister > edit.obj : error LNK2001: unresolved external symbol _base_get > import.obj : error LNK2001: unresolved external symbol _base64_encode_alloc > rcs.obj : error LNK2001: unresolved external symbol _base64_encode_alloc > import.obj : error LNK2001: unresolved external symbol _get_signature > rcs.obj : error LNK2001: unresolved external symbol _get_signature > log.obj : error LNK2001: unresolved external symbol _parse_signature > rcs.obj : error LNK2001: unresolved external symbol _parse_signature > log.obj : error LNK2001: unresolved external symbol _base64_decode_alloc > rcs.obj : error LNK2001: unresolved external symbol _base64_decode_alloc > main.obj : error LNK2001: unresolved external symbol _verify > main.obj : error LNK2001: unresolved external symbol _sign > main.obj : error LNK2001: unresolved external symbol _add_verify_arg > main.obj : error LNK2001: unresolved external symbol _set_openpgp_textmode > main.obj : error LNK2001: unresolved external symbol _add_sign_arg > main.obj : error LNK2001: unresolved external symbol _set_sign_template > main.obj : error LNK2001: unresolved external symbol _set_verify_template > main.obj : error LNK2001: unresolved external symbol _set_sign_commits > main.obj : error LNK2001: unresolved external symbol _set_verify_checkouts > rcs.obj : error LNK2001: unresolved external symbol _gpg_keyid2longstring > rcscmds.obj : error LNK2001: unresolved external symbol _call_diff > rcscmds.obj : error LNK2001: unresolved external symbol _call_diff_add_arg > rcscmds.obj : error LNK2001: unresolved external symbol _call_diff_setup > update.obj : error LNK2001: unresolved external symbol _base_merge > .\WinRel\cvs.exe : fatal error LNK1120: 41 unresolved externals > NMAKE : fatal error U1077: 'link.exe' : return code '0x19' > Stop. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEdfQNCg7APGsDnFERApt5AKC5AQNIADMIUY95dZLOTHYQOke8lgCfdSCN Cze8vk5QPA2KS+GXaT0WXVU= =dWJB -----END PGP SIGNATURE----- From MAILER-DAEMON Thu May 25 21:22:38 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjR2E-0006dv-JE for mharc-cvs-dev@gnu.org; Thu, 25 May 2006 21:22:38 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjR2C-0006dk-2t for cvs-dev@nongnu.org; Thu, 25 May 2006 21:22:36 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjR2B-0006dY-JB for cvs-dev@nongnu.org; Thu, 25 May 2006 21:22:35 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjR2B-0006dV-Ej for cvs-dev@nongnu.org; Thu, 25 May 2006 21:22:35 -0400 Received: from [209.226.175.34] (helo=tomts13-srv.bellnexxia.net) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FjR6y-0000Mg-18 for cvs-dev@nongnu.org; Thu, 25 May 2006 21:27:32 -0400 Received: from [127.0.0.1] ([70.54.52.91]) by tomts13-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20060526012234.UNAB29052.tomts13-srv.bellnexxia.net@[127.0.0.1]>; Thu, 25 May 2006 21:22:34 -0400 Message-ID: <44765857.7080509@dreampossible.ca> Date: Thu, 25 May 2006 21:22:31 -0400 From: Jim Hyslop Organization: Dreampossible Inc. User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Mark D. Baushke" Subject: Re: [Cvs-dev] Re: Build CVS (TRUNK) failed messages References: <68742.1148580877@juniper.net> In-Reply-To: <68742.1148580877@juniper.net> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 01:22:36 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark D. Baushke wrote: > Hi Folks, > > It would be nice if someone would update the appropriate .dep, .dsp and > .dsw and .mak files so that the new files added for the OpenPGP signing > feature would be compiled on the windows-NT target to stop the build > in the cvs-test-results from failing every night. I'm working on it. It also requires merging some changes from src/filesubr.c into windows-NT/filesubr.c. - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEdlhXLdDyDwyJw+MRAk2WAKDj5QCxLt6nbnDmkFi37GdV+R5eGQCg4fwL ph0dndiysEFe+bP8jJh2Mao= =7f2V -----END PGP SIGNATURE----- From MAILER-DAEMON Thu May 25 21:24:56 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjR4S-0007cr-Gg for mharc-cvs-dev@gnu.org; Thu, 25 May 2006 21:24:56 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjR4Q-0007cm-Sl for cvs-dev@nongnu.org; Thu, 25 May 2006 21:24:54 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjR4O-0007a3-DK for cvs-dev@nongnu.org; Thu, 25 May 2006 21:24:53 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjR4O-0007a0-8M for cvs-dev@nongnu.org; Thu, 25 May 2006 21:24:52 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FjR9A-0000rw-MT for cvs-dev@nongnu.org; Thu, 25 May 2006 21:29:49 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4Q1OoX27115; Thu, 25 May 2006 18:24:50 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4Q1Oi588872; Thu, 25 May 2006 18:24:44 -0700 (PDT) (envelope-from mdb@juniper.net) To: Jim Hyslop Subject: Re: [Cvs-dev] Re: Build CVS (TRUNK) failed messages In-Reply-To: <44765857.7080509@dreampossible.ca> References: <68742.1148580877@juniper.net> <44765857.7080509@dreampossible.ca> Comments: In-reply-to: Jim Hyslop message dated "Thu, 25 May 2006 21:22:31 -0400." From: "Mark D. Baushke" X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Thu, 25 May 2006 18:24:44 -0700 Message-ID: <25557.1148606684@juniper.net> Sender: mdb@juniper.net Cc: cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 01:24:55 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim Hyslop writes: > Mark D. Baushke wrote: > > Hi Folks, > >=20 > > It would be nice if someone would update the appropriate .dep, .dsp and > > .dsw and .mak files so that the new files added for the OpenPGP signing > > feature would be compiled on the windows-NT target to stop the build > > in the cvs-test-results from failing every night. >=20 > I'm working on it. It also requires merging some changes from > src/filesubr.c into windows-NT/filesubr.c. I believe I have already performed that merge operation for you. -- Mark =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD4DBQFEdljcCg7APGsDnFERAnRSAKCDAcBlnlYT6Mv43Rf/8bOvqZaYAgCYghvy 1sE2rS2Nmf0PZeOm+D9nyg=3D=3D =3D8iHt =2D----END PGP SIGNATURE----- From MAILER-DAEMON Thu May 25 22:12:23 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjRoN-0003wn-D5 for mharc-cvs-dev@gnu.org; Thu, 25 May 2006 22:12:23 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjRoL-0003w2-V6 for cvs-dev@nongnu.org; Thu, 25 May 2006 22:12:21 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjRoK-0003uF-GJ for cvs-dev@nongnu.org; Thu, 25 May 2006 22:12:21 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjRoK-0003uC-B8 for cvs-dev@nongnu.org; Thu, 25 May 2006 22:12:20 -0400 Received: from [209.226.175.54] (helo=tomts10-srv.bellnexxia.net) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FjRt7-0003qA-9V for cvs-dev@nongnu.org; Thu, 25 May 2006 22:17:17 -0400 Received: from [127.0.0.1] ([70.54.52.91]) by tomts10-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20060526021218.FFSC2009.tomts10-srv.bellnexxia.net@[127.0.0.1]>; Thu, 25 May 2006 22:12:18 -0400 Message-ID: <447663FC.5080409@dreampossible.ca> Date: Thu, 25 May 2006 22:12:12 -0400 From: Jim Hyslop Organization: Dreampossible Inc. User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Mark D. Baushke" Subject: Re: [Cvs-dev] Re: Build CVS (TRUNK) failed messages References: <68742.1148580877@juniper.net> <44765857.7080509@dreampossible.ca> <25557.1148606684@juniper.net> In-Reply-To: <25557.1148606684@juniper.net> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 02:12:22 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark D. Baushke wrote: > Jim Hyslop writes: > > >>>Mark D. Baushke wrote: >>> >>>>Hi Folks, >>>> >>>>It would be nice if someone would update the appropriate .dep, .dsp and >>>>.dsw and .mak files so that the new files added for the OpenPGP signing >>>>feature would be compiled on the windows-NT target to stop the build >>>>in the cvs-test-results from failing every night. >>> >>>I'm working on it. It also requires merging some changes from >>>src/filesubr.c into windows-NT/filesubr.c. > > > I believe I have already performed that merge operation for you. Yes, actually, you have - as soon as I updated and resolved the conflicts I noticed that. I started working on it a while ago and got sidetracked. There are a couple of other problems in the 'lib' directory, though. strtol.c has this snippet of code: #ifdef QUAD # define LONG long long MSVC6 (which predates C99 by a long shot) doesn't understand "long long". Is it OK to change "long long" to "int64_t" in the GNULIB files? Next problem is this, in strtoimax.c: #ifdef UNSIGNED # ifndef HAVE_DECL_STRTOULL "this configure-time declaration test was not run" # endif I'm hitting the "this configure-time" error. How should this be resolved? - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEdmP8LdDyDwyJw+MRAkFgAKC4VVZWKwJrvORL+K/tkyziJRsniwCfS2T1 e017HoXppVo50aSK6TzSO7Y= =fEji -----END PGP SIGNATURE----- From MAILER-DAEMON Thu May 25 22:29:05 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjS4X-0004Hp-9P for mharc-cvs-dev@gnu.org; Thu, 25 May 2006 22:29:05 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjS4V-0004HC-Et for cvs-dev@nongnu.org; Thu, 25 May 2006 22:29:03 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjS4S-0004GW-4x for cvs-dev@nongnu.org; Thu, 25 May 2006 22:29:03 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjS4R-0004GR-VZ for cvs-dev@nongnu.org; Thu, 25 May 2006 22:28:59 -0400 Received: from [209.226.175.97] (helo=tomts40-srv.bellnexxia.net) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FjS9E-0005hd-SG for cvs-dev@nongnu.org; Thu, 25 May 2006 22:33:57 -0400 Received: from [127.0.0.1] ([70.54.52.91]) by tomts40-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20060526022858.TVYQ24981.tomts40-srv.bellnexxia.net@[127.0.0.1]>; Thu, 25 May 2006 22:28:58 -0400 Message-ID: <447667EA.6050101@dreampossible.ca> Date: Thu, 25 May 2006 22:28:58 -0400 From: Jim Hyslop Organization: Dreampossible Inc. User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jim Hyslop Subject: Re: [Cvs-dev] Re: Build CVS (TRUNK) failed messages References: <68742.1148580877@juniper.net> <44765857.7080509@dreampossible.ca> <25557.1148606684@juniper.net> <447663FC.5080409@dreampossible.ca> In-Reply-To: <447663FC.5080409@dreampossible.ca> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "Mark D. Baushke" , cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 02:29:03 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I wrote: > strtol.c has this snippet of code: > > #ifdef QUAD > # define LONG long long > > MSVC6 (which predates C99 by a long shot) doesn't understand "long > long". Is it OK to change "long long" to "int64_t" in the GNULIB files? Answering the first question myself here: actually, it's more complicated than that. The problem boils down to this sequence of statements: #define INT unsigned LONG int #define LONG long long INT INTERNAL (strtol) (const STRING_TYPE *nptr, STRING_TYPE **endptr, int base, int group LOCALE_PARAM_PROTO) INT ends up defined as "unsigned long long int", so I can't just change "long long" to "int_64" or I end up with "unsigned int_64 int" which makes the compiler barf. Any thoughts on how to approach this? - -- Jim Hyslop Dreampossible: Better software. Simply. http://www.dreampossible.ca Consulting * Mentoring * Training in C/C++ * OOD * SW Development & Practices * Version Management -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEdmfqLdDyDwyJw+MRAu45AKCjxf8QFplihbTi2UDVSe+D4+I55gCghn+e yvme2y49Vv2oT3/C71+fRS8= =WGdW -----END PGP SIGNATURE----- From MAILER-DAEMON Fri May 26 00:07:16 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjTbW-00025K-S9 for mharc-cvs-dev@gnu.org; Fri, 26 May 2006 00:07:14 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjTbS-000206-RV for cvs-dev@nongnu.org; Fri, 26 May 2006 00:07:10 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjTbD-0001pt-KW for cvs-dev@nongnu.org; Fri, 26 May 2006 00:07:03 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjTbC-0001oW-6x for cvs-dev@nongnu.org; Fri, 26 May 2006 00:06:54 -0400 Received: from [64.233.207.26] (helo=pop-8.dnv.wideopenwest.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FjTfw-0003l5-Oh; Fri, 26 May 2006 00:11:49 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-8.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k4Q46UC6015371; Thu, 25 May 2006 23:06:41 -0500 Message-ID: <44767ECE.2030204@ximbiot.com> Date: Fri, 26 May 2006 00:06:38 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Jim Hyslop Subject: Re: [Cvs-dev] Re: Build CVS (TRUNK) failed messages References: <68742.1148580877@juniper.net> <44765857.7080509@dreampossible.ca> <25557.1148606684@juniper.net> <447663FC.5080409@dreampossible.ca> <447667EA.6050101@dreampossible.ca> In-Reply-To: <447667EA.6050101@dreampossible.ca> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "Mark D. Baushke" , cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 04:07:11 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim Hyslop wrote: > I wrote: >>> strtol.c has this snippet of code: Sorry, I missed that invocation of strtoull yesterday when I was removing other references to long long. I've now checked in a fix. You should be able to skip compiling lib/strtoull.c entirely now, unless I've missed another invocation somewhere. Cheers, Derek - -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEdn7OLD1OTBfyMaQRAvB1AKDh3/kSsPpeQvHyCjgkIMBXduFBTgCfeAwJ JpAJM0MBkYQBqos3cCdM31k= =sw4p -----END PGP SIGNATURE----- From MAILER-DAEMON Fri May 26 00:18:00 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjTlw-0006YB-SP for mharc-cvs-dev@gnu.org; Fri, 26 May 2006 00:18:00 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjTlv-0006Y2-D3 for cvs-dev@nongnu.org; Fri, 26 May 2006 00:17:59 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjTlu-0006Xm-Pv for cvs-dev@nongnu.org; Fri, 26 May 2006 00:17:59 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjTlu-0006Xg-LF for cvs-dev@nongnu.org; Fri, 26 May 2006 00:17:58 -0400 Received: from [64.233.207.6] (helo=pop-1.dnv.wideopenwest.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FjTqi-0005ng-Ao; Fri, 26 May 2006 00:22:56 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-1.dnv.wideopenwest.com (8.12.8/8.12.8) with ESMTP id k4Q4Huec030663; Thu, 25 May 2006 23:18:00 -0500 Message-ID: <44768174.6000807@ximbiot.com> Date: Fri, 26 May 2006 00:17:56 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Jim Hyslop Subject: Re: [Cvs-dev] Re: Build CVS (TRUNK) failed messages References: <68742.1148580877@juniper.net> <44765857.7080509@dreampossible.ca> <25557.1148606684@juniper.net> <447663FC.5080409@dreampossible.ca> In-Reply-To: <447663FC.5080409@dreampossible.ca> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "Mark D. Baushke" , cvs-dev@nongnu.org X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 04:17:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jim Hyslop wrote: > Next problem is this, in strtoimax.c: #ifdef UNSIGNED # ifndef > HAVE_DECL_STRTOULL "this configure-time declaration test was not > run" # endif > > I'm hitting the "this configure-time" error. How should this be > resolved? This notices the difference between `#undef HAVE_DECL_STRTOULL' and `#define HAVE_DECL_STRTOULL 0'. You need to #define HAVE_DECL_STRTOULL 0 in windows-NT/config.h via windows-NT/config.h.in.in. Regards, Derek - -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEdoF0LD1OTBfyMaQRApjrAKDkxZCI6/nbvgRVKhGfReqCSCfG8gCgkgW5 hzUk/gpofMP1lGmID5lFqmU= =y2bH -----END PGP SIGNATURE----- From MAILER-DAEMON Fri May 26 00:35:00 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjU2O-0008QJ-FW for mharc-cvs-dev@gnu.org; Fri, 26 May 2006 00:35:00 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjU2N-0008QA-HI for cvs-dev@nongnu.org; Fri, 26 May 2006 00:34:59 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjU2L-0008Pm-Vt for cvs-dev@nongnu.org; Fri, 26 May 2006 00:34:59 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjU2L-0008Pj-Rk for cvs-dev@nongnu.org; Fri, 26 May 2006 00:34:57 -0400 Received: from [64.233.207.24] (helo=pop-6.dnv.wideopenwest.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FjU7A-00073l-Bp for cvs-dev@nongnu.org; Fri, 26 May 2006 00:39:56 -0400 Received: from [127.0.0.1] (s233-64-208-242.try.wideopenwest.com [64.233.242.208]) by pop-6.dnv.wideopenwest.com (8.11.6/8.11.6) with ESMTP id k4Q4Ytu19427; Thu, 25 May 2006 23:34:55 -0500 Message-ID: <44768574.5050502@ximbiot.com> Date: Fri, 26 May 2006 00:35:00 -0400 From: "Derek R. Price" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Larry Jones Subject: Re: [Cvs-dev] HP remsh References: <200605251554.k4PFswB06851@thor.net.plm.eds.com> In-Reply-To: <200605251554.k4PFswB06851@thor.net.plm.eds.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.87, clamav-milter version 0.87 on pop-6.dnv.wideopenwest.com X-Virus-Status: Clean Cc: cvs-dev X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 04:34:59 -0000 Larry Jones wrote: > Derek R. Price writes: > >> If I set configure to favor "remsh" to "rsh" am I likely to get any >> false positives on platforms other than HP-UX? >> > > My experience matches your brief research: if remsh exists, it does the > right thing (and the default [or only] rsh usually does not). > Okay, I've made this change. Any problems it causes should be minor and we can always change it back. Regards, Derek -- Derek R. Price CVS Solutions Architect Get CVS support at Ximbiot ! v: +1 248.835.1260 f: +1 248.835.1263 From MAILER-DAEMON Fri May 26 12:53:16 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FjfYq-0006h1-Q3 for mharc-cvs-dev@gnu.org; Fri, 26 May 2006 12:53:16 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FjfYp-0006gL-36 for cvs-dev@nongnu.org; Fri, 26 May 2006 12:53:15 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FjfYo-0006g7-Ox for cvs-dev@nongnu.org; Fri, 26 May 2006 12:53:14 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FjfYo-0006g4-Dl for cvs-dev@nongnu.org; Fri, 26 May 2006 12:53:14 -0400 Received: from [207.17.137.57] (helo=colo-dns-ext1.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1Fjfdj-0003oB-Lv for cvs-dev@nongnu.org; Fri, 26 May 2006 12:58:20 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext1.juniper.net (8.11.3/8.9.3) with ESMTP id k4QGrCX36718; Fri, 26 May 2006 09:53:12 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4QGqt522633; Fri, 26 May 2006 09:52:55 -0700 (PDT) (envelope-from mdb@juniper.net) To: christos@zoulas.com (Christos Zoulas) From: "Mark D. Baushke" X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU Date: Fri, 26 May 2006 09:52:55 -0700 Message-ID: <97786.1148662375@juniper.net> Sender: mdb@juniper.net Cc: CVS Development Subject: [Cvs-dev] CVS Coverity scan via NetBSD fixes X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 May 2006 16:53:15 -0000 Hi Christos, It seems that the Coverity run 31 took into account a number of the patches I sent. At least one of the fixes (cid-1307) appears to not have been incorporated as yet. This is the fifth patch I have provided based on the NetBSD sources (CVSROOT=:ext:anoncvs@anoncvs.netbsd.org/cvsroot). The following patch is adapted from the one committed to the STABLE branch on Savannah.nongnu.org (CVSROOT=:pserver:anonymous@cvs.savannah.nongnu.org:/sources/cvs branch: cvs1-11-x-branch module: ccvs/src). I am still running a regression test of these changes merged onto the FEATURE branch and I will commit there when that is complete. I would be much obliged if you would commit it to the NetBSD sources. I'll continue to work through the remaining items as time permits. Thanks, -- Mark Log message: 2006-05-25 Mark D. Baushke * add.c (add): Do not leak memory. [Fixes NetBSD coverity cid-2199.] * edit.c (onoff_fileproc): Do not leak memory. [Fixes NetBSD coverity cid-2201.] * edit.c (onoff_filesdoneproc): Do not leak memory. [Fixes NetBSD coverity cid-2202.] * lock.c (readers_exist): Add assert (lockdir). [Fixes NetBSD coverity cid-2411.] * rcs.c (RCS_findlock_or_tip): Do not leak memory. [Fixes NetBSD coverity cid-2198.] * rcs.c (RCS_getdate): Avoid possible NULL dereference. [Fixes NetBSD coverity cid-2412.] * server.c (serve_sticky): Do not leak file descriptors. [Fixes NetBSD coverity cid-2197.] * server.c (do_cvs_command): Do not leak memory. [Fixes NetBSD coverity cid-2204.] * server.c (do_cvs_command): Protect close (dev_null_fd) against invalid fd value in error_exit. [Fixes NetBSD coverity cid-1307.] * tag.c (add_to_val_tags): Do not leak memory. Be sure to clear_val_tags_lock before returning. [Fixes NetBSD coverity cid-2071.] Index: add.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/add.c,v retrieving revision 1.3 diff -u -p -r1.3 add.c --- add.c 12 May 2006 15:33:17 -0000 1.3 +++ add.c 26 May 2006 16:32:36 -0000 @@ -161,11 +161,15 @@ add (argc, argv) int j; if (argc == 0) + { /* We snipped out all the arguments in the above sanity check. We can just forget the whole thing (and we better, because if we fired up the server and passed it nothing, it would spit back a usage message). */ + if (options) + free (options); return err; + } start_server (); ign_setup (); Index: edit.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/edit.c,v retrieving revision 1.2 diff -u -p -r1.2 edit.c --- edit.c 4 Feb 2006 16:29:56 -0000 1.2 +++ edit.c 26 May 2006 16:32:36 -0000 @@ -32,8 +32,10 @@ onoff_fileproc (callerdat, finfo) void *callerdat; struct file_info *finfo; { - fileattr_get0 (finfo->file, "_watched"); + char *watched = fileattr_get0 (finfo->file, "_watched"); fileattr_set (finfo->file, "_watched", turning_on ? "" : NULL); + if (watched != NULL) + free (watched); return 0; } @@ -52,8 +54,10 @@ onoff_filesdoneproc (callerdat, err, rep { if (setting_default) { - fileattr_get0 (NULL, "_watched"); + char *watched = fileattr_get0 (NULL, "_watched"); fileattr_set (NULL, "_watched", turning_on ? "" : NULL); + if (watched != NULL) + free (watched); } return err; } Index: lock.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/lock.c,v retrieving revision 1.2 diff -u -p -r1.2 lock.c --- lock.c 4 Feb 2006 16:29:56 -0000 1.2 +++ lock.c 26 May 2006 16:32:36 -0000 @@ -718,6 +718,9 @@ readers_exist (repository) #endif lockdir = lock_name (repository, ""); + + assert (lockdir != NULL); + lockdir[strlen (lockdir) - 1] = '\0'; /* remove trailing slash */ do { Index: rcs.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/rcs.c,v retrieving revision 1.3 diff -u -p -r1.3 rcs.c --- rcs.c 12 May 2006 15:33:18 -0000 1.3 +++ rcs.c 26 May 2006 16:32:36 -0000 @@ -3050,6 +3050,8 @@ RCS_getdate (rcs, date, force_tag_match) { char *date_1_1 = vers->date; + assert (p->data != NULL); + vers = p->data; if (RCS_datecmp (vers->date, date_1_1) != 0) return xstrdup ("1.1"); @@ -4758,6 +4760,7 @@ RCS_findlock_or_tip (rcs) char *user = getcaller(); Node *lock, *p; List *locklist; + char *defaultrev = NULL; /* Find unique delta locked by caller. This code is very similar to the code in RCS_unlock -- perhaps it could be abstracted @@ -4803,7 +4806,10 @@ RCS_findlock_or_tip (rcs) those error checks are to make users lock before a checkin, and we do that in other ways if at all anyway (e.g. rcslock.pl). */ - p = findnode (rcs->versions, RCS_getbranch (rcs, rcs->branch, 0)); + defaultrev = RCS_getbranch (rcs, rcs->branch, 0); + p = findnode (rcs->versions, defaultrev); + if (defaultrev != NULL) + free (defaultrev); if (!p) { error (0, 0, "RCS file `%s' does not contain its default revision.", Index: server.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/server.c,v retrieving revision 1.5 diff -u -p -r1.5 server.c --- server.c 12 May 2006 15:33:18 -0000 1.5 +++ server.c 26 May 2006 16:32:38 -0000 @@ -1238,6 +1238,7 @@ serve_sticky (arg) if (alloc_pending (80 + strlen (CVSADM_TAG))) sprintf (pending_error_text, "E cannot write to %s", CVSADM_TAG); pending_error = save_errno; + (void) fclose (f); return; } if (fclose (f) == EOF) @@ -2952,9 +2953,10 @@ error \n"); /* OK, sit around getting all the input from the child. */ { - struct buffer *stdoutbuf; - struct buffer *stderrbuf; - struct buffer *protocol_inbuf; + struct buffer *stdoutbuf = NULL; + struct buffer *stderrbuf = NULL; + struct buffer *protocol_inbuf = NULL; + int err_exit = 0; /* Number of file descriptors to check in select (). */ int num_to_check; int count_needed = 1; @@ -3007,7 +3009,8 @@ error \n"); { buf_output0 (buf_to_net, "E close failed\n"); print_error (errno); - goto error_exit; + err_exit = 1; + goto child_finish; } stdout_pipe[1] = -1; @@ -3015,7 +3018,8 @@ error \n"); { buf_output0 (buf_to_net, "E close failed\n"); print_error (errno); - goto error_exit; + err_exit = 1; + goto child_finish; } stderr_pipe[1] = -1; @@ -3023,7 +3027,8 @@ error \n"); { buf_output0 (buf_to_net, "E close failed\n"); print_error (errno); - goto error_exit; + err_exit = 1; + goto child_finish; } protocol_pipe[1] = -1; @@ -3032,7 +3037,8 @@ error \n"); { buf_output0 (buf_to_net, "E close failed\n"); print_error (errno); - goto error_exit; + err_exit = 1; + goto child_finish; } flowcontrol_pipe[0] = -1; #endif /* SERVER_FLOWCONTROL */ @@ -3041,7 +3047,9 @@ error \n"); { buf_output0 (buf_to_net, "E close failed\n"); print_error (errno); - goto error_exit; + dev_null_fd = -1; /* Do not try to close it again. */ + err_exit = 1; + goto child_finish; } dev_null_fd = -1; @@ -3128,7 +3136,8 @@ error \n"); { buf_output0 (buf_to_net, "E select failed\n"); print_error (errno); - goto error_exit; + err_exit = 1; + goto child_finish; } } while (numfds < 0); @@ -3161,7 +3170,8 @@ error \n"); { buf_output0 (buf_to_net, "E buf_input_data failed\n"); print_error (status); - goto error_exit; + err_exit = 1; + goto child_finish; } /* @@ -3235,7 +3245,8 @@ error \n"); { buf_output0 (buf_to_net, "E buf_input_data failed\n"); print_error (status); - goto error_exit; + err_exit = 1; + goto child_finish; } /* What should we do with errors? syslog() them? */ @@ -3260,7 +3271,8 @@ error \n"); { buf_output0 (buf_to_net, "E buf_input_data failed\n"); print_error (status); - goto error_exit; + err_exit = 1; + goto child_finish; } /* What should we do with errors? syslog() them? */ @@ -3340,21 +3352,33 @@ E CVS locks may need cleaning up.\n"); command_pid = -1; } + child_finish: /* * OK, we've waited for the child. By now all CVS locks are free * and it's OK to block on the network. */ set_block (buf_to_net); buf_flush (buf_to_net, 1); - buf_shutdown (protocol_inbuf); - buf_free (protocol_inbuf); - protocol_inbuf = NULL; - buf_shutdown (stderrbuf); - buf_free (stderrbuf); - stderrbuf = NULL; - buf_shutdown (stdoutbuf); - buf_free (stdoutbuf); - stdoutbuf = NULL; + if (protocol_inbuf) + { + buf_shutdown (protocol_inbuf); + buf_free (protocol_inbuf); + protocol_inbuf = NULL; + } + if (stderrbuf) + { + buf_shutdown (stderrbuf); + buf_free (stderrbuf); + stderrbuf = NULL; + } + if (stdoutbuf) + { + buf_shutdown (stdoutbuf); + buf_free (stdoutbuf); + stdoutbuf = NULL; + } + if (err_exit) + goto error_exit; } if (errs) @@ -3378,7 +3402,8 @@ E CVS locks may need cleaning up.\n"); command_pid = -1; } - close (dev_null_fd); + if (dev_null_fd >= 0) + close (dev_null_fd); close (protocol_pipe[0]); close (protocol_pipe[1]); close (stderr_pipe[0]); @@ -3706,6 +3731,10 @@ server_checked_in (file, update_dir, rep const char *update_dir; const char *repository; { + assert (file); + assert (update_dir); + assert (repository); + if (noexec) return; if (scratched_file != NULL && entries_line == NULL) Index: tag.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/tag.c,v retrieving revision 1.2 diff -u -p -r1.2 tag.c --- tag.c 4 Feb 2006 16:29:56 -0000 1.2 +++ tag.c 26 May 2006 16:32:38 -0000 @@ -1275,7 +1275,13 @@ add_to_val_tags (name) val_tags_lock (current_parsed_root->directory); /* Check for presence again since we have a lock now. */ - if (is_in_val_tags (&db, name)) return; + if (is_in_val_tags (&db, name)) + { + clear_val_tags_lock (); + if (db) + dbm_close (db); + return; + } /* Casting out const should be safe here - input datums are not * written to by the myndbm functions. From MAILER-DAEMON Mon May 29 13:48:58 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FklrO-0007Ha-16 for mharc-cvs-dev@gnu.org; Mon, 29 May 2006 13:48:58 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Fjp40-0005GV-Pd for cvs-dev@nongnu.org; Fri, 26 May 2006 23:02:04 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Fjp3z-0005G6-RE for cvs-dev@nongnu.org; Fri, 26 May 2006 23:02:04 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Fjp3z-0005Fz-O2 for cvs-dev@nongnu.org; Fri, 26 May 2006 23:02:03 -0400 Received: from [38.117.134.202] (helo=rebar.astron.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1Fjp91-0005RJ-6G for cvs-dev@nongnu.org; Fri, 26 May 2006 23:07:15 -0400 Received: by rebar.astron.com (Postfix, from userid 10080) id 0C4C256534; Sat, 27 May 2006 03:02:02 +0000 (UTC) From: christos@zoulas.com (Christos Zoulas) Date: Fri, 26 May 2006 23:02:02 -0400 In-Reply-To: <97786.1148662375@juniper.net> from "Mark D. Baushke" (May 26, 9:52am) Organization: Astron Software X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103) To: "Mark D. Baushke" Message-Id: <20060527030202.0C4C256534@rebar.astron.com> X-Mailman-Approved-At: Mon, 29 May 2006 13:48:57 -0400 Cc: CVS Development Subject: [Cvs-dev] Re: CVS Coverity scan via NetBSD fixes X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 May 2006 03:02:05 -0000 On May 26, 9:52am, mdb@gnu.org ("Mark D. Baushke") wrote: -- Subject: CVS Coverity scan via NetBSD fixes | Hi Christos, | | It seems that the Coverity run 31 took into | account a number of the patches I sent. | | At least one of the fixes (cid-1307) appears to | not have been incorporated as yet. | | This is the fifth patch I have provided based on | the NetBSD sources | (CVSROOT=:ext:anoncvs@anoncvs.netbsd.org/cvsroot). | | The following patch is adapted from the one | committed to the STABLE branch on Savannah.nongnu.org | (CVSROOT=:pserver:anonymous@cvs.savannah.nongnu.org:/sources/cvs | branch: cvs1-11-x-branch | module: ccvs/src). | | I am still running a regression test of these | changes merged onto the FEATURE branch and I will | commit there when that is complete. | | I would be much obliged if you would commit it to | the NetBSD sources. | | I'll continue to work through the remaining items | as time permits. Thanks a lot. I've committed everything. Have a nice weekend! christos From MAILER-DAEMON Wed May 31 11:25:21 2006 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1FlSZV-0007vs-0m for mharc-cvs-dev@gnu.org; Wed, 31 May 2006 11:25:21 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FlSZS-0007v9-Qk for cvs-dev@nongnu.org; Wed, 31 May 2006 11:25:18 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FlSZQ-0007ug-R0 for cvs-dev@nongnu.org; Wed, 31 May 2006 11:25:17 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FlSZQ-0007ud-Gn for cvs-dev@nongnu.org; Wed, 31 May 2006 11:25:16 -0400 Received: from [207.17.137.64] (helo=colo-dns-ext2.juniper.net) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.52) id 1FlSfT-0007Xa-13 for cvs-dev@nongnu.org; Wed, 31 May 2006 11:31:31 -0400 Received: from merlot.juniper.net (merlot.juniper.net [172.17.27.10]) by colo-dns-ext2.juniper.net (8.12.3/8.12.3) with ESMTP id k4VFPE1Z094836; Wed, 31 May 2006 08:25:14 -0700 (PDT) (envelope-from mdb@juniper.net) Received: from juniper.net (sapphire.juniper.net [172.17.28.108]) by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id k4VFP6527772; Wed, 31 May 2006 08:25:06 -0700 (PDT) (envelope-from mdb@juniper.net) From: "Mark D. Baushke" To: christos@zoulas.com (Christos Zoulas) In-Reply-To: <20060527030202.0C4C256534@rebar.astron.com> References: <20060527030202.0C4C256534@rebar.astron.com> Comments: In-reply-to: christos@zoulas.com (Christos Zoulas) message dated "Fri, 26 May 2006 23:02:02 -0400." X-Mailer: MH-E 8.0; nmh 1.0.4; GNU Emacs 21.3.1 X-Face: #8D_6URD2G%vC.hzU, christos@zoulas.com Date: Wed, 31 May 2006 08:25:06 -0700 Message-ID: <78257.1149089106@juniper.net> Sender: mdb@juniper.net Cc: CVS Development Subject: [Cvs-dev] Re: CVS Coverity scan via NetBSD fixes X-BeenThere: cvs-dev@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "CVS Development & Design Discussion" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 May 2006 15:25:19 -0000 Hi Christos, The following is the latest NetBSD patch based on run 33. I will shortly be updating the items listed as BUG to RESOLVED for which this patch is a FIX. This is the sixth patch I have provided based on the NetBSD sources (CVSROOT=:ext:anoncvs@anoncvs.netbsd.org/cvsroot). The following patch is adapted from the one committed to the STABLE branch on Savannah.nongnu.org (CVSROOT=:pserver:anonymous@cvs.savannah.nongnu.org:/sources/cvs branch: cvs1-11-x-branch module: ccvs/src). I am still running a regression test of these changes merged onto the FEATURE branch and I will commit there when that is complete. I would be much obliged if you would commit it to the NetBSD sources. I'll continue to work through the remaining items as time permits. Enjoy! -- Mark Log message: 2006-05-31 Mark D. Baushke * add.c (add): Fix memory leak. [Fixes NetBSD coverity cid-3751.] (add_directory): Fix memory leak. [Fixes NetBSD coverity cid-3640.] * commit.c (remove_file): Fix memory leak. [Fixes NetBSD coverity cid-3752.] * checkin.c (Checkin): Avoid possible NULL dereference. [Fixes NetBSD coverity cid-2425.] * client.c (auth_server): Fix memory leak. [Fixes NetBSD coverity cid-3404.] * rcs.c (RCS_checkin): Add assert (tip). [Fixes NetBSD coverity cid-2424.] Index: add.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/add.c,v retrieving revision 1.4 diff -u -p -r1.4 add.c --- add.c 27 May 2006 03:01:09 -0000 1.4 +++ add.c 31 May 2006 14:59:23 -0000 @@ -168,6 +168,8 @@ add (argc, argv) nothing, it would spit back a usage message). */ if (options) free (options); + if (message) + free (message); return err; } @@ -844,7 +846,10 @@ add_directory (finfo) fileattr_write (); fileattr_free (); if (attrs != NULL) + { free (attrs); + attrs = NULL; + } /* * Set up an update list with a single title node for Update_Logfile @@ -882,6 +887,8 @@ add_directory (finfo) free (rcsdir); free (message); + if (attrs != NULL) + free (attrs); return 0; Index: checkin.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/checkin.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 checkin.c --- checkin.c 4 Feb 2006 15:54:57 -0000 1.1.1.1 +++ checkin.c 31 May 2006 14:59:23 -0000 @@ -79,7 +79,8 @@ Checkin (type, finfo, rev, tag, options, changes is if the file contains RCS keywords. So we if we are not expanding RCS keywords, we are done. */ - if (strcmp (options, "-V4") == 0) /* upgrade to V5 now */ + if (options != NULL + && strcmp (options, "-V4") == 0) /* upgrade to V5 now */ options[0] = '\0'; /* FIXME: If PreservePermissions is on, RCS_cmp_file is Index: client.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/client.c,v retrieving revision 1.5 diff -u -p -r1.5 client.c --- client.c 12 May 2006 15:33:17 -0000 1.5 +++ client.c 31 May 2006 14:59:23 -0000 @@ -3970,6 +3970,7 @@ auth_server (root, lto_server, lfrom_ser /* Paranoia. */ memset (password, 0, strlen (password)); + free (password); # else /* ! AUTH_CLIENT_SUPPORT */ error (1, 0, "INTERNAL ERROR: This client does not support pserver authentication"); # endif /* AUTH_CLIENT_SUPPORT */ Index: commit.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/commit.c,v retrieving revision 1.4 diff -u -p -r1.4 commit.c --- commit.c 12 May 2006 15:33:17 -0000 1.4 +++ commit.c 31 May 2006 14:59:23 -0000 @@ -1746,6 +1746,8 @@ remove_file (finfo, tag, message) if (!quiet) error (0, retcode == -1 ? errno : 0, "failed to commit dead revision for `%s'", finfo->fullname); + if (prev_rev != NULL) + free (prev_rev); return 1; } /* At this point, the file has been committed as removed. We should Index: rcs.c =================================================================== RCS file: /cvsroot/src/gnu/dist/xcvs/src/rcs.c,v retrieving revision 1.4 diff -u -p -r1.4 rcs.c --- rcs.c 27 May 2006 03:01:09 -0000 1.4 +++ rcs.c 31 May 2006 14:59:23 -0000 @@ -5364,6 +5364,7 @@ workfile); if (dots == 0) { tip = xstrdup (rcs->head); + assert (tip != NULL); if (atoi (tip) != atoi (branch)) { newrev = (char *) xrealloc (newrev, strlen (newrev) + 3);