SERVER SECURITY ISSUES
* pserver can no longer be configured to run as root via the
$CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no
longer leads directly to a root hack. Attempts to root will also be logged
via the syslog.
Take over maintainership.
Changes since 1.11.9:
*********************
SERVER SECURITY ISSUES
* Malformed module requests could cause the CVS server to attempt to create
directories and possibly files at the root of the filesystem holding the CVS
repository. Filesystem permissions usually prevent the creation of these
misplaced directories, but nevertheless, the CVS server now rejects the
malformed requests.
GENERAL USER ISSUES
* Case insensitive clients using a case sensitive server can now use a
`cvs rm -f file; cvs add FILE' command sequence to add a file with the same
name in a new case.
* CVSROOTs which contain a symlink to a real repository should work.
* The configure script now tests whether it is building CVS on a case
insensitive file system. If it is, CVS assumes that all file systems on this
platform will be case insensitive. This is useful for getting the case
insensitivity flag set correctly when compiling on Mac OS X and under Cygwin
on Windows. Autodetection can be overridden using the
--disable-case-sensitivity and --enable-case-sensitivity arguments to
configure.
* A behavior change in `cvs up -jrev1 -jrev2' for modified files with a base
revision of rev2 (ie, checked-out version matches rev2 and file has been
modified). The operation is no longer ignored and instead is passed to
diff3. This will potentially re-apply the diffs between the two revisions to
a modified local file. Status messages like from a standard merge have also
been added when the file would not or does not change due to this merge
request ("[file] already contains the changes between [revisions]...").
* A bug which could stop `cvs admin -mTAG:message' from recursing has been
fixed.
* Misc documentation cleanup and fixes.
* Some of the contrib scripts, some of the documentation, and sanity.sh were
modified to use and recommend more portable commands rather than using and
recommending commands which were not compatible with the POSIX 1003.1-2001
specification.
DEVELOPER ISSUES
* A new set of tests to test issues specific to case insensitive clients and
servers has also been added.
* Support has been added to the test suite to support testing over a :ext: link
to another machine, subject to some stringent requirements. This support can
be used, for instance, to test the operation of a case insensitive client
against a case sensitive server. Please see the comments in TEST and the
src/sanity.sh test script itself for more.
* We've standardized on Automake 1.7.9 to get a bug fix. See the note below
on the Autoconf upgrade for more details.
* We've standardized on Autoconf version 2.58 to avoid a bug and get at a few
new macros. Again, this should only really affect developers, though it is
possible that CVS will now compile on a few new platforms. Please see the
section of the INSTALL file about using the autotools if you are compiling
CVS yourself.
Changes from 1.11.8 to 1.11.9:
* CVS now knows how to report, as well as record, `P' record types.
* When running the `cvs history' command, clients will now send the
long-accepted `-e' option, for all records, rather than explicitly requesting
`P' record types, a request which servers prior to 1.11.7 will reject with a
fatal error message.
* A problem with locating files requested by case insensitive clients which was
accidentally introduced in 1.11.6 as part of a fix for a data loss problem
involving `cvs add's from case insensitive clients has been fixed. The
relevant error message was `cvs [<command> aborted]: filE,v is ambiguous;
could mean FILE,v or file,v'.
* Attempts to use the global `-l' option, removed from both client and server
as of version 1.11.6, will now elicit a warning rather than a fatal error
from the server.
Changes from 1.11.7 to 1.11.8:
* A problem in the CVS getpass library that could cause passwords to echo on
some systems has been fixed.
Changes from 1.11.6 to 1.11.7:
* A segfault that could occur in very rare cases where the stat of a file
failed during a diff has been fixed.
* Any user with write privleges to the CVSROOT/checkoutlist file could pass
arbitrary format strings directly through to a printf function. This was
probably bad and has been fixed. White space at the beginning of error strings
in checkoutlist is now ignored properly.
* In client/server mode, most messages from CVS now contain the actual
command name rather than the generic "server".
* A long-standing bug that prevented most client/server updates from being
logged in the history file has been fixed.
* Updates done via a patch ("P" status) are now logged in the history file
by default and the corresponding "P" history record type is now documented.
If you're setting the LogHistory option in your CVSROOT/config file, you may
want to add "P" to the list of record types.
* CVS now will always compile and its own getpass() function (originally from
GNULIB) in favor of any system one that may exist. This avoids some problems
with long passwords on some systems and updates us to POSIX.2 compliance, since
getpass() was removed from the POSIX.2 specification.
* A bug that allowed a write lock to be created in a directory despite
there being existing read locks when using LockDir in CVSROOT/config has
been fixed.
* A bug with short patches (`rdiff -s') which caused rdiff to sometimes report
differences that did not exist has been fixed.
* Some minor corrections were made to the diff code to keep diff & rdiff from
printing diff headers with empty change texts when two files have different
revision numbers but the same content.
* The global '-l' option, which suppressed history logging, has been removed
from both client and server.
* A warning message is now issued if an administrative file contains
more than one DEFAULT entry.
* An error running a verifymsg script (such as referencing an unset
user variable or the script not existing) now causes the verification
to fail.
* Errors in administrative files commands (like unset user variables)
are no longer reported unless the command is actually executed.
* When a file is initially checked out, its last access time is
now set to the current time rather than being set to the time the
file was last checked in like the modification time is.
* The Checkin.prog and Update.prog functionality has been removed.
This fuctionality previously allowed executables to be specified
in the modules file to be run at update and checkin time, but users
could edit these files on a per workspace basis, creating a security
hole.
[NB: already fixed in the package earlier -- wiz]
* Corrected the path in a failed write error message.
* Autoconf and Automake are no longer run automatically unless you
run configure with --enable-maintainer-mode. Accordingly,
noautomake.sh is no longer needed and has been removed.
* We've standardized on Automake version 1.7.5 and Autoconf version
2.57 to get at a few new macros. Again, this should only really
affect developers. See the section of the INSTALL file about using
the autotools if you are compiling CVS yourself.
kerberos, also use kerberos5 headers since they are now needed by the
gssapi code in cvs.
Changes since 1.11.3:
* Some minor changes to allow the code to compile on Windows platforms.
Changes from 1.11.2 to 1.11.3:
* When waiting for another user's lock, the message timestamps are now
in UTC rather than the server's local time.
* The options.h file is no longer used. This fixes a bug that occurred when
1.11.2 was compiled on Windows platforms.
* We've standardized on Automake version 1.6.3 and Autoconf version 2.53.
They are cleaner, less bug prone, and will hopfully allow me to start updating
sanity.sh to use Autotest and Autoshell. Again, this should only really affect
developers. See the section of the INSTALL file about using the autotools if
you are compiling CVS yourself.
Changes since 1.11.1p1:
* The "log" and "rlog" commands now have a -S option to suppress the
header information when no revisions are selected.
* A serious error that allowed read-only users to tag files has been
corrected.
* The "annotate" command will no longer annotate binary files unless
you specify the new -F option.
* The "tag" and "rtag" commands will no longer move or delete branch
tags unless you use the new -B option. (This prevents accidental
changes to branch tags that are hard to undo.)
* We've standardized on the 1.5 Automake release for the moment. Again, this
should only really affect developers. See the section of the INSTALL file
about using the autotools if you are compiling CVS yourself.
Changes from 1.11.1 to 1.11.1p1:
* Read only access was broken - now fixed.
Changes from 1.11 to 1.11.1:
* The "cvs diff" command now accepts the -y/--side=by-side and -T/
--initial-tab options. (To use these options with a remote repository,
both the client and the server must support them.)
* The expansion of the loginfo format string has changed slightly.
Previously, the expansion was surrounded by single quotes ('); if a file
name contained a single quote character, the string would not be parsed
as a single entity by the Unix shell (and it would not be possible to
parse it unambiguously). Now the expansion is surrounded by double
quotes (") and any embedded dollar signs ($), backticks (`), backslashes
(\), and double quotes are preceded by a backslash. This is parsed as a
single entity by the shell reguardless of content. This change should
not be noticable unless you're not using a Unix shell or you have
embedded the format string inside a double quoted string.
* There was a bug in the diff code which sometimes caused conflicts to
be flagged which shouldn't have been. This has been fixed.
* New "cvs rlog" and "cvs rannotate" commands have been added to get log
messages and annotations without having to have a checked-out copy.
* Exclusive revision ranges have been added to "cvs log" using ::
(similar to "cvs admin -o").
* The VMS client now accepts wildcards if you're running VMS 7.x.
* ZLIB has been updated to version 1.1.3, the most current version. This
includes mostly some optimizations and minor bug fixes.
* The ~/.cvspass file has a slightly modified format. CVSROOTs are now
stored in a new canonical form - hostnames are now case insensitive and
port numbers are always stored in the new format. Until a new login for
a particular CVSROOT is performed with the new version of CVS, new and
old versions of CVS should interoperate invisibly. After that point, an
extra login using the old version of CVS may be necessary to continue to
allow the new and old versions of CVS to interoperate using the same
~/.cvspass file and CVSROOT. The exception to this rule occurs when the
CVSROOTs used with the different versions use case insensitively
different hostnames, for example, "empress", and "empress.2-wit.com".
* A password and a port number may now be specified in CVSROOT for
pserver connections. The new format is:
:pserver:[[user][:password]@]host[:[port]]/path
Note that passwords specified in a checkout command will be saved in the
clear in the CVS/Root file in each created directory, so this is not
recommended, except perhaps when accessing anonymous repositories or the
like.
* The distribution has been converted to use Automake. This shouldn't
affect most users except to ease some portability concerns, but if you
are building from the repository and encounter problems with the
makefiles, you might try running ./noautomake.sh after a fresh update
-AC.
Summary of changes:
- removal of USE_GTEXINFO
- addition of mk/texinfo.mk
- inclusion of this file in package Makefiles requiring it
- `install-info' substituted by `${INSTALL_INFO}' in PLISTs
- tuning of mk/bsd.pkg.mk:
removal of USE_GTEXINFO
INSTALL_INFO added to PLIST_SUBST
`${INSTALL_INFO}' replace `install-info' in target rules
print-PLIST target now generate `${INSTALL_INFO}' instead of `install-info'
- a couple of new patch files added for a handful of packages
- setting of the TEXINFO_OVERRIDE "switch" in packages Makefiles requiring it
- devel/cssc marked requiring texinfo 4.0
- a couple of packages Makefiles were tuned with respect of INFO_FILES and
makeinfo command usage
See -newly added by this commit- section 10.24 of Packages.txt for
further information.
a patch for configure so it wasn't really needed anyway.
An autoreconf run here noted a small difference in configure patch so I've
created a new patch distfiles with the new configure patch included.
pkgsrc. Instead, a new variable PKGREVISION is invented that can get
bumped independent of DISTNAME and PKGNAME.
Example #1:
DISTNAME= foo-X.Y
PKGREVISION= Z
=> PKGNAME= foo-X.YnbZ
Example #2:
DISTNAME= barthing-X.Y
PKGNAME= bar-X.Y
PKGREVISION= Z
=> PKGNAME= bar=X.YnbZ (!)
On subsequent changes, only PKGREVISION needs to be bumped, no more risk
of getting DISTNAME changed accidentally.
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.
(This makes me wonder how things work when I setup a system from solaris
pkgs only, that were generated from pkgsrc - i doubt they have the /var/db/pkg
information to make our system recognize them as "our" pkg... ?)
Make LOCALID a runtime option, instead of a compiletime option, by moving
the value to CVSROOT/config (repository specific).
Some minor fixes for buffer sizes.
Add a RCS Id where missing; add some warning about the deprecated
RCS_LOCALID variable.
Both changes from OpenBSD.
Bump to 1.11nb1.
* The new "cvs version" command gives a short version message. If
the repository is remote, both the client and server versions are
reported.
* "cvs admin -t" now works correctly in client/server mode.
* The "cvs history" command output format has changed -- the date
now includes the year and is given is ISO 8601 format (yyyy-mm-dd).
Also, the new LogHistory option in CVSROOT/config can be used to
control what information gets recorded in the log file and code has
been added to record file removals.
* The buggy PreservePermissions code has been disabled.
* Anonymous read-only access can now be done without requiring a
password. On the server side, simply give that user (presumably
`anonymous') an empty password in the CVSROOT/passwd file, and then
any received password will authenticate successfully.
* There is a new access method :fork: which is similar to :local:
except that it is implemented via the CVS remote protocol, and thus
has a somewhat different set of quirks and bugs.
* The -d command line option no longer updates the CVS/Root file. For
one thing, the CVS 1.9/1.10 behavior never had updated CVS/Root in
subdirectories, and for another, it didn't seem that popular in
general. So this change restores the CVS 1.8 behavior (which is also
the CVS 1.9/1.10 behavior if the environment variable
CVS_IGNORE_REMOTE_ROOT is set; with this change,
CVS_IGNORE_REMOTE_ROOT no longer has any effect).
* It is now possible for a single CVS command to recurse into several
CVS roots. This includes roots which are located on several servers,
or which are both remote and local. CVS will make connections to as
many servers as necessary.
* It is now possible to put the CVS lock files in a directory
set by the new LockDir option in CVSROOT/config. The default
continues to be to put the lock files in the repository itself.