Change log for cvs package in Ubuntu

141 of 41 results
Published in disco-release on 2019-02-06
Deleted in disco-proposed (Reason: moved to release)
cvs (2:1.12.13+real-27) unstable; urgency=low

  * Hardcode path to /bin/mktemp during configure to build reproducibly
  * Policy 4.3.0.1 (verbosity changes; R³:no)
  * Use new lintian source override location
  * Update lintian overrides

 -- Thorsten Glaser <email address hidden>  Tue, 05 Feb 2019 19:31:19 +0100
Superseded in disco-release on 2019-02-06
Published in cosmic-release on 2018-05-01
Published in bionic-release on 2018-01-23
Deleted in bionic-proposed (Reason: moved to release)
cvs (2:1.12.13+real-26) unstable; urgency=low

  * Policy 4.1.3 (no changes)
  * Debhelper 11, prompted by lintian…
  * Update VCS-* to new repository caused by Alioth deprecation

 -- Thorsten Glaser <email address hidden>  Fri, 05 Jan 2018 20:06:42 +0100
Superseded in bionic-release on 2018-01-23
Superseded in bionic-release on 2017-12-04
Deleted in bionic-proposed on 2018-01-25 (Reason: moved to release)
cvs (2:1.12.13+real-25) unstable; urgency=low

  * Update from MirBSD (0AB8.4)
    - support LOGM response
  * Policy 4.1.1 (no changes)
  * Use “?=” in debian/rules for dpkg-architecture fields (lintian)
  * Update watch file

 -- Thorsten Glaser <email address hidden>  Sun, 19 Nov 2017 18:10:56 +0100
Published in xenial-updates on 2017-08-21
Published in xenial-security on 2017-08-21
cvs (2:1.12.13+real-15ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: SSH command injection via -o
    - src/rsh-client.c: fix argument parsing
    - CVE-2017-12836

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 17 Aug 2017 12:21:20 -0300
Obsolete in zesty-updates on 2018-06-22
Obsolete in zesty-security on 2018-06-22
cvs (2:1.12.13+real-22ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: SSH command injection via -o
    - src/rsh-client.c: fix argument parsing
    - CVE-2017-12836

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 17 Aug 2017 13:04:31 -0300
Published in trusty-updates on 2017-08-21
Published in trusty-security on 2017-08-21
cvs (2:1.12.13+real-12ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: SSH command injection via -o
    - src/rsh-client.c: fix argument parsing
    - CVE-2017-12836

 -- <email address hidden> (Leonidas S. Barbosa)  Thu, 17 Aug 2017 10:52:05 -0300
Superseded in bionic-release on 2017-11-23
Published in artful-release on 2017-08-13
Deleted in artful-proposed (Reason: moved to release)
cvs (2:1.12.13+real-24) unstable; urgency=high

  * Update from MirBSD
    - fix for CVE-2017-12836 (Closes: #871810)
    - more robust $CVSROOT parsing
  * Policy 4.0.1
    - add nodoc build option
      ‣ I’m unclear on how this mixes with build profiles and/or
        Build-Depends exclusion; should I exclude ghostscript,
        groff, texinfo, texlive-* with <!nodocs> now, or are
        DEB_BUILD_OPTIONS=nodoc and the profile independent of
        each other? Info and patches welcome.
  * Drop explicit (thus redundant) autotools-dev B-D (lintian)
  * Update lintian overrides

 -- Thorsten Glaser <email address hidden>  Sat, 12 Aug 2017 22:18:41 +0200
Superseded in artful-release on 2017-08-13
Deleted in artful-proposed on 2017-08-14 (Reason: moved to release)
cvs (2:1.12.13+real-23) unstable; urgency=low

  * Improve documentation:
    - on CVSREADONLYFS
    - regarding the formerly world-writable files
    - fix typos, thanks lintian
  * Remove testsuite logfiles on clean properly
  * With most environment variables, handle them being defined but
    empty as undefined, not enabled (fixes the testsuite creating
    spurious ~/.in and ~/.out files); exceptions:
    - CVS_PASSWORD (just triggers an error, as previously)
    - CVSREAD, CVSREADONLYFS (mere presence enables them)
    Note this in the Debian NEWS file
  * Fix some spelling in the/and comments
  * Emit better errors when multiple LogHistory config options occur
  * Fix some corner cases in the testsuite
  * Repair the noredirect-writeproxy testsuite mode
  * Apply the OpenBSD patch for flowcontrol with fast HDD and slow network
  * Override a false positive lintian warning

 -- Thorsten Glaser <email address hidden>  Fri, 28 Apr 2017 21:33:27 +0200
Superseded in artful-release on 2017-05-19
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
cvs (2:1.12.13+real-22) unstable; urgency=low

  * cvs init: Change default history logging configuration
    to only log write operations by adding “LogHistory=TMAR”
  * Testsuite: Alter to cope with this explicit option
  * cvs init: Rely on CVSUMASK for history and val-tags files
    in newly created repositories (Closes: #858769)
  * Add a NEWS.Debian entry verbosely documenting this change

 -- Thorsten Glaser <email address hidden>  Tue, 28 Mar 2017 20:01:39 +0200
Superseded in zesty-release on 2017-04-07
Deleted in zesty-proposed on 2017-04-09 (Reason: moved to release)
cvs (2:1.12.13+real-21) unstable; urgency=medium

  [ Sylvain Beucler ]
  * Add --allow-root-regexp option, for Savannah

  [ Thorsten Glaser ]
  * Always add --build=/--host= to avoid config.guess being too smart
  * Fix testsuite for --allow-root-regexp in the “deny” case
  * Some minor documentation fixes (wording and formatting)
  * Remove unnecessary autopoint from Build-Depends; optimise them
  * Harmonise PDF version 1.4 across all generated PDFs
  * Generate all PDFs using the PA4 paper size (prints on Letter and A4)
  * Disable parallel build because the testsuite is not safe

 -- Thorsten Glaser <email address hidden>  Mon, 09 Jan 2017 23:19:38 +0000
Superseded in zesty-release on 2017-01-10
Deleted in zesty-proposed on 2017-01-12 (Reason: moved to release)
cvs (2:1.12.13+real-20) unstable; urgency=low

  * Do not spew into syslog when 'cvs pserver' is called from a tty

 -- Thorsten Glaser <email address hidden>  Wed, 09 Nov 2016 04:17:18 +0100
Superseded in zesty-release on 2016-11-21
Deleted in zesty-proposed on 2016-11-22 (Reason: moved to release)
cvs (2:1.12.13+real-18) unstable; urgency=low

  [ esr ]
  * Correct a bug in the manpage

  [ Sergei Trofimovich ]
  * Fix a memory leak

  [ Thorsten Glaser ]
  * Several sanity and getdate fixes

 -- Thorsten Glaser <email address hidden>  Sun, 23 Oct 2016 00:34:10 +0200
Superseded in zesty-release on 2016-11-03
Obsolete in yakkety-release on 2018-01-23
Published in xenial-release on 2015-10-22
Obsolete in wily-release on 2018-01-22
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed (Reason: moved to release)
cvs (2:1.12.13+real-15) unstable; urgency=low


  * QA upload.
  * Orphan the package.

 -- Thorsten Glaser <email address hidden>  Tue, 07 Oct 2014 17:58:58 +0000
Superseded in vivid-release on 2014-10-24
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
cvs (2:1.12.13+real-14) unstable; urgency=low


  * debian/control: Move VCS-* fields to Alioth collab-maint git
  * Remove now-useless RCS IDs

 -- Thorsten Glaser <email address hidden>  Tue, 08 Jul 2014 16:10:54 +0200
Superseded in utopic-release on 2014-07-09
Published in trusty-release on 2014-02-17
Deleted in trusty-proposed (Reason: moved to release)
cvs (2:1.12.13+real-12) unstable; urgency=medium


  * Add texlive-fonts-recommended B-D (thanks Norbert Preining)
    to fix FTBFS in sid (thanks Daniel Schepler) (Closes: #739138)
  * Policy 3.9.5 (no changes AFAICT)
  * Check distfile with upstream signing key (thanks lintian)

 -- Thorsten Glaser <email address hidden>  Sun, 16 Feb 2014 14:07:36 +0000
Superseded in trusty-release on 2014-02-17
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
cvs (2:1.12.13+real-11) unstable; urgency=medium


  * Add workaround for eglibc crypt(3) returning NULL
  * If DEB_BUILD_OPTIONS contains “sanity” run testsuite after build
  * Drop obsolete texi2html B-D (thanks lintian) that was unused anyway

 -- Thorsten Glaser <email address hidden>  Thu, 18 Jul 2013 21:52:12 +0000
Superseded in saucy-release on 2013-07-19
Deleted in saucy-proposed on 2013-07-20 (Reason: moved to release)
cvs (2:1.12.13+real-10) unstable; urgency=low


  [ Daniel Schepler ]
  * Use dh-autoreconf to regenerate configure script and avoid unnecessary
    compilation of mktime.c, which doesn't work on x32 as is.
  * Add texlive-latex-recommended to fix just another FTBFS

  [ Thorsten Glaser ]
  * Do not compress *.pdf files (cf. #704093)
  * Allow root to commit
  * Policy 3.9.4
  * Make cvs.texinfo compatible with newer makeinfo (Closes: #711298)
  * Actually use a fixed mktime.m4 (Closes: #698908)

 -- Thorsten Glaser <email address hidden>  Wed, 26 Jun 2013 19:40:39 +0000
Superseded in saucy-release on 2013-06-27
Obsolete in raring-release on 2015-04-24
Obsolete in quantal-release on 2015-04-24
cvs (2:1.12.13+real-9) unstable; urgency=low


  * Fix watch file: mange Epoch away, too
  * Remove old conffile /etc/pam.d/cvs (Closes: #669957)
  * Policy 3.9.3 (no changes)

 -- Thorsten Glaser <email address hidden>  Sun, 22 Apr 2012 15:10:16 +0000
Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
cvs (1:1.12.13-12ubuntu1.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via heap overflow
    - debian/patches/99ubuntu002-CVE-2012-0804.diff: remove use of
      write_buf in src/client.c.
    - CVE-2012-0804
 -- Marc Deslauriers <email address hidden>   Mon, 13 Feb 2012 11:41:02 -0500
Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
cvs (1:1.12.13-12ubuntu1.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via heap overflow
    - debian/patches/99ubuntu002-CVE-2012-0804.diff: remove use of
      write_buf in src/client.c.
    - CVE-2012-0804
 -- Marc Deslauriers <email address hidden>   Mon, 13 Feb 2012 11:39:57 -0500
Obsolete in oneiric-updates on 2015-04-24
Obsolete in oneiric-security on 2015-04-24
cvs (2:1.12.13+real-6ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via heap overflow
    - src/client.c: remove use of write_buf. Patch thanks to Petr Pisar.
    - CVE-2012-0804
 -- Marc Deslauriers <email address hidden>   Mon, 13 Feb 2012 10:37:01 -0500
Obsolete in natty-updates on 2013-06-04
Obsolete in natty-security on 2013-06-04
cvs (1:1.12.13-12ubuntu1.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via heap overflow
    - debian/patches/99ubuntu002-CVE-2012-0804.diff: remove use of
      write_buf in src/client.c.
    - CVE-2012-0804
 -- Marc Deslauriers <email address hidden>   Mon, 13 Feb 2012 11:35:14 -0500
Superseded in quantal-release on 2012-05-03
Published in precise-release on 2012-02-10
cvs (2:1.12.13+real-8) unstable; urgency=high


  * Brown paper bag change: sanity.sh (the testsuite) was corrupted
    during checkout of the packaging VCS in the -7 (all PASS again)
  * Bonus change: use hardening build flags; fix resulting warnings
  * Urgency due to riding on the previous upload’s security fix

 -- Thorsten Glaser <email address hidden>  Tue, 07 Feb 2012 20:39:42 +0000
Superseded in precise-release on 2012-02-10
Obsolete in oneiric-release on 2015-04-24
cvs (2:1.12.13+real-6) unstable; urgency=low

  * d/watch: mangle the +real away until 1.12.14 is out,
    as this is an artefact from the old (epoch 1) packaging
  * Demote mksh to Suggests, recommended (hah!) by many
    (Closes: #631110) (merges back 2:1.12.13+real-5ubuntu1)
  * Honour Policy §11.4; fix by YOSHINO Yoshihito (Closes: #631936)
  * Use upstream-source-in-CVS packaging, clean up
  * d/rules: Add build-{arch,indep} targets as aliases to build
  * Bring d/copyright more in sync with this distfile’s reality
  * d/control: Reword package description. (Closes: #631826)
  * If sleeping at exit, sleep another 20 ms (2 HZ), to avoid
    possible race conditions. (Should work around LP: #12230)
  * Update in sync with MirPorts 1.12.13-12 = MirOS BSD 0AAF.1
  * Stop installing cvsbug(8), use reportbug instead
 -- Thorsten Glaser <email address hidden>   Fri,  29 Jul 2011 08:58:16 +0000
Superseded in oneiric-release on 2011-07-29
cvs (2:1.12.13+real-5ubuntu1) oneiric; urgency=low

  * debian/control: Demoted mksh from Recommends to Suggests, to avoid
    pulling it into main.
 -- Dave Walker (Daviey) <email address hidden>   Fri, 17 Jun 2011 13:05:13 +0100
Superseded in oneiric-release on 2011-06-17
cvs (2:1.12.13+real-5) unstable; urgency=low

  * Drop PAM entirely, it was specific to Debian anyway
  * Add cvs-switchroot, from src/scripts/mnt-cvsroot (Closes: #41685)
  * Drop some old and irrelevant changelogs from the binary package
  * Update from MirPorts 1.12.13-11 = MirOS BSD 0AAE.2
  * Revert most of 65_login_cvspass_message and just be silent if the
    pserver client password file doesn't exist and create it silently
    if needed (Closes: #524146)
  * Honour noexec flag in 'cvs -n init' (Closes: #151982)
  * Sync modules option list with cederqvist (Closes: #226888)
  * Apply patch for assert on negated version numbers on diff
    (Closes: #297551)
    From: Peter Moulder <email address hidden>
  * Change cvs add dir message (Closes: #294094)
  * Accept port when using extssh connection method (Closes: #151882)
  * Write a new command for direct ,v file download (Closes: #421119)
  * Drop broken libbsd.fd.o headers and shut up gcc 4.6 warnings
  * Fix piuparts breakage: ignore delgroup non-existence on purge
  * Deliver a NEWS.Debian (Closes: #626106)
  * d/README.source: Update, call to automake is now also needed

Superseded in oneiric-release on 2011-06-14
Obsolete in natty-release on 2013-06-04
Obsolete in maverick-release on 2013-03-05
Obsolete in lucid-release on 2016-10-26
Obsolete in karmic-release on 2013-03-04
Obsolete in jaunty-release on 2013-02-28
cvs (1:1.12.13-12ubuntu1) jaunty; urgency=low

  * debian/patches/99ubuntu001-no-snprintf.diff: Don't build vasnprintf
    strings with snprintf to avoid %n in writable memory (LP: #296453).

 -- Kees Cook <email address hidden>   Mon, 10 Nov 2008 15:01:40 -0800

Available diffs

Superseded in jaunty-release on 2008-11-11
cvs (1:1.12.13-12) unstable; urgency=low

  * Update the Simplified Chinese debconf translation. Thanks to Deng
    Xiyue. Closes: #495953
  * Add a Basque debconf translation. Thanks to Piarres Beobide.
    Closes: #495953

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  04 Nov 2008 21:17:23 +0000

Available diffs

Superseded in jaunty-release on 2008-11-05
Obsolete in intrepid-release on 2013-02-20
cvs (1:1.12.13-11) unstable; urgency=low

  * Be more aggressive about checking --allow-root; can now be used for
    limiting allowed CVSROOTs using rsh/ssh as well. Closes: #169967,
    thanks to Tim Riker for the original patch.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  19 May 2008 07:39:54 +0100
Superseded in intrepid-release on 2008-05-19
cvs (1:1.12.13-10) unstable; urgency=low

  * Fix the internal getcwd() function to cope with working inside a
    bindmount/chroot. Thanks to Colin Watson for the patch.
    Closes: #456164,#461154,#495641
  * Add a fix from Petr Salinger so that cvs will work on
    GNU/kFreeBSD. Closes: #455496 . Looks related to the getcwd()
    changes above, but belt and braces won't hurt.
  * Add a Finnish Debconf translation, hanks to Esko Arajärvi.
    Closes: #455257
  * Updated the download URL in debian/copyright. Closes: #351690
  * Check for /etc/cvs-cron.conf before using it. Closes: #197473
  * Move the default repository location from /var/lib/cvs to /srv/cvs for
    better FHS compliance. Closes: #284710, thanks to Pierre THIERRY for
    the patch.
  * LOTS of fixes for silly mistakes in the auto-generated CVS man page.
    Closes: #365078 (and then some)
  * Break "tag" and "rtag" in the cvs.5 man page. Closes: #422128
  * Added IPV6 support, thanks to a patch from KIMURA Yasuhiro.
    Closes: #430415
  * Minor rules file cleanup (old commented lines removed)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  02 May 2008 01:55:25 +0100
Superseded in intrepid-release on 2008-05-03
Obsolete in hardy-release on 2015-04-24
cvs (1:1.12.13-9) unstable; urgency=low

  * Don't be so loud on errors. Closes: #386153

 -- Ubuntu Archive Auto-Sync <email address hidden>   Sun,  09 Dec 2007 19:04:53 +0000
Superseded in hardy-release on 2007-12-09
Obsolete in gutsy-release on 2011-09-16
cvs (1:1.12.13-8) unstable; urgency=medium

  * Update Russian debconf translation, Thanks to Yuriy Talakan.
    Closes: #414076.

Superseded in gutsy-release on 2007-04-27
Obsolete in feisty-release on 2009-08-20
cvs (1:1.12.13-5build1) feisty; urgency=low

  * Rebuild for changes in the amd64 toolchain.

 -- Matthias Klose <email address hidden>   Mon,  5 Mar 2007 01:14:09 +0000
Superseded in feisty-release on 2007-03-05
cvs (1:1.12.13-5) unstable; urgency=low

  * Major update for l10n before etch, thanks to Christian Perrier.
  * debian/po:
    + Add Swedish debconf templates, thanks to Daniel Nylander.
      (Closes: #390512)
    + Update Danish debconf templates, thanks to Claus Hindsgaul.
      (Closes: #290442)
    + Add Catalan debconf templates, thanks to Miguel Gea Milvaques.
      (Closes: #346412)
    + Update French debconf templates, thanks to Christian Perrier.
    + Update German debconf templates, thanks to Jens Seidel.
    + Update Turkish debconf templates, thanks to Mehmet TURKER.
    + Update Brazilian Portuguese debconf templates, thanks to 
      Andre Luis Lopes.
    + Add Vietnamese debconf templates, thanks to Clytie Siddall.
      (Closes: #310159)
    + Update Portuguese debconf templates, thanks to 
      Ricardo Silva
    + Update Japanese debconf templates, thanks to 
      Hideki Yamane. Closes: #391621
  * debian/cvs.templates:
    + Remove extra quote in templates and unfuzzy translations. Use
      the occasion to make the templates fit the writing style suggested
      in the Developer's Reference.
      Closes: #290442, #300493, #310160

Superseded in feisty-release on 2006-11-08
Obsolete in edgy-release on 2008-06-19
cvs (1:1.12.13-3) unstable; urgency=low

  [ Steve McIntyre ]
  * debian/patches:
    + Add 95_flag_conflicted_copies - patch from upstream to fix breakage in
    conflict handling. Closes: #368681
	
  [ Zak B. Elep ]
  * debian/patches:
    + Add 12_rcs2log_POSIX_sort to let rcs2log use unambigous sort
      flags. (Closes: #368909)

Superseded in edgy-release on 2006-06-15
Obsolete in dapper-release on 2011-09-06
Superseded in dapper-release on 2006-02-03
cvs (1:1.12.9-17) unstable; urgency=low


  * Add an extra option to set the DateFormat used in log output.
	
 -- Steve McIntyre <email address hidden>  Tue, 08 Nov 2005 14:26:42 +0000
Obsolete in breezy-release on 2008-03-25
cvs (1:1.12.9-13ubuntu1) breezy; urgency=low


  * debian/control: Build with gcc 3.4 since with 4.0 cvs crashes on amd64.
    (Debian #329127)
  * debian/control: Add build dependency gcc-3.4.

 -- Martin Pitt <email address hidden>  Fri, 30 Sep 2005 18:42:55 +0200
Obsolete in hoary-security on 2008-03-19
cvs (1:1.12.9-9ubuntu0.1) hoary-security; urgency=low


  * SECURITY UPDATE: Fix several vulnerabilities.
  * Added debian/patches/69_CAN-2005-0753:
    - src/login.c: Avoid using an uninitialized variable.
    - src/patch.c: free() original pointer, not a potentially modified one.
    - src/rcs.c: Initialized "loglen" variable, avoid sprintf() buffer
      overflow. [CAN-2005-0753]

 -- Martin Pitt <email address hidden>  Tue,  3 May 2005 09:41:39 +0000
Obsolete in hoary-release on 2008-03-19
cvs (1:1.12.9-9) unstable; urgency=low


  * Screwed up the previous build; _really_ add the new ja.po this time!
	
 -- Steve McIntyre <email address hidden>  Sun, 26 Dec 2004 20:31:00 +0000
Obsolete in warty-security on 2008-01-09
cvs (1:1.12.9-1ubuntu0.1) warty-security; urgency=low


  * SECURITY UPDATE: Fix several vulnerabilities.
  * Added debian/patches/69_CAN-2005-0753: 
    - src/login.c: Avoid using an uninitialized variable.
    - src/patch.c: free() original pointer, not a potentially modified one.
    - src/rcs.c: Initialized "loglen" variable, avoid sprintf() buffer
      overflow. [CAN-2005-0753]

 -- Martin Pitt <email address hidden>  Tue,  3 May 2005 09:15:44 +0000
Obsolete in warty-release on 2008-01-09
cvs (1:1.12.9-1) unstable; urgency=high


  * New upstream version.
    + Several security fixes: CAN-2004-0414, CAN-2004-0416,
      CAN-2004-0417 & CAN-2004-0418

 -- Steve McIntyre <email address hidden>  Wed, 09 Jun 2004 20:42:37 +0100
141 of 41 results