summaryrefslogtreecommitdiffstats
path: root/contrib/cvs/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/cvs/NEWS')
-rw-r--r--contrib/cvs/NEWS204
1 files changed, 203 insertions, 1 deletions
diff --git a/contrib/cvs/NEWS b/contrib/cvs/NEWS
index bca44f8..5054f02 100644
--- a/contrib/cvs/NEWS
+++ b/contrib/cvs/NEWS
@@ -1,6 +1,208 @@
-Changes since 1.11.16:
+Changes since 1.11.21:
**********************
+BUG FIXES
+
+* The CVS client again correctly reports files with conflicts when using
+ servers running CVS 1.11.20/1.12.12, or earlier (and maybe 3rd party
+ servers).
+
+* The GSSAPI server should now build under HP-UX.
+
+* `cvs rtag' now correctly tags files that have been removed from the trunk.
+
+* Code efficiency has been improved slightly.
+
+* A rare race condition that could leave a lock on the val-tags file has been
+ avoided.
+
+* A potential buffer overflow in the history command has been fixed.
+
+* Thanks to a report and patch from Garrett Rooney <grooney@collab.net>, paused
+ trigger processes no longer cause the CVS server to consume 100% CPU.
+
+* Thanks to a suggestion from Joseph P. Skudlarek <Jskud@Jskud.com>, an
+ :extssh: has been added as a synonym of the :ext: access method, as a
+ kindness to users of old version of Eclipse.
+
+* Misc documentation updates and minor bug fixes.
+
+Changes from 1.11.20 to 1.11.21:
+********************************
+
+BUG FIXES
+
+* Thanks to Serguei E. Leontiev <lse@CryptoPro.ru>, CVS with Kerberos 5 GSSAPI
+ should automatically link on FreeBSD 5.x. (bug #14639).
+
+* Thanks to Rahul Bhargava <rahul@wandisco.com>, heavily loaded systems
+ suffering from a disk crash or power failure will not lose data they claimed
+ to have committed.
+
+* CVS server now handles conflict markers in Entry requests as documented.
+
+* CVS now remembers that binary file merge conflicts occurred until the
+ timestamp of the updated binary file changes.
+
+* CVS client now saves some bandwidth by not sending the contents of files
+ with conflicts to the server when it isn't needed.
+
+* CVS now does correct locking during import.
+
+* A problem where the server could block indefinitely waiting for an EOF from
+ the client when compression was enabled has been fixed.
+
+* `cvs diff' no longer splits its arguments on spaces.
+
+* Thanks to an old report and patch from Stewart Brodie <stewart@eh.org>, a
+ potential crash in response to a corrupt RCS file has been fixed.
+
+* CVS now locks the history and val-tags files before writing to them.
+ Especially with large repositories, users should no longer see new warnings
+ about corrupt history records when using the `cvs history' command. Existing
+ corrupt history records will still need to be removed manually. val-tags
+ corruption should have had less obvious effects, but removing the
+ CVSROOT/val-tags file and allowing a 1.11.21 or later version of CVS to
+ regenerate it may eliminate a few odd behaviors and possibly cause a slight
+ speed up of read transactions in large repositories over time.
+
+BUILD ISSUES
+
+* The RPM spec file works again with the most modern versions of `rpm'.
+
+DEVELOPER ISSUES
+
+* We've standardized on Automake 1.9.6 to get some at new features that make
+ our jobs easier. See the HACKING file for more on using the autotools with
+ CVS.
+
+Changes from 1.11.19 to 1.11.20:
+********************************
+
+SERVER SECURITY FIXES
+
+* Thanks to a report from Alen Zukich <alen.zukich@klocwork.com>, several minor
+ security issues have been addressed. One was a buffer overflow that is
+ potentially serious but which may not be exploitable, assigned CAN-2005-0753
+ by the Common Vulnerabilities and Exposures Project
+ <http://www.cve.mitre.org>. Other fixes resulting from Alen's report include
+ repair of an arbitrary free with no known exploit and several plugged memory
+ leaks and potentially freed NULL pointers which may have been exploitable for
+ a denial of service attack.
+
+* Thanks to a report from Craig Monson <craig@malachiarts.com>, minor
+ potential vulnerabilities in the contributed Perl scripts have been fixed.
+ The confirmed vulnerability could allow the execution of arbitrary code on
+ the CVS server, but only if a user already had commit access and if one of
+ the contrib scripts was installed improperly, a condition which should have
+ been quickly visible to any administrator. The complete description of the
+ problem is here: <https://ccvs.cvshome.org/issues/show_bug.cgi?id=224>. If
+ you were making use of any of the contributed trigger scripts on a CVS
+ server, you should probably still replace them with the new versions, to be
+ on the safe side.
+
+ Unfortunately, our fix is incomplete. Taint-checking has been enabled in all
+ the contributed Perl scripts intended to be run as trigger scripts, but no
+ attempt has been made to ensure that they still run in taint mode. You will
+ most likely have to tweak the scripts in some way to make them run. Please
+ send any patches you find necessary back to <bug-cvs@nongnu.org> so that we
+ may again ship fully enabled scripts in the future.
+
+ You should also make sure that any home-grown Perl scripts that you might
+ have installed as CVS triggers also have taint-checking enabled. This can be
+ done by adding `-T' on the scripts' #! lines. Please try running
+ `perldoc perlsec' if you would like more information on general Perl security
+ and taint-checking.
+
+BUG FIXES
+
+* Thanks to a report and a patch from Georg Scwharz <georg.scwarz@freenet.de>
+ CVS now builds without error on IRIX 5.3
+
+DEVELOPER ISSUES
+
+* We've standardized on Automake 1.9.5 to get some at new features that make
+ our jobs easier. See the HACKING file for more on using the autotools with
+ CVS.
+
+Changes from 1.11.18 to 1.11.19:
+********************************
+
+BUG FIXES
+
+* Thanks to a patch from Jim Hyslop <jhyslop@ieee.org>, issuing
+ 'cvs watch on' or 'cvs watch off' in an empty directory no longer
+ clears any watchers in that directory.
+
+* An intermittant assertion failure in checkout has been fixed.
+
+* Thanks to a report from Chris Bohn <cbohn@rrinc.com>, all the source files
+ needed for the Windows "red file" fix are actually included in the
+ distribution.
+
+* Misc bug and documentation fixes.
+
+Changes from 1.11.17 to 1.11.18:
+********************************
+
+BUG FIXES
+
+* Thanks to a report from Gottfried Ganssauge <gotti@cvshome.org>, CVS no
+ longer exits when it encounters links pointing to paths containing more
+ than 128 characters.
+
+* Thanks to a report from Dan Peterson <dbpete@aol.com>, error messages from
+ GSSAPI servers are no longer truncated.
+
+* Thanks to a report from Dan Peterson <dbpete@aol.com>, attempts to resurrect
+ a file on the trunk that was added on a branch no longer causes an assertion
+ failure.
+
+* Thanks to a report from Dan Peterson <dbpete@aol.com>, imports to branches
+ like "1.1." no longer create corrupt RCS archives.
+
+* Thanks to a report from Chris Bohn <cbohn@rrinc.com>, links from J.C. Hamlin
+ <jchamlin@ibsys.com>, and code posted by Jonathan Gilligan, we think we have
+ finally corrected the Windows "red-file" (daylight savings time) bug once and
+ for all.
+
+* Thanks to a patch from Jeroen Ruigrok/asmodai <asmodai@wxs.nl>, the
+ log_accum.pl script should no longer elicit warnings from Perl 5.8.5.
+
+* The r* commands (rlog, rls, etc.) can once again handle requests to run
+ against the entire repository (e.g. `cvs rlog .'). Thanks go to Dan Peterson
+ <dbpete@aol.com> for the report.
+
+* A problem where the attempted access of files via tags beginning with spaces
+ could cause the CVS server to hang has been fixed. This was a particular
+ problem with WinCVS clients because users would sometimes accidentally
+ include spaces in tags pasted into a dialog box. This fix also altered some
+ of the error messages generated by the use of invalid tags. Thanks go to Dan
+ Peterson <dbpete@aol.com> for the report.
+
+* Thanks to James E Wilson <wilson@specifixinc.com> for a bug fix to
+ modules processing "gcc-core -a !gcc/f gcc" will no longer exclude
+ gcc/fortran by mistake.
+
+* Thanks to Conrad Pino <conrad@pino.com>, the Windows build works once again.
+
+* Misc updates to the manual.
+
+DEVELOPER ISSUES
+
+* We've standardized on Automake 1.9.3 to get some at new features that make
+ our jobs easier. See the note below on the Autoconf upgrade for more
+ details.
+
+* We've standardized on Autoconf version 2.59 to get presumed bug fixes and
+ features, but nothing specific. Mostly, once we decide to upgrade one of the
+ autotools we just figure it'll save time later to grab the most current
+ versions of the others too. See the HACKING file for more on using the
+ autotools with CVS.
+
+Changes from 1.11.16 to 1.11.17:
+********************************
+
SERVER SECURITY FIXES
* Thanks to Stefan Esser & Sebastian Krahmer, several potential security
OpenPOWER on IntegriCloud