Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/gnu/dist/cvs Pull up cvs-1.11.10 from head; fixes secur...
details: https://anonhg.NetBSD.org/src/rev/ca8c44501306
branches: netbsd-1-6
changeset: 531029:ca8c44501306
user: christos <christos%NetBSD.org@localhost>
date: Wed Dec 17 17:40:51 2003 +0000
description:
Pull up cvs-1.11.10 from head; fixes security issue with random file creation
at root abusing the modules command.
diffstat:
gnu/dist/cvs/AUTHORS | 88 +-
gnu/dist/cvs/BUGS | 92 +-
gnu/dist/cvs/ChangeLog | 537 ++
gnu/dist/cvs/DEVEL-CVS | 2 +-
gnu/dist/cvs/FAQ | 6 +-
gnu/dist/cvs/INSTALL | 52 +-
gnu/dist/cvs/Makefile.am | 9 +-
gnu/dist/cvs/Makefile.in | 247 +-
gnu/dist/cvs/NEWS | 200 +-
gnu/dist/cvs/README | 86 +-
gnu/dist/cvs/TESTS | 11 +-
gnu/dist/cvs/TODO | 31 +-
gnu/dist/cvs/acinclude.m4 | 98 +-
gnu/dist/cvs/aclocal.m4 | 268 +-
gnu/dist/cvs/config.h.in | 23 +-
gnu/dist/cvs/configure | 6194 ++++++++++++++++++++----------
gnu/dist/cvs/configure.in | 200 +-
gnu/dist/cvs/contrib/ChangeLog | 64 +
gnu/dist/cvs/contrib/Makefile.am | 21 +-
gnu/dist/cvs/contrib/Makefile.in | 150 +-
gnu/dist/cvs/contrib/check_cvs.in | 143 +-
gnu/dist/cvs/contrib/commit_prep.in | 225 +-
gnu/dist/cvs/contrib/cvs2vendor.sh | 7 +-
gnu/dist/cvs/contrib/cvs_acls.in | 13 +-
gnu/dist/cvs/contrib/debug_check_log.sh | 13 +-
gnu/dist/cvs/contrib/log_accum.in | 1030 ++--
gnu/dist/cvs/contrib/rcs2log.sh | 13 +-
gnu/dist/cvs/contrib/rcs2sccs.sh | 6 +-
gnu/dist/cvs/contrib/sccs2rcs.in | 51 +-
gnu/dist/cvs/cvs.spec.in | 23 +-
gnu/dist/cvs/cvs2netbsd | 2 +-
gnu/dist/cvs/depcomp | 318 +-
gnu/dist/cvs/diff/ChangeLog | 31 +
gnu/dist/cvs/diff/Makefile.in | 212 +-
gnu/dist/cvs/diff/diff3.c | 1 +
gnu/dist/cvs/diff/io.c | 5 +-
gnu/dist/cvs/diff/system.h | 16 +-
gnu/dist/cvs/diff/util.c | 6 +-
gnu/dist/cvs/doc/ChangeLog | 339 +
gnu/dist/cvs/doc/Makefile.am | 55 +-
gnu/dist/cvs/doc/Makefile.in | 370 +-
gnu/dist/cvs/doc/cvs.texinfo | 593 +-
gnu/dist/cvs/doc/cvsclient.texi | 10 +
gnu/dist/cvs/doc/stamp-1 | 8 +-
gnu/dist/cvs/doc/stamp-vti | 8 +-
gnu/dist/cvs/doc/version-client.texi | 8 +-
gnu/dist/cvs/doc/version.texi | 8 +-
gnu/dist/cvs/lib/ChangeLog | 78 +
gnu/dist/cvs/lib/Makefile.am | 16 +-
gnu/dist/cvs/lib/Makefile.in | 240 +-
gnu/dist/cvs/lib/fncase.c | 50 +-
gnu/dist/cvs/lib/getdate.y | 18 +
gnu/dist/cvs/lib/system.h | 84 +-
gnu/dist/cvs/lib/wait.h | 3 +
gnu/dist/cvs/man/ChangeLog | 29 +
gnu/dist/cvs/man/Makefile.am | 4 +-
gnu/dist/cvs/man/Makefile.in | 157 +-
gnu/dist/cvs/man/cvs.1 | 9 +
gnu/dist/cvs/src/ChangeLog | 1098 +++++-
gnu/dist/cvs/src/Makefile.am | 14 +-
gnu/dist/cvs/src/Makefile.in | 218 +-
gnu/dist/cvs/src/add.c | 51 +-
gnu/dist/cvs/src/admin.c | 36 +-
gnu/dist/cvs/src/annotate.c | 6 +-
gnu/dist/cvs/src/buffer.c | 12 +-
gnu/dist/cvs/src/checkin.c | 29 +-
gnu/dist/cvs/src/checkout.c | 68 +-
gnu/dist/cvs/src/client.c | 392 +-
gnu/dist/cvs/src/client.h | 12 +-
gnu/dist/cvs/src/commit.c | 531 +-
gnu/dist/cvs/src/cvs.h | 22 +-
gnu/dist/cvs/src/cvsbug.in | 21 +-
gnu/dist/cvs/src/diff.c | 334 +-
gnu/dist/cvs/src/edit.c | 16 +-
gnu/dist/cvs/src/expand_path.c | 2 +-
gnu/dist/cvs/src/filesubr.c | 192 +-
gnu/dist/cvs/src/hash.c | 13 +-
gnu/dist/cvs/src/history.c | 50 +-
gnu/dist/cvs/src/ignore.c | 2 +-
gnu/dist/cvs/src/import.c | 3 +-
gnu/dist/cvs/src/lock.c | 80 +-
gnu/dist/cvs/src/log.c | 31 +-
gnu/dist/cvs/src/login.c | 11 +-
gnu/dist/cvs/src/logmsg.c | 11 +-
gnu/dist/cvs/src/main.c | 18 +-
gnu/dist/cvs/src/mkmodules.c | 16 +-
gnu/dist/cvs/src/modules.c | 67 +-
gnu/dist/cvs/src/myndbm.c | 2 +-
gnu/dist/cvs/src/no_diff.c | 7 +-
gnu/dist/cvs/src/parseinfo.c | 42 +-
gnu/dist/cvs/src/patch.c | 79 +-
gnu/dist/cvs/src/rcs.c | 357 +-
gnu/dist/cvs/src/rcs.h | 5 +-
gnu/dist/cvs/src/rcscmds.c | 83 +-
gnu/dist/cvs/src/recurse.c | 61 +-
gnu/dist/cvs/src/remove.c | 6 +-
gnu/dist/cvs/src/repos.c | 7 +-
gnu/dist/cvs/src/root.c | 46 +-
gnu/dist/cvs/src/root.h | 4 +-
gnu/dist/cvs/src/sanity.sh | 6163 +++++++++++++++++++++--------
gnu/dist/cvs/src/server.c | 867 +--
gnu/dist/cvs/src/server.h | 28 +-
gnu/dist/cvs/src/status.c | 11 +-
gnu/dist/cvs/src/subr.c | 175 +-
gnu/dist/cvs/src/tag.c | 10 +-
gnu/dist/cvs/src/update.c | 264 +-
gnu/dist/cvs/src/update.h | 2 +-
gnu/dist/cvs/src/vers_ts.c | 7 +-
gnu/dist/cvs/src/watch.c | 11 +-
gnu/dist/cvs/src/wrapper.c | 2 -
110 files changed, 16211 insertions(+), 7965 deletions(-)
diffs (truncated from 40390 to 300 lines):
diff -r 58717a477746 -r ca8c44501306 gnu/dist/cvs/AUTHORS
--- a/gnu/dist/cvs/AUTHORS Thu Nov 27 23:58:26 2003 +0000
+++ b/gnu/dist/cvs/AUTHORS Wed Dec 17 17:40:51 2003 +0000
@@ -1,4 +1,88 @@
Authors of GNU CVS
-Um, yeah. There were lots of 'em. See the "Credits" section of the
-README file and the individual ChangeLog files for more.
+The conflict-resolution algorithms and much of the administrative file
+definitions of CVS were based on the original package written by Dick Grune
+at Vrije Universiteit in Amsterdam <dick%cs.vu.nl@localhost>, and posted to
+comp.sources.unix in the volume 6 release sometime in 1986. This original
+version was a collection of shell scripts. I am thankful that Dick made
+his work available.
+
+Brian Berliner from Prisma, Inc. (now at Sun Microsystems, Inc.)
+<berliner%sun.com@localhost> converted the original CVS shell scripts into reasonably
+fast C and added many, many features to support software release control
+functions. See the manual page in the "man" directory. A copy of the
+USENIX article presented at the Winter 1990 USENIX Conference, Washington
+D.C., is included in the "doc" directory.
+
+Jeff Polk from BSDI <polk%bsdi.com@localhost> converted the CVS 1.2
+sources into much more readable and maintainable C code. He also added a
+whole lot of functionality and modularity to the code in the process.
+See the bottom of the NEWS file (from about 1992).
+
+david d `zoo' zuhn <zoo%armadillo.com@localhost> contributed the working base code
+for CVS 1.4 Alpha. His work carries on from work done by K. Richard Pixley
+and others at Cygnus Support. The CVS 1.4 upgrade is due in large part to
+Zoo's efforts.
+
+David G. Grubbs <dgg%odi.com@localhost> contributed the CVS "history" and "release"
+commands. As well as the ever-so-useful "-n" option of CVS which tells CVS
+to show what it would do, without actually doing it. He also contributed
+support for the .cvsignore file.
+
+The Free Software Foundation (GNU) contributed most of the portability
+framework that CVS now uses. This can be found in the "configure" script,
+the Makefile's, and basically most of the "lib" directory.
+
+K. Richard Pixley, Cygnus Support <rich%cygnus.com@localhost> contributed many bug
+fixes/enhancement as well as completing early reviews of the CVS 1.3 manual
+pages.
+
+Roland Pesch, then of Cygnus Support <roland%wrs.com@localhost> contributed
+brand new cvs(1) and cvs(5) manual pages. Thanks to him for saving us
+from poor use of our language!
+
+Paul Sander, HaL Computer Systems, Inc. <paul%hal.com@localhost> wrote and
+contributed the code in lib/sighandle.c. I added support for POSIX, BSD,
+and non-POSIX/non-BSD systems.
+
+Jim Kingdon and others at Cygnus Support <info%cygnus.com@localhost> wrote the
+remote repository access code.
+
+Larry Jones and Derek Price <derek%ximbiot.com@localhost> have been maintaining and
+enhancing CVS for some years. Mark D. Baushke <mdb%cvshome.org@localhost> came on in
+2003.
+
+There have been many, many contributions not listed here. Consult the
+individual ChangeLog files in each directory for a more complete idea.
+
+In addition to the above contributors, the following Beta testers
+deserve special mention for their support. This is only a partial
+list; if you have helped in this way and would like to be listed, let
+bug-cvs know (as described in the Cederqvist manual).
+
+ Mark D. Baushke <mdb%cisco.com@localhost>
+ Per Cederqvist <ceder%signum.se@localhost>
+ J.T. Conklin <jtc%cygnus.com@localhost>
+ Vince DeMarco <vdemarco%fdcsrvr.cs.mci.com@localhost>
+ Paul Eggert <eggert%twinsun.com@localhost>
+ Lal George <george%research.att.com@localhost>
+ Dean E. Hardi <Dean.E.Hardi%ccmail.jpl.nasa.gov@localhost>
+ Mike Heath <mike%pencom.com@localhost>
+ Jim Kingdon <kingdon%cygnus.com@localhost>
+ Bernd Leibing <bernd.leibing%rz.uni-ulm.de@localhost>
+ Benedict Lofstedt <benedict%tusc.com.au@localhost>
+ Dave Love <d.love%dl.ac.uk@localhost>
+ Robert Lupton the Good <rhl%astro.princeton.edu@localhost>
+ Tom McAliney <tom%hilco.com@localhost>
+ Eberhard Mattes <mattes%azu.informatik.uni-stuttgart.de@localhost>
+ Jim Meyering <meyering%comco.com@localhost>
+ Thomas Mohr <mohr%lts.sel.alcatel.de@localhost>
+ Thomas Nilsson <thoni%softlab.se@localhost>
+ Raye Raskin <raye.raskin%lia.com@localhost>
+ Harlan Stenn <harlan%landmark.com@localhost>
+ Gunnar Tornblom <gunnar.tornblom%senet.abb.se@localhost>
+ Greg A. Woods <woods%planix.com@localhost>
+
+Many contributors have added code to the "contrib" directory. See the
+README file there for a list of what is available. There is also a
+contributed GNU Emacs CVS-mode in tools/pcl-cvs.
diff -r 58717a477746 -r ca8c44501306 gnu/dist/cvs/BUGS
--- a/gnu/dist/cvs/BUGS Thu Nov 27 23:58:26 2003 +0000
+++ b/gnu/dist/cvs/BUGS Wed Dec 17 17:40:51 2003 +0000
@@ -15,16 +15,6 @@
This file also might contain some platform-specific bugs.
-* Need more work on the procedure for fixing it if a binary file is
-accidentally added in text mode (sanity.sh test cases, better
-documentation, probably update and/or admin -kb should update
-the -k setting in CVS/Entries).
-
-
-* Wrappers (-t/-f) do not work client/server, and there are a variety of other
-bugs and annoyances with wrappers.
-
-
* If your login name contains a space or various other characters
(particularly an issue on Windows), CVS will have trouble (it will
write invalid RCS files, probably). The fix would be to have CVS
@@ -42,6 +32,21 @@
"Global_option -r" which sends -r.
+* Symbolic links to files will not work with or without LockDir. In the
+repository, you should avoid using symbolic links to files since this issue
+can cause data loss. Symlinks are only a problem when writing files. If your
+repository does not allow any write access, symlinks are not a problem.
+
+
+* Symbolic links to directories will not work with LockDir. In the
+repository, you should avoid using symbolic links to directories if
+you intend to use LockDir as the correct directory will NOT be locked
+by CVS during write. Directory symlinks are not recommended, but should work
+as long as LockDir is not being used. Symlinks are only a problem when
+writing files. If your repository does not allow any write access, symlinks
+are never a problem, whether or not LockDir is in use.
+
+
* "make remotecheck" sometimes fails on test 187a3 with
cvs server: in directory .:
cvs [server aborted]: *PANIC* administration files missing
@@ -59,49 +64,13 @@
users who try to add the same directory at nearly the same time.
-* 'cvs admin' dumped core when files were missing from working directory
- (and from the repository)?
-
-
-* The following bug was reported against CVS 1.9:
-
- Create a module named test with a file named test in it.
-
- cactus:sfavor> cvs get test
- cvs checkout: Updating test
- U test/test
- cactus:sfavor> cd test
- cactus:sfavor> cvs get test
- cvs checkout: cannot chdir to test: Not a directory
- cvs checkout: ignoring module test
- Exit 1
- cactus:sfavor> cvs update
- cvs update: Updating .
- rcs.c:2139: failed assertion `rev == NULL || isdigit (*rev)'
- Abort (core dumped)
- Exit 134
-
-
-* pcl-cvs doesn't like it when you try to check in a file which isn't
- up-to-date. The messages produced by the server perhaps don't match
- what pcl-cvs is looking for.
-
-
-* From: billr%mpd.tandem.com@localhost (Bill Robertson)
- Subject: Problem with rtag and the -D option
- Date: Fri, 17 Mar 1995 10:53:29 -0600 (CST)
-
- I have been trying to use the -D option to specify a date for tagging, but
- rtag does not recognize the -D option. It is documented to do so and I've
- tested the use of -D with cvs update and cvs diff and it works fine there.
-
* From: "Charles M. Hannum" <mycroft%ai.mit.edu@localhost>
To: info-cvs%prep.ai.mit.edu@localhost
Subject: Still one more bug
Date: Sat, 25 Feb 1995 17:01:15 -0500
mycroft@duality [1]; cd /usr/src/lib/libc
- mycroft@duality [1]; cvs diff -c2 '-D1 day ago' -Dnow
+ mycroft@duality [1]; cvs diff -C2 '-D1 day ago' -Dnow
cvs server: Diffing .
cvs server: Diffing DB
cvs [server aborted]: could not chdir to DB: No such file or directory
@@ -229,3 +198,32 @@
Send me a PGP-signed message if you want the password to use the machine
where the problem showed up.
+
+* CVS does not always seem to be waiting to the next filesystem timestamp
+quanta after commits. So far this has only shown up in testing under the BSDI
+OS. The symptoms are that ocassionally CVS will not notice that modified files
+are modified, though the file must be modified within a short time after the
+commit, probably milliseconds or seconds, for this symptom to be noticed. One
+suspected cause is that one of the calls to sleep_past() is being called with
+an incorrect value, though this does not explain why symptoms have only been
+noticed under BSDI.
+
+* Spaces in arguments to `cvs diff' are currently split on spaces and tabs
+before being passed to diff. This can often cause diff to abort since it can
+no longer interpret its options string and if it can, coincidentally,
+interpret its option string, then the problem may be output in unexpected
+formats.
+
+* `release' of a project subdir does not remove the `subdir' entry from
+ `./CVS/Entries'.
+
+* Status
+
+ /*-------.
+ | Stable |
+ `-------*/
+
+ /*-------------------------.
+ | Sane for full scale use. |
+ `-------------------------*/
+
diff -r 58717a477746 -r ca8c44501306 gnu/dist/cvs/ChangeLog
--- a/gnu/dist/cvs/ChangeLog Thu Nov 27 23:58:26 2003 +0000
+++ b/gnu/dist/cvs/ChangeLog Wed Dec 17 17:40:51 2003 +0000
@@ -1,3 +1,533 @@
+2003-12-03 Derek Price <derek%ximbiot.com@localhost>
+
+ * configure.in: Always AC_LIBOBJ(fncase) when filenames are found to be
+ case insensitive.
+ * configure: Regenerated.
+
+2003-11-26 Derek Price <derek%ximbiot.com@localhost>
+
+ * NEWS: Note recase tests.
+
+2003-11-26 Derek Price <derek%ximbiot.com@localhost>
+
+ * NEWS: Note new test suite functionality.
+
+2003-11-25 Derek Price <derek%ximbiot.com@localhost>
+
+ * NEWS: Note latest case insensitivity fix.
+
+2003-11-19 Derek Price <derek%ximbiot.com@localhost>
+
+ * NEWS: Rename "OTHER ISSUES" to "GENERAL USER ISSUES" and move the
+ note about the Autoconf upgrade to a new "DEVELOPER ISSUES" section.
+ Add a note about upgrading Automake.
+ * aclocal.m4, configure, **/Makefile.in: Regenerated with Automake
+ 1.7.9.
+
+2003-11-18 Derek Price <derek%ximbiot.com@localhost>
+
+ * NEWS: Subdivide Changes section into "SERVER SECURITY ISSUES" and
+ "OTHER ISSUES". Note module abspath issue in security section.
+
+2003-11-10 Derek Price <derek%ximbiot.com@localhost>
+
+ * BUGS: Add some detail to the last two notes Mark added.
+
+2003-11-10 Mark D. Baushke <mdb%cvshome.org@localhost>
+
+ * BUGS: Note that symlinks to files will not work with or without
+ LockDir. Note that symlinks to directories will not work with
+ LockDir.
+
+ * NEWS (Changes since 1.11.9): Note symlinked CVSROOT now works.
+
+2003-11-10 Derek Price <derek%ximbiot.com@localhost>
+
+ * configure.in: Require Autoconf 2.58.
+ * INSTALL, NEWS: Note new Autoconf requirements.
+
+ * configure: Regenerated.
+
+2003-11-04 Derek Price <derek%ximbiot.com@localhost>
+
+ * configure.in: Add some more help text for --enable-case-sensitivity.
+ * configure: Regenerated.
+
+2003-11-03 Derek Price <derek%ximbiot.com@localhost>
+
+ * configure.in: Require Automake 1.7.5.
+
+2003-11-03 Derek Price <derek%ximbiot.com@localhost>
+
+ * INSTALL: Add some notes on Autoconf requirements.
+
+2003-10-31 Derek Price <derek%ximbiot.com@localhost>
+
+ * INSTALL: Note Cygwin as an option for building CVS under Windows.
+
+2003-10-31 Derek Price <derek%ximbiot.com@localhost>
+
+ * INSTALL: s/cvsgui/wincvs/.
+
+2003-10-27 Derek Price <derek%ximbiot.com@localhost>
+
+ * configure.in: Move case sensitivity test to the enable-* section and
+ allow override via command line switch.
+ * NEWS: Update last news item to reflect new command line switch.
Home |
Main Index |
Thread Index |
Old Index