SECURITY FIXES
* CVS now uses version 1.2.3 of the ZLib compression libraries in order to
avoid two recently announced security vulnerabilities in them. Both may be
used for denial of service attacks and one may reportedly allow execution of
arbitrary code, though this is not confirmed.
NEW FEATURES
* Thanks to Conrad Pino <conrad@pino.com>, a hang in the Windows client, which
had pretty much rendered the client useless, has been fixed.
* A minor problem preventing build of the Kerberos4 client has been fixed.
* The path to the config file may be set as an argument to the CVS server
commands.
* Sections of directives specific to one or more repositories and not others
may now be specified in the config file.
* %{sV} format strings are now available to the verifymsg trigger, similar to
the %{stVv} available to loginfo.
* `cvs watch add' on an empty directory no longer clears watchers, and
specifying a directory for `cvs watch add' now (correctly) sets default
attributes.
* Missing CVSROOT/history files will now cause CVS to attempt to create one.
To suppress history logging, set LogHistory equal to the empty string in
CVSROOT/config.
* There are several new options available in CVSROOT/config. These are
TmpDir, HistoryLogPath, HistorySearchPath, MinCompressionLevel, &
MaxCompressionLevel. Please see the manual for more.
* CVS on Solaris 10 was refusing to parse command options. This has been
fixed.
* The Windows client now creates locks compatible with older versions of CVS by
default. This should only be relevant if your client is accessing a local
repository concurrently with another, older client. If you would like to
disable compatibility mode (because it is slightly faster), edit the
LOCK_COMPATIBILITY flag in windows-NT/config.h and recompile.
* Misc efficiency and portability improvements.
BUG FIXES
* Thanks to Serguei E. Leontiev <lse@CryptoPro.ru>, CVS with Kerberos 5 GSSAPI
should automatically link on FreeBSD 5.x.
* Thanks to Rahul Bhargava <rahul@wandisco.com>, heavily loaded systems
suffering from a disk crash or power failure will not lose data they claimed
to have committed.
* CVS server now handles conflict markers in Entry requests as documented.
* CVS now remembers that binary file merge conflicts occurred until the
timestamp of the updated binary file changes.
* CVS client now saves some bandwidth by not sending the contents of files
with conflicts to the server when it isn't needed.
* CVS now does correct locking during import.
* A problem where the server could block indefinitely waiting for an EOF from
the client when compression was enabled has been fixed.
* `cvs diff' no longer splits its arguments on spaces.
* Thanks to an old report and patch from Stewart Brodie <stewart@eh.org>, a
potential crash in response to a corrupt RCS file has been fixed.
* CVS now locks the history and val-tags files before writing to them.
Especially with large repositories, users should no longer see new warnings
about corrupt history records when using the `cvs history' command. Existing
corrupt history records will still need to be removed manually. val-tags
corruption should have had less obvious effects, but removing the
CVSROOT/val-tags file and allowing a 1.11.21 or later version of CVS to
regenerate it may eliminate a few odd behaviors and possibly cause a slight
speed up of read transactions in large repositories over time.
BUILD ISSUES
* The RPM spec file works again with the most modern versions of `rpm'. It
also finds the correct version of install-sh when building the CVS with
GSSAPI.
DEVELOPER ISSUES
* We've standardized on Automake 1.9.6 to get some at new features that make
our jobs easier. See the HACKING file for more on using the autotools with
CVS.
- Updating devel/scmcvs from 1.11.22 to 1.11.23
- "Activating" gnu-gpl-v2 license as discussed on packages@
Upstream changes:
NEW FEATURES
* A new log option -n reverts the -N option which may be in a .cvsrc
file.
* The `cvs blame' command is now a synonym for the `cvs annotate' command.
* The :extssh: method will use $CVS_SSH if set, or fall back on "ssh"
by default (but may be explicitly set using the --with-ssh flag to
configure).
* There is a new IgnoreUnknownConfigKeys option available for
CVSROOT/config to aid in the transition to newer versions of CVS.
BUG FIXES
* Merges of file removals using -j options are a little smarter.
* `cvs add' checks more thoroughly for `CVS' directories in the argument list.
* `cvs server' now accepts `--allow-root=PATH' options.
* `cvs import' no longer attempts to send CVS metadata to the server.
* `cvs import' makes more of an effort not to import paths containing files
and directories named `CVS'.
* The CVS server will no longer allow clients to run `cvs init'.
* Applying diffs when checking out very old revisions has been reduced from an
O(n^2) operation to an O(n) thanks to a patch from Michael J. Smith
<msmith@ideorlando.org> and additional touch-up work from the CVS team.
* Thanks to report from Paul Eggert <eggert@CS.UCLA.EDU>, an assertion failure
that could occur when "." was in the path (e.g. `cvs co /cvsroot/./module')
has been removed.
* Thanks to a report from Peter Toft <pto@linuxbog.dk>, CVS server now sends
correct patch files more often when the RCS `Name' keyword is present in
a working file (bug #17302).
* Thanks to a report from Dan Peterson <dbpete@aol.com>, clients now send the
right set of commands to the server when asked to update directories with
trailing slashes on their name.
* Thanks to a report and patch from <mbarabas@redhat.com>, potential stack
corruption during pserver login is avoided (bug #16961).
* The :extssh: method is now properly recognized as an alias for :ext:.
DEVELOPER ISSUES
* We've standardized on Autoconf version 2.61 to get a bug fix that notes
that the AIX C compiler's default mode isn't quite C89 and sets the
correct mode instead.
* We've standardized on Autoconf version 1.10 because it lets us simplify our
sources.
Oked by joerg@ (with the condition that I do the update to 1.12.13.1, too)
* The CVS client again correctly reports files with conflicts when using
servers running CVS 1.11.20/1.12.12, or earlier (and maybe 3rd party
servers).
* The GSSAPI server should now build under HP-UX.
* `cvs rtag' now correctly tags files that have been removed from the trunk.
* Code efficiency has been improved slightly.
* A rare race condition that could leave a lock on the val-tags file has been
avoided.
* A potential buffer overflow in the history command has been fixed.
* Thanks to a report and patch from Garrett Rooney <grooney@collab.net>, paused
trigger processes no longer cause the CVS server to consume 100% CPU.
* Thanks to a suggestion from Joseph P. Skudlarek <Jskud@Jskud.com>, an
:extssh: has been added as a synonym of the :ext: access method, as a
kindness to users of old version of Eclipse.
* Misc documentation updates and minor bug fixes.
