| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
path to the configure script.
|
|
* List the info files directly in the PLIST.
|
|
makeinfo if no native makeinfo executable exists. Honor TEXINFO_REQD
when determining whether the native makeinfo can be used.
* Remove USE_MAKEINFO and replace it with USE_TOOLS+=makeinfo.
* Get rid of all the "split" argument deduction for makeinfo since
the PLIST module already handles varying numbers of split info files
correctly.
NOTE: Platforms that have "makeinfo" in the base system should check
that the makeinfo entries of pkgsrc/mk/tools.${OPSYS}.mk are
correct.
|
|
Changes since 1.11.20:
**********************
BUG FIXES
* Thanks to Serguei E. Leontiev, CVS with Kerberos 5 GSSAPI
should automatically link on FreeBSD 5.x. (bug #14639).
* Thanks to Rahul Bhargava, heavily loaded systems
suffering from a disk crash or power failure will not lose data they claimed
to have committed.
* CVS server now handles conflict markers in Entry requests as documented.
* CVS now remembers that binary file merge conflicts occurred until the
timestamp of the updated binary file changes.
* CVS client now saves some bandwidth by not sending the contents of files
with conflicts to the server when it isn't needed.
* CVS now does correct locking during import.
* A problem where the server could block indefinitely waiting for an EOF from
the client when compression was enabled has been fixed.
* `cvs diff' no longer splits its arguments on spaces.
* Thanks to an old report and patch from Stewart Brodie, a
potential crash in response to a corrupt RCS file has been fixed.
* CVS now locks the history and val-tags files before writing to them.
Especially with large repositories, users should no longer see new warnings
about corrupt history records when using the `cvs history' command. Existing
corrupt history records will still need to be removed manually. val-tags
corruption should have had less obvious effects, but removing the
CVSROOT/val-tags file and allowing a 1.11.21 or later version of CVS to
regenerate it may eliminate a few odd behaviors and possibly cause a slight
speed up of read transactions in large repositories over time.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
|
|
|
|
|
|
|
|
NOTE: currently without IPv6 support, until there is an updated KAME patch
for it.
Changes:
Changes since 1.11.19:
**********************
SERVER SECURITY FIXES
* Thanks to a report from Alen Zukich, several minor
security issues have been addressed. One was a buffer overflow that is
potentially serious but which may not be exploitable, assigned CAN-2005-0753
by the Common Vulnerabilities and Exposures Project
<http://www.cve.mitre.org>. Other fixes resulting from Alen's report include
repair of an arbitrary free with no known exploit and several plugged memory
leaks and potentially freed NULL pointers which may have been exploitable for
a denial of service attack.
* Thanks to a report from Craig Monson, minor
potential vulnerabilities in the contributed Perl scripts have been fixed.
The confirmed vulnerability could allow the execution of arbitrary code on
the CVS server, but only if a user already had commit access and if one of
the contrib scripts was installed improperly, a condition which should have
been quickly visible to any administrator. The complete description of the
problem is here: <https://ccvs.cvshome.org/issues/show_bug.cgi?id=224>. If
you were making use of any of the contributed trigger scripts on a CVS
server, you should probably still replace them with the new versions, to be
on the safe side.
Unfortunately, our fix is incomplete. Taint-checking has been enabled in all
the contributed Perl scripts intended to be run as trigger scripts, but no
attempt has been made to ensure that they still run in taint mode. You will
most likely have to tweak the scripts in some way to make them run. Please
send any patches you find necessary back to <bug-cvs@gnu.org> so that we may
again ship fully enabled scripts in the future.
You should also make sure that any home-grown Perl scripts that you might
have installed as CVS triggers also have taint-checking enabled. This can be
done by adding `-T' on the scripts' #! lines. Please try running
`perldoc perlsec' if you would like more information on general Perl security
and taint-checking.
BUG FIXES
* Thanks to a report and a patch from Georg Scwharz
CVS now builds without error on IRIX 5.3
DEVELOPER ISSUES
* We've standardized on Automake 1.9.5 to get some at new features that make
our jobs easier. See the HACKING file for more on using the autotools with
CVS.
|
|
|
|
pkgsrc change:
patch-ag, provided by Georg Schwarz, added to fix the build on IRIX.
NEWS:
Changes since 1.11.18:
**********************
BUG FIXES
* An intermittant assertion failure in checkout has been fixed.
* Thanks to a report from Chris Bohn, all the source files
needed for the Windows "red file" fix are actually included in the
distribution.
* Misc bug and documentation fixes.
Changes from 1.11.17 to 1.11.18:
********************************
BUG FIXES
* Thanks to a report from Gottfried Ganssauge, CVS no
longer exits when it encounters links pointing to paths containing more
than 128 characters.
* Thanks to a report from Dan Peterson, error messages from
GSSAPI servers are no longer truncated.
* Thanks to a report from Dan Peterson, attempts to resurrect
a file on the trunk that was added on a branch no longer causes an assertion
failure.
* Thanks to a report from Dan Peterson, imports to branches
like "1.1." no longer create corrupt RCS archives.
* Thanks to a report from Chris Bohn, links from J.C. Hamlin,
and code posted by Jonathan Gilligan, we think we have
finally corrected the Windows "red-file" (daylight savings time) bug once and
for all.
* Thanks to a patch from Jeroen Ruigrok/asmodai, the
log_accum.pl script should no longer elicit warnings from Perl 5.8.5.
* The r* commands (rlog, rls, etc.) can once again handle requests to run
against the entire repository (e.g. `cvs rlog .'). Thanks go to Dan Peterson
for the report.
* A problem where the attempted access of files via tags beginning with spaces
could cause the CVS server to hang has been fixed. This was a particular
problem with WinCVS clients because users would sometimes accidentally
include spaces in tags pasted into a dialog box. This fix also altered some
of the error messages generated by the use of invalid tags. Thanks go to Dan
Peterson for the report.
* Thanks to James E Wilson for a bug fix to
modules processing "gcc-core -a !gcc/f gcc" will no longer exclude
gcc/fortran by mistake.
* Thanks to Conrad Pino, the Windows build works once again.
* Misc updates to the manual.
DEVELOPER ISSUES
* We've standardized on Automake 1.9.3 to get some at new features that make
our jobs easier. See the note below on the Autoconf upgrade for more
details.
* We've standardized on Autoconf version 2.59 to get presumed bug fixes and
features, but nothing specific. Mostly, once we decide to upgrade one of the
autotools we just figure it'll save time later to grab the most current
versions of the others too. See the HACKING file for more on using the
autotools with CVS.
|
|
|
|
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
|
|
|
|
|
|
* recurse.c (do_recursion): Correct test for calling
server_pause_check to occur when locktype != CVS_LOCK_WRITE.
|
|
Do not evaluate this->next after calling the handler; the handler may
have clobbered it. Resolves core dumps of cvs server on user ^C.
|
|
changes since 1.11.16:
SERVER SECURITY FIXES
* Thanks to Stefan Esser & Sebastian Krahmer, several potential security
problems have been fixed. The ones which were considered dangerous enough
to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, &
CAN-2004-0418 by the Common Vulnerabilities and Exposures Project. Please
see <http://www.cve.mitre.org> for more information.
* A potential buffer overflow vulnerability in the server has been fixed.
This addresses the Common Vulnerabilities and Exposures Project's issue
#CAN-2004-0414. Please see <http://www.cve.mitre.org> for more information.
|
|
Changes since 1.11.15:
**********************
SERVER SECURITY FIXES
* A potential buffer overflow vulnerability in the server has been fixed.
Prior to this patch, a malicious client could potentially use carefully
crafted server requests to run arbitrary programs on the CVS server machine.
This addresses the Common Vulnerabilities and Exposures Project's issue
#CAN-2004-0396. Please see <http://www.cve.mitre.org> for more information.
BUG FIXES
* The Microsoft Visual C++ workspace and project files have been repaired and
regenerated with MSVC++ 6.0.
* The cvs.1 man page is now generated automatically from a section of the CVS
Manual.
* Thanks to a report from Mark Andrews at the Internet Systems Consortium, the
:ext: connection method no longer relies on a transparent transport that uses
an argument processor that can handle arbitrary ordering of options and other
arguments when using a username other than the caller's.
* Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release'
or empty directory pruning, now works on network shares under Windows XP.
|
|
Changes since 1.11.14:
**********************
SERVER SECURITY ISSUES
* Piped checkouts of paths above $CVSROOT no longer work. Previously, clients
could have requested the contents of RCS archive files anywhere on a CVS
server.
CLIENT SECURITY ISSUES
* Clients now check paths from the server to verify that they are within one of
the sandboxes the user requested be updated. Previously, a trojan server
could have written or overwritten files anywhere the user had access,
presenting a serious security risk.
GENERAL USER ISSUES
* Method options (used by WinCVS & CVS 1.12.7+) in CVSROOTs are ignored.
* Configure no longer checks the $TMPDIR, $TMP, & $TEMP variables to set the
default temporary directory.
* CVS on Cygwin correctly handles X:\ style paths.
* Import now uses backslash rather than slash on Windows when checking for
"CVS" directories to ignore in import commands.
* Relative paths containing up-references (`..') should now work in
client/server mode (client fix).
* A race condition between the ordering of messages from CVS and messages from
called scripts in client/server mode has been removed (server fix).
* Resurrected files now get their modes and timestamps set correctly and a
longstanding bug involving resurrection of an uncommitted removal has been
fixed (server fix).
* Some resurrection (cvs add) status messages have changed slightly.
* `cvs release' now works with Kerberos or GSSAPI encryption enabled (server
fix).
* File resurrection from a previously existing revision no longer just reports
that it works (server fix).
* Misc error & status message corrections.
* Diffing of locally added files against arbitrary revisions in an RCS archive
is now allowed when a file of the same name exists or used to exist on some
branch (server fix).
* Misc documentation fixes.
Changes from 1.11.13 to 1.11.14:
********************************
GENERAL USER ISSUES
* Imports will now always ignore directories and files named `CVS' to avoid
violating assumptions made by other parts of CVS.
* A problem with `cvs release' of subdirs that could corrupt CVS/Entries files
has been fixed (client/server).
* The CVS server's protocol check for unused data from the client is no longer
called automatically at program exit in order to avoid potential recursive
calls to error when the first close is due to memory allocation or similar
problems that cause calls to error() to fail. The check is still made when
the server program exits normally.
* The spec file has been updated to work with more recent versions of RPM.
* Several memory leaks have been plugged (client/server).
DEVELOPER ISSUES
* Misc cosmetic, readability, and commenting fixes.
|
|
|
|
|
|
Changes since 1.11.12:
**********************
GENERAL USER ISSUES
* Several memory leaks have been plugged.
* Thanks to Ville Skyttä the man page has a few less spelling errors and is
slightly more accurate.
* An unlikely potential segfault when using the :fork: connection method has
been fixed.
* Misc cosmetic, readability, and commenting fixes.
* The CVS server has had the protocol check for unused data from the client
partially restored.
* A fix has been included that should avoid a very rare race condition that
could cause a CVS server to exit with a "broken pipe" message.
* A minor problem with the nmake build file that was preventing the source from
compiling under Windows has been fixed.
* Tests have been added to the test suite.
Changes from 1.11.11 to 1.11.12:
********************************
GENERAL USER ISSUES
* Infinite alias loops in the modules file are now checked for and avoided.
* Clients on case insensitive systems now preserve the case of directories in
CVS/Entries, in addition to files, for use in communications with the CVS
server.
* Some previously untested behavior is now being tested.
* Server support for case insensitive clients has been removed in favor of the
server relying on the client to preserve the case of checked out files, as
per the CVS client/server protocol spec. This is not as drastic as it may
sound, as all of the current tests still pass without modification when run
from a case insensitive client to a case sensitive server. This change
disables little previous functionality, enables access to more of the
possible namespace to users on systems with case insensitive file systems,
fixes a few bugs, and in the end this should provide a major stability
improvement.
* Thanks to Ville Skyttä the man page is a bit more accurate.
* Thanks to Ville Skyttä some unused variables were removed from the log_accum
Perl script in contrib.
* Thanks to Alexey Mahotkin, a bug that prevented CVS from being compiled with
Kerberos 4 authentication enabled has been fixed.
* A minor bug that caused CVS to fail to report an inifinte alias loop in the
modules file when portions of the alias definition contained trailing slashes
has been fixed.
* A bug in the gzip code that could cause heap corruption and segfaults in CVS
servers talking to clients less than 1.8 and some modern third-party CVS
clients has been fixed.
* mktemp.sh is now included with the source distribution so that the rcs2log
and cvsbug executables may be run on systems which do not contain an
implementation of mktemp.
* Misc documentation fixes.
|
|
|
|
build and install properly using Heimdal.
|
|
|
|
|
|
SERVER SECURITY ISSUES
* pserver can no longer be configured to run as root via the
$CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no
longer leads directly to a root hack. Attempts to root will also be logged
via the syslog.
Take over maintainership.
|
|
Changes since 1.11.9:
*********************
SERVER SECURITY ISSUES
* Malformed module requests could cause the CVS server to attempt to create
directories and possibly files at the root of the filesystem holding the CVS
repository. Filesystem permissions usually prevent the creation of these
misplaced directories, but nevertheless, the CVS server now rejects the
malformed requests.
GENERAL USER ISSUES
* Case insensitive clients using a case sensitive server can now use a
`cvs rm -f file; cvs add FILE' command sequence to add a file with the same
name in a new case.
* CVSROOTs which contain a symlink to a real repository should work.
* The configure script now tests whether it is building CVS on a case
insensitive file system. If it is, CVS assumes that all file systems on this
platform will be case insensitive. This is useful for getting the case
insensitivity flag set correctly when compiling on Mac OS X and under Cygwin
on Windows. Autodetection can be overridden using the
--disable-case-sensitivity and --enable-case-sensitivity arguments to
configure.
* A behavior change in `cvs up -jrev1 -jrev2' for modified files with a base
revision of rev2 (ie, checked-out version matches rev2 and file has been
modified). The operation is no longer ignored and instead is passed to
diff3. This will potentially re-apply the diffs between the two revisions to
a modified local file. Status messages like from a standard merge have also
been added when the file would not or does not change due to this merge
request ("[file] already contains the changes between [revisions]...").
* A bug which could stop `cvs admin -mTAG:message' from recursing has been
fixed.
* Misc documentation cleanup and fixes.
* Some of the contrib scripts, some of the documentation, and sanity.sh were
modified to use and recommend more portable commands rather than using and
recommending commands which were not compatible with the POSIX 1003.1-2001
specification.
DEVELOPER ISSUES
* A new set of tests to test issues specific to case insensitive clients and
servers has also been added.
* Support has been added to the test suite to support testing over a :ext: link
to another machine, subject to some stringent requirements. This support can
be used, for instance, to test the operation of a case insensitive client
against a case sensitive server. Please see the comments in TEST and the
src/sanity.sh test script itself for more.
* We've standardized on Automake 1.7.9 to get a bug fix. See the note below
on the Autoconf upgrade for more details.
* We've standardized on Autoconf version 2.58 to avoid a bug and get at a few
new macros. Again, this should only really affect developers, though it is
possible that CVS will now compile on a few new platforms. Please see the
section of the INSTALL file about using the autotools if you are compiling
CVS yourself.
Changes from 1.11.8 to 1.11.9:
* CVS now knows how to report, as well as record, `P' record types.
* When running the `cvs history' command, clients will now send the
long-accepted `-e' option, for all records, rather than explicitly requesting
`P' record types, a request which servers prior to 1.11.7 will reject with a
fatal error message.
* A problem with locating files requested by case insensitive clients which was
accidentally introduced in 1.11.6 as part of a fix for a data loss problem
involving `cvs add's from case insensitive clients has been fixed. The
relevant error message was `cvs [<command> aborted]: filE,v is ambiguous;
could mean FILE,v or file,v'.
* Attempts to use the global `-l' option, removed from both client and server
as of version 1.11.6, will now elicit a warning rather than a fatal error
from the server.
Changes from 1.11.7 to 1.11.8:
* A problem in the CVS getpass library that could cause passwords to echo on
some systems has been fixed.
Changes from 1.11.6 to 1.11.7:
* A segfault that could occur in very rare cases where the stat of a file
failed during a diff has been fixed.
* Any user with write privleges to the CVSROOT/checkoutlist file could pass
arbitrary format strings directly through to a printf function. This was
probably bad and has been fixed. White space at the beginning of error strings
in checkoutlist is now ignored properly.
* In client/server mode, most messages from CVS now contain the actual
command name rather than the generic "server".
* A long-standing bug that prevented most client/server updates from being
logged in the history file has been fixed.
* Updates done via a patch ("P" status) are now logged in the history file
by default and the corresponding "P" history record type is now documented.
If you're setting the LogHistory option in your CVSROOT/config file, you may
want to add "P" to the list of record types.
* CVS now will always compile and its own getpass() function (originally from
GNULIB) in favor of any system one that may exist. This avoids some problems
with long passwords on some systems and updates us to POSIX.2 compliance, since
getpass() was removed from the POSIX.2 specification.
* A bug that allowed a write lock to be created in a directory despite
there being existing read locks when using LockDir in CVSROOT/config has
been fixed.
* A bug with short patches (`rdiff -s') which caused rdiff to sometimes report
differences that did not exist has been fixed.
* Some minor corrections were made to the diff code to keep diff & rdiff from
printing diff headers with empty change texts when two files have different
revision numbers but the same content.
* The global '-l' option, which suppressed history logging, has been removed
from both client and server.
|
|
|
|
|
|
Requested by salo; ride 1.11.6 update version bump.
|
|
* A warning message is now issued if an administrative file contains
more than one DEFAULT entry.
* An error running a verifymsg script (such as referencing an unset
user variable or the script not existing) now causes the verification
to fail.
* Errors in administrative files commands (like unset user variables)
are no longer reported unless the command is actually executed.
* When a file is initially checked out, its last access time is
now set to the current time rather than being set to the time the
file was last checked in like the modification time is.
* The Checkin.prog and Update.prog functionality has been removed.
This fuctionality previously allowed executables to be specified
in the modules file to be run at update and checkin time, but users
could edit these files on a per workspace basis, creating a security
hole.
[NB: already fixed in the package earlier -- wiz]
* Corrected the path in a failed write error message.
* Autoconf and Automake are no longer run automatically unless you
run configure with --enable-maintainer-mode. Accordingly,
noautomake.sh is no longer needed and has been removed.
* We've standardized on Automake version 1.7.5 and Autoconf version
2.57 to get at a few new macros. Again, this should only really
affect developers. See the section of the INSTALL file about using
the autotools if you are compiling CVS yourself.
|
|
|
|
Remove unnecessary patches on texinfo sources.
|
|
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.
|
|
|
|
The IPv6 patch doesn't go well with Linux idea of struct sockaddr, so
disable IPv6 for the time being.
|
|
So disable IPv6 support on this system.
|
|
IPv6 support on FreeBSD and probably others.
bump PKGREVISION for user-visible changes.
|
|
|
|
mirrors.
|
|
|
|
The security fix that was the reason for releasing 1.11.5 was already
in 1.11.4nb1.
|
|
|
|
- avoid double free
|
