From the NEWS file of cvs 1.11.11:
* pserver can no longer be configured to run as root via the
$CVSROOT/CVSROOT/passwd file, so if your passwd file is
compromised, it no longer leads directly to a root hack. Attempts
to root will also be logged via the syslog.
* Malformed module requests could cause the CVS server to attempt
to create directories and possibly files at the root of the
filesystem holding the CVS repository. Filesystem permissions
usually prevent the creation of these misplaced directories, but
nevertheless, the CVS server now rejects the malformed requests.
Obtained from: ccvs.cvshome.org
of the bugs that I know of. We've been running a slightly older version
of this on freefall/repoman, where it was afflicted by a silly merge error
on my part (fixed).
Approved by: re
things fixed in here, including the '-ko' vs. -A problem with
remote cvs which caused all files with -ko to be resent each time
(which is damn painful over a modem, I can tell you). It also found a
heap of stray empty directories that should have been pruned with the -P
flag to cvs update but were not for some reason.
It also has the fully integrated rcs and diff, so no more fork/exec
overheads for rcs,ci,patch,diff,etc. This means that it parses the control
data in the rcs files only once rather than twice or more.
If the 'cvs diff' vs. Index thing is going to be fixed for future patch
compatability, this is the place to do it.
few more memory leaks and cleaned up getopt usage. These were done shortly
after the last one I imported. Very little has changed other than that.
(except for some doc updates)
Obtained from: cyclic.com
last time. I should have pulled these in last time as it allows easier
comparison of "where we are at" relative to the current version from
cyclic.com. Since this is in a 4.4BSD style tree layout, the changelogs
dont exactly match the file layout, but it's close enough.
plus a couple of minor changes..
Some highlights of the new stuff that was not in the old version:
- remote access support.. full checkout/commit/log/etc..
- much improved dead file support..
- speed improvements
- better $CVSROOT handling
- $Name$ support
- support for a "cvsadmin" group to cut down rampant use of "cvs admin -o"
- safer setuid/setgid support
- many bugs fixed.. :-)
- probably some new ones.. :-(
- more that I cannot remember offhand..
plus a couple of minor changes..
Some highlights of the new stuff that was not in the old version:
- remote access support.. full checkout/commit/log/etc..
- much improved dead file support..
- speed improvements
- better $CVSROOT handling
- $Name$ support
- support for a "cvsadmin" group to cut down rampant use of "cvs admin -o"
- safer setuid/setgid support
- many bugs fixed.. :-)
- probably some new ones.. :-(
- more that I cannot remember offhand..
