AdminGroup
AdminOptions
that control who has the right to run cvs admin and cvs init.
For fine control over cvs commands, AdminOptions can be used.
I suggest AdminOptions=kmIqc
Do not evaluate this->next after calling the handler; the handler may
have clobbered it. Resolves core dumps of cvs server on user ^C.
Ok'd by christos.
Stable CVS 1.11.15 has been released. Stable releases contain only
bug fixes from previous versions of CVS. This version fixes serious
security holes in both the client and the CVS server executables
as well as fixing many other bugs, including some file resurrection
issues. We recommend this upgrade for all CVS clients and servers!
The condition of the check if we are at a safe point to pause (i.e. we're not
holding a lock) was inverted. Suspending the client did result in the
server using upto datalimit memory, because the server child process did
continue producing output while the server parent was holding back output
to the client.
from GENTOO LINUX SECURITY ANNOUNCEMENT 200312-08
"Stable CVS 1.11.11 has been released. Stable releases contain only
bug fixes from previous versions of CVS. This release adds code to
the CVS server to prevent it from continuing as root after a user
login, as an extra failsafe against a compromise of the
CVSROOT/passwd file. Previously, any user with the ability to write
the CVSROOT/passwd file could execute arbitrary code as the root
user on systems with CVS pserver access enabled. We recommend this
upgrade for all CVS servers!"
Use asprintf() instead of malloc(), sprintf() pairs.
Now that CVSADM_xxx is getCVSdir("xxx"), sizeof CVSADM_xxx isn't quite right!
(Who knows why gcc doesn't error 'sizeof function()' though?)
Note this compiles, but isn't tested (yet).
