• 2002-12-22 release 0.9.15 of cvsd
  changes since 0.9.14:
  • add -d switch to cvsd to run cvsd in debugging mode with verbose logging to stderr
  • turned off hyphenation in manual pages
  • rewritten logging code to be more configurable
  • updated README
  • .spec file and init script fixes for redhat
• 2002-11-24 FAQ on homepage
  The frequently asked questions that are present in cvsd releases are now also available on these pages. This ensures that updates to the FAQ don't have to wait for new releases to come out. The FAQ file will continue to be shipped with the release.
• 2002-10-27 release 0.9.14 of cvsd
  changes since 0.9.13:
  • upgrade debian building and configuration process
  • drop all supplemenal group priviliges
  • close all unnecessary file descriptors before running cvs
    (These two fixes are security related but pose a risc only if the cvs pserver itself is exploited, thanks to env_audit for finding these.)
  • cvsd-passwd now gets default user mapping from cvsd.conf
• 2002-10-03 release 0.9.13 of cvsd
  changes since 0.9.12:
  • implemented tcp wrapper support (disabled by default)
  • cvsd-buildroot: fix for locating repository passwd files
  • added ability to specify which cvs binary to use
  • debian package improvements
• 2002-09-21 cvsd in Debian/unstable
  Release 0.9.12 (actually 0.9.12 with a few cosmetic fixes) has entered the Debian/unstable distribution, starting my career as a Debian developer. Cheers and thanks go to Kevin Rosenberg for sponsoring this package.
• 2002-09-14 release 0.9.12 of cvsd
  changes since 0.9.11:
  • updated cvsd-passwd manual page
  • cvsd-buildroot fixes for Solaris
  this release should make it into Debian/unstable
• 2002-08-25 release 0.9.11 of cvsd
  changes since 0.9.10:
  • bugfixes and code documentation to cvsd-passwd
  • extra checks and warnings in cvsd-buildroot
  • fixed bugs in portability wrappers for older systems thanks to Florian Zschocke
  • made cvsd-buildroot output better readable
  this should be the basis for the 1.0 release
• 2002-08-09 not a cvsd vulnerability
  A recent post on BugTraq and an earlier post mention a vulnerability in something they call cvsd. This vulnerability concerns cvs and not cvsd.
  The vulnerability concerns checkouts of "special" files like character and block devices, is most likely disabled and requires write access to the repository to be exploitable. The problem is fixed in cvs 1.11.2.
  Running the vulnerable cvs (as a pserver) from cvsd would have limited the damage that might have been possible.
  This is not related to the off by one error regarding the maximum number of Listen directives in the config file that was fixed in release 0.9.8. The security anouncement by Beyond Security and related mailinglist post is just plain silly.
  For more information see this advisory and this message.
• 2002-07-28 release 0.9.10 of cvsd
  changes since 0.9.9:
  • removed old networking code and replaced with wrappers for getaddrinfo() and related functions
  • documentation updates (manual pages and README)
  • cvsd-buildroot: create lock directories referenced in repositories
  • miscellaneous portability enhancements and fixes
  • removed removing of pidfile since this is probably silly
  • add mapping to system user on commandline for cvsd-passwd
  • init scripts now reads pidfile from configfile
  • added experimental .spec file thanks to Matthew L Daniel and Andreas Metzler
  this should be the basis for the 1.0 release
• 2002-06-24 release 0.9.9 of cvsd
  changes since 0.9.8:
  • lots of portability fixes in cvsd, cvsd-buildroot and init script cvsd should now work on OpenBSD and probably Solaris and FreeBSD
  • documentation improvements (new FAQ and README section on lockfiles)
  • remove pidfile on exit
  • Listen options can be specified in several formats
  • add redhat 7.1 init script
  basically a portability release
• 2002-05-23 bug in potato deb
  There seems to be a bug in debconf in potato, expanding '*' to a list of files in the current directory (shell expand). This causes The 'Listen' directive to be incorrectly put into the configuration file when '*' is used in the host part.
  As a workaround when debconf asks about the 'Listen' option you should specify '0.0.0.0' instead of '*'.
• 2002-04-06 release 0.9.8 of cvsd
  changes since 0.9.7:
  • be more forgiving when binding sockets fail (missing protocols etc)
  • networking code fixes to increase portability
  • fixed off by one bug when listening on more than 16 sockets
  basically a bugfix release
• 2002-03-30 release 0.9.7 of cvsd
  changes since 0.9.6:
  • replaced Port configoption by Listen configoption
  • improved networking code to allow IPv6 and listening on multiple network interfaces
  • numerous code improvements (see ChangeLog)
  we are nearing the feature-set required for a 1.0 release
• 2002-03-05 potato version of 0.9.6 available
  An experimental .deb of cvsd is available for potato.
• 2002-02-25 release 0.9.6 of cvsd
  changes since 0.9.5:
  • compilation fixes for Solaris
  • cleaned up source
  • added Umask configuration option
• 2002-01-25 release 0.9.5 of cvsd
  changes since 0.9.4:
  • upgraded to autoconf 2.50
  • cleaned up source
  • added 'unlimited' for resource limits

These pages contain no frames, blinking stuff, animated gifs or commercials, do not require javascript and are not optimised for any specific screen resolution or browser and should be valid XHTML 1.1 and contain valid CSS.