2002-12-22 release 0.9.15 of cvsd
changes since 0.9.14:
add -d switch to cvsd to run cvsd in debugging mode with verbose logging to stderr
turned off hyphenation in manual pages
rewritten logging code to be more configurable
updated README
.spec file and init script fixes for redhat
2002-11-24 FAQ on homepage
The frequently asked questions that are present in cvsd
releases are now also available on these pages.
This ensures that updates to the FAQ don't have to wait
for new releases to come out.
The FAQ file will continue to be shipped with the release.
2002-10-27 release 0.9.14 of cvsd
changes since 0.9.13:
upgrade debian building and configuration process
drop all supplemenal group priviliges
close all unnecessary file descriptors before running cvs
(These two fixes are security related but pose a risc only if the
cvs pserver itself is exploited, thanks to
env_audit
for finding these.)
cvsd-passwd now gets default user mapping from cvsd.conf
2002-10-03 release 0.9.13 of cvsd
changes since 0.9.12:
implemented tcp wrapper support (disabled by default)
cvsd-buildroot: fix for locating repository passwd files
added ability to specify which cvs binary to use
debian package improvements
2002-09-21 cvsd in Debian/unstable
Release 0.9.12 (actually 0.9.12 with a few cosmetic fixes) has entered the
Debian/unstable
distribution, starting my career as a Debian developer.
Cheers and thanks go to Kevin Rosenberg for sponsoring this package.
2002-09-14 release 0.9.12 of cvsd
changes since 0.9.11:
updated cvsd-passwd manual page
cvsd-buildroot fixes for Solaris
this release should make it into Debian/unstable
2002-08-25 release 0.9.11 of cvsd
changes since 0.9.10:
bugfixes and code documentation to cvsd-passwd
extra checks and warnings in cvsd-buildroot
fixed bugs in portability wrappers for older systems
thanks to Florian Zschocke
made cvsd-buildroot output better readable
this should be the basis for the 1.0 release
2002-08-09 not a cvsd vulnerability
A
recent post on BugTraq
and an
earlier post
mention a vulnerability in something they call cvsd.
This vulnerability concerns cvs and not cvsd.
The vulnerability concerns checkouts of "special" files like character
and block devices, is most likely disabled and requires write access
to the repository to be exploitable.
The problem is fixed in cvs 1.11.2.
Running the vulnerable cvs (as a pserver) from cvsd
would have limited the damage that might have been possible.
This is not related to the off by one error regarding the maximum number
of Listen directives in the config file that was fixed in release 0.9.8.
The security anouncement by
Beyond Security
and related mailinglist post
is just plain silly.
For more information see
this advisory
and
this message.
2002-07-28 release 0.9.10 of cvsd
changes since 0.9.9:
removed old networking code and replaced with wrappers for
getaddrinfo() and related functions
documentation updates (manual pages and README)
cvsd-buildroot: create lock directories referenced in
repositories
miscellaneous portability enhancements and fixes
removed removing of pidfile since this is probably silly
add mapping to system user on commandline for cvsd-passwd
init scripts now reads pidfile from configfile
added experimental .spec file thanks to Matthew L Daniel and
Andreas Metzler
this should be the basis for the 1.0 release
2002-06-24 release 0.9.9 of cvsd
changes since 0.9.8:
lots of portability fixes in cvsd, cvsd-buildroot and init script
cvsd should now work on OpenBSD and probably Solaris and FreeBSD
documentation improvements (new FAQ and README section on lockfiles)
remove pidfile on exit
Listen options can be specified in several formats
add redhat 7.1 init script
basically a portability release
2002-05-23 bug in potato deb
There seems to be a bug in debconf in potato, expanding '*' to a list of files in
the current directory (shell expand). This causes The 'Listen' directive to be
incorrectly put into the configuration file when '*' is used in the host part.
As a workaround when debconf asks about the 'Listen' option you should specify
'0.0.0.0' instead of '*'.
2002-04-06 release 0.9.8 of cvsd
changes since 0.9.7:
be more forgiving when binding sockets fail (missing protocols etc)
networking code fixes to increase portability
fixed off by one bug when listening on more than 16 sockets
basically a bugfix release
2002-03-30 release 0.9.7 of cvsd
changes since 0.9.6:
replaced Port configoption by Listen configoption
improved networking code to allow IPv6 and listening on multiple network interfaces
numerous code improvements (see ChangeLog)
we are nearing the feature-set required for a 1.0 release
2002-03-05 potato version of 0.9.6 available
An experimental .deb of cvsd is available for potato.
2002-02-25 release 0.9.6 of cvsd
changes since 0.9.5:
compilation fixes for Solaris
cleaned up source
added Umask configuration option
2002-01-25 release 0.9.5 of cvsd
changes since 0.9.4: