8ea777230e
Changes since 1.11.14: ********************** SERVER SECURITY ISSUES * Piped checkouts of paths above $CVSROOT no longer work. Previously, clients could have requested the contents of RCS archive files anywhere on a CVS server. CLIENT SECURITY ISSUES * Clients now check paths from the server to verify that they are within one of the sandboxes the user requested be updated. Previously, a trojan server could have written or overwritten files anywhere the user had access, presenting a serious security risk. GENERAL USER ISSUES * Method options (used by WinCVS & CVS 1.12.7+) in CVSROOTs are ignored. * Configure no longer checks the $TMPDIR, $TMP, & $TEMP variables to set the default temporary directory. * CVS on Cygwin correctly handles X:\ style paths. * Import now uses backslash rather than slash on Windows when checking for "CVS" directories to ignore in import commands. * Relative paths containing up-references (`..') should now work in client/server mode (client fix). * A race condition between the ordering of messages from CVS and messages from called scripts in client/server mode has been removed (server fix). * Resurrected files now get their modes and timestamps set correctly and a longstanding bug involving resurrection of an uncommitted removal has been fixed (server fix). * Some resurrection (cvs add) status messages have changed slightly. * `cvs release' now works with Kerberos or GSSAPI encryption enabled (server fix). * File resurrection from a previously existing revision no longer just reports that it works (server fix). * Misc error & status message corrections. * Diffing of locally added files against arbitrary revisions in an RCS archive is now allowed when a file of the same name exists or used to exist on some branch (server fix). * Misc documentation fixes. Changes from 1.11.13 to 1.11.14: ******************************** GENERAL USER ISSUES * Imports will now always ignore directories and files named `CVS' to avoid violating assumptions made by other parts of CVS. * A problem with `cvs release' of subdirs that could corrupt CVS/Entries files has been fixed (client/server). * The CVS server's protocol check for unused data from the client is no longer called automatically at program exit in order to avoid potential recursive calls to error when the first close is due to memory allocation or similar problems that cause calls to error() to fail. The check is still made when the server program exits normally. * The spec file has been updated to work with more recent versions of RPM. * Several memory leaks have been plugged (client/server). DEVELOPER ISSUES * Misc cosmetic, readability, and commenting fixes. |
||
|---|---|---|
| .. | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| PLIST | ||