Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <4373FAAC.8030902@cwilson.fastmail.fm> Date: Thu, 10 Nov 2005 20:58:04 -0500 From: Charles Wilson User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Avail for test: cvs-1.11.21-1 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit This is a routine update to the latest upstream release. See below for the list of changes in the official release since 1.11.17. If you use this test release on your production repository, be sure to back it up first. In fact, that's always a good idea. I don't expect any issues, but... -- Chuck Changes since 1.11.20: ********************** BUG FIXES * Thanks to Serguei E. Leontiev, CVS with Kerberos 5 GSSAPI should automatically link on FreeBSD 5.x. (bug #14639). * Thanks to Rahul Bhargava, heavily loaded systems suffering from a disk crash or power failure will not lose data they claimed to have committed. * CVS server now handles conflict markers in Entry requests as documented. * CVS now remembers that binary file merge conflicts occurred until the timestamp of the updated binary file changes. * CVS client now saves some bandwidth by not sending the contents of files with conflicts to the server when it isn't needed. * CVS now does correct locking during import. * A problem where the server could block indefinitely waiting for an EOF from the client when compression was enabled has been fixed. * `cvs diff' no longer splits its arguments on spaces. * Thanks to an old report and patch from Stewart Brodie, a potential crash in response to a corrupt RCS file has been fixed. * CVS now locks the history and val-tags files before writing to them. Especially with large repositories, users should no longer see new warnings about corrupt history records when using the `cvs history' command. Existing corrupt history records will still need to be removed manually. val-tags corruption should have had less obvious effects, but removing the CVSROOT/val-tags file and allowing a 1.11.21 or later version of CVS to regenerate it may eliminate a few odd behaviors and possibly cause a slight speed up of read transactions in large repositories over time. BUILD ISSUES * The RPM spec file works again with the most modern versions of `rpm'. DEVELOPER ISSUES * We've standardized on Automake 1.9.6 to get some at new features that make our jobs easier. See the HACKING file for more on using the autotools with CVS. Changes from 1.11.19 to 1.11.20: ******************************** SERVER SECURITY FIXES * Thanks to a report from Alen Zukich, several minor security issues have been addressed. One was a buffer overflow that is potentially serious but which may not be exploitable, assigned CAN-2005-0753 by the Common Vulnerabilities and Exposures Project . Other fixes resulting from Alen's report include repair of an arbitrary free with no known exploit and several plugged memory leaks and potentially freed NULL pointers which may have been exploitable for a denial of service attack. * Thanks to a report from Craig Monson, minor potential vulnerabilities in the contributed Perl scripts have been fixed. The confirmed vulnerability could allow the execution of arbitrary code on the CVS server, but only if a user already had commit access and if one of the contrib scripts was installed improperly, a condition which should have been quickly visible to any administrator. The complete description of the problem is here: . If you were making use of any of the contributed trigger scripts on a CVS server, you should probably still replace them with the new versions, to be on the safe side. Unfortunately, our fix is incomplete. Taint-checking has been enabled in all the contributed Perl scripts intended to be run as trigger scripts, but no attempt has been made to ensure that they still run in taint mode. You will most likely have to tweak the scripts in some way to make them run. Please send any patches you find necessary back to so that we may again ship fully enabled scripts in the future. You should also make sure that any home-grown Perl scripts that you might have installed as CVS triggers also have taint-checking enabled. This can be done by adding `-T' on the scripts' #! lines. Please try running `perldoc perlsec' if you would like more information on general Perl security and taint-checking. BUG FIXES * Thanks to a report and a patch from Georg Scwharz CVS now builds without error on IRIX 5.3 DEVELOPER ISSUES * We've standardized on Automake 1.9.5 to get some at new features that make our jobs easier. See the HACKING file for more on using the autotools with CVS. Changes from 1.11.18 to 1.11.19: ******************************** BUG FIXES * Thanks to a patch from Jim Hyslop, issuing 'cvs watch on' or 'cvs watch off' in an empty directory no longer clears any watchers in that directory. * An intermittant assertion failure in checkout has been fixed. * Thanks to a report from Chris Bohn, all the source files needed for the Windows "red file" fix are actually included in the distribution. * Misc bug and documentation fixes. Changes from 1.11.17 to 1.11.18: ******************************** BUG FIXES * Thanks to a report from Gottfried Ganssauge, CVS no longer exits when it encounters links pointing to paths containing more than 128 characters. * Thanks to a report from Dan Peterson, error messages from GSSAPI servers are no longer truncated. * Thanks to a report from Dan Peterson, attempts to resurrect a file on the trunk that was added on a branch no longer causes an assertion failure. * Thanks to a report from Dan Peterson, imports to branches like "1.1." no longer create corrupt RCS archives. * Thanks to a report from Chris Bohn, links from J.C. Hamlin, and code posted by Jonathan Gilligan, we think we have finally corrected the Windows "red-file" (daylight savings time) bug once and for all. * Thanks to a patch from Jeroen Ruigrok/asmodai, the log_accum.pl script should no longer elicit warnings from Perl 5.8.5. * The r* commands (rlog, rls, etc.) can once again handle requests to run against the entire repository (e.g. `cvs rlog .'). Thanks go to Dan Peterson for the report. * A problem where the attempted access of files via tags beginning with spaces could cause the CVS server to hang has been fixed. This was a particular problem with WinCVS clients because users would sometimes accidentally include spaces in tags pasted into a dialog box. This fix also altered some of the error messages generated by the use of invalid tags. Thanks go to Dan Peterson for the report. * Thanks to James E Wilson for a bug fix to modules processing "gcc-core -a !gcc/f gcc" will no longer exclude gcc/fortran by mistake. * Thanks to Conrad Pino, the Windows build works once again. * Misc updates to the manual. DEVELOPER ISSUES * We've standardized on Automake 1.9.3 to get some at new features that make our jobs easier. See the note below on the Autoconf upgrade for more details. * We've standardized on Autoconf version 2.59 to get presumed bug fixes and features, but nothing specific. Mostly, once we decide to upgrade one of the autotools we just figure it'll save time later to grab the most current versions of the others too. See the HACKING file for more on using the autotools with CVS. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/