/contrib/cvs/NEWS
https://bitbucket.org/freebsd/freebsd-head/ · #! · 1905 lines · 1423 code · 482 blank · 0 comment · 0 complexity · 4757c658c84975a79a2bc2338854851d MD5 · raw file
Large files are truncated click here to view the full file
- Changes since 1.11.22:
- **********************
- NEW FEATURES
- * A new log option -n reverts the -N option which may be in a .cvsrc
- file.
- * The `cvs blame' command is now a synonym for the `cvs annotate' command.
- * The :extssh: method will use $CVS_SSH if set, or fall back on "ssh"
- by default (but may be explicitly set using the --with-ssh flag to
- configure).
- * There is a new IgnoreUnknownConfigKeys option available for
- CVSROOT/config to aid in the transition to newer versions of CVS.
- BUG FIXES
- * Merges of file removals using -j options are a little smarter.
- * `cvs add' checks more thoroughly for `CVS' directories in the argument list.
- * `cvs server' now accepts `--allow-root=PATH' options.
- * `cvs import' no longer attempts to send CVS metadata to the server.
- * `cvs import' makes more of an effort not to import paths containing files
- and directories named `CVS'.
- * The CVS server will no longer allow clients to run `cvs init'.
- * Applying diffs when checking out very old revisions has been reduced from an
- O(n^2) operation to an O(n) thanks to a patch from Michael J. Smith
- <msmith@ideorlando.org> and additional touch-up work from the CVS team.
- * Thanks to report from Paul Eggert <eggert@CS.UCLA.EDU>, an assertion failure
- that could occur when "." was in the path (e.g. `cvs co /cvsroot/./module')
- has been removed.
- * Thanks to a report from Peter Toft <pto@linuxbog.dk>, CVS server now sends
- correct patch files more often when the RCS `Name' keyword is present in
- a working file (bug #17302).
- * Thanks to a report from Dan Peterson <dbpete@aol.com>, clients now send the
- right set of commands to the server when asked to update directories with
- trailing slashes on their name.
- * Thanks to a report and patch from <mbarabas@redhat.com>, potential stack
- corruption during pserver login is avoided (bug #16961).
- * The :extssh: method is now properly recognized as an alias for :ext:.
- DEVELOPER ISSUES
- * We've standardized on Autoconf version 2.61 to get a bug fix that notes
- that the AIX C compiler's default mode isn't quite C89 and sets the
- correct mode instead.
- * We've standardized on Autoconf version 1.10 because it lets us simplify our
- sources.
- Changes from 1.11.21 to 1.11.22:
- ********************************
- BUG FIXES
- * The CVS client again correctly reports files with conflicts when using
- servers running CVS 1.11.20/1.12.12, or earlier (and maybe 3rd party
- servers).
- * The GSSAPI server should now build under HP-UX.
- * `cvs rtag' now correctly tags files that have been removed from the trunk.
- * Code efficiency has been improved slightly.
- * A rare race condition that could leave a lock on the val-tags file has been
- avoided.
- * A potential buffer overflow in the history command has been fixed.
- * Thanks to a report and patch from Garrett Rooney <grooney@collab.net>, paused
- trigger processes no longer cause the CVS server to consume 100% CPU.
- * Thanks to a suggestion from Joseph P. Skudlarek <Jskud@Jskud.com>, an
- :extssh: has been added as a synonym of the :ext: access method, as a
- kindness to users of old version of Eclipse.
- * Misc documentation updates and minor bug fixes.
- Changes from 1.11.20 to 1.11.21:
- ********************************
- BUG FIXES
- * Thanks to Serguei E. Leontiev <lse@CryptoPro.ru>, CVS with Kerberos 5 GSSAPI
- should automatically link on FreeBSD 5.x. (bug #14639).
- * Thanks to Rahul Bhargava <rahul@wandisco.com>, heavily loaded systems
- suffering from a disk crash or power failure will not lose data they claimed
- to have committed.
- * CVS server now handles conflict markers in Entry requests as documented.
- * CVS now remembers that binary file merge conflicts occurred until the
- timestamp of the updated binary file changes.
- * CVS client now saves some bandwidth by not sending the contents of files
- with conflicts to the server when it isn't needed.
- * CVS now does correct locking during import.
- * A problem where the server could block indefinitely waiting for an EOF from
- the client when compression was enabled has been fixed.
- * `cvs diff' no longer splits its arguments on spaces.
- * Thanks to an old report and patch from Stewart Brodie <stewart@eh.org>, a
- potential crash in response to a corrupt RCS file has been fixed.
- * CVS now locks the history and val-tags files before writing to them.
- Especially with large repositories, users should no longer see new warnings
- about corrupt history records when using the `cvs history' command. Existing
- corrupt history records will still need to be removed manually. val-tags
- corruption should have had less obvious effects, but removing the
- CVSROOT/val-tags file and allowing a 1.11.21 or later version of CVS to
- regenerate it may eliminate a few odd behaviors and possibly cause a slight
- speed up of read transactions in large repositories over time.
- BUILD ISSUES
- * The RPM spec file works again with the most modern versions of `rpm'.
- DEVELOPER ISSUES
- * We've standardized on Automake 1.9.6 to get some at new features that make
- our jobs easier. See the HACKING file for more on using the autotools with
- CVS.
- Changes from 1.11.19 to 1.11.20:
- ********************************
- SERVER SECURITY FIXES
- * Thanks to a report from Alen Zukich <alen.zukich@klocwork.com>, several minor
- security issues have been addressed. One was a buffer overflow that is
- potentially serious but which may not be exploitable, assigned CAN-2005-0753
- by the Common Vulnerabilities and Exposures Project
- <http://www.cve.mitre.org>. Other fixes resulting from Alen's report include
- repair of an arbitrary free with no known exploit and several plugged memory
- leaks and potentially freed NULL pointers which may have been exploitable for
- a denial of service attack.
- * Thanks to a report from Craig Monson <craig@malachiarts.com>, minor
- potential vulnerabilities in the contributed Perl scripts have been fixed.
- The confirmed vulnerability could allow the execution of arbitrary code on
- the CVS server, but only if a user already had commit access and if one of
- the contrib scripts was installed improperly, a condition which should have
- been quickly visible to any administrator. The complete description of the
- problem is here: <https://ccvs.cvshome.org/issues/show_bug.cgi?id=224>. If
- you were making use of any of the contributed trigger scripts on a CVS
- server, you should probably still replace them with the new versions, to be
- on the safe side.
- Unfortunately, our fix is incomplete. Taint-checking has been enabled in all
- the contributed Perl scripts intended to be run as trigger scripts, but no
- attempt has been made to ensure that they still run in taint mode. You will
- most likely have to tweak the scripts in some way to make them run. Please
- send any patches you find necessary back to <bug-cvs@nongnu.org> so that we
- may again ship fully enabled scripts in the future.
- You should also make sure that any home-grown Perl scripts that you might
- have installed as CVS triggers also have taint-checking enabled. This can be
- done by adding `-T' on the scripts' #! lines. Please try running
- `perldoc perlsec' if you would like more information on general Perl security
- and taint-checking.
- BUG FIXES
- * Thanks to a report and a patch from Georg Scwharz <georg.scwarz@freenet.de>
- CVS now builds without error on IRIX 5.3
- DEVELOPER ISSUES
- * We've standardized on Automake 1.9.5 to get some at new features that make
- our jobs easier. See the HACKING file for more on using the autotools with
- CVS.
- Changes from 1.11.18 to 1.11.19:
- ********************************
- BUG FIXES
- * Thanks to a patch from Jim Hyslop <jhyslop@ieee.org>, issuing
- 'cvs watch on' or 'cvs watch off' in an empty directory no longer
- clears any watchers in that directory.
- * An intermittant assertion failure in checkout has been fixed.
- * Thanks to a report from Chris Bohn <cbohn@rrinc.com>, all the source files
- needed for the Windows "red file" fix are actually included in the
- distribution.
- * Misc bug and documentation fixes.
- Changes from 1.11.17 to 1.11.18:
- ********************************
- BUG FIXES
- * Thanks to a report from Gottfried Ganssauge <gotti@cvshome.org>, CVS no
- longer exits when it encounters links pointing to paths containing more
- than 128 characters.
- * Thanks to a report from Dan Peterson <dbpete@aol.com>, error messages from
- GSSAPI servers are no longer truncated.
- * Thanks to a report from Dan Peterson <dbpete@aol.com>, attempts to resurrect
- a file on the trunk that was added on a branch no longer causes an assertion
- failure.
- * Thanks to a report from Dan Peterson <dbpete@aol.com>, imports to branches
- like "1.1." no longer create corrupt RCS archives.
- * Thanks to a report from Chris Bohn <cbohn@rrinc.com>, links from J.C. Hamlin
- <jchamlin@ibsys.com>, and code posted by Jonathan Gilligan, we think we have
- finally corrected the Windows "red-file" (daylight savings time) bug once and
- for all.
- * Thanks to a patch from Jeroen Ruigrok/asmodai <asmodai@wxs.nl>, the
- log_accum.pl script should no longer elicit warnings from Perl 5.8.5.
- * The r* commands (rlog, rls, etc.) can once again handle requests to run
- against the entire repository (e.g. `cvs rlog .'). Thanks go to Dan Peterson
- <dbpete@aol.com> for the report.
- * A problem where the attempted access of files via tags beginning with spaces
- could cause the CVS server to hang has been fixed. This was a particular
- problem with WinCVS clients because users would sometimes accidentally
- include spaces in tags pasted into a dialog box. This fix also altered some
- of the error messages generated by the use of invalid tags. Thanks go to Dan
- Peterson <dbpete@aol.com> for the report.
- * Thanks to James E Wilson <wilson@specifixinc.com> for a bug fix to
- modules processing "gcc-core -a !gcc/f gcc" will no longer exclude
- gcc/fortran by mistake.
- * Thanks to Conrad Pino <conrad@pino.com>, the Windows build works once again.
- * Misc updates to the manual.
- DEVELOPER ISSUES
- * We've standardized on Automake 1.9.3 to get some at new features that make
- our jobs easier. See the note below on the Autoconf upgrade for more
- details.
- * We've standardized on Autoconf version 2.59 to get presumed bug fixes and
- features, but nothing specific. Mostly, once we decide to upgrade one of the
- autotools we just figure it'll save time later to grab the most current
- versions of the others too. See the HACKING file for more on using the
- autotools with CVS.
- Changes from 1.11.16 to 1.11.17:
- ********************************
- SERVER SECURITY FIXES
- * Thanks to Stefan Esser & Sebastian Krahmer, several potential security
- problems have been fixed. The ones which were considered dangerous enough
- to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, &
- CAN-2004-0418 by the Common Vulnerabilities and Exposures Project. Please
- see <http://www.cve.mitre.org> for more information.
- * A potential buffer overflow vulnerability in the server has been fixed.
- This addresses the Common Vulnerabilities and Exposures Project's issue
- #CAN-2004-0414. Please see <http://www.cve.mitre.org> for more information.
- Changes from 1.11.15 to 1.11.16:
- ********************************
- SERVER SECURITY FIXES
- * A potential buffer overflow vulnerability in the server has been fixed.
- Prior to this patch, a malicious client could potentially use carefully
- crafted server requests to run arbitrary programs on the CVS server machine.
- This addresses the Common Vulnerabilities and Exposures Project's issue
- #CAN-2004-0396. Please see <http://www.cve.mitre.org> for more information.
- BUG FIXES
- * The Microsoft Visual C++ workspace and project files have been repaired and
- regenerated with MSVC++ 6.0.
- * The cvs.1 man page is now generated automatically from a section of the CVS
- Manual.
- * Thanks to a report from Mark Andrews at the Internet Systems Consortium, the
- :ext: connection method no longer relies on a transparent transport that uses
- an argument processor that can handle arbitrary ordering of options and other
- arguments when using a username other than the caller's.
- * Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release'
- or empty directory pruning, now works on network shares under Windows XP.
- Changes from 1.11.14 to 1.11.15:
- ********************************
- SERVER SECURITY ISSUES
- * Piped checkouts of paths above $CVSROOT no longer work. Previously, clients
- could have requested the contents of RCS archive files anywhere on a CVS
- server. This addresses CVE issue CAN-2004-0405. Please see
- <http://www.cve.mitre.org> for more information.
- CLIENT SECURITY ISSUES
- * Clients now check paths from the server to verify that they are within one of
- the sandboxes the user requested be updated. Previously, a trojan server
- could have written or overwritten files anywhere the user had access,
- presenting a serious security risk. This addresses CVE issue CAN-2004-1080.
- Please see <http://www.cve.mitre.org> for more information.
- GENERAL USER ISSUES
- * Method options (used by WinCVS & CVS 1.12.7+) in CVSROOTs are ignored.
- * Configure no longer checks the $TMPDIR, $TMP, & $TEMP variables to set the
- default temporary directory.
- * CVS on Cygwin correctly handles X:\ style paths.
- * Import now uses backslash rather than slash on Windows when checking for
- "CVS" directories to ignore in import commands.
- * Relative paths containing up-references (`..') should now work in
- client/server mode (client fix).
- * A race condition between the ordering of messages from CVS and messages from
- called scripts in client/server mode has been removed (server fix).
- * Resurrected files now get their modes and timestamps set correctly and a
- longstanding bug involving resurrection of an uncommitted removal has been
- fixed (server fix).
- * Some resurrection (cvs add) status messages have changed slightly.
- * `cvs release' now works with Kerberos or GSSAPI encryption enabled (server
- fix).
- * File resurrection from a previously existing revision no longer just reports
- that it works (server fix).
- * Misc error & status message corrections.
- * Diffing of locally added files against arbitrary revisions in an RCS archive
- is now allowed when a file of the same name exists or used to exist on some
- branch (server fix).
- * Misc documentation fixes.
- Changes from 1.11.13 to 1.11.14:
- ********************************
- GENERAL USER ISSUES
- * Imports will now always ignore directories and files named `CVS' to avoid
- violating assumptions made by other parts of CVS.
- * A problem with `cvs release' of subdirs that could corrupt CVS/Entries files
- has been fixed (client/server).
- * The CVS server's protocol check for unused data from the client is no longer
- called automatically at program exit in order to avoid potential recursive
- calls to error when the first close is due to memory allocation or similar
- problems that cause calls to error() to fail. The check is still made when
- the server program exits normally.
- * The spec file has been updated to work with more recent versions of RPM.
- * Several memory leaks have been plugged (client/server).
- DEVELOPER ISSUES
- * Misc cosmetic, readability, and commenting fixes.
- Changes from 1.11.12 to 1.11.13:
- ********************************
- GENERAL USER ISSUES
- * Several memory leaks have been plugged.
- * Thanks to Ville Skyttä the man page has a few less spelling errors and is
- slightly more accurate.
- * An unlikely potential segfault when using the :fork: connection method has
- been fixed.
- * The CVS server has had the protocol check for unused data from the client
- partially restored.
- * A fix has been included that should avoid a very rare race condition that
- could cause a CVS server to exit with a "broken pipe" message.
- * A minor problem with the nmake build file that was preventing the source from
- compiling under Windows has been fixed.
- * Tests have been added to the test suite.
- DEVELOPER ISSUES
- * Misc cosmetic, readability, and commenting fixes.
- Changes from 1.11.11 to 1.11.12:
- ********************************
- GENERAL USER ISSUES
- * Infinite alias loops in the modules file are now checked for and avoided.
- * Clients on case insensitive systems now preserve the case of directories in
- CVS/Entries, in addition to files, for use in communications with the CVS
- server.
- * Some previously untested behavior is now being tested.
- * Server support for case insensitive clients has been removed in favor of the
- server relying on the client to preserve the case of checked out files, as
- per the CVS client/server protocol spec. This is not as drastic as it may
- sound, as all of the current tests still pass without modification when run
- from a case insensitive client to a case sensitive server. This change
- disables little previous functionality, enables access to more of the
- possible namespace to users on systems with case insensitive file systems,
- fixes a few bugs, and in the end this should provide a major stability
- improvement.
- * Thanks to Ville Skyttä the man page is a bit more accurate.
- * Thanks to Ville Skyttä some unused variables were removed from the log_accum
- Perl script in contrib.
- * Thanks to Alexey Mahotkin, a bug that prevented CVS from being compiled with
- Kerberos 4 authentication enabled has been fixed.
- * A minor bug that caused CVS to fail to report an inifinte alias loop in the
- modules file when portions of the alias definition contained trailing slashes
- has been fixed.
- * A bug in the gzip code that could cause heap corruption and segfaults in CVS
- servers talking to clients less than 1.8 and some modern third-party CVS
- clients has been fixed.
- * mktemp.sh is now included with the source distribution so that the rcs2log
- and cvsbug executables may be run on systems which do not contain an
- implementation of mktemp.
- * Misc documentation fixes.
- Changes from 1.11.10 to 1.11.11:
- ********************************
- SERVER SECURITY ISSUES
- * pserver can no longer be configured to run as root via the
- $CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no
- longer leads directly to a root hack. Attempts to root will also be logged
- via the syslog.
- Changes from 1.11.9 to 1.11.10:
- *******************************
- SERVER SECURITY ISSUES
- * Malformed module requests could cause the CVS server to attempt to create
- directories and possibly files at the root of the filesystem holding the CVS
- repository. Filesystem permissions usually prevent the creation of these
- misplaced directories, but nevertheless, the CVS server now rejects the
- malformed requests.
- GENERAL USER ISSUES
- * Case insensitive clients using a case sensitive server can now use a
- `cvs rm -f file; cvs add FILE' command sequence to add a file with the same
- name in a new case.
- * CVSROOTs which contain a symlink to a real repository should work.
- * The configure script now tests whether it is building CVS on a case
- insensitive file system. If it is, CVS assumes that all file systems on this
- platform will be case insensitive. This is useful for getting the case
- insensitivity flag set correctly when compiling on Mac OS X and under Cygwin
- on Windows. Autodetection can be overridden using the
- --disable-case-sensitivity and --enable-case-sensitivity arguments to
- configure.
- * A behavior change in `cvs up -jrev1 -jrev2' for modified files with a base
- revision of rev2 (ie, checked-out version matches rev2 and file has been
- modified). The operation is no longer ignored and instead is passed to
- diff3. This will potentially re-apply the diffs between the two revisions to
- a modified local file. Status messages like from a standard merge have also
- been added when the file would not or does not change due to this merge
- request ("[file] already contains the changes between [revisions]...").
- * A bug which could stop `cvs admin -mTAG:message' from recursing has been
- fixed.
- * Misc documentation cleanup and fixes.
- * Some of the contrib scripts, some of the documentation, and sanity.sh were
- modified to use and recommend more portable commands rather than using and
- recommending commands which were not compatible with the POSIX 1003.1-2001
- specification.
- DEVELOPER ISSUES
- * A new set of tests to test issues specific to case insensitive clients and
- servers has also been added.
- * Support has been added to the test suite to support testing over a :ext: link
- to another machine, subject to some stringent requirements. This support can
- be used, for instance, to test the operation of a case insensitive client
- against a case sensitive server. Please see the comments in TEST and the
- src/sanity.sh test script itself for more.
- * We've standardized on Automake 1.7.9 to get a bug fix. See the note below
- on the Autoconf upgrade for more details.
- * We've standardized on Autoconf version 2.58 to avoid a bug and get at a few
- new macros. Again, this should only really affect developers, though it is
- possible that CVS will now compile on a few new platforms. Please see the
- section of the INSTALL file about using the autotools if you are compiling
- CVS yourself.
- Changes from 1.11.8 to 1.11.9:
- * CVS now knows how to report, as well as record, `P' record types.
- * When running the `cvs history' command, clients will now send the
- long-accepted `-e' option, for all records, rather than explicitly requesting
- `P' record types, a request which servers prior to 1.11.7 will reject with a
- fatal error message.
- * A problem with locating files requested by case insensitive clients which was
- accidentally introduced in 1.11.6 as part of a fix for a data loss problem
- involving `cvs add's from case insensitive clients has been fixed. The
- relevant error message was `cvs [<command> aborted]: filE,v is ambiguous;
- could mean FILE,v or file,v'.
- * Attempts to use the global `-l' option, removed from both client and server
- as of version 1.11.6, will now elicit a warning rather than a fatal error
- from the server.
- Changes from 1.11.7 to 1.11.8:
- * A problem in the CVS getpass library that could cause passwords to echo on
- some systems has been fixed.
- Changes from 1.11.6 to 1.11.7:
- * A segfault that could occur in very rare cases where the stat of a file
- failed during a diff has been fixed.
- * Any user with write privleges to the CVSROOT/checkoutlist file could pass
- arbitrary format strings directly through to a printf function. This was
- probably bad and has been fixed. White space at the beginning of error strings
- in checkoutlist is now ignored properly.
- * In client/server mode, most messages from CVS now contain the actual
- command name rather than the generic "server".
- * A long-standing bug that prevented most client/server updates from being
- logged in the history file has been fixed.
- * Updates done via a patch ("P" status) are now logged in the history file
- by default and the corresponding "P" history record type is now documented.
- If you're setting the LogHistory option in your CVSROOT/config file, you may
- want to add "P" to the list of record types.
- * CVS now will always compile and its own getpass() function (originally from
- GNULIB) in favor of any system one that may exist. This avoids some problems
- with long passwords on some systems and updates us to POSIX.2 compliance, since
- getpass() was removed from the POSIX.2 specification.
- * A bug that allowed a write lock to be created in a directory despite
- there being existing read locks when using LockDir in CVSROOT/config has
- been fixed.
- * A bug with short patches (`rdiff -s') which caused rdiff to sometimes report
- differences that did not exist has been fixed.
- * Some minor corrections were made to the diff code to keep diff & rdiff from
- printing diff headers with empty change texts when two files have different
- revision numbers but the same content.
- * The global '-l' option, which suppressed history logging, has been removed
- from both client and server.
- Changes from 1.11.5 to 1.11.6:
- * A warning message is now issued if an administrative file contains
- more than one DEFAULT entry.
- * An error running a verifymsg script (such as referencing an unset user
- variable or the script not existing) now causes the verification to
- fail.
- * Errors in administrative files commands (like unset user variables)
- are no longer reported unless the command is actually executed.
- * When a file is initially checked out, its last access time is now set
- to the current time rather than being set to the time the file was last
- checked in like the modification time is.
- * The Checkin.prog and Update.prog functionality has been removed. This
- fuctionality previously allowed executables to be specified in the modules file
- to be run at update and checkin time, but users could edit these files on a per
- workspace basis, creating a security hole.
- * contrib/rcs2log and src/cvsbug now use the BSD mktemp program to create
- their temp files and directories on systems which provide it.
- * Corrected the path in a failed write error message.
- * Autoconf and Automake are no longer run automatically unless you run
- configure with --enable-maintainer-mode. Accordingly, noautomake.sh is
- no longer needed and has been removed.
- * We've standardized on Automake version 1.7.5 and Autoconf version 2.57 to get
- at a few new macros. Again, this should only really affect developers. See
- the section of the INSTALL file about using the autotools if you are compiling
- CVS yourself.
- Changes from 1.11.4 to 1.11.5:
- * Fixed a security hole in the CVS server by which users with read only access
- could gain write access. This issue does not affect client builds. The
- Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
- name CAN-2003-0015 to this issue. See
- <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015> for more
- information.
- * Fixed some bugs where revision numbers starting with 0 (like 0.3)
- weren't correctly handled. (CVS doesn't normally use such revision
- numbers, but users may be able to force it to do so and old RCS files
- might.)
- Changes from 1.11.3 to 1.11.4:
- * Some minor changes to allow the code to compile on Windows platforms.
- Changes from 1.11.2 to 1.11.3:
- * The tag/rtag code has been fixed to once again lock just a single
- directory at a time.
- * There was a bug where certain error conditions could cause the server
- to go into an infinite loop. There was also a bug that caused a
- compressed connection from an older client to hang on shutdown. These
- bugs have been fixed.
- * Fixed a bug that caused the server to reject most watch commands.
- * When waiting for another user's lock, the message timestamps are now
- in UTC rather than the server's local time.
- * The options.h file is no longer used. This fixes a bug that occurred when
- 1.11.2 was compiled on Windows platforms.
- * We've standardized on Automake version 1.6.3 and Autoconf version 2.53.
- They are cleaner, less bug prone, and will hopfully allow me to start updating
- sanity.sh to use Autotest and Autoshell. Again, this should only really affect
- developers. See the section of the INSTALL file about using the autotools if
- you are compiling CVS yourself.
- * Fixed a bug in the log/rlog code when a revision range crosses a
- branch point.
- * Fixed a bug where filenames starting with - would be misinterpreted as
- options when using client/server mode.
- Changes from 1.11.1p1 to 1.11.2:
- * There is a new feature, enabled by RereadLogAfterVerify in CVSROOT/config,
- which tells CVS to reread the log message after running the verifymsg
- script. This allows the verifymsg script to reformat or otherwise
- modify the log message.
- * The interpretation of revision ranges using :: in "log" and "rlog"
- has changed: a::b now excludes the log message from revision a but
- includes the log message from revision b. Also, revision ranges that
- cross branch points should now work.
- * zlib has been updated to version 1.4. There is a security advisory
- out in regards to 1.3. This should fix that problem.
- * The "log" and "rlog" commands now have a -S option to suppress the
- header information when no revisions are selected.
- * A serious error that allowed read-only users to tag files has been
- corrected.
- * The "annotate" command will no longer annotate binary files unless
- you specify the new -F option.
- * The "tag" and "rtag" commands will no longer move or delete branch
- tags unless you use the new -B option. (This prevents accidental
- changes to branch tags that are hard to undo.)
- * We've standardized on the 1.5 Automake release for the moment. Again, this
- should only really affect developers. See the section of the INSTALL file
- about using the autotools if you are compiling CVS yourself.
- Changes from 1.11.1 to 1.11.1p1:
- * Read only access was broken - now fixed.
- Changes from 1.11 to 1.11.1:
- * There was a locking bug in the tag/rtag code that could lose changes
- made to a file while the tag operation was in progress. This has been
- fixed, but all of the directories being tagged are now locked for the
- entire duration of the tag operation rather than only one directory at a
- time.
- * The "cvs diff" command now accepts the -y/--side=by-side and -T/
- --initial-tab options. (To use these options with a remote repository,
- both the client and the server must support them.)
- * The expansion of the loginfo format string has changed slightly.
- Previously, the expansion was surrounded by single quotes ('); if a file
- name contained a single quote character, the string would not be parsed
- as a single entity by the Unix shell (and it would not be possible to
- parse it unambiguously). Now the expansion is surrounded by double
- quotes (") and any embedded dollar signs ($), backticks (`), backslashes
- (\), and double quotes are preceded by a backslash. This is parsed as a
- single entity by the shell reguardless of content. This change should
- not be noticable unless you're not using a Unix shell or you have
- embedded the format string inside a double quoted string.
- * There was a bug in the diff code which sometimes caused conflicts to
- be flagged which shouldn't have been. This has been fixed.
- * New "cvs rlog" and "cvs rannotate" commands have been added to get log
- messages and annotations without having to have a checked-out copy.
- * Exclusive revision ranges have been added to "cvs log" using ::
- (similar to "cvs admin -o").
- * The VMS client now accepts wildcards if you're running VMS 7.x.
- * ZLIB has been updated to version 1.1.3, the most current version. This
- includes mostly some optimizations and minor bug fixes.
- * The ~/.cvspass file has a slightly modified format. CVSROOTs are now
- stored in a new canonical form - hostnames are now case insensitive and
- port numbers are always stored in the new format. Until a new login for
- a particular CVSROOT is performed with the new version of CVS, new and
- old versions of CVS should interoperate invisibly. After that point, an
- extra login using the old version of CVS may be necessary to continue to
- allow the new and old versions of CVS to interoperate using the same
- ~/.cvspass file and CVSROOT. The exception to this rule occurs when the
- CVSROOTs used with the different versions use case insensitively
- different hostnames, for example, "empress", and "empress.2-wit.com".
- * A password and a port number may now be specified in CVSROOT for
- pserver connections. The new format is:
- :pserver:[[user][:password]@]host[:[port]]/path
- Note that passwords specified in a checkout command will be saved in the
- clear in the CVS/Root file in each created directory, so this is not
- recommended, except perhaps when accessing anonymous repositories or the
- like.
- * The distribution has been converted to use Automake. This shouldn't
- affect most users except to ease some portability concerns, but if you
- are building from the repository and encounter problems with the
- makefiles, you might try running ./noautomake.sh after a fresh update
- -AC.
- Changes from 1.10 to 1.11:
- * The "cvs update" command has a new -C option to get clean copies from
- the repository, abandoning any local changes.
- * The new "cvs version" command gives a short version message. If
- the repository is remote, both the client and server versions are
- reported.
- * "cvs admin -t" now works correctly in client/server mode.
- * The "cvs history" command output format has changed -- the date
- now includes the year and is given is ISO 8601 format (yyyy-mm-dd).
- Also, the new LogHistory option in CVSROOT/config can be used to
- control what information gets recorded in the log file and code has
- been added to record file removals.
- * The buggy PreservePermissions code has been disabled.
- * Anonymous read-only access can now be done without requiring a
- password. On the server side, simply give that user (presumably
- `anonymous') an empty password in the CVSROOT/passwd file, and then
- any received password will authenticate successfully.
- * There is a new access method :fork: which is similar to :local:
- except that it is implemented via the CVS remote protocol, and thus
- has a somewhat different set of quirks and bugs.
- * The -d command line option no longer updates the CVS/Root file. For
- one thing, the CVS 1.9/1.10 behavior never had updated CVS/Root in
- subdirectories, and for another, it didn't seem that popular in
- general. So this change restores the CVS 1.8 behavior (which is also
- the CVS 1.9/1.10 behavior if the environment variable
- CVS_IGNORE_REMOTE_ROOT is set; with this change,
- CVS_IGNORE_REMOTE_ROOT no longer has any effect).
- * It is now possible for a single CVS command to recurse into several
- CVS roots. This includes roots which are located on several servers,
- or which are both remote and local. CVS will make connections to as
- many servers as necessary.
- * It is now possible to put the CVS lock files in a directory
- set by the new LockDir option in CVSROOT/config. The default
- continues to be to put the lock files in the repository itself.
- Changes from 1.9 to 1.10:
- * A bug was discovered in the -t/-f wrapper support that can cause
- serious data loss. Because of this (and also the fact that it doesn't
- work at all in client/server mode), the -t/-f wrapper code has been
- disabled until it can be fixed.
- * There is a new feature, enabled by TopLevelAdmin in CVSROOT/config,
- which tells CVS to modify the behavior of the "checkout" command. The
- command now creates a CVS directory at the top level of the new
- working directory, in addition to CVS directories created within
- checked-out directories. See the Cederqvist for details.
- * There is an optional set of features, enabled by PreservePermissions
- in CVSROOT/config, which allow CVS to store unix-specific file
- information such as permissions, file ownership, and links. See the
- Cederqvist for details.
- * One can now authenticate and encrypt using the GSSAPI network
- security interface. For details see the Cederqvist's description of
- specifying :gserver: in CVSROOT, and the -a global option.
- * All access to RCS files is now implemented internally rather than by
- calling RCS programs. The main user-visible consequence of this is
- that there is no need to worry about making sure that CVS finds the
- correct version of RCS. The -b global option and the RCSBIN setting
- in CVSROOT/config are still accepted but don't do anything. The
- $RCSBIN internal variable in administrative files is no longer
- accepted.
- * There is a new syntax, "cvs admin -orev1::rev2", which collapses the
- revisions between rev1 and rev2 without deleting rev1 or rev2
- themselves.
- * There is a new administrative file CVSROOT/config which allows one
- to specify miscellaneous aspects of CVS configuration. Currently
- supported here:
- - SystemAuth, allows you to prevent pserver from checking for system
- usernames/passwords.
- For more information see the "config" section of cvs.texinfo.
- * When setting up the pserver server, one now must specify the
- allowable CVSROOT directories in inetd.conf. See the Password
- authentication server section of cvs.texinfo for details. Note that
- this implies that everyone who is running a pserver server must edit
- inetd.conf when upgrading their CVS.
- * The client no longer needs an external patch program (assuming both
- the client and the server have been updated to the new version).
- * "cvs admin [options]" will now recurse. In previous versions of
- CVS, it was an error and one needed to specify "cvs admin [options] ."
- to recurse. This change brings admin in line with the other CVS
- commands.
- * New "logout" command to remove the password for a remote cvs
- repository from the cvspass file.
- * Read-only repository access is implemented for the
- password-authenticated server (other access methods are just governed
- by Unix file permissions, since they require login access to the
- repository machine anyway). See the "Repository" section of
- cvs.texinfo for details, including a discussion of security issues.
- Note that the requirement that read-only users be able to create locks
- and write the history file still applies.
- * There is a new administrative file verifymsg which is like editinfo
- but merely validates the message, rather than also getting it from the
- user. It therefore works with client/server CVS or if one uses the -m
- or -F options to commit. See the verifymsg section of cvs.texinfo for
- details.
- * The %s format formerly accepted in loginfo has been extended to
- formats such as %{sVv}, so that loginfo scripts have access to the
- version numbers being changed. See the Loginfo section of cvs.texinfo
- for details.
- * The postscript documentation (doc/cvs.ps) shipped with CVS is now
- formatted for US letter size instead of A4. This is not because we
- consider this size "better" than A4, but because we believe that the
- US letter version will print better on A4 paper than the other way
- around.
- * The "cvs export" command is now logged in the history file and there
- is a "cvs history -x E" command to select history file entries
- produced by export.
- * CVS no longer uses the CVS_PASSWORD environment variable. Storing
- passwords in cleartext in an environment variable is a security risk,
- especially since (on BSD variants) any user on the system can display
- any process's environment using 'ps'. Users should use the 'cvs
- login' command instead.
- Changes from 1.8 to 1.9:
- * Windows NT client should now work on Windows 95 as well.
- * New option "--help-synonyms" prints a list of all recognized command
- synonyms.
- * The "log" command is now implemented internally rather than via the
- RCS "rlog" program. The main user-visible consequence is that
- symbolic branch names now work (for example "cvs log -rbranch1").
- Also, the date formats accepted by -d have changed. They previously
- had been a bewildering variety of poorly-documented date formats. Now
- they are the same as the date formats accepted by the -D options to
- the other CVS commands, which is also a (different) bewildering
- variety of poorly-documented date formats, but at least we are
- consistently bewildering :-).
- * Encryption is now supported over a Kerberos client/server
- connection. The new "-x" global option requests it. You must
- configure with the --enable-encryption option in order to enable
- encryption.
- * The format of the CVS commit message has changed slightly when
- committing changes on a branch. The tag on which the commit is
- ocurring is now reported correctly in all cases.
- * New flag -k in wrappers allows you to specify the keyword expansion
- mode for added files based on their name. For example, you can
- specify that files whose name matches *.exe are binary by default.
- See the Wrappers section of cvs.texinfo for more details.
- * Remote CVS with the "-z" option now uses the zlib library (included
- with CVS) to compress all communication between the client and the
- server, rather than invoking gzip on each file separately. This means
- that compression is better and there is no need for an external gzip
- program (except to interoperate with older version of CVS).
- * The "cvs rlog" command is deprecated and running it will print a
- warning; use the synonymous "cvs log" command instead. It is
- confusing for rlog to mean the same as log because some other CVS
- commands are in pairs consisting of a plain command which operates on
- a working directory and an "r" command which does not (diff/rdiff;
- tag/rtag).
- * "cvs diff" has a bunch of new options, mostly long options. Most of
- these work only if rcsdiff and diff support them, and are named the
- same as the corresponding options to diff.
- * The -q and -Q command options to "cvs diff" were removed (use the
- global options instead). This brings "cvs diff" into line with the
- rest of the CVS commands.
- * The "annotate" command can now be used to annotate a revision other
- than the head revision on the trunk (see the -r, -D, and -f options in
- the annotate node of cvs.texinfo for details).
- * The "tag" command has a new option "-c" which checks that all files
- are not locally modified before tagging.
- * The -d command line option now overrides the cvsroot setting stored
- in the CVS/Root file in each working directory, and specifying -d will
- cause CVS/Root to be updated.
- * Local (non-client/server) CVS now runs on Windows NT. See
- windows-NT/README for details.
- * The CVSROOT variable specification has changed to support more
- access methods. In addition to "pserver," "server" (internal rsh
- client), "ext" (external rsh client), "kserver" (kerberos), and
- "local" (local filesystem access) can now be specified. For more
- details on each method, see cvs.texinfo (there is an index entry for
- :local: and each of the other access methods).
- * The "login" command no longer prompts the user for username and
- hostname, since one will have to provide that information via the `-d'
- flag or by setting CVSROOT.
- Changes from 1.7 to 1.8:
- * New "cvs annotate" command to display the last modification for each
- line of a file, with the revision number, user checking in the
- modification, and date of the modification. For more information see
- the `annotate' node in cvs.texinfo.
- * The cvsinit shell script has been replaced by a cvs init command.
- The cvs init command creates some example administrative files which
- are similar to the files found in the examples directory (and copied
- by cvsinit) in previous releases.
- * Added the patterns *.olb *.exe _$* *$ to default ignore list.
- * There is now a $USER internal variable for *info files.
- * There is no longer a separate `mkmodules' program; the functionality
- is now built into `cvs'. If upgrading an old repository, it is OK to
- leave in the lines in the modules file which run mkmodules (the
- mkmodules actions will get done twice, but that is harmless); you will
- probably want to remove them once you are no longer using the old CVS.
- * One can now specify user variables in *info files via the
- ${=varname} syntax; there is a -s global option to set them. See the
- Variables node in cvs.texinfo for details.
- Changes from 1.6 to 1.7:
- * The default ignore list has changed slightly: *.obj has been added
- and CVS* has been changed to CVS CVS.adm.
- * CVS now supports password authentication when accessing remote
- repositories; this is useful for sites that can't use rsh (because of
- a firewall, for example), and also don't have kerberos. See node
- "Password authenticated" (in "Remote repositories", in
- doc/cvs.texinfo) for more details. Note: This feature requires both
- the client and server to be upgraded.
- * Using the -kb option to specify binary files now works--most cases
- did not work before. See the "Binary files" section of
- doc/cvs.texinfo for details.
- * New developer communication features. See the "Watches" section of
- doc/cvs.texinfo for details.
- * RCS keyword "Name" supported for "cvs update -r <tag>" and "cvs
- checkout -r <tag>".
- * If there is a group whose name matches a compiled in value which
- defaults to "cvsadmin", only members of that group can use "cvs
- admin". This replaces the CVS_NOADMIN option.
- * CVS now sets the modes of files in the repository based on the
- CVSUMASK environment variable or a compiled in value defaulting to
- 002. This way other developers will be able to access the files in
- the repository regardless of the umask of the developer creating them.
- * The command names in .cvsrc now match the official name of the
- command, not the one (possibly an alias) by which it was invoked. If
- you had previously relied on "cvs di" and "cvs diff" using different
- options, instead use a shell function or alias (for example "alias
- cvsdi='cvs diff -u'"). You also can specify global CVS options (like
- "-z") using the command name "cvs".
- Changes from 1.5 to 1.6:
- * Del updated the man page to include all of the new features
- of CVS 1.6.
- * "cvs tag" now supports a "-r | -D" option for tagging an already
- tagged revision / specific revision of a file.
- * There is a "taginfo" file in CVSROOT that supports filtering and
- recording of tag operations.
- * Long options support added, including --help and --version options.
- * "cvs release" no longer cares whether or not the directory being
- released has an entry in the `modules' file.
- * The modules file now takes a -e option which is used instead of -o
- for "cvs export". If your modules file has a -o option which you want
- to be used for "cvs export", change it to specify -e as well as -o.
- * "cvs export" now takes a -k option to set RCS keyword expansion.
- This way you can export binary files. If you want the old behavior,
- you need to specify -kv.
- * "cvs update", "cvs rdiff", "cvs checkout", "cvs import", "cvs
- release", "cvs rtag", and "cvs tag" used to take -q and -Q options
- after the command name (e.g. "cvs update -q"). This was confusing
- because other commands, such as "cvs ci", did not. So the options
- after the command name have been removed and you must now specify, for
- example, "cvs -q update", which has been supported since CVS 1.3.
- * New "wrappers" feature. This allows you to set a hook which
- transforms files on their way in and out of cvs (apparently on the
- NeXT there is some particular usefulness in tarring things up in the
- repository). It also allows you to declare files as merge-by-copy
- which means that instead of trying to merge the file, CVS will merely
- copy the new version. There is a CVSROOT/cvswrappers file and an
- optionsl ~/.cvswrappers file to support this feature.
- * You can set CVSROOT to user@host:dir, not just host:dir, if your
- username on the server host is different than on the client host.
- * VISUAL is accepted as well as EDITOR.
- * $CVSROOT is expanded in *info files.
- Changes from 1.4A2 to 1.5:
- * Remote implementation. This is very helpful when collaborating on a
- project with someone across a wide-area network. This release can
- also be used locally, like other CVS versions, if you have no need for
- remote access.
- Here are some of the features of the remote implementation:
- - It uses reliable transport protocols (TCP/IP) for remote repository
- access, not NFS. NFS is unusable over long distances (and sometimes
- over short distances)
- - It transfers only those files that have changed in the repository or
- the working directory. To save transmission time, it will transfer
- patches when appropriate, and can compress data for transmission.
- - The server never holds CVS locks while waiting for a reply from the client;
- this makes the system robust when used over flaky networks.
- The remote features are documented in doc/cvsclient.texi in the CVS
- distribution, but the main doc file, cvs.texinfo, has not yet been
- updated to include the remote features.
- * Death support. See src/README-rm-add for more information on this.
- * Many speedups, especially from jtc@cygnus.com.
- * CVS 1.2 compatibility code has been removed as a speedup. If you
- have working directories checked out by CVS 1.2, CVS 1.3 or 1.4A2 will
- try to convert them, but CVS 1.5 and later will not (if the working
- directory is up to date and contains no extraneous files, you can just
- remove it, and then check out a new working directory). Likewise if
- your repository contains a CVSROOT.adm directory instead of a CVSROOT
- directory, you need to rename it.
- Fri Oct 21 20:58:54 1994 Brian Berliner <berliner@sun.com>
- * Changes between CVS 1.3 and CVS 1.4 Alpha-2
- * A new program, "cvsbug", is provided to let you send bug reports
- directly to the CVS maintainers. Please use it instead of sending
- mail to the info-cvs mailing list. If your build fails, you may
- have to invoke "cvsbug" directly from the "src" directory as
- "src/cvsbug.sh".
- * A new User's Guide and Tutorial, written by Per Cederqvist
- <ceder@signum.se> of Signum Support. See the "doc" directory. A
- PostScript version is included as "doc/cvs.ps".
- * The Frequesntly Asked Questions file, FAQ, has been added to the
- release. Unfortunately, its contents are likely out-of-date.
- * The "cvsinit" shell script is now installed in the $prefix/bin
- directory like the other programs. You can now create new
- CVS repositories with great ease.
- * Index: lines are now printed on output from 'diff' and 'rdiff',
- in order to facilitate application of patches to multiple subdirs.
- * Support for a ~/.cvsrc file, which allows you to specify options
- that are always supposed to be given to a specific command. This
- feature shows the non-orthogonality of the option set, since while
- there may be an option to turn something on, the option to turn
- that same thing off may not exist.
- * You can now list subdirectories that you wish to ignore in a
- modules listing, such as:
- gcc -a gnu/gcc, !gnu/gcc/testsuites
- which will check out everything underneath gnu/gcc, except
- everything underneath gnu/gcc/testsuites.
- * It is now much harder to accidentally overwrite an existing tag
- name, since attempting to move a tag name will result in a error,
- unless the -F (forc…