--- /dev/null
+--- cvs-nserver-1.11.1.4/src/login.c Sat May 26 16:03:39 2001
++++ cvs-1.11.2/src/login.c Tue Dec 10 10:59:02 2002
+@@ -324,8 +329,18 @@
+ fp = CVS_FOPEN (passfile, "r");
+ if (fp == NULL)
+ {
+- error (0, errno, "failed to open %s for reading", passfile);
+- goto error_exit;
++ /* The password file doesn't exist yet - probably because it's
++ * the first time someone uses cvs login. Create it.
++ */
++ fp = CVS_FOPEN (passfile, "w");
++ fclose (fp);
++ fp = CVS_FOPEN (passfile, "r");
++ if (fp == NULL)
++ {
++ /* Creating the password file didn't work. Bail out. */
++ error (0, errno, "warning: failed to open %s for reading", passfile);
++ goto process;
++ }
+ }
+
+ cvsroot_canonical = normalize_cvsroot (root);
+@@ -380,6 +378,8 @@
+ password = xstrdup (password);
+ }
+
++process:
++
+ /* might as well return now */
+ if (operation == password_entry_lookup)
+ goto out;
--- /dev/null
+--- cvs-1.11.1p1.org/src/login.c Thu Sep 6 18:18:29 2001
++++ cvs-1.11.1p1/src/login.c Wed Dec 11 15:19:42 2002
+@@ -7,6 +7,7 @@
+ * Allow user to log in for an authenticating server.
+ */
+
++#include <sys/stat.h>
+ #include "cvs.h"
+ #include "getline.h"
+
+@@ -30,7 +31,7 @@
+ #endif
+
+ #ifndef CVS_PASSWORD_FILE
+-#define CVS_PASSWORD_FILE ".cvspass"
++#define CVS_PASSWORD_FILE "cvspass"
+ #endif
+
+ /* If non-NULL, get_cvs_password() will just return this. */
+@@ -44,6 +45,8 @@
+ {
+ char *homedir;
+ char *passfile;
++ char *path;
++ struct stat st;
+
+ /* Environment should override file. */
+ if ((passfile = getenv ("CVS_PASSFILE")) != NULL)
+@@ -65,8 +68,17 @@
+ return (char *) NULL;
+ }
+
++ if ( (path=getenv("CONFIG_DIR")) && path[0] ) {
++ path=(char*) malloc(strlen(homedir)+strlen(getenv("CONFIG_DIR"))+2);
++ sprintf(path, "%s/%s", homedir, getenv("CONFIG_DIR"));
++ } else path=(char *) NULL;
++ if ( path && stat(path,&st)!=-1 && S_ISDIR(st.st_mode) ) {
++ passfile = (char *) xmalloc (strlen (path) + strlen (CVS_PASSWORD_FILE) + 3);
++ sprintf (passfile, "%s/%s", path, CVS_PASSWORD_FILE);
++ }
++ else {
+ passfile =
+- (char *) xmalloc (strlen (homedir) + strlen (CVS_PASSWORD_FILE) + 3);
++ (char *) xmalloc (strlen (homedir) + strlen (CVS_PASSWORD_FILE) + 4);
+ strcpy (passfile, homedir);
+ #ifndef NO_SLASH_AFTER_HOME
+ /* NO_SLASH_AFTER_HOME is defined for VMS, where foo:[bar]/.cvspass is not
+@@ -75,7 +87,11 @@
+ kind of thing.... */
+ strcat (passfile, "/");
+ #endif
++ strcat (passfile, ".");
+ strcat (passfile, CVS_PASSWORD_FILE);
++ } /* else */
++ if (path)
++ free(path);
+
+ /* Safety first and last, Scouts. */
+ if (isfile (passfile))