Module Name:	pkgsrc
Committed By:	wiz
Date:		Thu Apr 15 22:28:36 UTC 2004

Modified Files:
	pkgsrc/devel/cvs: Makefile distinfo
	pkgsrc/devel/cvs/patches: patch-ab patch-ae patch-af patch-ai patch-al
	    patch-am patch-an patch-ao patch-aq patch-ar patch-as patch-at
	    patch-au patch-ay patch-az

Log Message:
Update to 1.11.15 (security update):
Changes since 1.11.14:
**********************

SERVER SECURITY ISSUES

* Piped checkouts of paths above $CVSROOT no longer work.  Previously, clients
  could have requested the contents of RCS archive files anywhere on a CVS
  server.

CLIENT SECURITY ISSUES

* Clients now check paths from the server to verify that they are within one of
  the sandboxes the user requested be updated.  Previously, a trojan server
  could have written or overwritten files anywhere the user had access,
  presenting a serious security risk.

GENERAL USER ISSUES

* Method options (used by WinCVS & CVS 1.12.7+) in CVSROOTs are ignored.

* Configure no longer checks the $TMPDIR, $TMP, & $TEMP variables to set the
  default temporary directory.

* CVS on Cygwin correctly handles X:\ style paths.

* Import now uses backslash rather than slash on Windows when checking for
  "CVS" directories to ignore in import commands.

* Relative paths containing up-references (`..') should now work in
  client/server mode (client fix).

* A race condition between the ordering of messages from CVS and messages from
  called scripts in client/server mode has been removed (server fix).

* Resurrected files now get their modes and timestamps set correctly and a
  longstanding bug involving resurrection of an uncommitted removal has been
  fixed (server fix).

* Some resurrection (cvs add) status messages have changed slightly.

* `cvs release' now works with Kerberos or GSSAPI encryption enabled (server
  fix).

* File resurrection from a previously existing revision no longer just reports
  that it works (server fix).

* Misc error & status message corrections.

* Diffing of locally added files against arbitrary revisions in an RCS archive
  is now allowed when a file of the same name exists or used to exist on some
  branch (server fix).

* Misc documentation fixes.

Changes from 1.11.13 to 1.11.14:
********************************

GENERAL USER ISSUES

* Imports will now always ignore directories and files named `CVS' to avoid
  violating assumptions made by other parts of CVS.

* A problem with `cvs release' of subdirs that could corrupt CVS/Entries files
  has been fixed (client/server).

* The CVS server's protocol check for unused data from the client is no longer
  called automatically at program exit in order to avoid potential recursive
  calls to error when the first close is due to memory allocation or similar
  problems that cause calls to error() to fail.  The check is still made when
  the server program exits normally.

* The spec file has been updated to work with more recent versions of RPM.

* Several memory leaks have been plugged (client/server).

DEVELOPER ISSUES

* Misc cosmetic, readability, and commenting fixes.


To generate a diff of this commit:
cvs rdiff -r1.75 -r1.76 pkgsrc/devel/cvs/Makefile
cvs rdiff -r1.18 -r1.19 pkgsrc/devel/cvs/distinfo
cvs rdiff -r1.10 -r1.11 pkgsrc/devel/cvs/patches/patch-ab
cvs rdiff -r1.7 -r1.8 pkgsrc/devel/cvs/patches/patch-ae \
    pkgsrc/devel/cvs/patches/patch-al
cvs rdiff -r1.8 -r1.9 pkgsrc/devel/cvs/patches/patch-af
cvs rdiff -r1.6 -r1.7 pkgsrc/devel/cvs/patches/patch-ai \
    pkgsrc/devel/cvs/patches/patch-au pkgsrc/devel/cvs/patches/patch-az
cvs rdiff -r1.9 -r1.10 pkgsrc/devel/cvs/patches/patch-am \
    pkgsrc/devel/cvs/patches/patch-at
cvs rdiff -r1.5 -r1.6 pkgsrc/devel/cvs/patches/patch-an \
    pkgsrc/devel/cvs/patches/patch-ao pkgsrc/devel/cvs/patches/patch-aq \
    pkgsrc/devel/cvs/patches/patch-as
cvs rdiff -r1.11 -r1.12 pkgsrc/devel/cvs/patches/patch-ar
cvs rdiff -r1.4 -r1.5 pkgsrc/devel/cvs/patches/patch-ay

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.