[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#859014: marked as done (unblock: cvs/2:1.12.13+real-22)



Your message dated Wed, 29 Mar 2017 20:09:00 +0000
with message-id <b8e0e81d-075c-a769-4129-a49de28ba985@thykier.net>
and subject line Re: Bug#859014: unblock: cvs/2:1.12.13+real-22
has caused the Debian Bug report #859014,
regarding unblock: cvs/2:1.12.13+real-22
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
859014: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859014
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package cvs

This package addresses the bug #858769 which was reported
as potentially security-relevant. Debdiff:

diff -u cvs-1.12.13+real/configure.in cvs-1.12.13+real/configure.in
--- cvs-1.12.13+real/configure.in
+++ cvs-1.12.13+real/configure.in
@@ -17,7 +17,7 @@
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.])
 
-AC_INIT([Concurrent Versions System (CVS)],[1.12.13-MirDebian-21],
+AC_INIT([Concurrent Versions System (CVS)],[1.12.13-MirDebian-22],
 	[bug-cvs@nongnu.org],[cvs])
 AC_CONFIG_SRCDIR(src/cvs.h)
 AC_CONFIG_AUX_DIR(build-aux)
diff -u cvs-1.12.13+real/debian/NEWS cvs-1.12.13+real/debian/NEWS
--- cvs-1.12.13+real/debian/NEWS
+++ cvs-1.12.13+real/debian/NEWS
@@ -1,3 +1,34 @@
+cvs (2:1.12.13+real-22) unstable; urgency=low
+
+  Newly created repositories (from “cvs init”) now rely on
+  CVSUMASK for the permissions of the “history” and “val-tags”
+  files instead of creating them as world-writable.
+
+  Newly created repositories contain a LogHistory configuration
+  setting to only record write operations in the “history” file.
+
+  If you are used to the previous behaviour, you can restore it
+  by altering (or removing, in which case the (commented-out)
+  default of logging everything will be used) the LogHistory
+  configuration setting and changing the permissions on the
+  “history” and “val-tags” files so that every user can write
+  into them.
+
+  If you did not deliberately open your repository to all users
+  on your system, you might wish to change all existing repos
+  to this behaviour. To do this, check out the CVSROOT module,
+  edit the “config” file adding “LogHistory=TMAR”, check that
+  change in, release the CVSROOT module, and chmod the “history”
+  and “val-tags” files to either 0664 (if all users in the same
+  group should be able to commit) or 0644 (if only you wish to
+  commit), possibly 0660 or 0600 is non-committers should also
+  be denied reading.
+
+  Contact me (mirabilos) in #cvs on irc.freenode.net if you have
+  any questions about this change or require further support.
+
+ -- Thorsten Glaser <tg@mirbsd.de>  Tue, 28 Mar 2017 19:54:01 +0200
+
 cvs (2:1.12.13+real-7) unstable; urgency=high
 
   rcs2log no longer lives in the PATH, the contributed script
diff -u cvs-1.12.13+real/debian/changelog cvs-1.12.13+real/debian/changelog
--- cvs-1.12.13+real/debian/changelog
+++ cvs-1.12.13+real/debian/changelog
@@ -1,3 +1,14 @@
+cvs (2:1.12.13+real-22) unstable; urgency=low
+
+  * cvs init: Change default history logging configuration
+    to only log write operations by adding “LogHistory=TMAR”
+  * Testsuite: Alter to cope with this explicit option
+  * cvs init: Rely on CVSUMASK for history and val-tags files
+    in newly created repositories (Closes: #858769)
+  * Add a NEWS.Debian entry verbosely documenting this change
+
+ -- Thorsten Glaser <tg@mirbsd.de>  Tue, 28 Mar 2017 20:01:39 +0200
+
 cvs (2:1.12.13+real-21) unstable; urgency=medium
 
   [ Sylvain Beucler ]
diff -u cvs-1.12.13+real/debian/copyright cvs-1.12.13+real/debian/copyright
--- cvs-1.12.13+real/debian/copyright
+++ cvs-1.12.13+real/debian/copyright
@@ -61,7 +61,7 @@
 
 Parts and the packaging are covered by the following GPL-compatible licence:
 
-# Copyright © 2005, 2008, 2011
+# Copyright © 2005, 2008, 2011, 2017
 #	mirabilos <m@mirbsd.org>
 #
 # Provided that these terms and disclaimer and all copyright notices
diff -u cvs-1.12.13+real/doc/cvs.texinfo cvs-1.12.13+real/doc/cvs.texinfo
--- cvs-1.12.13+real/doc/cvs.texinfo
+++ cvs-1.12.13+real/doc/cvs.texinfo
@@ -1989,6 +1989,18 @@
 @code{cvs init} will enable history logging; if you
 don't want that, remove the history file after running
 @code{cvs init}.  @xref{history file}.
+Since MirBSD CVS 1.12.13-MirOS-0AB7.8, MirPorts-19 or
+Debian cvs 2:1.12.13+real-22, only write operations
+will be logged by default; to change this, make the
+history file world-writable (but beware of the associated
+security risk) and remove the stock @samp{LogHistory}
+line in the @file{CVSROOT/config} file (@pxref{config})
+to use the (commented-out) default or put your own there.
+Note that these versions also create the @file{val-tags}
+file writable (@pxref{CVSUMASK}), not world-writable like
+prior versions, so users who wish to commit must, with a
+default @code{CVSUMASK} of 002, be in the same group as
+the repository.
 
 @node Backing up
 @section Backing up a repository
@@ -14901,7 +14913,9 @@
 Default of @samp{TOEFWUPCGMAR} (or simply @samp{all}) will log
 all transactions.  Any subset of the default is
 legal.  (For example, to only log transactions that modify the
-@file{*,v} files, use @samp{LogHistory=TMAR}.)  To disable history logging
+@file{*,v} files, use @samp{LogHistory=TMAR} which is nowadays
+set by @code{cvs init} by default.)
+To disable history logging
 completely, use @samp{LogHistory=}.
 
 @cindex MaxCommentLeaderLength, in CVSROOT/config
@@ -15128,6 +15142,7 @@
 read-only NFS repositories.
 
 @item $CVSUMASK
+@anchor{CVSUMASK}
 Controls permissions of files in the repository.  See
 @ref{File permissions}.
 
diff -u cvs-1.12.13+real/src/mkmodules.c cvs-1.12.13+real/src/mkmodules.c
--- cvs-1.12.13+real/src/mkmodules.c
+++ cvs-1.12.13+real/src/mkmodules.c
@@ -526,6 +526,7 @@
     "# Set 'LogHistory' to 'all' or '" ALL_HISTORY_REC_TYPES "' to log all transactions to the\n",
     "# history file, or a subset as needed (ie 'TMAR' logs all write operations)\n",
     "#LogHistory=" ALL_HISTORY_REC_TYPES "\n",
+    "LogHistory=TMAR\n",
     "\n",
     "# Set 'RereadLogAfterVerify' to 'always' (the default) to allow the verifymsg\n",
     "# script to change the log message.  Set it to 'stat' to force CVS to verify\n",
@@ -1263,11 +1264,6 @@
 	fp = xfopen (info, "w");
 	if (fclose (fp) < 0)
 	    error (1, errno, "cannot close %s", info);
- 
-        /* Make the new history file world-writeable, since every CVS
-           user will need to be able to write to it.  We use chmod()
-           because xchmod() is too shy. */
-        chmod (info, 0666);
     }
 
     /* Make an empty val-tags file to prevent problems creating it later.  */
@@ -1281,11 +1277,6 @@
 	fp = xfopen (info, "w");
 	if (fclose (fp) < 0)
 	    error (1, errno, "cannot close %s", info);
- 
-        /* Make the new val-tags file world-writeable, since every CVS
-           user will need to be able to write to it.  We use chmod()
-           because xchmod() is too shy. */
-        chmod (info, 0666);
     }
 
     free (info);
diff -u cvs-1.12.13+real/src/sanity.sh cvs-1.12.13+real/src/sanity.sh
--- cvs-1.12.13+real/src/sanity.sh
+++ cvs-1.12.13+real/src/sanity.sh
@@ -2647,7 +2647,9 @@
 cd wnt
 dotest init-1a "$testcvs -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
 cd CVSROOT
-sed -e's/^#UserAdminOptions=/UserAdminOptions=/' <config >tmpconfig
+sed -e 's/^#UserAdminOptions=/UserAdminOptions=/' \
+    -e '/^LogHistory/d' \
+    <config >tmpconfig
 mv tmpconfig config
 dotest init-1b "$testcvs -q ci -m allow-cvs-admin" "" \
 ".*/CVSROOT/config,v  <--  config
@@ -2842,7 +2844,9 @@
 cd wnt
 dotest init-2a "$testcvs -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
 cd CVSROOT
-sed -e's/^#UserAdminOptions=/UserAdminOptions=/' <config >tmpconfig
+sed -e 's/^#UserAdminOptions=/UserAdminOptions=/' \
+    -e '/^LogHistory/d' \
+    <config >tmpconfig
 mv tmpconfig config
 dotest init-2b "$testcvs -q ci -m allow-cvs-admin" "" \
 ".*/CVSROOT/config,v  <--  config
@@ -28890,8 +28894,33 @@
 	  testcvs2="$testcvs -d '$CVSROOT2'"
 
 	  dotest multiroot-setup-1 "mkdir $CVSROOT1_DIRNAME $CVSROOT2_DIRNAME"
+
 	  dotest multiroot-setup-2 "$testcvs1 init"
+	  # remove automatically-created LogHistory to work around the fact
+	  # that CVS does not track those per root (and thus warns about
+	  # encountering multiple of these entries)
+	  mkdir wrkarnd; cd wrkarnd
+	  dotest multiroot-setup-2a "$testcvs1 -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
+	  cd CVSROOT
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
+	  dotest multiroot-setup-2b "$testcvs1 -q ci -m workaround-LogHistory" "" \
+".*/CVSROOT/config,v  <--  config
+new revision: 1\.[0-9]*; previous revision: 1\.[0-9]*
+$SPROG commit: Rebuilding administrative file database"
+	  cd ../..; rm -r wrkarnd
+
 	  dotest multiroot-setup-3 "$testcvs2 init"
+	  mkdir wrkarnd; cd wrkarnd
+	  dotest multiroot-setup-3a "$testcvs2 -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
+	  cd CVSROOT
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
+	  dotest multiroot-setup-3b "$testcvs2 -q ci -m workaround-LogHistory" "" \
+".*/CVSROOT/config,v  <--  config
+new revision: 1\.[0-9]*; previous revision: 1\.[0-9]*
+$SPROG commit: Rebuilding administrative file database"
+	  cd ../..; rm -r wrkarnd
 
 	  #
 	  # create some directories in ${CVSROOT1_DIRNAME}
@@ -29995,7 +30024,27 @@
 	  CVSROOT2=`newroot $CVSROOT2_DIRNAME`
 
 	  dotest multiroot2-1 "${testcvs} -d ${CVSROOT1} init" ""
+	  mkdir wrkarnd; cd wrkarnd
+	  dotest multiroot2-1a "$testcvs -d ${CVSROOT1} -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
+	  cd CVSROOT
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
+	  dotest multiroot2-1b "$testcvs -d ${CVSROOT1} -q ci -m workaround-LogHistory" "" \
+".*/CVSROOT/config,v  <--  config
+new revision: 1\.[0-9]*; previous revision: 1\.[0-9]*
+$SPROG commit: Rebuilding administrative file database"
+	  cd ../..; rm -r wrkarnd
 	  dotest multiroot2-2 "${testcvs} -d ${CVSROOT2} init" ""
+	  mkdir wrkarnd; cd wrkarnd
+	  dotest multiroot2-2a "$testcvs -d ${CVSROOT2} -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
+	  cd CVSROOT
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
+	  dotest multiroot2-2b "$testcvs -d ${CVSROOT2} -q ci -m workaround-LogHistory" "" \
+".*/CVSROOT/config,v  <--  config
+new revision: 1\.[0-9]*; previous revision: 1\.[0-9]*
+$SPROG commit: Rebuilding administrative file database"
+	  cd ../..; rm -r wrkarnd
 
 	  mkdir imp-dir; cd imp-dir
 	  echo file1 >file1
@@ -30151,12 +30200,32 @@
 
 	  mkdir 1; cd 1
 	  dotest multiroot3-1 "${testcvs} -d ${CVSROOT1} init" ""
+	  mkdir wrkarnd; cd wrkarnd
+	  dotest multiroot3-1a "$testcvs -d ${CVSROOT1} -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
+	  cd CVSROOT
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
+	  dotest multiroot3-1b "$testcvs -d ${CVSROOT1} -q ci -m workaround-LogHistory" "" \
+".*/CVSROOT/config,v  <--  config
+new revision: 1\.[0-9]*; previous revision: 1\.[0-9]*
+$SPROG commit: Rebuilding administrative file database"
+	  cd ../..; rm -r wrkarnd
 	  dotest multiroot3-2 "${testcvs} -d ${CVSROOT1} -q co -l ." ""
 	  mkdir dir1
 	  dotest multiroot3-3 "${testcvs} add dir1" \
 "Directory ${TESTDIR}/root1/dir1 put under version control"
 	  dotest multiroot3-4 "${testcvs} -d ${CVSROOT2} init" ""
 	  rm -r CVS
+	  mkdir wrkarnd; cd wrkarnd
+	  dotest multiroot3-4a "$testcvs -d ${CVSROOT2} -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
+	  cd CVSROOT
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
+	  dotest multiroot3-4b "$testcvs -d ${CVSROOT2} -q ci -m workaround-LogHistory" "" \
+".*/CVSROOT/config,v  <--  config
+new revision: 1\.[0-9]*; previous revision: 1\.[0-9]*
+$SPROG commit: Rebuilding administrative file database"
+	  cd ../..; rm -r wrkarnd
 	  dotest multiroot3-5 "${testcvs} -d ${CVSROOT2} -q co -l ." ""
 	  mkdir dir2
 
@@ -30277,6 +30346,16 @@
 
 	  mkdir 1; cd 1
 	  dotest multiroot4-1 "${testcvs} -d ${CVSROOT1} init" ""
+	  mkdir wrkarnd; cd wrkarnd
+	  dotest multiroot4-1a "$testcvs -d ${CVSROOT1} -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
+	  cd CVSROOT
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
+	  dotest multiroot4-1b "$testcvs -d ${CVSROOT1} -q ci -m workaround-LogHistory" "" \
+".*/CVSROOT/config,v  <--  config
+new revision: 1\.[0-9]*; previous revision: 1\.[0-9]*
+$SPROG commit: Rebuilding administrative file database"
+	  cd ../..; rm -r wrkarnd
 	  dotest multiroot4-2 "${testcvs} -d ${CVSROOT1} -q co -l ." ""
 	  mkdir dircom
 	  dotest multiroot4-3 "${testcvs} add dircom" \
@@ -30292,6 +30371,16 @@
 	  cd ../..
 	  mkdir 2; cd 2
 	  dotest multiroot4-6 "${testcvs} -d ${CVSROOT2} init" ""
+	  mkdir wrkarnd; cd wrkarnd
+	  dotest multiroot4-6a "$testcvs -d ${CVSROOT2} -q co CVSROOT" "[UP] CVSROOT${DOTSTAR}"
+	  cd CVSROOT
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
+	  dotest multiroot4-6b "$testcvs -d ${CVSROOT2} -q ci -m workaround-LogHistory" "" \
+".*/CVSROOT/config,v  <--  config
+new revision: 1\.[0-9]*; previous revision: 1\.[0-9]*
+$SPROG commit: Rebuilding administrative file database"
+	  cd ../..; rm -r wrkarnd
 	  dotest multiroot4-7 "${testcvs} -d ${CVSROOT2} -q co -l ." ""
 	  mkdir dircom
 	  dotest multiroot4-8 "${testcvs} add dircom" \
@@ -32014,6 +32103,10 @@
 ALL (cat >/dev/null; echo %R) >$TESTDIR/referrer
 ALL $RSYNC -gopr --delete $PRIMARY_CVSROOT_DIRNAME/ $SECONDARY_CVSROOT_DIRNAME
 EOF
+	  # remove automatically-created LogHistory to work around the fact
+	  # that we see both writeproxy and primary config here
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
 	  cat >>config <<EOF
 PrimaryServer=$PRIMARY_CVSROOT
 EOF
@@ -32224,6 +32317,10 @@
 	  cat >>loginfo <<EOF
 ALL $RSYNC -gopr --delete $PRIMARY_CVSROOT_DIRNAME/ $SECONDARY_CVSROOT_DIRNAME
 EOF
+	  # remove automatically-created LogHistory to work around the fact
+	  # that we see both writeproxy and primary config here
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
 	  cat >>config <<EOF
 PrimaryServer=$PRIMARY_CVSROOT
 EOF
@@ -32501,6 +32598,10 @@
 	  cat >>loginfo <<EOF
 ALL echo Referrer=%R; cat >/dev/null
 EOF
+	  # remove automatically-created LogHistory to work around the fact
+	  # that we see both writeproxy and primary config here
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
 	  cat >>config <<EOF
 PrimaryServer=$PRIMARY_CVSROOT
 EOF
@@ -32602,6 +32703,10 @@
 	  cat >>loginfo <<EOF
 ALL echo Referrer=%R; cat >/dev/null
 EOF
+	  # remove automatically-created LogHistory to work around the fact
+	  # that we see both writeproxy and primary config here
+	  sed -e '/^LogHistory/d' <config >tmpconfig
+	  mv tmpconfig config
 	  cat >>config <<EOF
 PrimaryServer=$PRIMARY_CVSROOT
 EOF


unblock cvs/2:1.12.13+real-22

-- System Information:
Debian Release: 9.0
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

--- End Message ---
--- Begin Message ---
Thorsten Glaser:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package cvs
> 
> This package addresses the bug #858769 which was reported
> as potentially security-relevant. Debdiff:
> 
> [...]
> 
> unblock cvs/2:1.12.13+real-22
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---

Reply to: