freebsd-nq/usr.sbin/ctm
Conrad Meyer 9c363a12fb ctm: Fix some trivial argv buffer overruns
It may not do the right thing with these obviously wrong inputs, but at
least it won't smash the stack.

Reported by:	Coverity (CWE-120)
CIDs:		1006697, 1006698
Sponsored by:	Dell EMC Isilon
2017-04-13 22:59:17 +00:00
..
ctm
ctm_dequeue ctm: Fix some trivial argv buffer overruns 2017-04-13 22:59:17 +00:00
ctm_rmail
ctm_smail ctm: Fix some trivial argv buffer overruns 2017-04-13 22:59:17 +00:00
mkCTM
Makefile
Makefile.inc
README

# ----------------------------------------------------------------------------
# "THE BEER-WARE LICENSE" (Revision 42):
# <phk@FreeBSD.org> wrote this file.  As long as you retain this notice you
# can do whatever you want with this stuff. If we meet some day, and you think
# this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
# ----------------------------------------------------------------------------
#
# $FreeBSD$
#

What will I not find in this file ?
-----------------------------------
Instructions on how to obtain FreeBSD via CTM.
Contact <CTM@FreeBSD.org> for that.

What is CTM ?
-------------
CTM was originally "CVS Through eMail", but has since changed scope to be
much more general.
CTM is now meant to be the definitive way to make and apply a delta between
two versions of a directory tree.
There are two parts to this, making the delta and applying it.  These are two
entirely different things.  CTM concentrates the computation-burden on the
generation of the deltas, as a delta very often is applied more times than
it is made.  Second CTM tries to make the minimal size delta.

Why not use diff/patch ?
------------------------
Good question.  Primarily because diff and patch doesn't do their job very 
well.  They don't deal with binary files (in this case files with '\0' or 
'\0377' characters in them or files that doesn't end in '\n') which isn't
a big surprise:  they were made to deal with text-files only.  As a second
gripe, with patch you send the entire file to delete it.  Not particular
efficient.

So what does CTM do exactly ?
-----------------------------
CTM will produce a file, (a delta) containing the instructions and data needed
to take another copy of the tree from the old to the new status.  CTM means to
do this in the exact sense, and therefore the delta contains MD5 checksums to
verify that the tree it is applied to is indeed in the state CTM expects.

This means that if you have modified the tree locally, CTM might not be able
to upgrade your copy.

How do I make a CTM-delta ?
---------------------------

Read the source, and be prepared to have 2 copies of the tree; One is
the reference ("From") tree, and the other is the delta ("To") tree.
The mkCTM script will create the CTM diff of the differences between
the reference tree and the delta tree. A lot of scratch space is
required, and your machine will work hard.

How do I apply a CTM-delta ?
----------------------------
You pass it to the 'ctm' command.  You can pass a CTM-delta on stdin, or
you can give the filename as an argument.  If you do the latter, you make
life a lot easier for your self, since the program can accept gzip'ed files
and since it will not have to make a temporary copy of your file.  You can
specify multiple deltas at one time, they will be processed one at a time.

The ctm command runs in a number of passes.  It will process the entire
input file in each pass, before commencing with the next pass.

Pass 1 will validate that the input file is OK.  The syntax, the data and 
the global MD5 checksum will be checked.  If any of these fail, ctm will
never be able to do anything with the file, so it will simply reject it.

Pass 2 will validate that the directory tree is in the state expected by
the CTM-delta.  This is done by looking for files and directories which
should/should not exists and by checking the MD5 checksums of files.  

Pass 3 will actually apply the delta.

Should I delete the delta when I have applied it ?
--------------------------------------------------
No.  You might want to selectively reconstruct a file latter on.

Why is CTM not being maintained?
--------------------------------
Because CVSUP has improved on the concept quite a bit, and is now
the method of choice.

Poul-Henning