Subject: Re: cvs 1.11.10 will be imported
To: None <tech-userlevel@netbsd.org>
From: Christos Zoulas <christos@zoulas.com>
List: tech-userlevel
Date: 12/10/2003 15:11:08
In article <200312101321.00856.kleink@reziprozitaet.de>,
Klaus Klein <kleink@reziprozitaet.de> wrote:
>On Wednesday 10 December 2003 12:42, you wrote:
>
>> > > 	i will import cvs 1.11.10, as it includes security fix.
>> > >
>> > > itojun
>> > >
>> > >
>> > > SERVER SECURITY ISSUES
>> > >
>> > > Malformed module requests could cause the CVS server to attempt to
>> > > create directories and possibly files at the root of the filesystem
>> > > holding the CVS repository. Filesystem permissions usually prevent
>> > > the creation of these misplaced directories, but nevertheless, the
>> > > CVS server now rejects the malformed requests.
>> >
>> > This particular issue seems to be addressed within a single, isolatable
>> > patch hunk buried in the 1.11.10 release.  ISTR concerns having been
>> > voiced recently about interoperatibility issues of recent CVS releases,
>> > so is it necessary to jump the gun all the way from 1.11.5?
>>
>> 	i'm not aware of the "interoperability issue".  any pointers?
>> 	(i have no problem using cvs 1.11.10 against cvs.netbsd.org)
>
>http://mail-index.netbsd.org/netbsd-users/2003/12/05/0008.html, for a
>very recent recent one.  This was also noted repeatedly in
>project-internal circulation.
>
>Again, please pay a little more attention before going ahead on such
>issues; I do recall you applying isolated security fixes in the past,
>as opposed to importing a release in which these are buried in heaps
>of unrelated changes.

Our cvs has *a lot* of changes, so you'll get *a lot* of conflicts if
you try to import.

christos