Changes since 1.12.12: ********************** SECURITY FIXES * CVS now uses version 1.2.3 of the ZLib compression libraries in order to avoid two recently announced security vulnerabilities in them. Both may be used for denial of service attacks and one may reportedly allow execution of arbitrary code, though this is not confirmed. Please see the CERT vulnerabilities advisories #238678 & #680620 for more. NEW FEATURES * Thanks to Conrad Pino , a hang in the Windows client, which had pretty much rendered the client useless, has been fixed. * A minor problem preventing build of the Kerberos4 client has been fixed. * The path to the config file may be set as an argument to the CVS server commands. * Sections of directives specific to one or more repositories and not others may now be specified in the config file. * %{sV} format strings are now available to the verifymsg trigger, similar to the %{stVv} available to loginfo. * `cvs watch add' on an empty directory no longer clears watchers, and specifying a directory for `cvs watch add' now (correctly) sets default attributes. * Missing CVSROOT/history files will now cause CVS to attempt to create one. To suppress history logging, set LogHistory equal to the empty string in CVSROOT/config. * There are several new options available in CVSROOT/config. These are TmpDir, HistoryLogPath, HistorySearchPath, MinCompressionLevel, & MaxCompressionLevel. Please see the manual for more. * CVS on Solaris 10 was refusing to parse command options. This has been fixed. * The Windows client now creates locks compatible with older versions of CVS by default. This should only be relevant if your client is accessing a local repository concurrently with another, older client. If you would like to disable compatibility mode (because it is slightly faster), edit the LOCK_COMPATIBILITY flag in windows-NT/config.h and recompile. * Misc efficiency and portability improvements. BUG FIXES * Thanks to Serguei E. Leontiev , CVS with Kerberos 5 GSSAPI should automatically link on FreeBSD 5.x. (bug #14639). * Thanks to Rahul Bhargava , heavily loaded systems suffering from a disk crash or power failure will not lose data they claimed to have committed. * CVS server now handles conflict markers in Entry requests as documented. * CVS now remembers that binary file merge conflicts occurred until the timestamp of the updated binary file changes. * CVS client now saves some bandwidth by not sending the contents of files with conflicts to the server when it isn't needed. * CVS now does correct locking during import. * A problem where the server could block indefinitely waiting for an EOF from the client when compression was enabled has been fixed. * `cvs diff' no longer splits its arguments on spaces. * Thanks to an old report and patch from Stewart Brodie , a potential crash in response to a corrupt RCS file has been fixed. * CVS now locks the history and val-tags files before writing to them. Especially with large repositories, users should no longer see new warnings about corrupt history records when using the `cvs history' command. Existing corrupt history records will still need to be removed manually. val-tags corruption should have had less obvious effects, but removing the CVSROOT/val-tags file and allowing a 1.11.21 or later version of CVS to regenerate it may eliminate a few odd behaviors and possibly cause a slight speed up of read transactions in large repositories over time. BUILD ISSUES * The RPM spec file works again with the most modern versions of `rpm'. It also finds the correct version of install-sh when building the CVS with GSSAPI. DEVELOPER ISSUES * We've standardized on Automake 1.9.6 to get some at new features that make our jobs easier. See the HACKING file for more on using the autotools with CVS. Changes from 1.12.11 to 1.12.12: ******************************** SERVER SECURITY FIXES * Thanks to a report from Alen Zukich , several minor security issues have been addressed. One was a buffer overflow that is potentially serious but which may not be exploitable, assigned CAN-2005-0753 by the Common Vulnerabilities and Exposures Project . Other fixes resulting from Alen's report include repair of an arbitrary free with no known exploit and several plugged memory leaks and potentially freed NULL pointers which may have been exploitable for a denial of service attack. * Thanks to a report from Craig Monson , minor potential vulnerabilities in the contributed Perl scripts have been fixed. The confirmed vulnerability could allow the execution of arbitrary code on the CVS server, but only if a user already had commit access and if one of the contrib scripts was installed improperly, a condition which should have been quickly visible to any administrator. The complete description of the problem is here: . If you were making use of any of the contributed trigger scripts on a CVS server, you should probably still replace them with the new versions, to be on the safe side. Unfortunately, our fix is incomplete. Taint-checking has been enabled in all the contributed Perl scripts intended to be run as trigger scripts, but no attempt has been made to ensure that they still run in taint mode. You will most likely have to tweak the scripts in some way to make them run. Please send any patches you find necessary back to so that we may again ship fully enabled scripts in the future. You should also make sure that any home-grown Perl scripts that you might have installed as CVS triggers also have taint-checking enabled. This can be done by adding `-T' on the scripts' #! lines. Please try running `perldoc perlsec' if you would like more information on general Perl security and taint-checking. NEW FEATURES * Thanks to a report from Ian Abbott , a problem that caused CVS to stop with broken assertions in certain time zones when daylight savings is in effect has been fixed. * A problem where a proxy server could fail to notice that its primary closed the connection has been fixed. * Failures to open the CVS_CLIENT_LOG, CVS_SERVER_LOG, and CVS_SECONDARY_LOG are no longer fatal. * CVS's client and server IO buffers now rely on a GNULIB modules for memory management rather than taking on the task themseleves. This should be faster on any system but may increase memory usage noticably on systems without the POSIX mmap() function. Benchmark reports to would be welcome. * Some more GNULIB functions have been imported and/or updated for portability reasons. This change should not be visible to most users, though CVS may now compile on a few more platforms. * CVS creates a unique session id that gets written to the RCS files during import and commit. When committing several files at once, they all get the same 'commitid'. The commitid becomes visible with log and status commands, and is derived and compatible with the cvsnt project. * CVS once again compiles correctly configured with various combinations of --disable-client, --disable-server, and --disable-proxy. * CVS now accepts the : format, which has long been acceptable as an argument to -j options, in most places where used to be acceptable. An empty tag in this format (e.g. ":"), which used to be rejected, is now interpreted as specifying a date on the trunk. * CVS now uses ZLib 1.2.2. This fixes the minor vulnerability described here: , as well as some other minor bugs we are not aware of bug reports for in conjunction with CVS. * `cvs -n release' now does what it should (see changes to the info-cleanup-0 test in sanity.sh for more). * The configure script now prefers `ssh' to `rsh' when determining a default executable to use when connecting via the :ext: method. * A problem in the compression buffer that was causing some incompatibility with some 3rd party CVS clients when compression was enabled has been fixed. * Some files missing from the distribution have been added or readded. The missing files were mostly development support files, with a few docs and .cvsignore files thrown in. * The incomplete Brazillian Portugese translation of the CVS manual is now included in the distribution. BUG FIXES * Misc bug and documentation fixes. * CVS now detects write errors on standard output. Before, e.g., `cvs update -p FILE > /dev/full' would fail to report the write error. * Thanks to a report and a patch from Georg Scwharz CVS now builds without error on IRIX 5.3 DEVELOPER ISSUES * We've standardized on Automake 1.9.5 to get some at new features that make our jobs easier. See the HACKING file for more on using the autotools with CVS. Changes from 1.12.10 to 1.12.11: ******************************** NEW FEATURES * Thanks to Conrad Pino , the Windows build works once again. * CVSROOT methods and option names are now case insensitive * CVSROOT methods :ext: and :fork: now support the CVS_SERVER option. * CVSROOT method :ext: now supports the CVS_RSH and Redirect options. * Date handling has been improved slightly. * Miscellaneous bug fixes. * Miscellaneous documentation fixes. BUG FIXES * An intermittant assertion failure in checkout has been fixed. * Thanks to a report from Chris Bohn , all the source files needed to build on Windows are now included in the source distribution. Changes from 1.12.9 to 1.12.10: ******************************* NEW FEATURES * The date formats which CVS accepts are now documented more fully in the manual. * CVS commands which accept dates now understand some more time zones, including those which are some hours plus some fraction of an hour off of universal coordinated time. * `cvs ls filename' no longer causes an assertion failure. * The maximum length of the discovered comment leader used in a Log keyword substitution is now limited to 20 characters by default. If a longer leader is discovered, then the keyword is not expanded. This default behavior may be altered using the new MaxCommentLeaderLength & UseArchiveCommentLeader config options. * Commit messages once again include the full relative path to the file being committed. * Thanks to funding from Juniper Networks , "write proxy" functionality has been added to the CVS server. Write proxy functionality allows any of multiple, read-only "secondary" servers to relay write requests from clients to a single primary CVS server, allowing for a massive redistribution of server load which is transparent to all known CVS clients. * Thanks to funding from Juniper Networks , some code has been added which second-guesses the system file cache for a performance boost. * The loginfo scripting hook now runs after the administrative files in CVSROOT are rebuilt, rather than before. * Misc error message improvements. * Thanks to funding from Juniper Networks , new scripting hooks have been added to the CVS server. These are the postadmin, posttag, and postwatch hooks. See the manual for more info. * Thanks to funding from Juniper Networks , all the existing scripting hooks may now optionally be passed a command name argument. * Thanks to funding from Juniper Networks , new tags are cached in the val-tags file at the time of tag creation. * Thanks to a patch from Brian Murphy , CVS now supports PAM session management. * Thanks to a report from Brian Murphy , the demo PAM configuration files mentioned in the manual are actually being distributed. * Thanks again to Bart Robinson , `cvs log' & `cvs ls' now actually output local times when the server is version 1.12.9 or greater and the client is version 1.12.10 or greater. * The CVS server now sends paths to files relative to the repository. CVS clients have been able to handle this since at least the 10 year old CVS 1.9.2 release, so no attempt at verifying compatibility of clients has been made. This saves a small amount of bandwidth and may enable some future functionality. * The CVS client will send relative Directory requests if the server claims to support it. This saves a very small amount of bandwidth but may enable some future functionality. * "cvs import" now has a new option, `-X', which causes new files to be imported in a way that they appear only on the vendor branch, and do not automatically appear on the main trunk. This option may be made the default on a repository-wide basis using the new ImportNewFilesToVendorBranchOnly=yes option in CVSROOT/config. * contrib/cvs_acls.in has been revised. Users of the old version will want to upgrade to use the new format. See the documentation in contrib/cvs_acls.html for more information. * Thanks to Dan Peterson , the contrib/validate_repo script now accepts and logs corrupted revision numbers in RCS archives. BUG FIXES * Thanks to a report from Gottfried Ganssauge , CVS no longer exits when it encounters links pointing to paths containing more than 128 characters. * Thanks to a report from Dan Peterson , error messages from GSSAPI servers are no longer truncated. * Thanks to a report from Dan Peterson , attempts to resurrect a file on the trunk that was added on a branch no longer causes an assertion failure. * Thanks to a report from Dan Peterson , imports to branches like "1.1." no longer create corrupt RCS archives. * Thanks to a report from Chris Bohn , links from J.C. Hamlin , and code posted by Jonathan Gilligan, we think we have finally corrected the Windows "red-file" (daylight savings time) bug once and for all. * Thanks to a patch from Jeroen Ruigrok/asmodai , the log_accum.pl script should no longer elicit warnings from Perl 5.8.5. * The r* commands (rlog, rls, etc.) can once again handle requests to run against the entire repository (e.g. `cvs rlog .'). Thanks go to Dan Peterson for the report. * A problem where the attempted access of files via tags beginning with spaces could cause the CVS server to hang has been fixed. This was a particular problem with WinCVS clients because users would sometimes accidentally include spaces in tags pasted into a dialog box. This fix also altered some of the error messages generated by the use of invalid tags. Thanks go to Dan Peterson for the report. * Thanks to James E Wilson for a bug fix to modules processing "gcc-core -a !gcc/f gcc" will no longer exclude gcc/fortran by mistake. * Thanks to Conrad Pino , the Windows build works once again. * Misc updates to the manual. DEVELOPER ISSUES * We've standardized on Automake 1.9.3 to get some at new features that make our jobs easier. See the note below on the Autoconf upgrade for more details. * We've standardized on Autoconf version 2.59 to get presumed bug fixes and features, but nothing specific. Mostly, once we decide to upgrade one of the autotools we just figure it'll save time later to grab the most current versions of the others too. See the HACKING file for more on using the autotools with CVS. Changes from 1.12.8 to 1.12.9: ****************************** SERVER SECURITY FIXES * Thanks to Stefan Esser & Sebastian Krahmer, several potential security problems have been fixed. The ones which were considered dangerous enough to catalogue were assigned issue numbers CAN-2004-0416, CAN-2004-0417, & CAN-2004-0418 by the Common Vulnerabilities and Exposures Project. Please see for more information. * A potential buffer overflow vulnerability in the server has been fixed. This addresses the Common Vulnerabilities and Exposures Project's issue #CAN-2004-0414. Please see for more information. NEW FEATURES * `cvs log' & `cvs ls' now output local times when both the server and client are 1.12.9 or greater. (Thanks to Bart Robinson .) DEVELOPER NOTES * The windows-NT/config.h.in file is now generated dynamically from the root config.h.in file and a few inputs in the windows-NT directory in hopes of keeping it more in sync with the root config.h.in file. Changes from 1.12.7 to 1.12.8: ****************************** SERVER SECURITY FIXES * A potential buffer overflow vulnerability in the server has been fixed. Prior to this patch, a malicious client could potentially use carefully crafted server requests to run arbitrary programs on the CVS server machine. This addresses the Common Vulnerabilities and Exposures Project's issue #CAN-2004-0396. Please see for more information. NEW FEATURES * Some redundant output generated by the `cvs commit' command has been removed. * Most output from the `cvs commit' command is suppressed when the -Q global option is specified. * Repository directory browsing via `cvs rls' & `cvs ls' commands. Expect changes in the long format output soon. The "entries" format output should remain fairly stable for automated parsers. * Glob matches, as specified in ignore lists and wrapper options, now conform to the POSIX.2 specification for fnmatch on all platforms. * The Windows MS Visual C++ project files, including the nmake build files, are now generated with MSVC++ 6.0, but should still work with MSVC++ 5.0. BUG FIXES * The cvs.1 man page is now generated automatically from a section of the CVS Manual. * Thanks to a report from Mark Andrews at the Internet Systems Consortium, the :ext: connection method no longer relies on a transparent transport that uses an argument processor that can handle arbitrary ordering of options and other arguments when using a username other than the caller's. * Thanks to Ken Raeburn at MIT, directory deletion, whether via `cvs release' or empty directory pruning, now works on network shares under Windows XP. Changes from 1.12.6 to 1.12.7: ****************************** SERVER SECURITY ISSUES * Piped checkouts of paths above $CVSROOT no longer work. Previously, clients could have requested the contents of RCS archive files anywhere on a CVS server. This addresses CVE issue CAN-2004-0405. Please see for more information. CLIENT SECURITY ISSUES * Clients now check paths from the server to verify that they are within one of the sandboxes the user requested be updated. Previously, a trojan server could have written or overwritten files anywhere the user had access, presenting a serious security risk. This addresses CVE issue CAN-2004-1080. Please see for more information. GENERAL USER ISSUES * Imported the most recent version of regex from GNULIB, which actually means some systems will use now their native regex functions instead of compiling CVS's. Users should notice no changes in CVS responses to regular expressions. If you do, please report them to . * CVS now accepts the location of HTTP tunnel web proxies as part of the CVSROOT string. Actually using a proxy remains untested. Please report problems and successes to . * Configure no longer checks the $TMPDIR, $TMP, & $TEMP variables to set the default temporary directory. * CVS on Cygwin correctly handles X:\ style paths. * Import now uses backslash rather than slash on Windows when checking for "CVS" directories to ignore in import commands. * Relative paths containing up-references (`..') should now work in client/server mode (client fix). * A race condition between the ordering of messages from CVS and messages from called scripts in client/server mode has been removed (server fix). * The check_cvs and cvscheck scripts in the contrib directory have been renamed validate_repo and sandbox_status, respectively, in the interests of clarity. * The Windows MS Visual C++ 6.0 project files have been brought up to date. The nmake build files were regenerated from these files with MSVC++ 5.0. * A memory allocation bug on Windows that could cause at least executions of `cvs status' to fail has been fixed (client fix). * Resurrected files now get their modes and timestamps set correctly and a longstanding bug involving resurrection of an uncommitted removal has been fixed (server fix). * Some resurrection (cvs add) status messages have changed slightly. * `cvs release' now works with Kerberos or GSSAPI encryption enabled (server fix). * File resurrection from a previously existing revision no longer just reports that it works (server fix). * Misc error & status message corrections. * Diffing of locally added files against arbitrary revisions in an RCS archive is now allowed when a file of the same name exists or used to exist on some branch (server fix). * Some user messages have been updated for consistency and spelling. DEVELOPER ISSUES * The message source differentiation in the test suite between client and server executables has been repaired. Changes from 1.12.5 to 1.12.6: ****************************** GENERAL USER ISSUES * CVSROOT/*info scripts may not work as expected with executables compiled using VC++ under Windows since all quoting is currently done according to Bourne Shell rules, which probably don't look like command.com rules. Patches gratefully accepted. * Imports will now always ignore directories and files named `CVS' to avoid violating assumptions made by other parts of CVS. * Directories specified to `checkout -d' are no longer required to exist. This consolidates some behavior between `-d' options specified in the modules file and `checkout -d' as well as removing some prior differences between local and client/server mode operation. * A problem with `cvs release' of subdirs that could corrupt CVS/Entries files has been fixed (client/server). * The CVS server's protocol check for unused data from the client is no longer called automatically at program exit in order to avoid potential recursive calls to error when the first close is due to memory allocation or similar problems that cause calls to error() to fail. The check is still made when the server program exits normally. * The CVSROOT/*info files want a new command format and the old style strings have been deprecated. Please see the manual for more information on the new format. * The spec file has been updated to work with more recent versions of RPM. * Some more GNULIB functions have been imported and/or updated for portability reasons. * Several memory leaks have been plugged. * A seg fault which always occurred after waiting on another process's lock in order to establish a promotable lock is now avoided. * An unlikely potential segfault when using the :fork: connection method has been fixed. * The CVS server has had the protocol check for unused data from the client partially restored. * A fix has been included that should avoid a very rare race condition that could cause a CVS server to exit with a "broken pipe" message. * Infinite alias loops in the modules file are now checked for and avoided. * Clients on case insensitive systems now preserve the case of directories in CVS/Entries, in addition to files, for use in communications with the CVS server. * Misc status message fixes for consistency. * Some previously untested behavior is now being tested. * Server no longer claims to support the "Case" request. * Case insensitive clients once again preserve the case of filenames in CVS/Entries for communication with the server, as specified in the CVS client/server protocol spec. Note that all CVS _servers_ still lack support for case insensitive clients - servers are relying on the client to preserve the case of checked out files. * Thanks to Ville Skyttä the man page has a few less spelling errors and is slightly more accurate. * Thanks to Ville Skyttä some unused variables were removed from the log_accum Perl script in contrib. * Thanks to Alexey Mahotkin, a bug that prevented CVS from being compiled with Kerberos 4 authentication enabled has been fixed. * A minor bug that caused CVS to fail to report an inifinte alias loop in the modules file when portions of the alias definition contained trailing slashes has been fixed. * A bug in the gzip code that could cause heap corruption and segfaults in CVS servers talking to clients less than 1.8 and some modern third-party CVS clients has been fixed. * mktemp.sh is now included with the source distribution so that the rcs2log and cvsbug executables may be run on systems which do not contain an implementation of mktemp. * Misc documentation fixes. DEVELOPER ISSUES * xmalloc, xstrdup, & some other memory allocating functions are now available vi GNULIB versions imported into lib. * The asnprintf() & vasnprintf() functions are now available due to a GNULIB implementation. * Misc cosmetic, readability, and commenting fixes. Changes between 1.12.4 and 1.12.5: ********************************** SERVER SECURITY ISSUES * pserver can no longer be configured to run as root via the $CVSROOT/CVSROOT/passwd file, so if your passwd file is compromised, it no longer leads directly to a root hack. Attempts to root will also be logged via the syslog. GENERAL USER ISSUES * The Windows build files were updated to allow building of the current version under Windows. Changes between 1.12.3 and 1.12.4: ********************************** GENERAL USER ISSUES * The CVS server no longer locks more than a directory at a time for write, so large commits & tags should now have a much harder time blocking other operations. * Add support for large files. Use --disable-largefile to omit support for large files. Changes between 1.12.2 and 1.12.3: ********************************** SERVER SECURITY ISSUES * Malformed module requests could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Filesystem permissions usually prevent the creation of these misplaced directories, but nevertheless, the CVS server now rejects the malformed requests. GENERAL USER ISSUES * Support for case insensitive clients has been removed. This is not as drastic as it sounds, as all of the current tests still pass without modification when run from a case insensitive client to a case sensitive server. In the end this should provide a major stability improvement. * A minor problem that prevented the correct version of a system ZLIB from being detected on some platforms has been fixed. * Attempts to use the global `-l' option, removed from both client and server as of version 1.12.1, will now elicit a warning rather than a fatal error from the server. * The configure script now tests whether it is building CVS on a case insensitive file system. If it is, CVS assumes that all file systems on this platform will be case insensitive. This is useful for getting the case insensitivity flag set correctly when compiling on Mac OS X and under Cygwin on Windows. Autodetection can be overridden using the --disable-case-sensitivity and --enable-case-sensitivity arguments to configure. DEVELOPER ISSUES * A new set of tests to test issues specific to case insensitive clients and servers has also been added. * Support has been added to the test suite to support testing over a :ext: link to another machine, subject to some stringent requirements. This support can be used, for instance, to test the operation of a case insensitive client against a case sensitive server. Please see the comments in TEST and the src/sanity.sh test script itself for more. * We've standardized on Automake 1.7.9 to get a bug fix. See the note below on the Autoconf upgrade for more details. * We've standardized on Autoconf version 2.58 to avoid a bug and get at a few new macros. Again, this should only really affect developers, though it is possible that CVS will now compile on a few new platforms. Please see the section of the INSTALL file about using the autotools if you are compiling CVS yourself. Changes between 1.12.1 and 1.12.2: * Misc cleanup, reorganization, and other minor fixes. * A behavior change in `cvs up -jrev1 -jrev2' for modified files with a base revision of rev2 (ie, checked-out version matches rev2 and file has been modified). The operation is no longer ignored and instead is passed to diff3. This will potentially re-apply the diffs between the two revisions to a modified local file. Status messages like from a standard merge have also been added when the file would not or does not change due to this merge request ("[file] already contains the changes between [revisions]..."). * A build problem that caused warnings and slower builds on systems without a working getline() function (e.g. Mac OS X 10.1) has been fixed. * A build problem that prevented the CVS executable from being built on systems with the gettext library installed has been fixed. * A bug which could stop `cvs admin -mTAG:message' from recursing has been fixed. * Misc documentation cleanup and fixes. * Some of the contrib scripts, some of the documentation, and sanity.sh were modified to use and recommend more portable commands rather than using and recommending commands which were not compatible with the POSIX 1003.1-2001 specification. * CVS now knows how to report, as well as record, `P' record types. * When running the `cvs history' command, clients will now send the long-accepted `-e' option, for all records, rather than explicitly requesting `P' record types, a request which servers prior to 1.11.7 will reject with a fatal error message. * A problem with locating files requested by case insensitive clients which was accidentally introduced in 1.11.6 as part of a fix for a data loss problem involving `cvs add's from case insensitive clients has been fixed. The relevant error message was `cvs [ aborted]: filE,v is ambiguous; could mean FILE,v or file,v'. * A problem in the CVS getpass library that could cause passwords to echo on some systems has been fixed. * A segfault that could occur in very rare cases where the stat of a file failed during a diff has been fixed. * Any user with write privleges to the CVSROOT/checkoutlist file could pass arbitrary format strings directly through to a printf function. This was probably bad and has been fixed. White space at the beginning of error strings in checkoutlist is now ignored properly. * A chmod 0600 that CVS performed on temp files it created designed to work around a bug in versions of GLIBC eariler than 2.0.7 has been removed since it still left a race condition open to exploitation and provided a false sense of security. If you are linking CVS against a version of GLIBC prior to 2.0.7, you should consider upgrading GLIBC. * The CVSROOT/editinfo file is no longer referenced by CVS. This funcitonality has been deprecated for over six years and removing it will presumably not cause anyone any problems. * In client/server mode, most messages from CVS now contain the actual command name rather than the generic "server". * A long-standing bug that prevented most client/server updates from being logged in the history file has been fixed. * Updates done via a patch ("P" status) are now logged in the history file by default and the corresponding "P" history record type is now documented. If you're setting the LogHistory option in your CVSROOT/config file, you may want to add "P" to the list of record types. * CVS now will always compile its own getpass() function (originally from GNULIB) in favor of any system one that may exist. This avoids some problems with long passwords on some systems and updates us to POSIX.2 compliance, since getpass() was removed from the POSIX.2 specification. * Support for pre-ANSI compilers has been removed. Our minimum support level now assumes at least a freestanding C89 compilers. See the HACKING file for more information. If you *really* need K&R support, our Makefile.am files should only need minor tweaking to get them to run the ansi2knr script from the Automake project. If you get this working, please send a patch to . * Experimental support for Pluggable Authentication Modules (PAM) has been added, though it is not compiled by default. If you like this feature (or don't), please send us feedback. See the Cederqvist, `./configure --help', and the INSTALL file for more. * Command line keyword expansion modes no longer override binary keyword expansion modes. * New LocalKeyword and KeywordExpand options to CVSROOT/config which FreeBSD, OpenBSD, and NetBSD users may find familiar as the "tag" and "tagexpand" options used for many years. The CVSHeader keyword has also been added to the mixture. * A bug that allowed a write lock to be created in a directory despite there being existing read locks when using LockDir in CVSROOT/config has been fixed. * A bug with short patches (`rdiff -s') which caused rdiff to sometimes report differences that did not exist has been fixed. * Some minor corrections were made to the diff code to keep diff & rdiff from printing diff headers with empty change texts when two files have different revision numbers but the same content. * The global '-l' option, which suppressed history logging, has been removed from both client and server. Changes from 1.11.5 to 1.12.1: * The new --with-external-zlib option can be passed to configure to compile CVS against an external installed zlib. * A warning message is now issued if an administrative file contains more than one DEFAULT entry. * An error running a verifymsg script (such as referencing an unset user variable or the script not existing) now causes the verification to fail. * Errors in administrative files commands (like unset user variables) are no longer reported unless the command is actually executed. * When a file is initially checked out, its last access time is now set to the current time rather than being set to the time the file was last checked in like the modification time is. * The Checkin.prog and Update.prog functionality has been removed. This fuctionality previously allowed executables to be specified in the modules file to be run at update and checkin time, but users could edit these files on a per workspace basis, creating a security hole. * CVSROOTs which contain a symlink to a real repository should work. * contrib/rcs2log and src/cvsbug now use the BSD mktemp program to create their temp files and directories on systems which provide it. * Added a UserAdminOptions configuration option to CVSROOT/config to control which `cvs admin' commands are not restricted to the `cvsadmin' group. * If the rcsinfo specified template changes after a user has checked out a tree, the template in the users' tree will be updated rather than remaining static from the time of the original checkout. * Added a CVSREADONLYFS environment variable and `-R' cvs global option to turn on read-only repository mode for local repositories. This allows users to checkout from a CDROM repository or other read-only filesystem. * There is a new CVS_LOCAL_BRANCH_NUM environment variable, which may be used to give control over the branch number to be used next. Useful for having local changes in a CVSup mirrored repository. * Miscellaneous documentation corrections. * Corrected the path in a failed write error message. * Autoconf and Automake are no longer run automatically unless you run configure with --enable-maintainer-mode. Accordingly, noautomake.sh is no longer needed and has been removed. * We've standardized on Automake version 1.7.5 and Autoconf version 2.57 to get at a few new macros. Again, this should only really affect developers. See the section of the INSTALL file about using the autotools if you are compiling CVS yourself. Changes from 1.11.4 to 1.11.5: * Fixed a security hole in the CVS server by which users with read only access could gain write access. This issue does not affect client builds. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0015 to this issue. See for more information. * Fixed some bugs where revision numbers starting with 0 (like 0.3) weren't correctly handled. (CVS doesn't normally use such revision numbers, but users may be able to force it to do so and old RCS files might.) Changes from 1.11.3 to 1.11.4: * Some minor changes to allow the code to compile on Windows platforms. Changes from 1.11.2 to 1.11.3: * The tag/rtag code has been fixed to once again lock just a single directory at a time. * There was a bug where certain error conditions could cause the server to go into an infinite loop. There was also a bug that caused a compressed connection from an older client to hang on shutdown. These bugs have been fixed. * Fixed a bug that caused the server to reject most watch commands. * When waiting for another user's lock, the message timestamps are now in UTC rather than the server's local time. * The options.h file is no longer used. This fixes a bug that occurred when 1.11.2 was compiled on Windows platforms. * We've standardized on Automake version 1.6.3 and Autoconf version 2.53. They are cleaner, less bug prone, and will hopfully allow me to start updating sanity.sh to use Autotest and Autoshell. Again, this should only really affect developers. See the section of the INSTALL file about using the autotools if you are compiling CVS yourself. * Fixed a bug in the log/rlog code when a revision range crosses a branch point. * Fixed a bug where filenames starting with - would be misinterpreted as options when using client/server mode. Changes from 1.11.1p1 to 1.11.2: * There is a new feature, enabled by RereadLogAfterVerify in CVSROOT/config, which tells CVS to reread the log message after running the verifymsg script. This allows the verifymsg script to reformat or otherwise modify the log message. * The interpretation of revision ranges using :: in "log" and "rlog" has changed: a::b now excludes the log message from revision a but includes the log message from revision b. Also, revision ranges that cross branch points should now work. * zlib has been updated to version 1.4. There is a security advisory out in regards to 1.3. This should fix that problem. * The "log" and "rlog" commands now have a -S option to suppress the header information when no revisions are selected. * A serious error that allowed read-only users to tag files has been corrected. * The "annotate" command will no longer annotate binary files unless you specify the new -F option. * The "tag" and "rtag" commands will no longer move or delete branch tags unless you use the new -B option. (This prevents accidental changes to branch tags that are hard to undo.) * We've standardized on the 1.5 Automake release for the moment. Again, this should only really affect developers. See the section of the INSTALL file about using the autotools if you are compiling CVS yourself. Changes from 1.11.1 to 1.11.1p1: * Read only access was broken - now fixed. Changes from 1.11 to 1.11.1: * There was a locking bug in the tag/rtag code that could lose changes made to a file while the tag operation was in progress. This has been fixed, but all of the directories being tagged are now locked for the entire duration of the tag operation rather than only one directory at a time. * The "cvs diff" command now accepts the -y/--side=by-side and -T/ --initial-tab options. (To use these options with a remote repository, both the client and the server must support them.) * The expansion of the loginfo format string has changed slightly. Previously, the expansion was surrounded by single quotes ('); if a file name contained a single quote character, the string would not be parsed as a single entity by the Unix shell (and it would not be possible to parse it unambiguously). Now the expansion is surrounded by double quotes (") and any embedded dollar signs ($), backticks (`), backslashes (\), and double quotes are preceded by a backslash. This is parsed as a single entity by the shell reguardless of content. This change should not be noticable unless you're not using a Unix shell or you have embedded the format string inside a double quoted string. * There was a bug in the diff code which sometimes caused conflicts to be flagged which shouldn't have been. This has been fixed. * New "cvs rlog" and "cvs rannotate" commands have been added to get log messages and annotations without having to have a checked-out copy. * Exclusive revision ranges have been added to "cvs log" using :: (similar to "cvs admin -o"). * The VMS client now accepts wildcards if you're running VMS 7.x. * ZLIB has been updated to version 1.1.3, the most current version. This includes mostly some optimizations and minor bug fixes. * The ~/.cvspass file has a slightly modified format. CVSROOTs are now stored in a new canonical form - hostnames are now case insensitive and port numbers are always stored in the new format. Until a new login for a particular CVSROOT is performed with the new version of CVS, new and old versions of CVS should interoperate invisibly. After that point, an extra login using the old version of CVS may be necessary to continue to allow the new and old versions of CVS to interoperate using the same ~/.cvspass file and CVSROOT. The exception to this rule occurs when the CVSROOTs used with the different versions use case insensitively different hostnames, for example, "empress", and "empress.2-wit.com". * A password and a port number may now be specified in CVSROOT for pserver connections. The new format is: :pserver:[[user][:password]@]host[:[port]]/path Note that passwords specified in a checkout command will be saved in the clear in the CVS/Root file in each created directory, so this is not recommended, except perhaps when accessing anonymous repositories or the like. * The distribution has been converted to use Automake. This shouldn't affect most users except to ease some portability concerns, but if you are building from the repository and encounter problems with the makefiles, you might try running ./noautomake.sh after a fresh update -AC. Changes from 1.10 to 1.11: * The "cvs update" command has a new -C option to get clean copies from the repository, abandoning any local changes. * The new "cvs version" command gives a short version message. If the repository is remote, both the client and server versions are reported. * "cvs admin -t" now works correctly in client/server mode. * The "cvs history" command output format has changed -- the date now includes the year and is given is ISO 8601 format (yyyy-mm-dd). Also, the new LogHistory option in CVSROOT/config can be used to control what information gets recorded in the log file and code has been added to record file removals. * The buggy PreservePermissions code has been disabled. * Anonymous read-only access can now be done without requiring a password. On the server side, simply give that user (presumably `anonymous') an empty password in the CVSROOT/passwd file, and then any received password will authenticate successfully. * There is a new access method :fork: which is similar to :local: except that it is implemented via the CVS remote protocol, and thus has a somewhat different set of quirks and bugs. * The -d command line option no longer updates the CVS/Root file. For one thing, the CVS 1.9/1.10 behavior never had updated CVS/Root in subdirectories, and for another, it didn't seem that popular in general. So this change restores the CVS 1.8 behavior (which is also the CVS 1.9/1.10 behavior if the environment variable CVS_IGNORE_REMOTE_ROOT is set; with this change, CVS_IGNORE_REMOTE_ROOT no longer has any effect). * It is now possible for a single CVS command to recurse into several CVS roots. This includes roots which are located on several servers, or which are both remote and local. CVS will make connections to as many servers as necessary. * It is now possible to put the CVS lock files in a directory set by the new LockDir option in CVSROOT/config. The default continues to be to put the lock files in the repository itself. Changes from 1.9 to 1.10: * A bug was discovered in the -t/-f wrapper support that can cause serious data loss. Because of this (and also the fact that it doesn't work at all in client/server mode), the -t/-f wrapper code has been disabled until it can be fixed. * There is a new feature, enabled by TopLevelAdmin in CVSROOT/config, which tells CVS to modify the behavior of the "checkout" command. The command now creates a CVS directory at the top level of the new working directory, in addition to CVS directories created within checked-out directories. See the Cederqvist for details. * There is an optional set of features, enabled by PreservePermissions in CVSROOT/config, which allow CVS to store unix-specific file information such as permissions, file ownership, and links. See the Cederqvist for details. * One can now authenticate and encrypt using the GSSAPI network security interface. For details see the Cederqvist's description of specifying :gserver: in CVSROOT, and the -a global option. * All access to RCS files is now implemented internally rather than by calling RCS programs. The main user-visible consequence of this is that there is no need to worry about making sure that CVS finds the correct version of RCS. The -b global option and the RCSBIN setting in CVSROOT/config are still accepted but don't do anything. The $RCSBIN internal variable in administrative files is no longer accepted. * There is a new syntax, "cvs admin -orev1::rev2", which collapses the revisions between rev1 and rev2 without deleting rev1 or rev2 themselves. * There is a new administrative file CVSROOT/config which allows one to specify miscellaneous aspects of CVS configuration. Currently supported here: - SystemAuth, allows you to prevent pserver from checking for system usernames/passwords. For more information see the "config" section of cvs.texinfo. * When setting up the pserver server, one now must specify the allowable CVSROOT directories in inetd.conf. See the Password authentication server section of cvs.texinfo for details. Note that this implies that everyone who is running a pserver server must edit inetd.conf when upgrading their CVS. * The client no longer needs an external patch program (assuming both the client and the server have been updated to the new version). * "cvs admin [options]" will now recurse. In previous versions of CVS, it was an error and one needed to specify "cvs admin [options] ." to recurse. This change brings admin in line with the other CVS commands. * New "logout" command to remove the password for a remote cvs repository from the cvspass file. * Read-only repository access is implemented for the password-authenticated server (other access methods are just governed by Unix file permissions, since they require login access to the repository machine anyway). See the "Repository" section of cvs.texinfo for details, including a discussion of security issues. Note that the requirement that read-only users be able to create locks and write the history file still applies. * There is a new administrative file verifymsg which is like editinfo but merely validates the message, rather than also getting it from the user. It therefore works with client/server CVS or if one uses the -m or -F options to commit. See the verifymsg section of cvs.texinfo for details. * The %s format formerly accepted in loginfo has been extended to formats such as %{sVv}, so that loginfo scripts have access to the version numbers being changed. See the Loginfo section of cvs.texinfo for details. * The postscript documentation (doc/cvs.ps) shipped with CVS is now formatted for US letter size instead of A4. This is not because we consider this size "better" than A4, but because we believe that the US letter version will print better on A4 paper than the other way around. * The "cvs export" command is now logged in the history file and there is a "cvs history -x E" command to select history file entries produced by export. * CVS no longer uses the CVS_PASSWORD environment variable. Storing passwords in cleartext in an environment variable is a security risk, especially since (on BSD variants) any user on the system can display any process's environment using 'ps'. Users should use the 'cvs login' command instead. Changes from 1.8 to 1.9: * Windows NT client should now work on Windows 95 as well. * New option "--help-synonyms" prints a list of all recognized command synonyms. * The "log" command is now implemented internally rather than via the RCS "rlog" program. The main user-visible consequence is that symbolic branch names now work (for example "cvs log -rbranch1"). Also, the date formats accepted by -d have changed. They previously had been a bewildering variety of poorly-documented date formats. Now they are the same as the date formats accepted by the -D options to the other CVS commands, which is also a (different) bewildering variety of poorly-documented date formats, but at least we are consistently bewildering :-). * Encryption is now supported over a Kerberos client/server connection. The new "-x" global option requests it. You must configure with the --enable-encryption option in order to enable encryption. * The format of the CVS commit message has changed slightly when committing changes on a branch. The tag on which the commit is ocurring is now reported correctly in all cases. * New flag -k in wrappers allows you to specify the keyword expansion mode for added files based on their name. For example, you can specify that files whose name matches *.exe are binary by default. See the Wrappers section of cvs.texinfo for more details. * Remote CVS with the "-z" option now uses the zlib library (included with CVS) to compress all communication between the client and the server, rather than invoking gzip on each file separately. This means that compression is better and there is no need for an external gzip program (except to interoperate with older version of CVS). * The "cvs rlog" command is deprecated and running it will print a warning; use the synonymous "cvs log" command instead. It is confusing for rlog to mean the same as log because some other CVS commands are in pairs consisting of a plain command which operates on a working directory and an "r" command which does not (diff/rdiff; tag/rtag). * "cvs diff" has a bunch of new options, mostly long options. Most of these work only if rcsdiff and diff support them, and are named the same as the corresponding options to diff. * The -q and -Q command options to "cvs diff" were removed (use the global options instead). This brings "cvs diff" into line with the rest of the CVS commands. * The "annotate" command can now be used to annotate a revision other than the head revision on the trunk (see the -r, -D, and -f options in the annotate node of cvs.texinfo for details). * The "tag" command has a new option "-c" which checks that all files are not locally modified before tagging. * The -d command line option now overrides the cvsroot setting stored in the CVS/Root file in each working directory, and specifying -d will cause CVS/Root to be updated. * Local (non-client/server) CVS now runs on Windows NT. See windows-NT/README for details. * The CVSROOT variable specification has changed to support more access methods. In addition to "pserver," "server" (internal rsh client), "ext" (external rsh client), "kserver" (kerberos), and "local" (local filesystem access) can now be specified. For more details on each method, see cvs.texinfo (there is an index entry for :local: and each of the other access methods). * The "login" command no longer prompts the user for username and hostname, since one will have to provide that information via the `-d' flag or by setting CVSROOT. Changes from 1.7 to 1.8: * New "cvs annotate" command to display the last modification for each line of a file, with the revision number, user checking in the modification, and date of the modification. For more information see the `annotate' node in cvs.texinfo. * The cvsinit shell script has been replaced by a cvs init command. The cvs init command creates some example administrative files which are similar to the files found in the examples directory (and copied by cvsinit) in previous releases. * Added the patterns *.olb *.exe _$* *$ to default ignore list. * There is now a $USER internal variable for *info files. * There is no longer a separate `mkmodules' program; the functionality is now built into `cvs'. If upgrading an old repository, it is OK to leave in the lines in the modules file which run mkmodules (the mkmodules actions will get done twice, but that is harmless); you will probably want to remove them once you are no longer using the old CVS. * One can now specify user variables in *info files via the ${=varname} syntax; there is a -s global option to set them. See the Variables node in cvs.texinfo for details. Changes from 1.6 to 1.7: * The default ignore list has changed slightly: *.obj has been added and CVS* has been changed to CVS CVS.adm. * CVS now supports password authentication when accessing remote repositories; this is useful for sites that can't use rsh (because of a firewall, for example), and also don't have kerberos. See node "Password authenticated" (in "Remote repositories", in doc/cvs.texinfo) for more details. Note: This feature requires both the client and server to be upgraded. * Using the -kb option to specify binary files now works--most cases did not work before. See the "Binary files" section of doc/cvs.texinfo for details. * New developer communication features. See the "Watches" section of doc/cvs.texinfo for details. * RCS keyword "Name" supported for "cvs update -r " and "cvs checkout -r ". * If there is a group whose name matches a compiled in value which defaults to "cvsadmin", only members of that group can use "cvs admin". This replaces the CVS_NOADMIN option. * CVS now sets the modes of files in the repository based on the CVSUMASK environment variable or a compiled in value defaulting to 002. This way other developers will be able to access the files in the repository regardless of the umask of the developer creating them. * The command names in .cvsrc now match the official name of the command, not the one (possibly an alias) by which it was invoked. If you had previously relied on "cvs di" and "cvs diff" using different options, instead use a shell function or alias (for example "alias cvsdi='cvs diff -u'"). You also can specify global CVS options (like "-z") using the command name "cvs". Changes from 1.5 to 1.6: * Del updated the man page to include all of the new features of CVS 1.6. * "cvs tag" now supports a "-r | -D" option for tagging an already tagged revision / specific revision of a file. * There is a "taginfo" file in CVSROOT that supports filtering and recording of tag operations. * Long options support added, including --help and --version options. * "cvs release" no longer cares whether or not the directory being released has an entry in the `modules' file. * The modules file now takes a -e option which is used instead of -o for "cvs export". If your modules file has a -o option which you want to be used for "cvs export", change it to specify -e as well as -o. * "cvs export" now takes a -k option to set RCS keyword expansion. This way you can export binary files. If you want the old behavior, you need to specify -kv. * "cvs update", "cvs rdiff", "cvs checkout", "cvs import", "cvs release", "cvs rtag", and "cvs tag" used to take -q and -Q options after the command name (e.g. "cvs update -q"). This was confusing because other commands, such as "cvs ci", did not. So the options after the command name have been removed and you must now specify, for example, "cvs -q update", which has been supported since CVS 1.3. * New "wrappers" feature. This allows you to set a hook which transforms files on their way in and out of cvs (apparently on the NeXT there is some particular usefulness in tarring things up in the repository). It also allows you to declare files as merge-by-copy which means that instead of trying to merge the file, CVS will merely copy the new version. There is a CVSROOT/cvswrappers file and an optionsl ~/.cvswrappers file to support this feature. * You can set CVSROOT to user@host:dir, not just host:dir, if your username on the server host is different than on the client host. * VISUAL is accepted as well as EDITOR. * $CVSROOT is expanded in *info files. Changes from 1.4A2 to 1.5: * Remote implementation. This is very helpful when collaborating on a project with someone across a wide-area network. This release can also be used locally, like other CVS versions, if you have no need for remote access. Here are some of the features of the remote implementation: - It uses reliable transport protocols (TCP/IP) for remote repository access, not NFS. NFS is unusable over long distances (and sometimes over short distances) - It transfers only those files that have changed in the repository or the working directory. To save transmission time, it will transfer patches when appropriate, and can compress data for transmission. - The server never holds CVS locks while waiting for a reply from the client; this makes the system robust when used over flaky networks. The remote features are documented in doc/cvsclient.texi in the CVS distribution, but the main doc file, cvs.texinfo, has not yet been updated to include the remote features. * Death support. See src/README-rm-add for more information on this. * Many speedups, especially from jtc@cygnus.com. * CVS 1.2 compatibility code has been removed as a speedup. If you have working directories checked out by CVS 1.2, CVS 1.3 or 1.4A2 will try to convert them, but CVS 1.5 and later will not (if the working directory is up to date and contains no extraneous files, you can just remove it, and then check out a new working directory). Likewise if your repository contains a CVSROOT.adm directory instead of a CVSROOT directory, you need to rename it. Fri Oct 21 20:58:54 1994 Brian Berliner * Changes between CVS 1.3 and CVS 1.4 Alpha-2 * A new program, "cvsbug", is provided to let you send bug reports directly to the CVS maintainers. Please use it instead of sending mail to the info-cvs mailing list. If your build fails, you may have to invoke "cvsbug" directly from the "src" directory as "src/cvsbug.sh". * A new User's Guide and Tutorial, written by Per Cederqvist of Signum Support. See the "doc" directory. A PostScript version is included as "doc/cvs.ps". * The Frequesntly Asked Questions file, FAQ, has been added to the release. Unfortunately, its contents are likely out-of-date. * The "cvsinit" shell script is now installed in the $prefix/bin directory like the other programs. You can now create new CVS repositories with great ease. * Index: lines are now printed on output from 'diff' and 'rdiff', in order to facilitate application of patches to multiple subdirs. * Support for a ~/.cvsrc file, which allows you to specify options that are always supposed to be given to a specific command. This feature shows the non-orthogonality of the option set, since while there may be an option to turn something on, the option to turn that same thing off may not exist. * You can now list subdirectories that you wish to ignore in a modules listing, such as: gcc -a gnu/gcc, !gnu/gcc/testsuites which will check out everything underneath gnu/gcc, except everything underneath gnu/gcc/testsuites. * It is now much harder to accidentally overwrite an existing tag name, since attempting to move a tag name will result in a error, unless the -F (force) flag is given to the tag subcommands. * Better error checking on matching of the repository used to check code out from against the repository the current cvs commnands would use. (Thanks to Mark Baushke ) * Better support for sites with multiple CVSROOT repositories has been contributed. The file "CVS/Root" in your working directory is created to hold the full path to the CVS repository and a simple check is made against your current CVSROOT setting. * You can now specify an RCS keyword substitution value when you import files into the repository. * Uses a much newer version of Autoconf, and conforms to the GNU coding standards much more closely. No, it still doesn't have long option names. * Code cleanup. Many passes through gcc -Wall helped to identify a number of questionable constructs. Most arbitrary length limits were removed. * Profiling to determine bottlenecks helped to identify the best places to spend time speeding up the code, which was then done. A number of performance enhancements in filename matching have sped up checkouts. * Many more contributions have been added to the "contrib" directory. See the README file in that directory for more information. * "cvs commit" will try harder to not change the file's modification time after the commit. If the file does not change as a result of the commit operation, CVS will preserve the original modification time, thus speeding up future make-type builds. * "cvs commit" now includes any removed files in the (optional) pre-commit checking program that may be invoked. Previously, only added and modified files were included. * It is now possible to commit a file directly onto the trunk at a specific revision level by doing "cvs commit -r3.0 file.c", where "3.0" specifies the revision you wish to create. The file must be up-to-date with the current head of the trunk for this to succeed. * "cvs commit" will now function with a pre-commit program that has arguments specified in the "commitinfo" file. * The "mkmodules" program will now look within the $CVSROOT/CVSROOT/checkoutlist" file for any additional files that should be automatically checked out within CVSROOT; mkmodules also tries harder to preserve any execute bits the files may have originally had. * "cvs diff" is much more accurate about its exit status now. It now returns the maximum exit status of any invoked diff. * The "-I !" option is now supported for the import and update commands correctly. It will properly clear the ignore list now. * Some problems with "cvs import" handling of .cvsignore have been fixed; as well, some rampant recursion problems with import have also been fixed. * "cvs rdiff" (aka "cvs patch") now tries to set the modify time of any temporary files it uses to match those specified for the particular revision. This allows a more accurate patch image to be created. * "cvs status" has improved revision descriptions. "Working revision" is used for the revision of the working file that you edit directly; "Repository revision" is the revision of the file with the $CVSROOT source repository. Also, the output is clearer with regard to sticky and branch revisions. * CVS no longer dumps core when given a mixture of directories and files in sub-directories (as in "cvs ci file1 dir1/file2"). Instead, arguments are now clumped into their respective directory and operated on in chunks, together. * If the CVSEDITOR environment variable is set, that editor is used for log messages instead of the EDITOR environment variable. This makes it easy to substitute intelligent programs to make more elaborate log messages. Contributed by Mark D Baushke (mdb@cisco.com). * Command argument changes: cvs: The "-f" option has been added to ignore the ~/.cvsrc file. commit: Renamed the "-f logfile" option to the "-F logfile" option. Added the "-f" option to force a commit of the specified files (this disables recursion). history: Added "-t timezone" option to force any date-specific output into the specified timezone. import: Added "-d" option to use the file's modification time as the time of the import. Added "-k sub" option to set the default RCS keyword substitution mode for newly-created files. remove: Added "-f" option to force the file's automatic removal if it still exists in the working directory (use with caution). rtag: Added "-F" option to move the tag if it already exists -- new default is to NOT move tags automatically. tag: Added "-F" option to move the tag if it already exists -- new default is to NOT move tags automatically. Tue Apr 7 15:55:25 1992 Brian Berliner (berliner at sun.com) * Changes between CVS 1.3 Beta-3 and official CVS 1.3! * A new shell script is provided, "./cvsinit", which can be run at install time to help setup your $CVSROOT area. This can greatly ease your entry into CVS usage. * The INSTALL file has been updated to include the machines on which CVS has compiled successfully. I think CVS 1.3 is finally portable. Thanks to all the Beta testers! * Support for the "editinfo" file was contributed. This file (located in $CVSROOT/CVSROOT) can be used to specify a special "editor" to run on a per-directory basis within the repository, instead of the usual user's editor. As such, it can verify that the log message entered by the user is of the appropriate form (contains a bugid and test validation, for example). * The manual pages cvs(1) and cvs(5) have been updated. * The "mkmodules" command now informs you when your modules file has duplicate entries. * The "add" command now preserves any per-directory sticky tag when you add a new directory to your checked-out sources. * The "admin" command is now a fully recursive interface to the "rcs" program which operates on your checked-out sources. It no longer requires you to specify the full path to the RCS file. * The per-file sticky tags can now be effectively removed with "cvs update -A file", even if you had checked out the whole directory with a per-directory sticky tag. This allows a great deal of flexibility in managing the revisions that your checked-out sources are based upon (both per-directory and per-file sticky tags). * The "cvs -n commit" command now works, to show which files are out-of-date and will cause the real commit to fail, or which files will fail any pre-commit checks. Also, the "cvs -n import ..." command will now show you what it would've done without actually doing it. * Doing "cvs commit modules" to checkin the modules file will no properly run the "mkmodules" program (assuming you have setup your $CVSROOT/CVSROOT/modules file to do so). * The -t option in the modules file (which specifies a program to run when you do a "cvs rtag" operation on a module) now gets the symbolic tag as the second argument when invoked. * When the source repository is locked by another user, that user's login name will be displayed as the holder of the lock. * Doing "cvs checkout module/file.c" now works even if module/file.c is in the Attic (has been removed from main-line development). * Doing "cvs commit */Makefile" now works as one would expect. Rather than trying to commit everything recursively, it will now commit just the files specified. * The "cvs remove" command is now fully recursive. To schedule a file for removal, all you have to do is "rm file" and "cvs rm". With no arguments, "cvs rm" will schedule all files that have been physically removed for removal from the source repository at the next "cvs commit". * The "cvs tag" command now prints "T file" for each file that was tagged by this invocation and "D file" for each file that had the tag removed (as with "cvs tag -d"). * The -a option has been added to "cvs rtag" to force it to clean up any old, matching tags for files that have been removed (in the Attic) that may not have been touched by this tag operation. This can help keep a consistent view with your tag, even if you re-use it frequently. Sat Feb 29 16:02:05 1992 Brian Berliner (berliner at sun.com) * Changes between CVS 1.3 Beta-2 and CVS 1.3 Beta-3 * Many portability fixes, thanks to all the Beta testers! With any luck, this Beta release will compile correctly on most anything. Hey, what are we without our dreams. * CVS finally has support for doing isolated development on a branch off the current (or previous!) revisions. This is also extremely nice for generating patches for previously released software while development is progressing on the next release. Here's an example of creating a branch to fix a patch with the 2.0 version of the "foo" module, even though we are already well into the 3.0 release. Do: % cvs rtag -b -rFOO_2_0 FOO_2_0_Patch foo % cvs checkout -rFOO_2_0_Patch foo % cd foo [[ hack away ]] % cvs commit A physical branch will be created in the RCS file only when you actually commit the change. As such, forking development at some random point in time is extremely light-weight -- requiring just a symbolic tag in each file until a commit is done. To fork development at the currently checked out sources, do: % cvs tag -b Personal_Hack % cvs update -rPersonal_Hack [[ hack away ]] % cvs commit Now, if you decide you want the changes made in the Personal_Hack branch to be merged in with other changes made in the main-line development, you could do: % cvs commit # to make Personal_Hack complete % cvs update -A # to update sources to main-line % cvs update -jPersonal_Hack # to merge Personal_Hack to update your checked-out sources, or: % cvs checkout -jPersonal_Hack module to checkout a fresh copy. To support this notion of forked development, CVS reserves all even-numbered branches for its own use. In addition, CVS reserves the ".0" and ".1" branches. So, if you intend to do your own branches by hand with RCS, you should use odd-numbered branches starting with ".3", as in "1.1.3", "1.1.5", 1.2.9", .... * The "cvs commit" command now supports a fully functional -r option, allowing you to commit your changes to a specific numeric revision or symbolic tag with full consistency checks. Numeric tags are useful for bringing your sources all up to some revision level: % cvs commit -r2.0 For symbolic tags, you can only commit to a tag that references a branch in the RCS file. One created by "cvs rtag -b" or from "cvs tag -b" is appropriate (see below). * Roland Pesch and K. Richard Pixley were kind enough to contribute two new manual pages for CVS: cvs(1) and cvs(5). Most of the new CVS 1.3 features are now documented, with the exception of the new branch support added to commit/rtag/tag/checkout/update. * The -j options of checkout/update have been added. The "cvs join" command has been removed. With one -j option, CVS will merge the changes made between the resulting revision and the revision that it is based on (e.g., if the tag refers to a branch, CVS will merge all changes made in that branch into your working file). With two -j options, CVS will merge in the changes between the two respective revisions. This can be used to "remove" a certain delta from your working file. E.g., If the file foo.c is based on revision 1.6 and I want to remove the changes made between 1.3 and 1.5, I might do: % cvs update -j1.5 -j1.3 foo.c # note the order... In addition, each -j option can contain on optional date specification which, when used with branches, can limit the chosen revision to one within a specific date. An optional date is specified by adding a colon (:) to the tag, as in: -jSymbolic_Tag:Date_Specifier An example might be what "cvs import" tells you to do when you have just imported sources that have conflicts with local changes: % cvs checkout -jTAG:yesterday -jTAG module which tells CVS to merge in the changes made to the branch specified by TAG in the last 24 hours. If this is not what is intended, substitute "yesterday" for whatever format of date that is appropriate, like: % cvs checkout -jTAG:'1 week ago' -jTAG module * "cvs diff" now supports the special tags "BASE" and "HEAD". So, the command: % cvs diff -u -rBASE -rHEAD will effectively show the changes made by others (in unidiff format) that will be merged into your working sources with your next "cvs update" command. "-rBASE" resolves to the revision that your working file is based on. "-rHEAD" resolves to the current head of the branch or trunk that you are working on. * The -P option of "cvs checkout" now means to Prune empty directories, as with "update". The default is to not remove empty directories. However, if you do "checkout" with any -r options, -P will be implied. I.e., checking out with a tag will cause empty directories to be pruned automatically. * The new file INSTALL describes how to install CVS, including detailed descriptions of interfaces to "configure". * The example loginfo file in examples/loginfo has been updated to use the perl script included in contrib/log.pl. The nice thing about this log program is that it records the revision numbers of your change in the log message. Example files for commitinfo and rcsinfo are now included in the examples directory. * All "#if defined(__STDC__) && __STDC__ == 1" lines have been changed to be "#if __STDC__" to fix some problems with the former. * The lib/regex.[ch] files have been updated to the 1.3 release of the GNU regex package. * The ndbm emulation routines included with CVS 1.3 Beta-2 in the src/ndbm.[ch] files has been moved into the src/myndbm.[ch] files to avoid any conflict with the system header file. If you had a previous CVS 1.3 Beta release, you will want to "cvs remove ndbm.[ch]" form your copy of CVS as well. * "cvs add" and "cvs remove" are a bit more verbose, telling you what to do to add/remove your file permanently. * We no longer mess with /dev/tty in "commit" and "add". * More things are quiet with the -Q option set. * New src/config.h option: If CVS_BADROOT is set, CVS will not allow people really logged in as "root" to commit changes. * "cvs diff" exits with a status of 0 if there were no diffs, 1 if there were diffs, and 2 if there were errors. * "cvs -n diff" is now supported so that you can still run diffs even while in the middle of committing files. * Handling of the CVS/Entries file is now much more robust. * The default file ignore list now includes "*.so". * "cvs import" did not expand '@' in the log message correctly. It does now. Also, import now uses the ignore file facility correctly. Import will now tell you whether there were conflicts that need to be resolved, and how to resolve them. * "cvs log" has been changed so that you can "log" things that are not a part of the current release (in the Attic). * If you don't change the editor message on commit, CVS now prompts you with the choice: !)reuse this message unchanged for remaining dirs which allows you to tell CVS that you have no intention of changing the log message for the remainder of the commit. * It is no longer necessary to have CVSROOT set if you are using the -H option to get Usage information on the commands. * Command argument changes: checkout: -P handling changed as described above. New -j option (up to 2 can be specified) for doing rcsmerge kind of things on checkout. commit: -r option now supports committing to a numeric or symbolic tags, with some restrictions. Full consistency checks will be done. Added "-f logfile" option, which tells commit to glean the log message from the specified file, rather than invoking the editor. rtag: Added -b option to create a branch tag, useful for creating a patch for a previous release, or for forking development. tag: Added -b option to create a branch tag, useful for creating a patch for a previous release, or for forking development. update: New -j option (up to 2 can be specified) for doing rcsmerge kind of things on update. Thu Jan 9 10:51:35 MST 1992 Jeff Polk (polk at BSDI.COM) * Changes between CVS 1.3 Beta-1 and CVS 1.3 Beta-2 * Thanks to K. Richard Pixley at Cygnus we now have function prototypes in all the files * Some small changes to configure for portability. There have been other portability problems submitted that have not been fixed (Brian will be working on those). Additionally all __STDC__ tests have been modified to check __STDC__ against the constant 1 (this is what the Second edition of K&R says must be true). * Lots of additional error checking for forked processes (run_exec) (thanks again to K. Richard Pixley) * Lots of miscellaneous bug fixes - including but certainly not limited to: various commit core dumps various update core dumps bogus results from status with numeric sticky tags commitprog used freed memory Entries file corruption caused by No_Difference commit to revision broken (now works if branch exists) ignore file processing broken for * and ! ignore processing didn't handle memory reasonably miscellaneous bugs in the recursion processor file descriptor leak in ParseInfo CVSROOT.adm->CVSROOT rename bug lots of lint fixes * Reformatted all the code in src (with GNU indent) and then went back and fixed prototypes, etc since indent gets confused. The rationale is that it is better to do it sooner than later and now everything is consistent and will hopefully stay that way. The basic options to indent were: "-bad -bbb -bap -cdb -d0 -bl -bli0 -nce -pcs -cs -cli4 -di1 -nbc -psl -lp -i4 -ip4 -c41" and then miscellaneous formatting fixes were applied. Note also that the "-nfc1" or "-nfca" may be appropriate in files where comments have been carefully formatted (e.g, modules.c). Sat Dec 14 20:35:22 1991 Brian Berliner (berliner at sun.com) * Changes between CVS 1.2 and CVS 1.3 Beta are described here. * Lots of portability work. CVS now uses the GNU "configure" script to dynamically determine the features provided by your system. It probably is not foolproof, but it is better than nothing. Please let me know of any portability problems. Some file names were changed to fit within 14-characters. * CVS has a new RCS parser that is much more flexible and extensible. It should read all known RCS ",v" format files. * Most of the commands now are fully recursive, rather than just operating on the current directory alone. This includes "commit", which makes it real easy to do an "atomic" commit of all the changes made to a CVS hierarchy of sources. Most of the commands also correctly handle file names that are in directories other than ".", including absolute path names. Commands now accept the "-R" option to force recursion on (though it is always the default now) and the "-l" option to force recursion off, doing just "." and not any sub-directories. * CVS supports many of the features provided with the RCS 5.x distribution - including the new "-k" keyword expansion options. I recommend using RCS 5.x (5.6 is the current official RCS version) and GNU diff 1.15 (or later) distributions with CVS. * Checking out files with symbolic tags/dates is now "sticky", in that CVS remembers the tag/date used for each file (and directory) and will use that tag/date automatically on the next "update" call. This stickyness also holds for files checked out with the the new RCS 5.x "-k" options. * The "cvs diff" command now recognizes all of the rcsdiff 5.x options. Unidiff format is available by installing the GNU diff 1.15 distribution. * The old "CVS.adm" directories created on checkout are now called "CVS" directories, to look more like "RCS" and "SCCS". Old CVS.adm directories are automagically converted to CVS directories. The old "CVSROOT.adm" directory within the source repository is automagically changed into a "CVSROOT" directory as well. * Symbolic links in the source repository are fully supported ONLY if you use RCS 5.6 or later and (of course) your system supports symlinks. * A history database has been contributed which maintains the history of certain CVS operations, as well as providing a wide array of querying options. * The "cvs" program has a "-n" option which can be used with the "update" command to show what would be updated without actually doing the update, like: "cvs -n update". All usage statements have been cleaned up and made more verbose. * The module database parsing has been rewritten. The new format is compatible with the old format, but with much more functionality. It allows modules to be created that grab pieces or whole directories from various different parts of your source repository. Module-relative specifications are also correctly recognized now, like "cvs checkout module/file.c". * A configurable template can be specified such that on a "commit", certain directories can supply a template that the user must fill before completing the commit operation. * A configurable pre-commit checking program can be specified which will run to verify that a "commit" can happen. This feature can be used to restrict certain users from changing certain pieces of the source repository, or denying commits to the entire source repository. * The new "cvs export" command is much like "checkout", but establishes defaults suitable for exporting code to others (expands out keywords, forces the use of a symbolic tag, and does not create "CVS" directories within the checked out sources. * The new "cvs import" command replaces the deprecated "checkin" shell script and is used to import sources into CVS control. It is also much faster for the first-time import. Some algorithmic improvements have also been made to reduce the number of conflicting files on next-time imports. * The new "cvs admin" command is basically an interface to the "rcs" program. (Not yet implemented very well). * Signal handling (on systems with BSD or POSIX signals) is much improved. Interrupting CVS now works with a single interrupt! * CVS now invokes RCS commands by direct fork/exec rather than calling system(3). This improves performance by removing a call to the shell to parse the arguments. * Support for the .cvsignore file has been contributed. CVS will now show "unknown" files as "? filename" as the result of an "update" command. The .cvsignore file can be used to add files to the current list of ignored files so that they won't show up as unknown. * Command argument changes: cvs: Added -l to turn off history logging. Added -n to show what would be done without actually doing anything. Added -q/-Q for quiet and really quiet settings. Added -t to show debugging trace. add: Added -k to allow RCS 5.x -k options to be specified. admin: New command; an interface to rcs(1). checkout: Added -A to reset sticky tags/date/options. Added -N to not shorten module paths. Added -R option to force recursion. Changed -p (prune empty directories) to -P option. Changed -f option; forcing tags match is now default. Added -p option to checkout module to standard output. Added -s option to cat the modules db with status. Added -d option to checkout in the specified directory. Added -k option to use RCS 5.x -k support. commit: Removed -a option; use -l instead. Removed -f option. Added -l option to disable recursion. Added -R option to force recursion. If no files specified, commit is recursive. diff: Now recognizes all RCS 5.x rcsdiff options. Added -l option to disable recursion. Added -R option to force recursion. history: New command; displays info about CVS usage. import: Replaces "checkin" shell script; imports sources under CVS control. Ignores files on the ignore list (see -I option or .cvsignore description above). export: New command; like "checkout", but w/special options turned on by default to facilitate exporting sources. join: Added -B option to join from base of the branch; join now defaults to only joining with the top two revisions on the branch. Added -k option for RCS 5.x -k support. log: Supports all RCS 5.x options. Added -l option to disable recursion. Added -R option to force recursion. patch: Changed -f option; forcing tags match is now default. Added -c option to force context-style diffs. Added -u option to support unidiff-style diffs. Added -V option to support RCS specific-version keyword expansion formats. Added -R option to force recursion. remove: No option changes. It's a bit more verbose. rtag: Equivalent to the old "cvs tag" command. No option changes. It's a lot faster for re-tag. status: New output formats with more information. Added -l option to disable recursion. Added -R option to force recursion. Added -v option to show symbolic tags for files. tag: Functionality changed to tag checked out files rather than modules; use "rtag" command to get the old "cvs tag" behaviour. update: Added -A to reset sticky tags/date/options. Changed -p (prune empty directories) to -P option. Changed -f option; forcing tags match is now default. Added -p option to checkout module to standard output. Added -I option to add files to the ignore list. Added -R option to force recursion. Major Contributors: * Jeff Polk rewrote most of the grody code of CVS 1.2. He made just about everything dynamic (by using malloc), added a generic hashed list manager, re-wrote the modules database parsing in a compatible - but extended way, generalized directory hierarchy recursion for virtually all the commands (including commit!), generalized the loginfo file to be used for pre-commit checks and commit templates, wrote a new and flexible RCS parser, fixed an uncountable number of bugs, and helped in the design of future CVS features. If there's anything gross left in CVS, it's probably my fault! * David G. Grubbs contributed the CVS "history" and "release" commands. As well as the ever-so-useful "-n" option of CVS which tells CVS to show what it would do, without actually doing it. He also contributed support for the .cvsignore file. * Paul Sander, HaL Computer Systems, Inc. wrote and contributed the code in lib/sighandle.c. I added support for POSIX, BSD, and non-POSIX/non-BSD systems. * Free Software Foundation contributed the "configure" script and other compatibility support in the "lib" directory, which will help make CVS much more portable. * Many others have contributed bug reports and enhancement requests. Some have even submitted actual code which I have not had time yet to integrate into CVS. Maybe for the next release. * Thanks to you all! Wed Feb 6 10:10:58 1991 Brian Berliner (berliner at sun.com) * Changes from CVS 1.0 Patchlevel 1 to CVS 1.0 Patchlevel 2; also known as "Changes from CVS 1.1 to CVS 1.2". * Major new support with this release is the ability to use the recently-posted RCS 5.5 distribution with CVS 1.2. See below for other assorted bug-fixes that have been thrown in. * ChangeLog (new): Added Emacs-style change-log file to CVS 1.2 release. Chronological description of changes between release. * README: Small fixes to installation instructions. My email address is now "berliner@sun.com". * src/Makefile: Removed "rcstime.h". Removed "depend" rule. * src/partime.c: Updated to RCS 5.5 version with hooks for CVS. * src/maketime.c: Updated to RCS 5.5 version with hooks for CVS. * src/rcstime.h: Removed from the CVS 1.2 distribution. Thanks to Paul Eggert for these changes. * src/checkin.csh: Support for RCS 5.5 parsing. Thanks to Paul Eggert for this change. * src/collect_sets.c (Collect_Sets): Be quieter if "-f" option is specified. When checking out files on-top-of other files that CVS doesn't know about, run a diff in the hopes that they are really the same file before aborting. * src/commit.c (branch_number): Fix for RCS 5.5 parsing. Thanks to Paul Eggert for this change. * src/commit.c (do_editor): Bug fix - fprintf missing argument which sometimes caused core dumps. * src/modules.c (process_module): Properly NULL-terminate update_dir[] in all cases. * src/no_difference.c (No_Difference): The wrong RCS revision was being registered in certain (strange) cases. * src/patch.c (get_rcsdate): New algorithm. No need to call maketime() any longer. Thanks to Paul Eggert for this change. * src/patchlevel.h: Increased patch level to "2". * src/subr.c (isdir, islink): Changed to compare stat mode bits correctly. * src/tag.c (tag_file): Added support for following symbolic links that are in the master source repository when tagging. Made tag somewhat quieter in certain cases. * src/update.c (update_process_lists): Unlink the user's file if it was put on the Wlist, meaning that the user's file is not modified and its RCS file has been removed by someone else. * src/update.c (update): Support for "cvs update dir" to correctly just update the argument directory "dir". * src/cvs.h: Fixes for RCS 5.5 parsing. * src/version_number.c (Version_Number): Fixes for parsing RCS 5.5 and older RCS-format files. Thanks to Paul Eggert for these changes. * src/version_number.c (Version_Number): Bug fixes for "-f" option. Bug fixes for parsing with certain branch numbers. RCS revision/symbol parsing is much more solid now. Wed Feb 14 10:01:33 1990 Brian Berliner (berliner at sun.com) * Changes from CVS 1.0 Patchlevel 0 to CVS 1.0 Patchlevel 1; also known as "Changes from CVS 1.0 to CVS 1.1". * src/patch.c (get_rcsdate): Portability fix. Replaced call to timelocal() with call to maketime(). Mon Nov 19 23:15:11 1990 Brian Berliner (berliner at prisma.com) * Sent CVS 1.0 release to comp.sources.unix moderator and FSF. * Special thanks to Dick Grune for his work on the 1986 version of CVS and making it available to the world. Dick's version is available on uunet.uu.net in the comp.sources.unix/volume6/cvs directory.