/contrib/cvs/NEWS

Changes since 1.11.22:
**********************

NEW FEATURES

* A new log option -n reverts the -N option which may be in a .cvsrc
  file.

* The `cvs blame' command is now a synonym for the `cvs annotate' command.

* The :extssh: method will use $CVS_SSH if set, or fall back on "ssh"
  by default (but may be explicitly set using the --with-ssh flag to
  configure).

* There is a new IgnoreUnknownConfigKeys option available for
  CVSROOT/config to aid in the transition to newer versions of CVS.

BUG FIXES

* Merges of file removals using -j options are a little smarter.

* `cvs add' checks more thoroughly for `CVS' directories in the argument list.

* `cvs server' now accepts `--allow-root=PATH' options.

* `cvs import' no longer attempts to send CVS metadata to the server.

* `cvs import' makes more of an effort not to import paths containing files
  and directories named `CVS'.

* The CVS server will no longer allow clients to run `cvs init'.

* Applying diffs when checking out very old revisions has been reduced from an
  O(n^2) operation to an O(n) thanks to a patch from Michael J. Smith
  <msmith@ideorlando.org> and additional touch-up work from the CVS team.

* Thanks to report from Paul Eggert <eggert@CS.UCLA.EDU>, an assertion failure
  that could occur when "." was in the path (e.g. `cvs co /cvsroot/./module')
  has been removed.

* Thanks to a report from Peter Toft <pto@linuxbog.dk>, CVS server now sends
  correct patch files more often when the RCS `Name' keyword is present in
  a working file (bug #17302).

* Thanks to a report from Dan Peterson <dbpete@aol.com>, clients now send the
  right set of commands to the server when asked to update directories with
  trailing slashes on their name.

* Thanks to a report and patch from <mbarabas@redhat.com>, potential stack
  corruption during pserver login is avoided (bug #16961).

* The :extssh: method is now properly recognized as an alias for :ext:.

DEVELOPER ISSUES

* We've standardized on Autoconf version 2.61 to get a bug fix that notes
  that the AIX C compiler's default mode isn't quite C89 and sets the
  correct mode instead.

* We've standardized on Autoconf version 1.10 because it lets us simplify our
  sources.

Changes from 1.11.21 to 1.11.22:
********************************

BUG FIXES

* The CVS client again correctly reports files with conflicts when using
  servers running CVS 1.11.20/1.12.12, or earlier (and maybe 3rd party
  servers).

* The GSSAPI server should now build under HP-UX.

* `cvs rtag' now correctly tags files that have been removed from the trunk.

* Code efficiency has been improved slightly.

* A rare race condition that could leave a lock on the val-tags file has been
  avoided.

* A potential buffer overflow in the history command has been fixed.

* Thanks to a report and patch from Garrett Rooney <grooney@collab.net>, paused
  trigger processes no longer cause the CVS server to consume 100% CPU.

* Thanks to a suggestion from Joseph P. Skudlarek <Jskud@Jskud.com>, an
  :extssh: has been added as a synonym of the :ext: access method, as a
  kindness to users of old version of Eclipse.

* Misc documentation updates and minor bug fixes.

Changes from 1.11.20 to 1.11.21:
********************************

BUG FIXES

* Thanks to Serguei E. Leontiev <lse@CryptoPro.ru>, CVS with Kerberos 5 GSSAPI
  should automatically link on FreeBSD 5.x. (bug #14639).

* Thanks to Rahul Bhargava <rahul@wandisco.com>, heavily loaded systems
  suffering from a disk crash or power failure will not lose data they claimed
  to have committed.

* CVS server now handles conflict markers in Entry requests as documented.

* CVS now remembers that binary file merge conflicts occurred until the
  timestamp of the updated binary file changes.

* CVS client now saves some bandwidth by not sending the contents of files
  with conflicts to the server when it isn't needed.

* CVS now does correct locking during import.

* A problem where the server could block indefinitely waiting for an EOF from
  the client when compression was enabled has been fixed.

* `cvs diff' no longer splits its arguments on spaces.

* Thanks to an old report and patch from Stewart Brodie <stewart@eh.org>, a
  potential crash in response to a corrupt RCS file has been fixed.

* CVS now locks the history and val-tags files before writing to them.
  Especially with large repositories, users should no longer see new warnings
  about corrupt history records when using the `cvs history' command.  Existing
  corrupt history records will still need to be removed manually.  val-tags
  corruption should have had less obvious effects, but removing the
  CVSROOT/val-tags file and allowing a 1.11.21 or later version of CVS to
  regenerate it may eliminate a few odd behaviors and possibly cause a slight
  speed up of read transactions in large repositories over time.

BUILD ISSUES

* The RPM spec file works again with the most modern versions of `rpm'.

DEVELOPER ISSUES

* We've standardized on Automake 1.9.6 to get some at new features that make
  our jobs easier.  See the HACKING file for more on using the autotools with
  CVS.

Changes from 1.11.19 to 1.11.20:
********************************

SERVER SECURITY FIXES

* Thanks to a report from Alen Zukich <alen.zukich@klocwork.com>, several minor
  security issues have been addressed.  One was a buffer overflow that is
  potentially serious but which may not be exploitable, assigned CAN-2005-0753
  by the Common Vulnerabilities and Exposures Project
  <http://www.cve.mitre.org>.  Other fixes resulting from Alen's report include
  repair of an arbitrary free with no known exploit and several plugged memory
  leaks and potentially freed NULL pointers which may have been exploitable for
  a denial of service attack.

* Thanks to a report from Craig Monson <craig@malachiarts.com>, minor
  potential vulnerabilities in the contributed Perl scripts have been fixed.
  The confirmed vulnerability could allow the execution of arbitrary code on
  the CVS server, but only if a user already had commit access and if one of
  the contrib scripts was installed improperly, a condition which should have
  been quickly visible to any administrator.  The complete description of the
  problem is here: <https://ccvs.cvshome.org/issues/show_bug.cgi?id=224>.  If
  you were making use of any of the contributed trigger scripts on a CVS
  server, you should probably still replace them with the new versions, to be
  on the safe side.

  Unfortunately, our fix is incomplete.  Taint-checking has been enabled in all
  the contributed Perl scripts intended to be run as trigger scripts, but no
  attempt has been made to ensure that they still run in taint mode.  You will
  most likely have to tweak the scripts in some way to make them run.  Please
  send any patches you find necessary back to <bug-cvs@nongnu.org> so that we
  may again ship fully enabled scripts in the future.

  You should also make sure that any home-grown Perl scripts that you might
  have installed as CVS triggers also have taint-checking enabled.  This can be
  done by adding `-T' on the scripts' #! lines.  Please try running
  `perldoc perlsec' if you would like more information on general Perl security
  and taint-checking.

BUG FIXES

* Thanks to a report and a patch from Georg Scwharz <georg.scwarz@freenet.de>
  CVS now builds without error on IRIX 5.3

DEVELOPER ISSUES

* We've standardized on Automake 1.9.5 to get some at new features that make
  our jobs easier.  See the HACKING file for more on using the autotools with
  CVS.

Changes from 1.11.18 to 1.11.19:
********************************

BUG FIXES

* Thanks to a patch from Jim Hyslop <jhyslop@ieee.org>, issuing
  'cvs watch on' or 'cvs watch off' in an empty directory no longer
  clears any watchers in that directory.

* An intermittant assertion failure in checkout has been fixed.

* Thanks to a report from Chris Bohn <cbohn@rrinc.com>, all the source files
  needed for the Windows "red file" fix are actually included in the
  distribution.

* Misc bug and documentation fixes.

Changes from 1.11.17 to 1.11.18:
********************************

BUG FIXES

* Thanks to a report from Gottfried Ganssauge <gotti@cvshome.org>, CVS no
  longer exits when it encounters links pointing to paths containing more
  than 128 characters.

* Thanks to a report from Dan Peterson <dbpete@aol.com>, error messages from
  GSSAPI servers are no longer truncated.

* Thanks to a report from Dan Peterson <dbpete@aol.com>, attempts to resurrect
  a file on the trunk that was added on a branch no longer causes an assertion
  failure.

* Thanks to a report from Dan Peterson <dbpete@aol.com>, imports to branches
  like "1.1." no longer create corrupt RCS archives.

* Thanks to a report from Chris Bohn <cbohn@rrinc.com>, links from J.C. Hamlin
  <jchamlin@ibsys.com>, and code posted by Jonathan Gilligan, we think we have
  finally corrected the Windows "red-file" (daylight savings time) bug once and
  for all.

* Thanks to a patch from Jeroen Ruigrok/asmodai <asmodai@wxs.nl>, the
  log_accum.pl script should no longer elicit warnings from Perl 5.8.5.

* The r* commands (rlog, rls, etc.) can once again handle requests to run
  against the entire repository (e.g. `cvs rlog .').  Thanks go to Dan Peterson
  <dbpete@aol.com> for the report.

* A problem where the attempted access of files via tags beginning with spaces
  could cause the CVS server to hang has been fixed.  This was a particular
  problem with WinCVS clients because users would sometimes accidentally
  include spaces in tags pasted into a dialog box.  This fix also altered some
  of the error messages generated by the use of invalid tags.  Thanks go to Dan
  Peterson <dbpete@aol.com> for the report.

* Thanks to James E Wilson <wilson@specifixinc.com> for a bug fix to
  modules processing "gcc-core -a !gcc/f gcc" will no longer exclude
  gcc/fortran by mistake.

* Thanks to Conrad Pino <conrad@pino.com>, the Windows build works once again.

* Misc updates to the manual.

DEVELOPER ISSUES

* We've standardized on Automake 1.9.3 to get some at new features that make
  our jobs easier.  See the note below on the Autoconf upgrade for more
  details.

* We've standardized on Autoconf version 2.59 to get presumed bug fixes and
  features, but nothing specific.  Mostly, once we decide to upgrade one of the
  autotools we just figure it'll save time later to grab the most current
  versions of the others too.  See the HACKING file for more on using the
  autotools with CVS.

Changes from 1.11.16 to 1.11.17:
********************************

SERVER SECURITY FIXES

* Thanks to Stefan Esser & Sebastian Krahmer, several potential security
  problems have been fixed.  The ones which were considered dangerous enough
  to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, &
  CAN-2004-0418 by the Common Vulnerabilities and Exposures Project.  Please
  see <http://www.cve.mitre.org> for more information.

* A potential buffer overflow vulnerability in the server has been fixed.
  This addresses the Common Vulnerabilities and Exposures Project's issue
  #CAN-2004-0414.  Please see <http://www.cve.mitre.org> for more information.

Changes from 1.11.15 to 1.11.16:
********************************

SERVER SECURITY FIXES

* A potential buffer overflow vulnerability in the server has been fixed.
  Prior to this patch, a malicious client could potentially use carefully
  crafted server requests to run arbitrary programs on the CVS server machine.
  This addresses the Common Vulnerabilities and Exposures Project's issue
  #CAN-2004-0396.  Please see <http://www.cve.mitre.org> for more information.

BUG FIXES

* The Microsoft Visual C++ workspace and project files have been repaired and
  regenerated with MSVC++ 6.0.

* The cvs.1 man page is now generated automatically from a section of the CVS
  Manual.

* Thanks to a report from Mark Andrews at the Internet Systems Consortium, the
  :ext: connection method no longer relies on a transparent transport that uses
  an argument processor that can handle arbitrary ordering of options and other
  arguments when using a username other than the caller's.

* Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release'
  or empty directory pruning, now works on network shares under Windows XP.

Changes from 1.11.14 to 1.11.15:
********************************

SERVER SECURITY ISSUES

* Piped checkouts of paths above $CVSROOT no longer work.  Previously, clients
  could have requested the contents of RCS archive files anywhere on a CVS
  server.  This addresses CVE issue CAN-2004-0405.  Please see
  <http://www.cve.mitre.org> for more information.

CLIENT SECURITY ISSUES

* Clients now check paths from the server to verify that they are within one of
  the sandboxes the user requested be updated.  Previously, a trojan server
  could have written or overwritten files anywhere the user had access,
  presenting a serious security risk.  This addresses CVE issue CAN-2004-1080.
  Please see <http://www.cve.mitre.org> for more information.

GENERAL USER ISSUES

* Method options (used by WinCVS & CVS 1.12.7+) in CVSROOTs are ignored.

* Configure no longer checks the $TMPDIR, $TMP, & $TEMP variables to set the
  default temporary directory.

* CVS on Cygwin correctly handles X:\ style paths.

* Import now uses backslash rather than slash on Windows when checking for
  "CVS" directories to ignore in import commands.

* Relative paths containing up-references (`..') should now work in
  client/server mode (client fix).

* A race condition between the ordering of messages from CVS and messages from
  called scripts in client/server mode has been removed (server fix).

* Resurrected files now get their modes and timestamps set correctly and a
  longstanding bug involving resurrection of an uncommitted removal has been
  fixed (server fix).

* Some resurrection (cvs add) status messages have changed slightly.

* `cvs release' now works with Kerberos or GSSAPI encryption enabled (server
  fix).

* File resurrection from a previously existing revision no longer just reports
  that it works (server fix).

* Misc error & status message corrections.

* Diffing of locally added files against arbitrary revisions in an RCS archive
  is now allowed when a file of the same name exists or used to exist on some
  branch (server fix).

* Misc documentation fixes.

Changes from 1.11.13 to 1.11.14:
********************************

GENERAL USER ISSUES

* Imports will now always ignore directories and files named `CVS' to avoid
  violating assumptions made by other parts of CVS.

* A problem with `cvs release' of subdirs that could corrupt CVS/Entries files
  has been fixed (client/server).

* The CVS server's protocol check for unused data from the client is no longer
  called automatically at program exit in order to avoid potential recursive
  calls to error when the first close is due to memory allocation or similar
  problems that cause calls to error() to fail.  The check is still made when
  the server program exits normally.

* The spec file has been updated to work with more recent versions of RPM.

* Several memory leaks have been plugged (client/server).

DEVELOPER ISSUES

* Misc cosmetic, readability, and commenting fixes.

Changes from 1.11.12 to 1.11.13:
********************************

GENERAL USER ISSUES

* Several memory leaks have been plugged.

* Thanks to Ville Skyttä the man page has a few less spelling errors and is
  slightly more accurate.

* An unlikely potential segfault when using the :fork: connection method has
  been fixed.

* The CVS server has had the protocol check for unused data from the client
  partially restored.

* A fix has been included that should avoid a very rare race condition that
  could cause a CVS server to exit with a "broken pipe" message.

* A minor problem with the nmake build file that was preventing the source from
  compiling under Windows has been fixed.

* Tests have been added to the test suite.

DEVELOPER ISSUES

* Misc cosmetic, readability, and commenting fixes.

Changes from 1.11.11 to 1.11.12:
********************************

GENERAL USER ISSUES

* Infinite alias loops in the modules file are now checked for and avoided.

* Clients on case insensitive systems now preserve the case of directories in
  CVS/Entries, in addition to files, for use in communications with the CVS
  server.

* Some previously untested behavior is now being tested.

* Server support for case insensitive clients has been removed in favor of the
  server relying on the client to preserve the case of checked out files, as
  per the CVS client/server protocol spec.  This is not as drastic as it may
  sound, as all of the current tests still pass without modification when run
  from a case insensitive client to a case sensitive server.  This change
  disables little previous functionality, enables access to more of the
  possible namespace to users on systems with case insensitive file systems,
  fixes a few bugs, and in the end this should provide a major stability
  improvement.

* Thanks to Ville Skyttä the man page is a bit more accurate.

* Thanks to Ville Skyttä some unused variables were removed from the log_accum
  Perl script in contrib.

* Thanks to Alexey Mahotkin, a bug that prevented CVS from being compiled with
  Kerberos 4 authentication enabled has been fixed.

* A minor bug that caused CVS to fail to report an inifinte alias loop in the
  modules file when portions of the alias definition contained trailing slashes
  has been fixed.

* A bug in the gzip code that could cause heap corruption and segfaults in CVS
  servers talking to clients less than 1.8 and some modern third-party CVS
  clients has been fixed.

* mktemp.sh is now included with the source distribution so that the rcs2log
  and cvsbug executables may be run on systems which do not contain an
  implementation of mktemp.

* Misc documentation fixes.

Changes from 1.11.10 to 1.11.11:
********************************

SERVER SECURITY ISSUES

* pserver can no longer be configured to run as root via the
  $CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no
  longer leads directly to a root hack.  Attempts to root will also be logged
  via the syslog.

Changes from 1.11.9 to 1.11.10:
*******************************

SERVER SECURITY ISSUES

* Malformed module requests could cause the CVS server to attempt to create
  directories and possibly files at the root of the filesystem holding the CVS
  repository.  Filesystem permissions usually prevent the creation of these
  misplaced directories, but nevertheless, the CVS server now rejects the
  malformed requests.

GENERAL USER ISSUES

* Case insensitive clients using a case sensitive server can now use a
  `cvs rm -f file; cvs add FILE' command sequence to add a file with the same
  name in a new case.

* CVSROOTs which contain a symlink to a real repository should work.

* The configure script now tests whether it is building CVS on a case
  insensitive file system.  If it is, CVS assumes that all file systems on this
  platform will be case insensitive.  This is useful for getting the case
  insensitivity flag set correctly when compiling on Mac OS X and under Cygwin
  on Windows.  Autodetection can be overridden using the
  --disable-case-sensitivity and --enable-case-sensitivity arguments to
  configure.

* A behavior change in `cvs up -jrev1 -jrev2' for modified files with a base
  revision of rev2 (ie, checked-out version matches rev2 and file has been
  modified).  The operation is no longer ignored and instead is passed to
  diff3.  This will potentially re-apply the diffs between the two revisions to
  a modified local file.  Status messages like from a standard merge have also
  been added when the file would not or does not change due to this merge
  request ("[file] already contains the changes between [revisions]...").

* A bug which could stop `cvs admin -mTAG:message' from recursing has been
  fixed.

* Misc documentation cleanup and fixes.

* Some of the contrib scripts, some of the documentation, and sanity.sh were
  modified to use and recommend more portable commands rather than using and
  recommending commands which were not compatible with the POSIX 1003.1-2001
  specification.

DEVELOPER ISSUES

* A new set of tests to test issues specific to case insensitive clients and
  servers has also been added.

* Support has been added to the test suite to support testing over a :ext: link
  to another machine, subject to some stringent requirements.  This support can
  be used, for instance, to test the operation of a case insensitive client
  against a case sensitive server.  Please see the comments in TEST and the
  src/sanity.sh test script itself for more.

* We've standardized on Automake 1.7.9 to get a bug fix.  See the note below
  on the Autoconf upgrade for more details.

* We've standardized on Autoconf version 2.58 to avoid a bug and get at a few
  new macros.  Again, this should only really affect developers, though it is
  possible that CVS will now compile on a few new platforms.  Please see the
  section of the INSTALL file about using the autotools if you are compiling
  CVS yourself.

Changes from 1.11.8 to 1.11.9:

* CVS now knows how to report, as well as record, `P' record types.

* When running the `cvs history' command, clients will now send the
  long-accepted `-e' option, for all records, rather than explicitly requesting
  `P' record types, a request which servers prior to 1.11.7 will reject with a
  fatal error message.

* A problem with locating files requested by case insensitive clients which was
  accidentally introduced in 1.11.6 as part of a fix for a data loss problem
  involving `cvs add's from case insensitive clients has been fixed.  The
  relevant error message was `cvs [<command> aborted]: filE,v is ambiguous;
  could mean FILE,v or file,v'.

* Attempts to use the global `-l' option, removed from both client and server
  as of version 1.11.6, will now elicit a warning rather than a fatal error
  from the server.

Changes from 1.11.7 to 1.11.8:

* A problem in the CVS getpass library that could cause passwords to echo on
  some systems has been fixed.

Changes from 1.11.6 to 1.11.7:

* A segfault that could occur in very rare cases where the stat of a file
  failed during a diff has been fixed.

* Any user with write privleges to the CVSROOT/checkoutlist file could pass
arbitrary format strings directly through to a printf function.  This was
probably bad and has been fixed.  White space at the beginning of error strings
in checkoutlist is now ignored properly.

* In client/server mode, most messages from CVS now contain the actual
command name rather than the generic "server".

* A long-standing bug that prevented most client/server updates from being
logged in the history file has been fixed.

* Updates done via a patch ("P" status) are now logged in the history file
by default and the corresponding "P" history record type is now documented.
If you're setting the LogHistory option in your CVSROOT/config file, you may
want to add "P" to the list of record types.

* CVS now will always compile and its own getpass() function (originally from
GNULIB) in favor of any system one that may exist.  This avoids some problems
with long passwords on some systems and updates us to POSIX.2 compliance, since
getpass() was removed from the POSIX.2 specification.

* A bug that allowed a write lock to be created in a directory despite
there being existing read locks when using LockDir in CVSROOT/config has
been fixed.

* A bug with short patches (`rdiff -s') which caused rdiff to sometimes report
differences that did not exist has been fixed.

* Some minor corrections were made to the diff code to keep diff & rdiff from
printing diff headers with empty change texts when two files have different
revision numbers but the same content.

* The global '-l' option, which suppressed history logging, has been removed
from both client and server.

Changes from 1.11.5 to 1.11.6:

* A warning message is now issued if an administrative file contains
more than one DEFAULT entry.

* An error running a verifymsg script (such as referencing an unset user
variable or the script not existing) now causes the verification to
fail.

* Errors in administrative files commands (like unset user variables)
are no longer reported unless the command is actually executed.

* When a file is initially checked out, its last access time is now set
to the current time rather than being set to the time the file was last
checked in like the modification time is.

* The Checkin.prog and Update.prog functionality has been removed.  This
fuctionality previously allowed executables to be specified in the modules file
to be run at update and checkin time, but users could edit these files on a per
workspace basis, creating a security hole.

* contrib/rcs2log and src/cvsbug now use the BSD mktemp program to create
their temp files and directories on systems which provide it.

* Corrected the path in a failed write error message.

* Autoconf and Automake are no longer run automatically unless you run
configure with --enable-maintainer-mode.  Accordingly, noautomake.sh is
no longer needed and has been removed.

* We've standardized on Automake version 1.7.5 and Autoconf version 2.57 to get
at a few new macros.  Again, this should only really affect developers.  See
the section of the INSTALL file about using the autotools if you are compiling
CVS yourself.

Changes from 1.11.4 to 1.11.5:

* Fixed a security hole in the CVS server by which users with read only access
could gain write access.  This issue does not affect client builds.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2003-0015 to this issue.  See
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015> for more
information.

* Fixed some bugs where revision numbers starting with 0 (like 0.3)
weren't correctly handled.  (CVS doesn't normally use such revision
numbers, but users may be able to force it to do so and old RCS files
might.)

Changes from 1.11.3 to 1.11.4:

* Some minor changes to allow the code to compile on Windows platforms.

Changes from 1.11.2 to 1.11.3:

* The tag/rtag code has been fixed to once again lock just a single
directory at a time.

* There was a bug where certain error conditions could cause the server
to go into an infinite loop.  There was also a bug that caused a
compressed connection from an older client to hang on shutdown.  These
bugs have been fixed.

* Fixed a bug that caused the server to reject most watch commands.

* When waiting for another user's lock, the message timestamps are now
in UTC rather than the server's local time.

* The options.h file is no longer used.  This fixes a bug that occurred when
1.11.2 was compiled on Windows platforms.

* We've standardized on Automake version 1.6.3 and Autoconf version 2.53.
They are cleaner, less bug prone, and will hopfully allow me to start updating
sanity.sh to use Autotest and Autoshell.  Again, this should only really affect
developers.  See the section of the INSTALL file about using the autotools if
you are compiling CVS yourself.

* Fixed a bug in the log/rlog code when a revision range crosses a
branch point.

* Fixed a bug where filenames starting with - would be misinterpreted as
options when using client/server mode.

Changes from 1.11.1p1 to 1.11.2:

* There is a new feature, enabled by RereadLogAfterVerify in CVSROOT/config,
which tells CVS to reread the log message after running the verifymsg
script.  This allows the verifymsg script to reformat or otherwise
modify the log message.

* The interpretation of revision ranges using :: in "log" and "rlog"
has changed: a::b now excludes the log message from revision a but
includes the log message from revision b.  Also, revision ranges that
cross branch points should now work.

* zlib has been updated to version 1.4.  There is a security advisory
out in regards to 1.3.  This should fix that problem.

* The "log" and "rlog" commands now have a -S option to suppress the
header information when no revisions are selected.

* A serious error that allowed read-only users to tag files has been
corrected.

* The "annotate" command will no longer annotate binary files unless
you specify the new -F option.

* The "tag" and "rtag" commands will no longer move or delete branch
tags unless you use the new -B option.  (This prevents accidental
changes to branch tags that are hard to undo.)

* We've standardized on the 1.5 Automake release for the moment.  Again, this
should only really affect developers.  See the section of the INSTALL file
about using the autotools if you are compiling CVS yourself.

Changes from 1.11.1 to 1.11.1p1:

* Read only access was broken - now fixed.

Changes from 1.11 to 1.11.1:

* There was a locking bug in the tag/rtag code that could lose changes
made to a file while the tag operation was in progress.  This has been
fixed, but all of the directories being tagged are now locked for the
entire duration of the tag operation rather than only one directory at a
time.

* The "cvs diff" command now accepts the -y/--side=by-side and -T/
--initial-tab options.  (To use these options with a remote repository,
both the client and the server must support them.)

* The expansion of the loginfo format string has changed slightly. 
Previously, the expansion was surrounded by single quotes ('); if a file
name contained a single quote character, the string would not be parsed
as a single entity by the Unix shell (and it would not be possible to
parse it unambiguously).  Now the expansion is surrounded by double
quotes (") and any embedded dollar signs ($), backticks (`), backslashes
(\), and double quotes are preceded by a backslash.  This is parsed as a
single entity by the shell reguardless of content.  This change should
not be noticable unless you're not using a Unix shell or you have
embedded the format string inside a double quoted string.

* There was a bug in the diff code which sometimes caused conflicts to
be flagged which shouldn't have been.  This has been fixed.

* New "cvs rlog" and "cvs rannotate" commands have been added to get log
messages and annotations without having to have a checked-out copy.

* Exclusive revision ranges have been added to "cvs log" using ::
(similar to "cvs admin -o").

* The VMS client now accepts wildcards if you're running VMS 7.x.

* ZLIB has been updated to version 1.1.3, the most current version.  This
includes mostly some optimizations and minor bug fixes.

* The ~/.cvspass file has a slightly modified format.  CVSROOTs are now
stored in a new canonical form - hostnames are now case insensitive and
port numbers are always stored in the new format.  Until a new login for
a particular CVSROOT is performed with the new version of CVS, new and
old versions of CVS should interoperate invisibly.  After that point, an
extra login using the old version of CVS may be necessary to continue to
allow the new and old versions of CVS to interoperate using the same
~/.cvspass file and CVSROOT. The exception to this rule occurs when the
CVSROOTs used with the different versions use case insensitively
different hostnames, for example, "empress", and "empress.2-wit.com".

* A password and a port number may now be specified in CVSROOT for
pserver connections.  The new format is:

    :pserver:[[user][:password]@]host[:[port]]/path

Note that passwords specified in a checkout command will be saved in the
clear in the CVS/Root file in each created directory, so this is not
recommended, except perhaps when accessing anonymous repositories or the
like.

* The distribution has been converted to use Automake.  This shouldn't
affect most users except to ease some portability concerns, but if you
are building from the repository and encounter problems with the
makefiles, you might try running ./noautomake.sh after a fresh update
-AC.

Changes from 1.10 to 1.11:

* The "cvs update" command has a new -C option to get clean copies from
the repository, abandoning any local changes.

* The new "cvs version" command gives a short version message.  If
the repository is remote, both the client and server versions are
reported.

* "cvs admin -t" now works correctly in client/server mode.

* The "cvs history" command output format has changed -- the date
now includes the year and is given is ISO 8601 format (yyyy-mm-dd).
Also, the new LogHistory option in CVSROOT/config can be used to
control what information gets recorded in the log file and code has
been added to record file removals.

* The buggy PreservePermissions code has been disabled.

* Anonymous read-only access can now be done without requiring a
password.  On the server side, simply give that user (presumably
`anonymous') an empty password in the CVSROOT/passwd file, and then
any received password will authenticate successfully.

* There is a new access method :fork: which is similar to :local:
except that it is implemented via the CVS remote protocol, and thus
has a somewhat different set of quirks and bugs.

* The -d command line option no longer updates the CVS/Root file.  For
one thing, the CVS 1.9/1.10 behavior never had updated CVS/Root in
subdirectories, and for another, it didn't seem that popular in
general.  So this change restores the CVS 1.8 behavior (which is also
the CVS 1.9/1.10 behavior if the environment variable
CVS_IGNORE_REMOTE_ROOT is set; with this change,
CVS_IGNORE_REMOTE_ROOT no longer has any effect).

* It is now possible for a single CVS command to recurse into several
CVS roots.  This includes roots which are located on several servers,
or which are both remote and local.  CVS will make connections to as
many servers as necessary.

* It is now possible to put the CVS lock files in a directory
set by the new LockDir option in CVSROOT/config.  The default
continues to be to put the lock files in the repository itself.

Changes from 1.9 to 1.10:

* A bug was discovered in the -t/-f wrapper support that can cause
serious data loss.  Because of this (and also the fact that it doesn't
work at all in client/server mode), the -t/-f wrapper code has been
disabled until it can be fixed.

* There is a new feature, enabled by TopLevelAdmin in CVSROOT/config,
which tells CVS to modify the behavior of the "checkout" command.  The
command now creates a CVS directory at the top level of the new
working directory, in addition to CVS directories created within
checked-out directories.  See the Cederqvist for details.

* There is an optional set of features, enabled by PreservePermissions
in CVSROOT/config, which allow CVS to store unix-specific file
information such as permissions, file ownership, and links.  See the
Cederqvist for details.

* One can now authenticate and encrypt using the GSSAPI network
security interface.  For details see the Cederqvist's description of
specifying :gserver: in CVSROOT, and the -a global option.

* All access to RCS files is now implemented internally rather than by
calling RCS programs.  The main user-visible consequence of this is
that there is no need to worry about making sure that CVS finds the
correct version of RCS.  The -b global option and the RCSBIN setting
in CVSROOT/config are still accepted but don't do anything.  The
$RCSBIN internal variable in administrative files is no longer
accepted.

* There is a new syntax, "cvs admin -orev1::rev2", which collapses the
revisions between rev1 and rev2 without deleting rev1 or rev2
themselves.

* There is a new administrative file CVSROOT/config which allows one
to specify miscellaneous aspects of CVS configuration.  Currently
supported here:

  - SystemAuth, allows you to prevent pserver from checking for system
  usernames/passwords.

For more information see the "config" section of cvs.texinfo.

* When setting up the pserver server, one now must specify the
allowable CVSROOT directories in inetd.conf.  See the Password
authentication server section of cvs.texinfo for details.  Note that
this implies that everyone who is running a pserver server must edit
inetd.conf when upgrading their CVS.

* The client no longer needs an external patch program (assuming both
the client and the server have been updated to the new version).

* "cvs admin [options]" will now recurse.  In previous versions of
CVS, it was an error and one needed to specify "cvs admin [options] ."
to recurse.  This change brings admin in line with the other CVS
commands.

* New "logout" command to remove the password for a remote cvs
repository from the cvspass file.

* Read-only repository access is implemented for the
password-authenticated server (other access methods are just governed
by Unix file permissions, since they require login access to the
repository machine anyway).  See the "Repository" section of
cvs.texinfo for details, including a discussion of security issues.
Note that the requirement that read-only users be able to create locks
and write the history file still applies.

* There is a new administrative file verifymsg which is like editinfo
but merely validates the message, rather than also getting it from the
user.  It therefore works with client/server CVS or if one uses the -m
or -F options to commit.  See the verifymsg section of cvs.texinfo for
details.

* The %s format formerly accepted in loginfo has been extended to
formats such as %{sVv}, so that loginfo scripts have access to the
version numbers being changed.  See the Loginfo section of cvs.texinfo
for details.

* The postscript documentation (doc/cvs.ps) shipped with CVS is now
formatted for US letter size instead of A4.  This is not because we
consider this size "better" than A4, but because we believe that the
US letter version will print better on A4 paper than the other way
around.

* The "cvs export" command is now logged in the history file and there
is a "cvs history -x E" command to select history file entries
produced by export.

* CVS no longer uses the CVS_PASSWORD environment variable.  Storing
passwords in cleartext in an environment variable is a security risk,
especially since (on BSD variants) any user on the system can display
any process's environment using 'ps'.  Users should use the 'cvs
login' command instead.


Changes from 1.8 to 1.9:

* Windows NT client should now work on Windows 95 as well.

* New option "--help-synonyms" prints a list of all recognized command
synonyms.

* The "log" command is now implemented internally rather than via the
RCS "rlog" program.  The main user-visible consequence is that
symbolic branch names now work (for example "cvs log -rbranch1").
Also, the date formats accepted by -d have changed.  They previously
had been a bewildering variety of poorly-documented date formats.  Now
they are the same as the date formats accepted by the -D options to
the other CVS commands, which is also a (different) bewildering
variety of poorly-documented date formats, but at least we are
consistently bewildering :-).

* Encryption is now supported over a Kerberos client/server
connection.  The new "-x" global option requests it.  You must
configure with the --enable-encryption option in order to enable
encryption.

* The format of the CVS commit message has changed slightly when
committing changes on a branch.  The tag on which the commit is
ocurring is now reported correctly in all cases.

* New flag -k in wrappers allows you to specify the keyword expansion
mode for added files based on their name.  For example, you can
specify that files whose name matches *.exe are binary by default.
See the Wrappers section of cvs.texinfo for more details.

* Remote CVS with the "-z" option now uses the zlib library (included
with CVS) to compress all communication between the client and the
server, rather than invoking gzip on each file separately.  This means
that compression is better and there is no need for an external gzip
program (except to interoperate with older version of CVS).

* The "cvs rlog" command is deprecated and running it will print a
warning; use the synonymous "cvs log" command instead.  It is
confusing for rlog to mean the same as log because some other CVS
commands are in pairs consisting of a plain command which operates on
a working directory and an "r" command which does not (diff/rdiff;
tag/rtag).

* "cvs diff" has a bunch of new options, mostly long options.  Most of
these work only if rcsdiff and diff support them, and are named the
same as the corresponding options to diff.

* The -q and -Q command options to "cvs diff" were removed (use the
global options instead).  This brings "cvs diff" into line with the
rest of the CVS commands.

* The "annotate" command can now be used to annotate a revision other
than the head revision on the trunk (see the -r, -D, and -f options in
the annotate node of cvs.texinfo for details).

* The "tag" command has a new option "-c" which checks that all files
  are not locally modified before tagging.

* The -d command line option now overrides the cvsroot setting stored
in the CVS/Root file in each working directory, and specifying -d will
cause CVS/Root to be updated.

* Local (non-client/server) CVS now runs on Windows NT.  See
windows-NT/README for details.

* The CVSROOT variable specification has changed to support more
access methods.  In addition to "pserver," "server" (internal rsh
client), "ext" (external rsh client), "kserver" (kerberos), and
"local" (local filesystem access) can now be specified.  For more
details on each method, see cvs.texinfo (there is an index entry for
:local: and each of the other access methods).

* The "login" command no longer prompts the user for username and
hostname, since one will have to provide that information via the `-d'
flag or by setting CVSROOT.

Changes from 1.7 to 1.8:

* New "cvs annotate" command to display the last modification for each
line of a file, with the revision number, user checking in the
modification, and date of the modification.  For more information see
the `annotate' node in cvs.texinfo.

* The cvsinit shell script has been replaced by a cvs init command.
The cvs init command creates some example administrative files which
are similar to the files found in the examples directory (and copied
by cvsinit) in previous releases.

* Added the patterns *.olb *.exe _$* *$ to default ignore list.

* There is now a $USER internal variable for *info files.

* There is no longer a separate `mkmodules' program; the functionality
is now built into `cvs'.  If upgrading an old repository, it is OK to
leave in the lines in the modules file which run mkmodules (the
mkmodules actions will get done twice, but that is harmless); you will
probably want to remove them once you are no longer using the old CVS.

* One can now specify user variables in *info files via the
${=varname} syntax; there is a -s global option to set them.  See the
Variables node in cvs.texinfo for details.

Changes from 1.6 to 1.7:

* The default ignore list has changed slightly: *.obj has been added
and CVS* has been changed to CVS CVS.adm.

* CVS now supports password authentication when accessing remote
repositories; this is useful for sites that can't use rsh (because of
a firewall, for example), and also don't have kerberos.  See node
"Password authenticated" (in "Remote repositories", in
doc/cvs.texinfo) for more details.  Note: This feature requires both
the client and server to be upgraded.

* Using the -kb option to specify binary files now works--most cases
did not work before.  See the "Binary files" section of
doc/cvs.texinfo for details.

* New developer communication features.  See the "Watches" section of
doc/cvs.texinfo for details.

* RCS keyword "Name" supported for "cvs update -r <tag>" and "cvs
checkout -r <tag>".

* If there is a group whose name matches a compiled in value which
defaults to "cvsadmin", only members of that group can use "cvs
admin".  This replaces the CVS_NOADMIN option.

* CVS now sets the modes of files in the repository based on the
CVSUMASK environment variable or a compiled in value defaulting to
002.  This way other developers will be able to access the files in
the repository regardless of the umask of the developer creating them.

* The command names in .cvsrc now match the official name of the
command, not the one (possibly an alias) by which it was invoked.  If
you had previously relied on "cvs di" and "cvs diff" using different
options, instead use a shell function or alias (for example "alias
cvsdi='cvs diff -u'").  You also can specify global CVS options (like
"-z") using the command name "cvs".

Changes from 1.5 to 1.6:

* Del updated the man page to include all of the new features
of CVS 1.6.

* "cvs tag" now supports a "-r | -D" option for tagging an already
tagged revision / specific revision of a file.

* There is a "taginfo" file in CVSROOT that supports filtering and
recording of tag operations.

* Long options support added, including --help and --version options.

* "cvs release" no longer cares whether or not the directory being
released has an entry in the `modules' file.

* The modules file now takes a -e option which is used instead of -o
for "cvs export".  If your modules file has a -o option which you want
to be used for "cvs export", change it to specify -e as well as -o.

* "cvs export" now takes a -k option to set RCS keyword expansion.
This way you can export binary files.  If you want the old behavior,
you need to specify -kv.

* "cvs update", "cvs rdiff", "cvs checkout", "cvs import", "cvs
release", "cvs rtag", and "cvs tag" used to take -q and -Q options
after the command name (e.g. "cvs update -q").  This was confusing
because other commands, such as "cvs ci", did not.  So the options
after the command name have been removed and you must now specify, for
example, "cvs -q update", which has been supported since CVS 1.3.

* New "wrappers" feature.  This allows you to set a hook which
transforms files on their way in and out of cvs (apparently on the
NeXT there is some particular usefulness in tarring things up in the
repository).  It also allows you to declare files as merge-by-copy
which means that instead of trying to merge the file, CVS will merely
copy the new version.  There is a CVSROOT/cvswrappers file and an
optionsl ~/.cvswrappers file to support this feature.

* You can set CVSROOT to user@host:dir, not just host:dir, if your
username on the server host is different than on the client host.

* VISUAL is accepted as well as EDITOR.

* $CVSROOT is expanded in *info files.

Changes from 1.4A2 to 1.5:

* Remote implementation.  This is very helpful when collaborating on a
project with someone across a wide-area network.  This release can
also be used locally, like other CVS versions, if you have no need for
remote access.

Here are some of the features of the remote implementation:
- It uses reliable transport protocols (TCP/IP) for remote repository
  access, not NFS.  NFS is unusable over long distances (and sometimes
  over short distances)
- It transfers only those files that have changed in the repository or
  the working directory.  To save transmission time, it will transfer
  patches when appropriate, and can compress data for transmission.
- The server never holds CVS locks while waiting for a reply from the client;
  this makes the system robust when used over flaky networks.

The remote features are documented in doc/cvsclient.texi in the CVS
distribution, but the main doc file, cvs.texinfo, has not yet been
updated to include the remote features.

* Death support.  See src/README-rm-add for more information on this.

* Many speedups, especially from jtc@cygnus.com.

* CVS 1.2 compatibility code has been removed as a speedup.  If you
have working directories checked out by CVS 1.2, CVS 1.3 or 1.4A2 will
try to convert them, but CVS 1.5 and later will not (if the working
directory is up to date and contains no extraneous files, you can just
remove it, and then check out a new working directory).  Likewise if
your repository contains a CVSROOT.adm directory instead of a CVSROOT
directory, you need to rename it.

Fri Oct 21 20:58:54 1994  Brian Berliner  <berliner@sun.com>

	* Changes between CVS 1.3 and CVS 1.4 Alpha-2

	* A new program, "cvsbug", is provided to let you send bug reports
	directly to the CVS maintainers.  Please use it instead of sending
	mail to the info-cvs mailing list.  If your build fails, you may
	have to invoke "cvsbug" directly from the "src" directory as
	"src/cvsbug.sh".

	* A new User's Guide and Tutorial, written by Per Cederqvist
	<ceder@signum.se> of Signum Support.  See the "doc" directory.  A
	PostScript version is included as "doc/cvs.ps".

	* The Frequesntly Asked Questions file, FAQ, has been added to the
	release.  Unfortunately, its contents are likely out-of-date.

	* The "cvsinit" shell script is now installed in the $prefix/bin
	directory like the other programs.  You can now create new
	CVS repositories with great ease.

	* Index: lines are now printed on output from 'diff' and 'rdiff',
	in order to facilitate application of patches to multiple subdirs.

	* Support for a ~/.cvsrc file, which allows you to specify options
	that are always supposed to be given to a specific command.  This
	feature shows the non-orthogonality of the option set, since while
	there may be an option to turn something on, the option to turn
	that same thing off may not exist.

	* You can now list subdirectories that you wish to ignore in a
	modules listing, such as:

		gcc  -a gnu/gcc, !gnu/gcc/testsuites

	which will check out everything underneath gnu/gcc, except
	everything underneath gnu/gcc/testsuites.

	* It is now much harder to accidentally overwrite an existing tag
	name, since attempting to move a tag name will result in a error,
	unless the -F (force) flag is given to the tag subcommands.

	* Better error checking on matching of the repository used to
	check code out from against the repository the current cvs
	commnands would use. (Thanks to Mark Baushke <mdb@cisco.com>)

	* Better support for sites with multiple CVSROOT repositories has
	been contributed.  The file "CVS/Root" in your working directory
	is created to hold the full path to the CVS repository and a
	simple check is made against your current CVSROOT setting.

	* You can now specify an RCS keyword substitution value when you
	import files into the repository.

	* Uses a much newer version of Autoconf, and conforms to the GNU
	coding standards much more closely.  No, it still doesn't have
	long option names.

	* Code cleanup.  Many passes through gcc -Wall helped to identify
	a number of questionable constructs.  Most arbitrary length limits
	were removed.

	* Profiling to determine bottlenecks helped to identify the best
	places to spend time speeding up the code, which was then done.  A
	number of performance enhancements in filename matching have sped
	up checkouts.

	* Many more contributions have been added to the "contrib"
	directory.  See the README file in that directory for more
	information.

	* "cvs commit" will try harder to not change the file's
	modification time after the commit.  If the file does not change
	as a result of the commit operation, CVS will preserve the
	original modification time, thus speeding up future make-type
	builds.

	* "cvs commit" now includes any removed files in the (optional)
	pre-commit checking program that may be invoked.  Previously, only
	added and modified files were included.

	* It is now possible to commit a file directly onto the trunk at a
	specific revision level by doing "cvs commit -r3.0 file.c", where
	"3.0" specifies the revision you wish to create.  The file must be
	up-to-date with the current head of the trunk for this to succeed.

	* "cvs commit" will now function with a pre-commit program that
	has arguments specified in the "commitinfo" file.

	* The "mkmodules" program will now look within the
	$CVSROOT/CVSROOT/checkoutlist" file for any additional files that
	should be automatically checked out within CVSROOT; mkmodules also
	tries harder to preserve any execute bits the files may have
	originally had.

	* "cvs diff" is much more accurate about its exit status now.  It
	now returns the maximum exit status of any invoked diff.

	* The "-I !" option is now supported for the import and update
	commands correctly.  It will properly clear the ignore list now.

	* Some problems with "cvs import" handling of .cvsignore have been
	fixed; as well, some rampant recursion problems with import have
	also been fixed.

	* "cvs rdiff" (aka "cvs patch") now tries to set the modify time
	of any temporary files it uses to match those specified for the
	particular revision.  This allows a more accurate patch image to
	be created.

	* "cvs status" has improved revision descriptions.  "Working
	revision" is used for the revision of the working file that you
	edit directly; "Repository revision" is the revision of the file
	with the $CVSROOT source repository.  Also, the output is clearer
	with regard to sticky and branch revisions.

	* CVS no longer dumps core when given a mixture of directories and
	files in sub-directories (as in "cvs ci file1 dir1/file2").
	Instead, arguments are now clumped into their respective directory
	and operated on in chunks, together.

	* If the CVSEDITOR environment variable is set, that editor is
	used for log messages instead of the EDITOR environment variable.
	This makes it easy to substitute intelligent programs to make more
	elaborate log messages.  Contributed by Mark D Baushke
	(mdb@cisco.com).

	* Command argument changes:
	cvs:			The "-f" option has been added to ignore
				the ~/.cvsrc file.
	commit:			Renamed the "-f logfile" option to the
				"-F logfile" option.  Added the "-f"
				option to force a commit of the specified
				files (this disables recursion).
	history:		Added "-t timezone" option to force any
				date-specific output into the specified
				timezone.
	import:			Added "-d" option to use the file's
				modification time as the time of the
				import. Added "-k sub" option to set the
				default RCS keyword substitution mode for
				newly-created files.
	remove:			Added "-f" option to force the file's
				automatic removal if it still exists in
				the working directory (use with caution).
	rtag:			Added "-F" option to move the tag if it
				already exists -- new default is to NOT
				move tags automatically.
	tag:			Added "-F" option to move the tag if it
				already exists -- new default is to NOT
				move tags automatically.

Tue Apr  7 15:55:25 1992  Brian Berliner  (berliner at sun.com)

	* Changes between CVS 1.3 Beta-3 and official CVS 1.3!

	* A new shell script is provided, "./cvsinit", which can be run at
	install time to help setup your $CVSROOT area.  This can greatly
	ease your entry into CVS usage.

	* The INSTALL file has been updated to include the machines on
	which CVS has compiled successfully.  I think CVS 1.3 is finally
	portable.  Thanks to all the Beta testers!

	* Support for the "editinfo" file was contributed.  This file
	(located in $CVSROOT/CVSROOT) can be used to specify a special
	"editor" to run on a per-directory basis within the repository,
	instead of the usual user's editor.  As such, it can verify that
	the log message entered by the user is of the appropriate form
	(contains a bugid and test validation, for example).

	* The manual pages cvs(1) and cvs(5) have been updated.

	* The "mkmodules" command now informs you when your modules file
	has duplicate entries.

	* The "add" command now preserves any per-directory sticky tag when
	you add a new directory to your checked-out sources.

	* The "admin" command is now a fully recursive interface to the
	"rcs" program which operates on your checked-out sources.  It no
	longer requires you to specify the full path to the RCS file.

	* The per-file sticky tags can now be effectively removed with
	"cvs update -A file", even if you had checked out the whole
	directory with a per-directory sticky tag.  This allows a great
	deal of flexibility in managing the revisions that your checked-out
	sources are based upon (both per-directory and per-file sticky
	tags).

	* The "cvs -n commit" command now works, to show which files are
	out-of-date and will cause the real commit to fail, or which files
	will fail any pre-commit checks.  Also, the "cvs -n import ..."
	command will now show you what it would've done without actually
	doing it.

	* Doing "cvs commit modules" to checkin the modules file will no
	properly run the "mkmodules" program (assuming you have setup your
	$CVSROOT/CVSROOT/modules file to do so).

	* The -t option in the modules file (which specifies a program to
	run when you do a "cvs rtag" operation on a module) now gets the
	symbolic tag as the second argument when invoked.

	* When the source repository is locked by another user, that user's
	login name will be displayed as the holder of the lock.

	* Doing "cvs checkout module/file.c" now works even if
	module/file.c is in the Attic (has been removed from main-line
	development).

	* Doing "cvs commit */Makefile" now works as one would expect.
	Rather than trying to commit everything recursively, it will now
	commit just the files specified.

	* The "cvs remove" command is now fully recursive.  To schedule a
	file for removal, all you have to do is "rm file" and "cvs rm".
	With no arguments, "cvs rm" will schedule all files that have been
	physically removed for removal from the source repository at the
	next "cvs commit".

	* The "cvs tag" command now prints "T file" for each file that was
	tagged by this invocation and "D file" for each file that had the
	tag removed (as with "cvs tag -d").

	* The -a option has been added to "cvs rtag" to force it to clean
	up any old, matching tags for files that have been removed (in the
	Attic) that may not have been touched by this tag operation.  This
	can help keep a consistent view with your tag, even if you re-use
	it frequently.

Sat Feb 29 16:02:05 1992  Brian Berliner  (berliner at sun.com)

	* Changes between CVS 1.3 Beta-2 and CVS 1.3 Beta-3

	* Many portability fixes, thanks to all the Beta testers!  With any
	luck, this Beta release will compile correctly on most anything.
	Hey, what are we without our dreams.

	* CVS finally has support for doing isolated development on a
	branch off the current (or previous!) revisions.  This is also
	extremely nice for generating patches for previously released
	software while development is progressing on the next release.
	Here's an example of creating a branch to fix a patch with the 2.0
	version of the "foo" module, even though we are already well into
	the 3.0 release.  Do:

		% cvs rtag -b -rFOO_2_0 FOO_2_0_Patch foo
		% cvs checkout -rFOO_2_0_Patch foo
		% cd foo
		[[ hack away ]]
		% cvs commit

	A physical branch will be created in the RCS file only when you
	actually commit the change.  As such, forking development at some
	random point in time is extremely light-weight -- requiring just a
	symbolic tag in each file until a commit is done.  To fork
	development at the currently checked out sources, do:

		% cvs tag -b Personal_Hack
		% cvs update -rPersonal_Hack
		[[ hack away ]]
		% cvs commit

	Now, if you decide you want the changes made in the Personal_Hack
	branch to be merged in with other changes made in the main-line
	development, you could do:

		% cvs commit		     # to make Personal_Hack complete
		% cvs update -A		     # to update sources to main-line
		% cvs update -jPersonal_Hack # to merge Personal_Hack

	to update your checked-out sources, or:

		% cvs checkout -jPersonal_Hack module

	to checkout a fresh copy.

	To support this notion of forked development, CVS reserves
	all even-numbered branches for its own use.  In addition, CVS
	reserves the ".0" and ".1" branches.  So, if you intend to do your
	own branches by hand with RCS, you should use odd-numbered branches
	starting with ".3", as in "1.1.3", "1.1.5", 1.2.9", ....

	* The "cvs commit" command now supports a fully functional -r
	option, allowing you to commit your changes to a specific numeric
	revision or symbolic tag with full consistency checks.  Numeric
	tags are useful for bringing your sources all up to some revision
	level:

		% cvs commit -r2.0

	For symbolic tags, you can only commit to a tag that references a
	branch in the RCS file.  One created by "cvs rtag -b" or from
	"cvs tag -b" is appropriate (see below).

	* Roland Pesch <pesch@cygnus.com> and K. Richard Pixley
	<rich@cygnus.com> were kind enough to contribute two new manual
	pages for CVS: cvs(1) and cvs(5).  Most of the new CVS 1.3 features
	are now documented, with the exception of the new branch support
	added to commit/rtag/tag/checkout/update.

	* The -j options of checkout/update have been added.  The "cvs join"
	command has been removed.

	With one -j option, CVS will merge the changes made between the
	resulting revision and the revision that it is based on (e.g., if
	the tag refers to a branch, CVS will merge all changes made in
	that branch into your working file).

	With two -j options, CVS will merge in the changes between the two
	respective revisions.  This can be used to "remove" a certain delta
	from your working file.  E.g., If the file foo.c is based on
	revision 1.6 and I want to remove the changes made between 1.3 and
	1.5, I might do:

		% cvs update -j1.5 -j1.3 foo.c		# note the order...

	In addition, each -j option can contain on optional date
	specification which, when used with branches, can limit the chosen
	revision to one within a specific date.  An optional date is
	specified by adding a colon (:) to the tag, as in:

		-jSymbolic_Tag:Date_Specifier

	An example might be what "cvs import" tells you to do when you have
	just imported sources that have conflicts with local changes:

		% cvs checkout -jTAG:yesterday -jTAG module

	which tells CVS to merge in the changes made to the branch
	specified by TAG in the last 24 hours.  If this is not what is
	intended, substitute "yesterday" for whatever format of date that
	is appropriate, like:

		% cvs checkout -jTAG:'1 week ago' -jTAG module

	* "cvs diff" now supports the special tags "BASE" and "HEAD".  So,
	the command:

		% cvs diff -u -rBASE -rHEAD

	will effectively show the changes made by others (in unidiff
	format) that will be merged into your working sources with your
	next "cvs update" command.  "-rBASE" resolves to the revision that
	your working file is based on.  "-rHEAD" resolves to the current
	head of the branch or trunk that you are working on.

	* The -P option of "cvs checkout" now means to Prune empty
	directories, as with "update".  The default is to not remove empty
	directories.  However, if you do "checkout" with any -r options, -P
	will be implied.  I.e., checking out with a tag will cause empty
	directories to be pruned automatically.

	* The new file INSTALL describes how to install CVS, including
	detailed descriptions of interfaces to "configure".

	* The example loginfo file in examples/loginfo has been updated to
	use the perl script included in contrib/log.pl.  The nice thing
	about this log program is that it records the revision numbers of
	your change in the log message.

	Example files for commitinfo and rcsinfo are now included in the
	examples directory.

	* All "#if defined(__STDC__) && __STDC__ == 1" lines have been
	changed to be "#if __STDC__" to fix some problems with the former.

	* The lib/regex.[ch] files have been updated to the 1.3 release of
	the GNU regex package.

	* The ndbm emulation routines included with CVS 1.3 Beta-2 in the
	src/ndbm.[ch] files has been moved into the src/myndbm.[ch] files
	to avoid any conflict with the system <ndbm.h> header file.  If
	you had a previous CVS 1.3 Beta release, you will want to "cvs
	remove ndbm.[ch]" form your copy of CVS as well.

	* "cvs add" and "cvs remove" are a bit more verbose, telling you
	what to do to add/remove your file permanently.

	* We no longer mess with /dev/tty in "commit" and "add".

	* More things are quiet with the -Q option set.

	* New src/config.h option:  If CVS_BADROOT is set, CVS will not
	allow people really logged in as "root" to commit changes.

	* "cvs diff" exits with a status of 0 if there were no diffs, 1 if
	there were diffs, and 2 if there were errors.

	* "cvs -n diff" is now supported so that you can still run diffs
	even while in the middle of committing files.

	* Handling of the CVS/Entries file is now much more robust.

	* The default file ignore list now includes "*.so".

	* "cvs import" did not expand '@' in the log message correctly.  It
	does now.  Also, import now uses the ignore file facility
	correctly.

	Import will now tell you whether there were conflicts that need to
	be resolved, and how to resolve them.

	* "cvs log" has been changed so that you can "log" things that are
	not a part of the current release (in the Attic).

	* If you don't change the editor message on commit, CVS now prompts
	you with the choice:

		!)reuse this message unchanged for remaining dirs

	which allows you to tell CVS that you have no intention of changing
	the log message for the remainder of the commit.

	* It is no longer necessary to have CVSROOT set if you are using
	the -H option to get Usage information on the commands.

	* Command argument changes:
	checkout:		-P handling changed as described above.
				New -j option (up to 2 can be specified)
				for doing rcsmerge kind of things on
				checkout.
	commit:			-r option now supports committing to a
				numeric or symbolic tags, with some
				restrictions.  Full consistency checks will
				be done.
				Added "-f logfile" option, which tells
				commit to glean the log message from the
				specified file, rather than invoking the
				editor.
	rtag:			Added -b option to create a branch tag,
				useful for creating a patch for a previous
				release, or for forking development.
	tag:			Added -b option to create a branch tag,
				useful for creating a patch for a previous
				release, or for forking development.
	update:			New -j option (up to 2 can be specified)
				for doing rcsmerge kind of things on
				update.

Thu Jan  9 10:51:35 MST 1992 Jeff Polk (polk at BSDI.COM)

	* Changes between CVS 1.3 Beta-1 and CVS 1.3 Beta-2

	* Thanks to K. Richard Pixley at Cygnus we now have function
	prototypes in all the files

	* Some small changes to configure for portability.  There have
	been other portability problems submitted that have not been fixed
	(Brian will be working on those).  Additionally all __STDC__
	tests have been modified to check __STDC__ against the constant 1 
	(this is what the Second edition of K&R says must be true).

	* Lots of additional error checking for forked processes (run_exec)
	(thanks again to K. Richard Pixley)

	* Lots of miscellaneous bug fixes - including but certainly not 
	limited to:
		various commit core dumps
		various update core dumps
		bogus results from status with numeric sticky tags
		commitprog used freed memory
		Entries file corruption caused by No_Difference
		commit to revision broken (now works if branch exists)
		ignore file processing broken for * and !
		ignore processing didn't handle memory reasonably
		miscellaneous bugs in the recursion processor
		file descriptor leak in ParseInfo
		CVSROOT.adm->CVSROOT rename bug
		lots of lint fixes

	* Reformatted all the code in src (with GNU indent) and then 
	went back and fixed prototypes, etc since indent gets confused.  The
	rationale is that it is better to do it sooner than later and now
	everything is consistent and will hopefully stay that way.
	The basic options to indent were: "-bad -bbb -bap -cdb -d0 -bl -bli0 
	-nce -pcs -cs -cli4 -di1 -nbc -psl -lp -i4 -ip4 -c41"  and then
	miscellaneous formatting fixes were applied.  Note also that the 
	"-nfc1" or "-nfca" may be appropriate in files where comments have
	been carefully formatted (e.g, modules.c).

Sat Dec 14 20:35:22 1991  Brian Berliner  (berliner at sun.com)

	* Changes between CVS 1.2 and CVS 1.3 Beta are described here.

	* Lots of portability work.  CVS now uses the GNU "configure"
	script to dynamically determine the features provided by your
	system.  It probably is not foolproof, but it is better than
	nothing.  Please let me know of any portability problems.  Some
	file names were changed to fit within 14-characters.

	* CVS has a new RCS parser that is much more flexible and
	extensible.  It should read all known RCS ",v" format files.

	* Most of the commands now are fully recursive, rather than just
	operating on the current directory alone.  This includes "commit",
	which makes it real easy to do an "atomic" commit of all the
	changes made to a CVS hierarchy of sources.  Most of the commands
	also correctly handle file names that are in directories other than
	".", including absolute path names.  Commands now accept the "-R"
	option to force recursion on (though it is always the default now)
	and the "-l" option to force recursion off, doing just "." and not
	any sub-directories.

	* CVS supports many of the features provided with the RCS 5.x
	distribution - including the new "-k" keyword expansion options.  I
	recommend using RCS 5.x (5.6 is the current official RCS version)
	and GNU diff 1.15 (or later) distributions with CVS.

	* Checking out files with symbolic tags/dates is now "sticky", in
	that CVS remembers the tag/date used for each file (and directory)
	and will use that tag/date automatically on the next "update" call.
	This stickyness also holds for files checked out with the the new
	RCS 5.x "-k" options.

	* The "cvs diff" command now recognizes all of the rcsdiff 5.x
	options.  Unidiff format is available by installing the GNU
	diff 1.15 distribution.

	* The old "CVS.adm" directories created on checkout are now called
	"CVS" directories, to look more like "RCS" and "SCCS".  Old CVS.adm
	directories are automagically converted to CVS directories.  The
	old "CVSROOT.adm" directory within the source repository is
	automagically changed into a "CVSROOT" directory as well.

	* Symbolic links in the source repository are fully supported ONLY
	if you use RCS 5.6 or later and (of course) your system supports
	symlinks.

	* A history database has been contributed which maintains the
	history of certain CVS operations, as well as providing a wide array
	of querying options.

	* The "cvs" program has a "-n" option which can be used with the
	"update" command to show what would be updated without actually
	doing the update, like:  "cvs -n update".  All usage statements
	have been cleaned up and made more verbose.

	* The module database parsing has been rewritten.  The new format
	is compatible with the old format, but with much more
	functionality.  It allows modules to be created that grab pieces or
	whole directories from various different parts of your source
	repository.  Module-relative specifications are also correctly
	recognized now, like "cvs checkout module/file.c".

	* A configurable template can be specified such that on a "commit", 
	certain directories can supply a template that the user must fill
	before completing the commit operation.

	* A configurable pre-commit checking program can be specified which
	will run to verify that a "commit" can happen.  This feature can be
	used to restrict certain users from changing certain pieces of the
	source repository, or denying commits to the entire source
	repository.

	* The new "cvs export" command is much like "checkout", but
	establishes defaults suitable for exporting code to others (expands
	out keywords, forces the use of a symbolic tag, and does not create
	"CVS" directories within the checked out sources.

	* The new "cvs import" command replaces the deprecated "checkin"
	shell script and is used to import sources into CVS control.  It is
	also much faster for the first-time import.  Some algorithmic
	improvements have also been made to reduce the number of
	conflicting files on next-time imports.

	* The new "cvs admin" command is basically an interface to the
	"rcs" program.  (Not yet implemented very well).

	* Signal handling (on systems with BSD or POSIX signals) is much
	improved.  Interrupting CVS now works with a single interrupt!

	* CVS now invokes RCS commands by direct fork/exec rather than
	calling system(3).  This improves performance by removing a call to
	the shell to parse the arguments.

	* Support for the .cvsignore file has been contributed.  CVS will
	now show "unknown" files as "? filename" as the result of an "update"
	command.  The .cvsignore file can be used to add files to the
	current list of ignored files so that they won't show up as unknown.

	* Command argument changes:
	cvs:		Added -l to turn off history logging.
			Added -n to show what would be done without actually
			doing anything.
			Added -q/-Q for quiet and really quiet settings.
			Added -t to show debugging trace.
	add:		Added -k to allow RCS 5.x -k options to be specified.
	admin:		New command; an interface to rcs(1).
	checkout:	Added -A to reset sticky tags/date/options.
			Added -N to not shorten module paths.
			Added -R option to force recursion.
			Changed -p (prune empty directories) to -P option.
			Changed -f option; forcing tags match is now default.
			Added -p option to checkout module to standard output.
			Added -s option to cat the modules db with status.
			Added -d option to checkout in the specified directory.
			Added -k option to use RCS 5.x -k support.
	commit:		Removed -a option; use -l instead.
			Removed -f option.
			Added -l option to disable recursion.
			Added -R option to force recursion.
			If no files specified, commit is recursive.
	diff:		Now recognizes all RCS 5.x rcsdiff options.
			Added -l option to disable recursion.
			Added -R option to force recursion.
	history:	New command; displays info about CVS usage.
	import:		Replaces "checkin" shell script; imports sources
			under CVS control.  Ignores files on the ignore
			list (see -I option or .cvsignore description above).
	export:		New command; like "checkout", but w/special options
			turned on by default to facilitate exporting sources.
	join:		Added -B option to join from base of the branch;
			join now defaults to only joining with the top two
			revisions on the branch.
			Added -k option for RCS 5.x -k support.
	log:		Supports all RCS 5.x options.
			Added -l option to disable recursion.
			Added -R option to force recursion.
	patch:		Changed -f option; forcing tags match is now default.
			Added -c option to force context-style diffs.
			Added -u option to support unidiff-style diffs.
			Added -V option to support RCS specific-version
			keyword expansion formats.
			Added -R option to force recursion.
	remove:		No option changes.  It's a bit more verbose.
	rtag:		Equivalent to the old "cvs tag" command.
			No option changes.  It's a lot faster for re-tag.
	status:		New output formats with more information.
			Added -l option to disable recursion.
			Added -R option to force recursion.
			Added -v option to show symbolic tags for files.
	tag:		Functionality changed to tag checked out files
			rather than modules; use "rtag" command to get the
			old "cvs tag" behaviour.
	update:		Added -A to reset sticky tags/date/options.
			Changed -p (prune empty directories) to -P option.
			Changed -f option; forcing tags match is now default.
			Added -p option to checkout module to standard output.
			Added -I option to add files to the ignore list.
			Added -R option to force recursion.

	Major Contributors:

	* Jeff Polk <polk@bsdi.com> rewrote most of the grody code of CVS
	1.2.  He made just about everything dynamic (by using malloc),
	added a generic hashed list manager, re-wrote the modules database
	parsing in a compatible - but extended way, generalized directory
	hierarchy recursion for virtually all the commands (including
	commit!), generalized the loginfo file to be used for pre-commit
	checks and commit templates, wrote a new and flexible RCS parser,
	fixed an uncountable number of bugs, and helped in the design of
	future CVS features.  If there's anything gross left in CVS, it's
	probably my fault!

	* David G. Grubbs <dgg@odi.com> contributed the CVS "history" and
	"release" commands.  As well as the ever-so-useful "-n" option of
	CVS which tells CVS to show what it would do, without actually
	doing it.  He also contributed support for the .cvsignore file.

	* Paul Sander, HaL Computer Systems, Inc. <paul@hal.com> wrote and
	contributed the code in lib/sighandle.c.  I added support for
	POSIX, BSD, and non-POSIX/non-BSD systems.

	* Free Software Foundation contributed the "configure" script and
	other compatibility support in the "lib" directory, which will help
	make CVS much more portable.

	* Many others have contributed bug reports and enhancement requests.
	Some have even submitted actual code which I have not had time yet
	to integrate into CVS.  Maybe for the next release.

	* Thanks to you all!

Wed Feb  6 10:10:58 1991  Brian Berliner  (berliner at sun.com)

	* Changes from CVS 1.0 Patchlevel 1 to CVS 1.0 Patchlevel 2; also
	known as "Changes from CVS 1.1 to CVS 1.2".

	* Major new support with this release is the ability to use the
	recently-posted RCS 5.5 distribution with CVS 1.2.  See below for
	other assorted bug-fixes that have been thrown in.

	* ChangeLog (new): Added Emacs-style change-log file to CVS 1.2
	release.  Chronological description of changes between release.

	* README: Small fixes to installation instructions.  My email
	address is now "berliner@sun.com".

	* src/Makefile: Removed "rcstime.h".  Removed "depend" rule.

	* src/partime.c:  Updated to RCS 5.5 version with hooks for CVS.
	* src/maketime.c: Updated to RCS 5.5 version with hooks for CVS.
	* src/rcstime.h:  Removed from the CVS 1.2 distribution.
	Thanks to Paul Eggert <eggert@twinsun.com> for these changes.

	* src/checkin.csh: Support for RCS 5.5 parsing.
	Thanks to Paul Eggert <eggert@twinsun.com> for this change.

	* src/collect_sets.c (Collect_Sets): Be quieter if "-f" option is
	specified.  When checking out files on-top-of other files that CVS
	doesn't know about, run a diff in the hopes that they are really
	the same file before aborting.

	* src/commit.c (branch_number): Fix for RCS 5.5 parsing.
	Thanks to Paul Eggert <eggert@twinsun.com> for this change.

	* src/commit.c (do_editor): Bug fix - fprintf missing argument
	which sometimes caused core dumps.

	* src/modules.c (process_module): Properly NULL-terminate
	update_dir[] in all cases.

	* src/no_difference.c (No_Difference): The wrong RCS revision was
	being registered in certain (strange) cases.

	* src/patch.c (get_rcsdate): New algorithm.  No need to call
	maketime() any longer.
	Thanks to Paul Eggert <eggert@twinsun.com> for this change.

	* src/patchlevel.h: Increased patch level to "2".

	* src/subr.c (isdir, islink): Changed to compare stat mode bits
	correctly.

	* src/tag.c (tag_file): Added support for following symbolic links
	that are in the master source repository when tagging.  Made tag
	somewhat quieter in certain cases.

	* src/update.c (update_process_lists): Unlink the user's file if it
	was put on the Wlist, meaning that the user's file is not modified
	and its RCS file has been removed by someone else.

	* src/update.c (update): Support for "cvs update dir" to correctly
	just update the argument directory "dir".

	* src/cvs.h: Fixes for RCS 5.5 parsing.
	* src/version_number.c (Version_Number): Fixes for parsing RCS 5.5
	and older RCS-format files.
	Thanks to Paul Eggert <eggert@twinsun.com> for these changes.

	* src/version_number.c (Version_Number): Bug fixes for "-f" option.
	Bug fixes for parsing with certain branch numbers.  RCS
	revision/symbol parsing is much more solid now.

Wed Feb 14 10:01:33 1990  Brian Berliner  (berliner at sun.com)

	* Changes from CVS 1.0 Patchlevel 0 to CVS 1.0 Patchlevel 1; also
	known as "Changes from CVS 1.0 to CVS 1.1".

	* src/patch.c (get_rcsdate): Portability fix.  Replaced call to
	timelocal() with call to maketime().

Mon Nov 19 23:15:11 1990  Brian Berliner  (berliner at prisma.com)

	* Sent CVS 1.0 release to comp.sources.unix moderator and FSF.

	* Special thanks to Dick Grune <dick@cs.vu.nl> for his work on the
	1986 version of CVS and making it available to the world.  Dick's
	version is available on uunet.uu.net in the
	comp.sources.unix/volume6/cvs directory.