makeinfo if no native makeinfo executable exists. Honor TEXINFO_REQD
when determining whether the native makeinfo can be used.
* Remove USE_MAKEINFO and replace it with USE_TOOLS+=makeinfo.
* Get rid of all the "split" argument deduction for makeinfo since
the PLIST module already handles varying numbers of split info files
correctly.
NOTE: Platforms that have "makeinfo" in the base system should check
that the makeinfo entries of pkgsrc/mk/tools.${OPSYS}.mk are
correct.
Changes since 1.11.20:
**********************
BUG FIXES
* Thanks to Serguei E. Leontiev, CVS with Kerberos 5 GSSAPI
should automatically link on FreeBSD 5.x. (bug #14639).
* Thanks to Rahul Bhargava, heavily loaded systems
suffering from a disk crash or power failure will not lose data they claimed
to have committed.
* CVS server now handles conflict markers in Entry requests as documented.
* CVS now remembers that binary file merge conflicts occurred until the
timestamp of the updated binary file changes.
* CVS client now saves some bandwidth by not sending the contents of files
with conflicts to the server when it isn't needed.
* CVS now does correct locking during import.
* A problem where the server could block indefinitely waiting for an EOF from
the client when compression was enabled has been fixed.
* `cvs diff' no longer splits its arguments on spaces.
* Thanks to an old report and patch from Stewart Brodie, a
potential crash in response to a corrupt RCS file has been fixed.
* CVS now locks the history and val-tags files before writing to them.
Especially with large repositories, users should no longer see new warnings
about corrupt history records when using the `cvs history' command. Existing
corrupt history records will still need to be removed manually. val-tags
corruption should have had less obvious effects, but removing the
CVSROOT/val-tags file and allowing a 1.11.21 or later version of CVS to
regenerate it may eliminate a few odd behaviors and possibly cause a slight
speed up of read transactions in large repositories over time.
NOTE: currently without IPv6 support, until there is an updated KAME patch
for it.
Changes:
Changes since 1.11.19:
**********************
SERVER SECURITY FIXES
* Thanks to a report from Alen Zukich, several minor
security issues have been addressed. One was a buffer overflow that is
potentially serious but which may not be exploitable, assigned CAN-2005-0753
by the Common Vulnerabilities and Exposures Project
<http://www.cve.mitre.org>. Other fixes resulting from Alen's report include
repair of an arbitrary free with no known exploit and several plugged memory
leaks and potentially freed NULL pointers which may have been exploitable for
a denial of service attack.
* Thanks to a report from Craig Monson, minor
potential vulnerabilities in the contributed Perl scripts have been fixed.
The confirmed vulnerability could allow the execution of arbitrary code on
the CVS server, but only if a user already had commit access and if one of
the contrib scripts was installed improperly, a condition which should have
been quickly visible to any administrator. The complete description of the
problem is here: <https://ccvs.cvshome.org/issues/show_bug.cgi?id=224>. If
you were making use of any of the contributed trigger scripts on a CVS
server, you should probably still replace them with the new versions, to be
on the safe side.
Unfortunately, our fix is incomplete. Taint-checking has been enabled in all
the contributed Perl scripts intended to be run as trigger scripts, but no
attempt has been made to ensure that they still run in taint mode. You will
most likely have to tweak the scripts in some way to make them run. Please
send any patches you find necessary back to <bug-cvs@gnu.org> so that we may
again ship fully enabled scripts in the future.
You should also make sure that any home-grown Perl scripts that you might
have installed as CVS triggers also have taint-checking enabled. This can be
done by adding `-T' on the scripts' #! lines. Please try running
`perldoc perlsec' if you would like more information on general Perl security
and taint-checking.
BUG FIXES
* Thanks to a report and a patch from Georg Scwharz
CVS now builds without error on IRIX 5.3
DEVELOPER ISSUES
* We've standardized on Automake 1.9.5 to get some at new features that make
our jobs easier. See the HACKING file for more on using the autotools with
CVS.
pkgsrc change:
patch-ag, provided by Georg Schwarz, added to fix the build on IRIX.
NEWS:
Changes since 1.11.18:
**********************
BUG FIXES
* An intermittant assertion failure in checkout has been fixed.
* Thanks to a report from Chris Bohn, all the source files
needed for the Windows "red file" fix are actually included in the
distribution.
* Misc bug and documentation fixes.
Changes from 1.11.17 to 1.11.18:
********************************
BUG FIXES
* Thanks to a report from Gottfried Ganssauge, CVS no
longer exits when it encounters links pointing to paths containing more
than 128 characters.
* Thanks to a report from Dan Peterson, error messages from
GSSAPI servers are no longer truncated.
* Thanks to a report from Dan Peterson, attempts to resurrect
a file on the trunk that was added on a branch no longer causes an assertion
failure.
* Thanks to a report from Dan Peterson, imports to branches
like "1.1." no longer create corrupt RCS archives.
* Thanks to a report from Chris Bohn, links from J.C. Hamlin,
and code posted by Jonathan Gilligan, we think we have
finally corrected the Windows "red-file" (daylight savings time) bug once and
for all.
* Thanks to a patch from Jeroen Ruigrok/asmodai, the
log_accum.pl script should no longer elicit warnings from Perl 5.8.5.
* The r* commands (rlog, rls, etc.) can once again handle requests to run
against the entire repository (e.g. `cvs rlog .'). Thanks go to Dan Peterson
for the report.
* A problem where the attempted access of files via tags beginning with spaces
could cause the CVS server to hang has been fixed. This was a particular
problem with WinCVS clients because users would sometimes accidentally
include spaces in tags pasted into a dialog box. This fix also altered some
of the error messages generated by the use of invalid tags. Thanks go to Dan
Peterson for the report.
* Thanks to James E Wilson for a bug fix to
modules processing "gcc-core -a !gcc/f gcc" will no longer exclude
gcc/fortran by mistake.
* Thanks to Conrad Pino, the Windows build works once again.
* Misc updates to the manual.
DEVELOPER ISSUES
* We've standardized on Automake 1.9.3 to get some at new features that make
our jobs easier. See the note below on the Autoconf upgrade for more
details.
* We've standardized on Autoconf version 2.59 to get presumed bug fixes and
features, but nothing specific. Mostly, once we decide to upgrade one of the
autotools we just figure it'll save time later to grab the most current
versions of the others too. See the HACKING file for more on using the
autotools with CVS.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
changes since 1.11.16:
SERVER SECURITY FIXES
* Thanks to Stefan Esser & Sebastian Krahmer, several potential security
problems have been fixed. The ones which were considered dangerous enough
to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, &
CAN-2004-0418 by the Common Vulnerabilities and Exposures Project. Please
see <http://www.cve.mitre.org> for more information.
* A potential buffer overflow vulnerability in the server has been fixed.
This addresses the Common Vulnerabilities and Exposures Project's issue
#CAN-2004-0414. Please see <http://www.cve.mitre.org> for more information.
Changes since 1.11.15:
**********************
SERVER SECURITY FIXES
* A potential buffer overflow vulnerability in the server has been fixed.
Prior to this patch, a malicious client could potentially use carefully
crafted server requests to run arbitrary programs on the CVS server machine.
This addresses the Common Vulnerabilities and Exposures Project's issue
#CAN-2004-0396. Please see <http://www.cve.mitre.org> for more information.
BUG FIXES
* The Microsoft Visual C++ workspace and project files have been repaired and
regenerated with MSVC++ 6.0.
* The cvs.1 man page is now generated automatically from a section of the CVS
Manual.
* Thanks to a report from Mark Andrews at the Internet Systems Consortium, the
:ext: connection method no longer relies on a transparent transport that uses
an argument processor that can handle arbitrary ordering of options and other
arguments when using a username other than the caller's.
* Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release'
or empty directory pruning, now works on network shares under Windows XP.
Changes since 1.11.14:
**********************
SERVER SECURITY ISSUES
* Piped checkouts of paths above $CVSROOT no longer work. Previously, clients
could have requested the contents of RCS archive files anywhere on a CVS
server.
CLIENT SECURITY ISSUES
* Clients now check paths from the server to verify that they are within one of
the sandboxes the user requested be updated. Previously, a trojan server
could have written or overwritten files anywhere the user had access,
presenting a serious security risk.
GENERAL USER ISSUES
* Method options (used by WinCVS & CVS 1.12.7+) in CVSROOTs are ignored.
* Configure no longer checks the $TMPDIR, $TMP, & $TEMP variables to set the
default temporary directory.
* CVS on Cygwin correctly handles X:\ style paths.
* Import now uses backslash rather than slash on Windows when checking for
"CVS" directories to ignore in import commands.
* Relative paths containing up-references (`..') should now work in
client/server mode (client fix).
* A race condition between the ordering of messages from CVS and messages from
called scripts in client/server mode has been removed (server fix).
* Resurrected files now get their modes and timestamps set correctly and a
longstanding bug involving resurrection of an uncommitted removal has been
fixed (server fix).
* Some resurrection (cvs add) status messages have changed slightly.
* `cvs release' now works with Kerberos or GSSAPI encryption enabled (server
fix).
* File resurrection from a previously existing revision no longer just reports
that it works (server fix).
* Misc error & status message corrections.
* Diffing of locally added files against arbitrary revisions in an RCS archive
is now allowed when a file of the same name exists or used to exist on some
branch (server fix).
* Misc documentation fixes.
Changes from 1.11.13 to 1.11.14:
********************************
GENERAL USER ISSUES
* Imports will now always ignore directories and files named `CVS' to avoid
violating assumptions made by other parts of CVS.
* A problem with `cvs release' of subdirs that could corrupt CVS/Entries files
has been fixed (client/server).
* The CVS server's protocol check for unused data from the client is no longer
called automatically at program exit in order to avoid potential recursive
calls to error when the first close is due to memory allocation or similar
problems that cause calls to error() to fail. The check is still made when
the server program exits normally.
* The spec file has been updated to work with more recent versions of RPM.
* Several memory leaks have been plugged (client/server).
DEVELOPER ISSUES
* Misc cosmetic, readability, and commenting fixes.
Changes since 1.11.12:
**********************
GENERAL USER ISSUES
* Several memory leaks have been plugged.
* Thanks to Ville Skyttä the man page has a few less spelling errors and is
slightly more accurate.
* An unlikely potential segfault when using the :fork: connection method has
been fixed.
* Misc cosmetic, readability, and commenting fixes.
* The CVS server has had the protocol check for unused data from the client
partially restored.
* A fix has been included that should avoid a very rare race condition that
could cause a CVS server to exit with a "broken pipe" message.
* A minor problem with the nmake build file that was preventing the source from
compiling under Windows has been fixed.
* Tests have been added to the test suite.
Changes from 1.11.11 to 1.11.12:
********************************
GENERAL USER ISSUES
* Infinite alias loops in the modules file are now checked for and avoided.
* Clients on case insensitive systems now preserve the case of directories in
CVS/Entries, in addition to files, for use in communications with the CVS
server.
* Some previously untested behavior is now being tested.
* Server support for case insensitive clients has been removed in favor of the
server relying on the client to preserve the case of checked out files, as
per the CVS client/server protocol spec. This is not as drastic as it may
sound, as all of the current tests still pass without modification when run
from a case insensitive client to a case sensitive server. This change
disables little previous functionality, enables access to more of the
possible namespace to users on systems with case insensitive file systems,
fixes a few bugs, and in the end this should provide a major stability
improvement.
* Thanks to Ville Skyttä the man page is a bit more accurate.
* Thanks to Ville Skyttä some unused variables were removed from the log_accum
Perl script in contrib.
* Thanks to Alexey Mahotkin, a bug that prevented CVS from being compiled with
Kerberos 4 authentication enabled has been fixed.
* A minor bug that caused CVS to fail to report an inifinte alias loop in the
modules file when portions of the alias definition contained trailing slashes
has been fixed.
* A bug in the gzip code that could cause heap corruption and segfaults in CVS
servers talking to clients less than 1.8 and some modern third-party CVS
clients has been fixed.
* mktemp.sh is now included with the source distribution so that the rcs2log
and cvsbug executables may be run on systems which do not contain an
implementation of mktemp.
* Misc documentation fixes.
SERVER SECURITY ISSUES
* pserver can no longer be configured to run as root via the
$CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no
longer leads directly to a root hack. Attempts to root will also be logged
via the syslog.
Take over maintainership.
Changes since 1.11.9:
*********************
SERVER SECURITY ISSUES
* Malformed module requests could cause the CVS server to attempt to create
directories and possibly files at the root of the filesystem holding the CVS
repository. Filesystem permissions usually prevent the creation of these
misplaced directories, but nevertheless, the CVS server now rejects the
malformed requests.
GENERAL USER ISSUES
* Case insensitive clients using a case sensitive server can now use a
`cvs rm -f file; cvs add FILE' command sequence to add a file with the same
name in a new case.
* CVSROOTs which contain a symlink to a real repository should work.
* The configure script now tests whether it is building CVS on a case
insensitive file system. If it is, CVS assumes that all file systems on this
platform will be case insensitive. This is useful for getting the case
insensitivity flag set correctly when compiling on Mac OS X and under Cygwin
on Windows. Autodetection can be overridden using the
--disable-case-sensitivity and --enable-case-sensitivity arguments to
configure.
* A behavior change in `cvs up -jrev1 -jrev2' for modified files with a base
revision of rev2 (ie, checked-out version matches rev2 and file has been
modified). The operation is no longer ignored and instead is passed to
diff3. This will potentially re-apply the diffs between the two revisions to
a modified local file. Status messages like from a standard merge have also
been added when the file would not or does not change due to this merge
request ("[file] already contains the changes between [revisions]...").
* A bug which could stop `cvs admin -mTAG:message' from recursing has been
fixed.
* Misc documentation cleanup and fixes.
* Some of the contrib scripts, some of the documentation, and sanity.sh were
modified to use and recommend more portable commands rather than using and
recommending commands which were not compatible with the POSIX 1003.1-2001
specification.
DEVELOPER ISSUES
* A new set of tests to test issues specific to case insensitive clients and
servers has also been added.
* Support has been added to the test suite to support testing over a :ext: link
to another machine, subject to some stringent requirements. This support can
be used, for instance, to test the operation of a case insensitive client
against a case sensitive server. Please see the comments in TEST and the
src/sanity.sh test script itself for more.
* We've standardized on Automake 1.7.9 to get a bug fix. See the note below
on the Autoconf upgrade for more details.
* We've standardized on Autoconf version 2.58 to avoid a bug and get at a few
new macros. Again, this should only really affect developers, though it is
possible that CVS will now compile on a few new platforms. Please see the
section of the INSTALL file about using the autotools if you are compiling
CVS yourself.
Changes from 1.11.8 to 1.11.9:
* CVS now knows how to report, as well as record, `P' record types.
* When running the `cvs history' command, clients will now send the
long-accepted `-e' option, for all records, rather than explicitly requesting
`P' record types, a request which servers prior to 1.11.7 will reject with a
fatal error message.
* A problem with locating files requested by case insensitive clients which was
accidentally introduced in 1.11.6 as part of a fix for a data loss problem
involving `cvs add's from case insensitive clients has been fixed. The
relevant error message was `cvs [<command> aborted]: filE,v is ambiguous;
could mean FILE,v or file,v'.
* Attempts to use the global `-l' option, removed from both client and server
as of version 1.11.6, will now elicit a warning rather than a fatal error
from the server.
Changes from 1.11.7 to 1.11.8:
* A problem in the CVS getpass library that could cause passwords to echo on
some systems has been fixed.
Changes from 1.11.6 to 1.11.7:
* A segfault that could occur in very rare cases where the stat of a file
failed during a diff has been fixed.
* Any user with write privleges to the CVSROOT/checkoutlist file could pass
arbitrary format strings directly through to a printf function. This was
probably bad and has been fixed. White space at the beginning of error strings
in checkoutlist is now ignored properly.
* In client/server mode, most messages from CVS now contain the actual
command name rather than the generic "server".
* A long-standing bug that prevented most client/server updates from being
logged in the history file has been fixed.
* Updates done via a patch ("P" status) are now logged in the history file
by default and the corresponding "P" history record type is now documented.
If you're setting the LogHistory option in your CVSROOT/config file, you may
want to add "P" to the list of record types.
* CVS now will always compile and its own getpass() function (originally from
GNULIB) in favor of any system one that may exist. This avoids some problems
with long passwords on some systems and updates us to POSIX.2 compliance, since
getpass() was removed from the POSIX.2 specification.
* A bug that allowed a write lock to be created in a directory despite
there being existing read locks when using LockDir in CVSROOT/config has
been fixed.
* A bug with short patches (`rdiff -s') which caused rdiff to sometimes report
differences that did not exist has been fixed.
* Some minor corrections were made to the diff code to keep diff & rdiff from
printing diff headers with empty change texts when two files have different
revision numbers but the same content.
* The global '-l' option, which suppressed history logging, has been removed
from both client and server.
* A warning message is now issued if an administrative file contains
more than one DEFAULT entry.
* An error running a verifymsg script (such as referencing an unset
user variable or the script not existing) now causes the verification
to fail.
* Errors in administrative files commands (like unset user variables)
are no longer reported unless the command is actually executed.
* When a file is initially checked out, its last access time is
now set to the current time rather than being set to the time the
file was last checked in like the modification time is.
* The Checkin.prog and Update.prog functionality has been removed.
This fuctionality previously allowed executables to be specified
in the modules file to be run at update and checkin time, but users
could edit these files on a per workspace basis, creating a security
hole.
[NB: already fixed in the package earlier -- wiz]
* Corrected the path in a failed write error message.
* Autoconf and Automake are no longer run automatically unless you
run configure with --enable-maintainer-mode. Accordingly,
noautomake.sh is no longer needed and has been removed.
* We've standardized on Automake version 1.7.5 and Autoconf version
2.57 to get at a few new macros. Again, this should only really
affect developers. See the section of the INSTALL file about using
the autotools if you are compiling CVS yourself.
kerberos, also use kerberos5 headers since they are now needed by the
gssapi code in cvs.
Changes since 1.11.3:
* Some minor changes to allow the code to compile on Windows platforms.
Changes from 1.11.2 to 1.11.3:
* When waiting for another user's lock, the message timestamps are now
in UTC rather than the server's local time.
* The options.h file is no longer used. This fixes a bug that occurred when
1.11.2 was compiled on Windows platforms.
* We've standardized on Automake version 1.6.3 and Autoconf version 2.53.
They are cleaner, less bug prone, and will hopfully allow me to start updating
sanity.sh to use Autotest and Autoshell. Again, this should only really affect
developers. See the section of the INSTALL file about using the autotools if
you are compiling CVS yourself.
Changes since 1.11.1p1:
* The "log" and "rlog" commands now have a -S option to suppress the
header information when no revisions are selected.
* A serious error that allowed read-only users to tag files has been
corrected.
* The "annotate" command will no longer annotate binary files unless
you specify the new -F option.
* The "tag" and "rtag" commands will no longer move or delete branch
tags unless you use the new -B option. (This prevents accidental
changes to branch tags that are hard to undo.)
* We've standardized on the 1.5 Automake release for the moment. Again, this
should only really affect developers. See the section of the INSTALL file
about using the autotools if you are compiling CVS yourself.
Changes from 1.11.1 to 1.11.1p1:
* Read only access was broken - now fixed.
Changes from 1.11 to 1.11.1:
* The "cvs diff" command now accepts the -y/--side=by-side and -T/
--initial-tab options. (To use these options with a remote repository,
both the client and the server must support them.)
* The expansion of the loginfo format string has changed slightly.
Previously, the expansion was surrounded by single quotes ('); if a file
name contained a single quote character, the string would not be parsed
as a single entity by the Unix shell (and it would not be possible to
parse it unambiguously). Now the expansion is surrounded by double
quotes (") and any embedded dollar signs ($), backticks (`), backslashes
(\), and double quotes are preceded by a backslash. This is parsed as a
single entity by the shell reguardless of content. This change should
not be noticable unless you're not using a Unix shell or you have
embedded the format string inside a double quoted string.
* There was a bug in the diff code which sometimes caused conflicts to
be flagged which shouldn't have been. This has been fixed.
* New "cvs rlog" and "cvs rannotate" commands have been added to get log
messages and annotations without having to have a checked-out copy.
* Exclusive revision ranges have been added to "cvs log" using ::
(similar to "cvs admin -o").
* The VMS client now accepts wildcards if you're running VMS 7.x.
* ZLIB has been updated to version 1.1.3, the most current version. This
includes mostly some optimizations and minor bug fixes.
* The ~/.cvspass file has a slightly modified format. CVSROOTs are now
stored in a new canonical form - hostnames are now case insensitive and
port numbers are always stored in the new format. Until a new login for
a particular CVSROOT is performed with the new version of CVS, new and
old versions of CVS should interoperate invisibly. After that point, an
extra login using the old version of CVS may be necessary to continue to
allow the new and old versions of CVS to interoperate using the same
~/.cvspass file and CVSROOT. The exception to this rule occurs when the
CVSROOTs used with the different versions use case insensitively
different hostnames, for example, "empress", and "empress.2-wit.com".
* A password and a port number may now be specified in CVSROOT for
pserver connections. The new format is:
:pserver:[[user][:password]@]host[:[port]]/path
Note that passwords specified in a checkout command will be saved in the
clear in the CVS/Root file in each created directory, so this is not
recommended, except perhaps when accessing anonymous repositories or the
like.
* The distribution has been converted to use Automake. This shouldn't
affect most users except to ease some portability concerns, but if you
are building from the repository and encounter problems with the
makefiles, you might try running ./noautomake.sh after a fresh update
-AC.
Summary of changes:
- removal of USE_GTEXINFO
- addition of mk/texinfo.mk
- inclusion of this file in package Makefiles requiring it
- `install-info' substituted by `${INSTALL_INFO}' in PLISTs
- tuning of mk/bsd.pkg.mk:
removal of USE_GTEXINFO
INSTALL_INFO added to PLIST_SUBST
`${INSTALL_INFO}' replace `install-info' in target rules
print-PLIST target now generate `${INSTALL_INFO}' instead of `install-info'
- a couple of new patch files added for a handful of packages
- setting of the TEXINFO_OVERRIDE "switch" in packages Makefiles requiring it
- devel/cssc marked requiring texinfo 4.0
- a couple of packages Makefiles were tuned with respect of INFO_FILES and
makeinfo command usage
See -newly added by this commit- section 10.24 of Packages.txt for
further information.
a patch for configure so it wasn't really needed anyway.
An autoreconf run here noted a small difference in configure patch so I've
created a new patch distfiles with the new configure patch included.
pkgsrc. Instead, a new variable PKGREVISION is invented that can get
bumped independent of DISTNAME and PKGNAME.
Example #1:
DISTNAME= foo-X.Y
PKGREVISION= Z
=> PKGNAME= foo-X.YnbZ
Example #2:
DISTNAME= barthing-X.Y
PKGNAME= bar-X.Y
PKGREVISION= Z
=> PKGNAME= bar=X.YnbZ (!)
On subsequent changes, only PKGREVISION needs to be bumped, no more risk
of getting DISTNAME changed accidentally.
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.
