2
Aside from the standard Debian modifications of paths, default
3
editors, and such, this package contains the following
9
This package has a patch for pserver that fixes the problem that
10
pserver wanted to read /root/.cvsignore. The problem is that the
11
HOME environment variable is set, and it overrides the uid based
12
password lookup. What we do now is drop the cached home directory
13
if the uid has changed.
15
-- Wichert Akkerman <wakkerma@debian.org>, Sun Dec 19 15:50:48 CET 1999
20
I've implemented PAM authentication support for the CVS pserver. The
21
normal search "path" used by CVS when trying to authenticate is
23
CVSROOT/passwd (always checked)
24
/etc/passwd (optional, enabled by default)
26
The new PAM support changes this order to:
28
CVSROOT/passwd (always checked)
29
PAM (optional, enabled by default)
30
/etc/passwd (optional, disabled by default)
32
If you want to change these, edit CVSROOT/config and set PamAuth
33
and/or SystemAuth as appropriate.
35
Once the upstream PAM support is released, this may change.
37
-- Steve McIntyre <93sam@debian.org> Mon, 13 Oct 2003 23:56:52 +0100
39
CVS Repouid - patch and documentation by Wichert Akkerman
42
CVS is a common source control system used by the majority of all free
43
software projects. It provides remote access to repositories via its
44
pserver system. Unfortunately pserver is not very secure:
46
* Commit access to a repository is equivalent to giving shell access
47
to the CVS server since it is trivial to add or modify scripts
48
that are run automatically when the repository is accessed.
50
* The CVSROOT/passwd file in a repository lists all the users who
51
can access the repository, along with the name of the local unix
52
account which pserver should use when accessing the
53
repository. Everyone who can edit that file can combine this with
54
the previously mentioned problem to gain access to all accounts on
55
a system, including root.
57
To solve this I wrote the cvs-repouid patch which does two things: it
58
allows the administrator to force usage of a specific account for a
59
repository instead of the ones given in the CVSROOT/passwd file, and
60
it prevents pserver from running as root. This gives the owner of the
61
repository the freedom to modify accounts for his repository while
64
This is administered through the new /etc/cvs-repouids file which has
65
a very simple syntax: each line contains a repository path and a
66
accountname, separated by a colon (:). For example:
71
This forces the account wichert to be used when the dpkg repository is
72
accessed and the anon-pyrad account when the pyrad repository is
75
-- Steve McIntyre <93sam@debian.org> Tue, 10 Feb 2004 19:54:50 +0000
77
Control of Keyword Expansion
78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
80
Since version 1.12.2 CVS has supported, without external
81
patches, custom keyword expansion options. Previously CVS required a
82
patch to implement this, and users may know the feature as the options
83
"tag" and "tagexpand" from the CVSROOT/options file. CVS now uses a
84
similar method in CVSROOT/config. For more information see the CVS
85
documentation(infobrowser "(CVS)Configuring keyword expansion").
87
-- James Rowe <Jay@jnrowe.ukfsn.org> Sat, 03 Apr 2004 23:23:57 +0100