From owner-cvs-all@FreeBSD.ORG  Wed Jan 21 08:27:59 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0D1CD16A4CF; Wed, 21 Jan 2004 08:27:59 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 54A8C43D53; Wed, 21 Jan 2004 08:27:57 -0800 (PST)
	(envelope-from nectar@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i0LGRv0B089122;
	Wed, 21 Jan 2004 08:27:57 -0800 (PST)
	(envelope-from nectar@repoman.freebsd.org)
Received: (from nectar@localhost)
	by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i0LGRvUS089121;
	Wed, 21 Jan 2004 08:27:57 -0800 (PST)
	(envelope-from nectar)
Message-Id: <200401211627.i0LGRvUS089121@repoman.freebsd.org>
From: Jacques Vidrine <nectar@FreeBSD.org>
Date: Wed, 21 Jan 2004 08:27:57 -0800 (PST)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: CYCLIC
Subject: cvs commit: src/contrib/cvs/src modules.c server.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2004 16:27:59 -0000

nectar      2004/01/21 08:27:57 PST

  FreeBSD src repository

  Modified files:        (Branch: CYCLIC)
    contrib/cvs/src      modules.c server.c 
  Log:
  Incorporate two security fixes from later versions of CVS.
  From the NEWS file of cvs 1.11.11:
  
    * pserver can no longer be configured to run as root via the
      $CVSROOT/CVSROOT/passwd file, so if your passwd file is
      compromised, it no longer leads directly to a root hack.  Attempts
      to root will also be logged via the syslog.
  
    * Malformed module requests could cause the CVS server to attempt
      to create directories and possibly files at the root of the
      filesystem holding the CVS repository.  Filesystem permissions
      usually prevent the creation of these misplaced directories, but
      nevertheless, the CVS server now rejects the malformed requests.
  
  Obtained from:  ccvs.cvshome.org
  
  Revision  Changes    Path
  1.1.1.9   +11 -0     src/contrib/cvs/src/modules.c
  1.1.1.14  +19 -4     src/contrib/cvs/src/server.c