| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
|
|
|
|
|
|
* recurse.c (do_recursion): Correct test for calling
server_pause_check to occur when locktype != CVS_LOCK_WRITE.
|
|
Do not evaluate this->next after calling the handler; the handler may
have clobbered it. Resolves core dumps of cvs server on user ^C.
|
|
changes since 1.11.16:
SERVER SECURITY FIXES
* Thanks to Stefan Esser & Sebastian Krahmer, several potential security
problems have been fixed. The ones which were considered dangerous enough
to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, &
CAN-2004-0418 by the Common Vulnerabilities and Exposures Project. Please
see <http://www.cve.mitre.org> for more information.
* A potential buffer overflow vulnerability in the server has been fixed.
This addresses the Common Vulnerabilities and Exposures Project's issue
#CAN-2004-0414. Please see <http://www.cve.mitre.org> for more information.
|
|
Changes since 1.11.15:
**********************
SERVER SECURITY FIXES
* A potential buffer overflow vulnerability in the server has been fixed.
Prior to this patch, a malicious client could potentially use carefully
crafted server requests to run arbitrary programs on the CVS server machine.
This addresses the Common Vulnerabilities and Exposures Project's issue
#CAN-2004-0396. Please see <http://www.cve.mitre.org> for more information.
BUG FIXES
* The Microsoft Visual C++ workspace and project files have been repaired and
regenerated with MSVC++ 6.0.
* The cvs.1 man page is now generated automatically from a section of the CVS
Manual.
* Thanks to a report from Mark Andrews at the Internet Systems Consortium, the
:ext: connection method no longer relies on a transparent transport that uses
an argument processor that can handle arbitrary ordering of options and other
arguments when using a username other than the caller's.
* Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release'
or empty directory pruning, now works on network shares under Windows XP.
|
|
Changes since 1.11.14:
**********************
SERVER SECURITY ISSUES
* Piped checkouts of paths above $CVSROOT no longer work. Previously, clients
could have requested the contents of RCS archive files anywhere on a CVS
server.
CLIENT SECURITY ISSUES
* Clients now check paths from the server to verify that they are within one of
the sandboxes the user requested be updated. Previously, a trojan server
could have written or overwritten files anywhere the user had access,
presenting a serious security risk.
GENERAL USER ISSUES
* Method options (used by WinCVS & CVS 1.12.7+) in CVSROOTs are ignored.
* Configure no longer checks the $TMPDIR, $TMP, & $TEMP variables to set the
default temporary directory.
* CVS on Cygwin correctly handles X:\ style paths.
* Import now uses backslash rather than slash on Windows when checking for
"CVS" directories to ignore in import commands.
* Relative paths containing up-references (`..') should now work in
client/server mode (client fix).
* A race condition between the ordering of messages from CVS and messages from
called scripts in client/server mode has been removed (server fix).
* Resurrected files now get their modes and timestamps set correctly and a
longstanding bug involving resurrection of an uncommitted removal has been
fixed (server fix).
* Some resurrection (cvs add) status messages have changed slightly.
* `cvs release' now works with Kerberos or GSSAPI encryption enabled (server
fix).
* File resurrection from a previously existing revision no longer just reports
that it works (server fix).
* Misc error & status message corrections.
* Diffing of locally added files against arbitrary revisions in an RCS archive
is now allowed when a file of the same name exists or used to exist on some
branch (server fix).
* Misc documentation fixes.
Changes from 1.11.13 to 1.11.14:
********************************
GENERAL USER ISSUES
* Imports will now always ignore directories and files named `CVS' to avoid
violating assumptions made by other parts of CVS.
* A problem with `cvs release' of subdirs that could corrupt CVS/Entries files
has been fixed (client/server).
* The CVS server's protocol check for unused data from the client is no longer
called automatically at program exit in order to avoid potential recursive
calls to error when the first close is due to memory allocation or similar
problems that cause calls to error() to fail. The check is still made when
the server program exits normally.
* The spec file has been updated to work with more recent versions of RPM.
* Several memory leaks have been plugged (client/server).
DEVELOPER ISSUES
* Misc cosmetic, readability, and commenting fixes.
|
|
|
|
|
|
Changes since 1.11.12:
**********************
GENERAL USER ISSUES
* Several memory leaks have been plugged.
* Thanks to Ville Skyttä the man page has a few less spelling errors and is
slightly more accurate.
* An unlikely potential segfault when using the :fork: connection method has
been fixed.
* Misc cosmetic, readability, and commenting fixes.
* The CVS server has had the protocol check for unused data from the client
partially restored.
* A fix has been included that should avoid a very rare race condition that
could cause a CVS server to exit with a "broken pipe" message.
* A minor problem with the nmake build file that was preventing the source from
compiling under Windows has been fixed.
* Tests have been added to the test suite.
Changes from 1.11.11 to 1.11.12:
********************************
GENERAL USER ISSUES
* Infinite alias loops in the modules file are now checked for and avoided.
* Clients on case insensitive systems now preserve the case of directories in
CVS/Entries, in addition to files, for use in communications with the CVS
server.
* Some previously untested behavior is now being tested.
* Server support for case insensitive clients has been removed in favor of the
server relying on the client to preserve the case of checked out files, as
per the CVS client/server protocol spec. This is not as drastic as it may
sound, as all of the current tests still pass without modification when run
from a case insensitive client to a case sensitive server. This change
disables little previous functionality, enables access to more of the
possible namespace to users on systems with case insensitive file systems,
fixes a few bugs, and in the end this should provide a major stability
improvement.
* Thanks to Ville Skyttä the man page is a bit more accurate.
* Thanks to Ville Skyttä some unused variables were removed from the log_accum
Perl script in contrib.
* Thanks to Alexey Mahotkin, a bug that prevented CVS from being compiled with
Kerberos 4 authentication enabled has been fixed.
* A minor bug that caused CVS to fail to report an inifinte alias loop in the
modules file when portions of the alias definition contained trailing slashes
has been fixed.
* A bug in the gzip code that could cause heap corruption and segfaults in CVS
servers talking to clients less than 1.8 and some modern third-party CVS
clients has been fixed.
* mktemp.sh is now included with the source distribution so that the rcs2log
and cvsbug executables may be run on systems which do not contain an
implementation of mktemp.
* Misc documentation fixes.
|
|
|
|
build and install properly using Heimdal.
|
|
|
|
|
|
SERVER SECURITY ISSUES
* pserver can no longer be configured to run as root via the
$CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no
longer leads directly to a root hack. Attempts to root will also be logged
via the syslog.
Take over maintainership.
|
|
Changes since 1.11.9:
*********************
SERVER SECURITY ISSUES
* Malformed module requests could cause the CVS server to attempt to create
directories and possibly files at the root of the filesystem holding the CVS
repository. Filesystem permissions usually prevent the creation of these
misplaced directories, but nevertheless, the CVS server now rejects the
malformed requests.
GENERAL USER ISSUES
* Case insensitive clients using a case sensitive server can now use a
`cvs rm -f file; cvs add FILE' command sequence to add a file with the same
name in a new case.
* CVSROOTs which contain a symlink to a real repository should work.
* The configure script now tests whether it is building CVS on a case
insensitive file system. If it is, CVS assumes that all file systems on this
platform will be case insensitive. This is useful for getting the case
insensitivity flag set correctly when compiling on Mac OS X and under Cygwin
on Windows. Autodetection can be overridden using the
--disable-case-sensitivity and --enable-case-sensitivity arguments to
configure.
* A behavior change in `cvs up -jrev1 -jrev2' for modified files with a base
revision of rev2 (ie, checked-out version matches rev2 and file has been
modified). The operation is no longer ignored and instead is passed to
diff3. This will potentially re-apply the diffs between the two revisions to
a modified local file. Status messages like from a standard merge have also
been added when the file would not or does not change due to this merge
request ("[file] already contains the changes between [revisions]...").
* A bug which could stop `cvs admin -mTAG:message' from recursing has been
fixed.
* Misc documentation cleanup and fixes.
* Some of the contrib scripts, some of the documentation, and sanity.sh were
modified to use and recommend more portable commands rather than using and
recommending commands which were not compatible with the POSIX 1003.1-2001
specification.
DEVELOPER ISSUES
* A new set of tests to test issues specific to case insensitive clients and
servers has also been added.
* Support has been added to the test suite to support testing over a :ext: link
to another machine, subject to some stringent requirements. This support can
be used, for instance, to test the operation of a case insensitive client
against a case sensitive server. Please see the comments in TEST and the
src/sanity.sh test script itself for more.
* We've standardized on Automake 1.7.9 to get a bug fix. See the note below
on the Autoconf upgrade for more details.
* We've standardized on Autoconf version 2.58 to avoid a bug and get at a few
new macros. Again, this should only really affect developers, though it is
possible that CVS will now compile on a few new platforms. Please see the
section of the INSTALL file about using the autotools if you are compiling
CVS yourself.
Changes from 1.11.8 to 1.11.9:
* CVS now knows how to report, as well as record, `P' record types.
* When running the `cvs history' command, clients will now send the
long-accepted `-e' option, for all records, rather than explicitly requesting
`P' record types, a request which servers prior to 1.11.7 will reject with a
fatal error message.
* A problem with locating files requested by case insensitive clients which was
accidentally introduced in 1.11.6 as part of a fix for a data loss problem
involving `cvs add's from case insensitive clients has been fixed. The
relevant error message was `cvs [<command> aborted]: filE,v is ambiguous;
could mean FILE,v or file,v'.
* Attempts to use the global `-l' option, removed from both client and server
as of version 1.11.6, will now elicit a warning rather than a fatal error
from the server.
Changes from 1.11.7 to 1.11.8:
* A problem in the CVS getpass library that could cause passwords to echo on
some systems has been fixed.
Changes from 1.11.6 to 1.11.7:
* A segfault that could occur in very rare cases where the stat of a file
failed during a diff has been fixed.
* Any user with write privleges to the CVSROOT/checkoutlist file could pass
arbitrary format strings directly through to a printf function. This was
probably bad and has been fixed. White space at the beginning of error strings
in checkoutlist is now ignored properly.
* In client/server mode, most messages from CVS now contain the actual
command name rather than the generic "server".
* A long-standing bug that prevented most client/server updates from being
logged in the history file has been fixed.
* Updates done via a patch ("P" status) are now logged in the history file
by default and the corresponding "P" history record type is now documented.
If you're setting the LogHistory option in your CVSROOT/config file, you may
want to add "P" to the list of record types.
* CVS now will always compile and its own getpass() function (originally from
GNULIB) in favor of any system one that may exist. This avoids some problems
with long passwords on some systems and updates us to POSIX.2 compliance, since
getpass() was removed from the POSIX.2 specification.
* A bug that allowed a write lock to be created in a directory despite
there being existing read locks when using LockDir in CVSROOT/config has
been fixed.
* A bug with short patches (`rdiff -s') which caused rdiff to sometimes report
differences that did not exist has been fixed.
* Some minor corrections were made to the diff code to keep diff & rdiff from
printing diff headers with empty change texts when two files have different
revision numbers but the same content.
* The global '-l' option, which suppressed history logging, has been removed
from both client and server.
|
|
|
|
|
|
Requested by salo; ride 1.11.6 update version bump.
|
|
* A warning message is now issued if an administrative file contains
more than one DEFAULT entry.
* An error running a verifymsg script (such as referencing an unset
user variable or the script not existing) now causes the verification
to fail.
* Errors in administrative files commands (like unset user variables)
are no longer reported unless the command is actually executed.
* When a file is initially checked out, its last access time is
now set to the current time rather than being set to the time the
file was last checked in like the modification time is.
* The Checkin.prog and Update.prog functionality has been removed.
This fuctionality previously allowed executables to be specified
in the modules file to be run at update and checkin time, but users
could edit these files on a per workspace basis, creating a security
hole.
[NB: already fixed in the package earlier -- wiz]
* Corrected the path in a failed write error message.
* Autoconf and Automake are no longer run automatically unless you
run configure with --enable-maintainer-mode. Accordingly,
noautomake.sh is no longer needed and has been removed.
* We've standardized on Automake version 1.7.5 and Autoconf version
2.57 to get at a few new macros. Again, this should only really
affect developers. See the section of the INSTALL file about using
the autotools if you are compiling CVS yourself.
|
|
|
|
Remove unnecessary patches on texinfo sources.
|
|
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.
|
|
|
|
The IPv6 patch doesn't go well with Linux idea of struct sockaddr, so
disable IPv6 for the time being.
|
|
So disable IPv6 support on this system.
|
|
IPv6 support on FreeBSD and probably others.
bump PKGREVISION for user-visible changes.
|
|
|
|
mirrors.
|
|
|
|
The security fix that was the reason for releasing 1.11.5 was already
in 1.11.4nb1.
|
|
|
|
- avoid double free
|
|
kerberos, also use kerberos5 headers since they are now needed by the
gssapi code in cvs.
Changes since 1.11.3:
* Some minor changes to allow the code to compile on Windows platforms.
Changes from 1.11.2 to 1.11.3:
* When waiting for another user's lock, the message timestamps are now
in UTC rather than the server's local time.
* The options.h file is no longer used. This fixes a bug that occurred when
1.11.2 was compiled on Windows platforms.
* We've standardized on Automake version 1.6.3 and Autoconf version 2.53.
They are cleaner, less bug prone, and will hopfully allow me to start updating
sanity.sh to use Autotest and Autoshell. Again, this should only really affect
developers. See the section of the INSTALL file about using the autotools if
you are compiling CVS yourself.
|
|
|
|
this package needs a newer makeinfo to compile, so let it demand 4.2.
|
|
|
|
Changes since 1.11.1p1:
* The "log" and "rlog" commands now have a -S option to suppress the
header information when no revisions are selected.
* A serious error that allowed read-only users to tag files has been
corrected.
* The "annotate" command will no longer annotate binary files unless
you specify the new -F option.
* The "tag" and "rtag" commands will no longer move or delete branch
tags unless you use the new -B option. (This prevents accidental
changes to branch tags that are hard to undo.)
* We've standardized on the 1.5 Automake release for the moment. Again, this
should only really affect developers. See the section of the INSTALL file
about using the autotools if you are compiling CVS yourself.
Changes from 1.11.1 to 1.11.1p1:
* Read only access was broken - now fixed.
Changes from 1.11 to 1.11.1:
* The "cvs diff" command now accepts the -y/--side=by-side and -T/
--initial-tab options. (To use these options with a remote repository,
both the client and the server must support them.)
* The expansion of the loginfo format string has changed slightly.
Previously, the expansion was surrounded by single quotes ('); if a file
name contained a single quote character, the string would not be parsed
as a single entity by the Unix shell (and it would not be possible to
parse it unambiguously). Now the expansion is surrounded by double
quotes (") and any embedded dollar signs ($), backticks (`), backslashes
(\), and double quotes are preceded by a backslash. This is parsed as a
single entity by the shell reguardless of content. This change should
not be noticable unless you're not using a Unix shell or you have
embedded the format string inside a double quoted string.
* There was a bug in the diff code which sometimes caused conflicts to
be flagged which shouldn't have been. This has been fixed.
* New "cvs rlog" and "cvs rannotate" commands have been added to get log
messages and annotations without having to have a checked-out copy.
* Exclusive revision ranges have been added to "cvs log" using ::
(similar to "cvs admin -o").
* The VMS client now accepts wildcards if you're running VMS 7.x.
* ZLIB has been updated to version 1.1.3, the most current version. This
includes mostly some optimizations and minor bug fixes.
* The ~/.cvspass file has a slightly modified format. CVSROOTs are now
stored in a new canonical form - hostnames are now case insensitive and
port numbers are always stored in the new format. Until a new login for
a particular CVSROOT is performed with the new version of CVS, new and
old versions of CVS should interoperate invisibly. After that point, an
extra login using the old version of CVS may be necessary to continue to
allow the new and old versions of CVS to interoperate using the same
~/.cvspass file and CVSROOT. The exception to this rule occurs when the
CVSROOTs used with the different versions use case insensitively
different hostnames, for example, "empress", and "empress.2-wit.com".
* A password and a port number may now be specified in CVSROOT for
pserver connections. The new format is:
:pserver:[[user][:password]@]host[:[port]]/path
Note that passwords specified in a checkout command will be saved in the
clear in the CVS/Root file in each created directory, so this is not
recommended, except perhaps when accessing anonymous repositories or the
like.
* The distribution has been converted to use Automake. This shouldn't
affect most users except to ease some portability concerns, but if you
are building from the repository and encounter problems with the
makefiles, you might try running ./noautomake.sh after a fresh update
-AC.
|
|
|
|
|
|
remove extraneous parenthesis around .if (${FOO} ..) conditions.
|
|
after consulting with Todd. Any volunteers for any of these packages?
|
|
|
|
Summary of changes:
- removal of USE_GTEXINFO
- addition of mk/texinfo.mk
- inclusion of this file in package Makefiles requiring it
- `install-info' substituted by `${INSTALL_INFO}' in PLISTs
- tuning of mk/bsd.pkg.mk:
removal of USE_GTEXINFO
INSTALL_INFO added to PLIST_SUBST
`${INSTALL_INFO}' replace `install-info' in target rules
print-PLIST target now generate `${INSTALL_INFO}' instead of `install-info'
- a couple of new patch files added for a handful of packages
- setting of the TEXINFO_OVERRIDE "switch" in packages Makefiles requiring it
- devel/cssc marked requiring texinfo 4.0
- a couple of packages Makefiles were tuned with respect of INFO_FILES and
makeinfo command usage
See -newly added by this commit- section 10.24 of Packages.txt for
further information.
|
|
a patch for configure so it wasn't really needed anyway.
An autoreconf run here noted a small difference in configure patch so I've
created a new patch distfiles with the new configure patch included.
|
|
the patched files.
|
|
pkgsrc. Instead, a new variable PKGREVISION is invented that can get
bumped independent of DISTNAME and PKGNAME.
Example #1:
DISTNAME= foo-X.Y
PKGREVISION= Z
=> PKGNAME= foo-X.YnbZ
Example #2:
DISTNAME= barthing-X.Y
PKGNAME= bar-X.Y
PKGREVISION= Z
=> PKGNAME= bar=X.YnbZ (!)
On subsequent changes, only PKGREVISION needs to be bumped, no more risk
of getting DISTNAME changed accidentally.
|
|
|
