--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/66_64bit_crashfix
++++ cvs-1.12.13/debian/patches/66_64bit_crashfix
+@@ -0,0 +1,15 @@
++# Fix a 64-bit crash in the entries_time() function and another bug in
++# the diff code. Thanks to Gabor Gombas for the patch. Closes:
++# #329127.
++diff -ruN cvs-1.12.13-old/diff/util.c cvs-1.12.13/diff/util.c
++--- cvs-1.12.13-old/diff/util.c 2003-02-03 03:52:38.000000000 +0800
+++++ cvs-1.12.13/diff/util.c 2006-02-26 21:32:22.000000000 +0800
++@@ -235,7 +235,7 @@
++ close (pipes[0]);
++ }
++
++- execl (PR_PROGRAM, PR_PROGRAM, "-f", "-h", name, 0);
+++ execl (PR_PROGRAM, PR_PROGRAM, "-f", "-h", name, NULL);
++ pfatal_with_name (PR_PROGRAM);
++ }
++ else
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/61_remove_-R_warning
++++ cvs-1.12.13/debian/patches/61_remove_-R_warning
+@@ -0,0 +1,21 @@
++#
++# Turn off read-only warning that breaks pserver client access. Doh!
++# Closes: #319467, #264019
++# Patch by Steve McIntyre <steve@einval.com>
++diff -ruN cvs-1.12.13-old/src/main.c cvs-1.12.13/src/main.c
++--- cvs-1.12.13-old/src/main.c 2005-10-02 23:17:21.000000000 +0800
+++++ cvs-1.12.13/src/main.c 2006-02-26 18:23:04.000000000 +0800
++@@ -764,13 +764,6 @@
++ if (argc < 1)
++ usage (usg);
++
++- if (readonlyfs && !really_quiet) {
++- error (0, 0,
++- "WARNING: Read-only repository access mode selected via `cvs -R'.\n\
++-Using this option to access a repository which some users write to may\n\
++-cause intermittent sandbox corruption.");
++- }
++-
++ /* Calculate the cvs global session ID */
++
++ {
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/11_check_method_crash
++++ cvs-1.12.13/debian/patches/11_check_method_crash
+@@ -0,0 +1,21 @@
++#
++# Do a basic sanity check on the method in the CVSROOT - don't crash
++# if one is not specified! Bug#274020
++#
++# Patch from Steve McIntyre <steve@einval.com>
++diff -ruN cvs-1.12.13-old/src/root.c cvs-1.12.13/src/root.c
++--- cvs-1.12.13-old/src/root.c 2005-09-25 08:38:29.000000000 +0800
+++++ cvs-1.12.13/src/root.c 2006-02-26 17:48:32.000000000 +0800
++@@ -535,6 +535,12 @@
++ method = "";
++ #endif /* defined (CLIENT_SUPPORT) || defined (SERVER_SUPPORT) */
++
+++ if (NULL == method)
+++ {
+++ error (0, 0, "Missing method in CVSROOT.");
+++ goto error_exit;
+++ }
+++
++ /* Now we have an access method -- see if it's valid. */
++
++ if (!strcasecmp (method, "local"))
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/71_cvsbug_tmpfix
++++ cvs-1.12.13/debian/patches/71_cvsbug_tmpfix
+@@ -0,0 +1,22 @@
++# Patch for a tmp race in cvsbug (in the source package; we don't ship
++# the script as part of the package). Closes: #325106
++diff -ruN cvs-1.12.13-old/src/cvsbug.in cvs-1.12.13/src/cvsbug.in
++--- cvs-1.12.13-old/src/cvsbug.in 2003-02-26 05:31:33.000000000 +0800
+++++ cvs-1.12.13/src/cvsbug.in 2006-02-26 22:07:08.000000000 +0800
++@@ -109,14 +109,14 @@
++ /usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:" |
++ cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
++ ORIGINATOR="`cat $TEMP`"
++- rm -f $TEMP
+++ > $TEMP
++ fi
++ fi
++
++ if [ "$ORIGINATOR" = "" ]; then
++ grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
++ ORIGINATOR="`cat $TEMP`"
++- rm -f $TEMP
+++ > $TEMP
++ fi
++
++ if [ -n "$ORGANIZATION" ]; then
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/65_login_cvspass_message
++++ cvs-1.12.13/debian/patches/65_login_cvspass_message
+@@ -0,0 +1,19 @@
++# Print a clearer message if ~/.cvspass does not exist when cvs login is
++# called. Closes: #168163.
++#
++# Patch by Steve McIntyre <steve@einval.com>
++diff -ruN cvs-1.12.13-old/src/login.c cvs-1.12.13/src/login.c
++--- cvs-1.12.13-old/src/login.c 2005-05-14 05:47:28.000000000 +0800
+++++ cvs-1.12.13/src/login.c 2006-02-26 21:31:17.000000000 +0800
++@@ -309,7 +309,10 @@
++ fp = CVS_FOPEN (passfile, "r");
++ if (fp == NULL)
++ {
++- error (0, errno, "warning: failed to open %s for reading", passfile);
+++ if (errno == ENOENT)
+++ error (0, 0, "CVS password file %s does not exist - creating a new file", passfile);
+++ else
+++ error (0, errno, "warning: failed to open %s for reading", passfile);
++ goto process;
++ }
++
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/62_cvsrc_whitespace
++++ cvs-1.12.13/debian/patches/62_cvsrc_whitespace
+@@ -0,0 +1,37 @@
++# Ignore leading whitespace in .cvsrc files. Closes: #212415. Thanks
++# to James R. Van Zandt for the patch.
++diff -ruN cvs-1.12.13-old/src/cvsrc.c cvs-1.12.13/src/cvsrc.c
++--- cvs-1.12.13-old/src/cvsrc.c 2005-03-16 23:52:14.000000000 +0800
+++++ cvs-1.12.13/src/cvsrc.c 2006-02-26 18:25:18.000000000 +0800
++@@ -41,6 +41,7 @@
++ size_t line_chars_allocated;
++
++ char *optstart;
+++ int white_len;
++
++ int command_len;
++ int found = 0;
++@@ -96,9 +97,12 @@
++ if (line[0] == '#')
++ continue;
++
+++ for (white_len=0; isspace(line[white_len]); white_len++)
+++ ;
+++
++ /* stop if we match the current command */
++- if (!strncmp (line, cmdname, command_len)
++- && isspace ((unsigned char) *(line + command_len)))
+++ if (!strncmp (line + white_len, cmdname, command_len)
+++ && isspace ((unsigned char) *(line + white_len + command_len)))
++ {
++ found = 1;
++ break;
++@@ -120,7 +124,7 @@
++ if (found)
++ {
++ /* skip over command in the options line */
++- for (optstart = strtok (line + command_len, "\t \n");
+++ for (optstart = strtok (line + white_len + command_len, "\t \n");
++ optstart;
++ optstart = strtok (NULL, "\t \n"))
++ {
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/67_date_format_option
++++ cvs-1.12.13/debian/patches/67_date_format_option
+@@ -0,0 +1,151 @@
++#
++# Add an extra option to set the DateFormat used in log output.
++#
++# Patch by Steve McIntyre <steve@einval.com>
++diff -ruN cvs-1.12.13-old/doc/cvs.texinfo cvs-1.12.13/doc/cvs.texinfo
++--- cvs-1.12.13-old/doc/cvs.texinfo 2005-09-23 10:02:53.000000000 +0800
+++++ cvs-1.12.13/doc/cvs.texinfo 2006-02-26 23:03:05.000000000 +0800
++@@ -14840,9 +14840,17 @@
++ group to using @code{cvs admin} to change the default keyword
++ substitution mode, lock revisions, unlock revisions, and
++ replace the log message, use @samp{UserAdminOptions=klum}.
++-@end table
++-
++
+++@cindex DateFormat, in CVSROOT/config
+++@item DateFormat=@var{value}
+++Control the output format of dates from cvs. cvs version 1.12.x
+++changed the default format to use ``iso8601'' dates, which are
+++better for many reasons. However, old scripts/programs written to
+++parse the output of various cvs commands (especially cvs log) may
+++not cope with the change in date format (e.g. gcvs). The default
+++value of DateFormat will be ``iso8601'', but if you need temporary
+++backwards-compatibility set DateFormat=old.
+++@end table
++
++ @c ---------------------------------------------------------------------
++ @node Environment variables
++diff -ruN cvs-1.12.13-old/src/log.c cvs-1.12.13/src/log.c
++--- cvs-1.12.13-old/src/log.c 2005-03-22 21:19:57.000000000 +0800
+++++ cvs-1.12.13/src/log.c 2006-02-26 23:03:05.000000000 +0800
++@@ -1607,8 +1607,12 @@
++ &sec);
++ if (year < 1900)
++ year += 1900;
++- sprintf (buf, "%04d-%02d-%02d %02d:%02d:%02d +0000", year, mon, mday,
++- hour, min, sec);
+++ if ('-' == datesep)
+++ sprintf (buf, "%04d%c%02d%c%02d %02d:%02d:%02d +0000", year, datesep,
+++ mon, datesep, mday, hour, min, sec);
+++ else
+++ sprintf (buf, "%04d%c%02d%c%02d %02d:%02d:%02d", year, datesep,
+++ mon, datesep, mday, hour, min, sec);
++ cvs_output_tagged ("date", buf);
++
++ cvs_output_tagged ("text", "; author: ");
++diff -ruN cvs-1.12.13-old/src/main.c cvs-1.12.13/src/main.c
++--- cvs-1.12.13-old/src/main.c 2006-02-26 23:03:04.000000000 +0800
+++++ cvs-1.12.13/src/main.c 2006-02-26 23:10:12.000000000 +0800
++@@ -1371,9 +1371,19 @@
++ static char buf[sizeof ("yyyy-mm-dd HH:MM:SS -HHMM")];
++ /* Convert to a time in the local time zone. */
++ struct tm ltm = *(localtime (&unixtime));
++-
++- if (!my_strftime (buf, sizeof (buf), "%Y-%m-%d %H:%M:%S %z", <m, 0, 0))
++- return NULL;
+++ char *format = NULL;
+++
+++ switch (datesep)
+++ {
+++ case '/':
+++ format = "%Y/%m/%d %H:%M:%S";
+++ break;
+++ default:
+++ format = "%Y-%m-%d %H:%M:%S %z";
+++ break;
+++ }
+++ if (my_strftime (buf, sizeof (buf), format, <m, 0, 0) == 0)
+++ return NULL;
++
++ return xstrdup (buf);
++ }
++@@ -1388,9 +1398,19 @@
++ static char buf[sizeof ("yyyy-mm-dd HH:MM:SS -HHMM")];
++ /* Convert to a time in the local time zone. */
++ struct tm ltm = *(gmtime (&unixtime));
++-
++- if (!my_strftime (buf, sizeof (buf), "%Y-%m-%d %H:%M:%S %z", <m, 0, 0))
++- return NULL;
+++ char *format = NULL;
+++
+++ switch (datesep)
+++ {
+++ case '/':
+++ format = "%Y/%m/%d %H:%M:%S";
+++ break;
+++ default:
+++ format = "%Y-%m-%d %H:%M:%S %z";
+++ break;
+++ }
+++ if (my_strftime (buf, sizeof (buf), format, <m, 0, 0) == 0)
+++ return NULL;
++
++ return xstrdup (buf);
++ }
++diff -ruN cvs-1.12.13-old/src/parseinfo.c cvs-1.12.13/src/parseinfo.c
++--- cvs-1.12.13-old/src/parseinfo.c 2005-09-06 12:40:37.000000000 +0800
+++++ cvs-1.12.13/src/parseinfo.c 2006-02-26 23:03:05.000000000 +0800
++@@ -626,6 +626,19 @@
++ retval->logHistory = xstrdup (p);
++ }
++ }
+++ /* grab FreeBSD date format idea */
+++ else if (strcmp (line, "DateFormat") == 0)
+++ {
+++ if (strcmp (p, "old") == 0)
+++ {
+++ datesep = '/';
+++ }
+++ else if (strcmp (p, "iso8601") == 0)
+++ {
+++ datesep = '-';
+++ }
+++ }
+++ /* end grabbing */
++ else if (strcmp (line, "RereadLogAfterVerify") == 0)
++ {
++ if (!strcasecmp (p, "never"))
++diff -ruN cvs-1.12.13-old/src/rcs.c cvs-1.12.13/src/rcs.c
++--- cvs-1.12.13-old/src/rcs.c 2006-02-26 23:03:04.000000000 +0800
+++++ cvs-1.12.13/src/rcs.c 2006-02-26 23:03:05.000000000 +0800
++@@ -33,6 +33,8 @@
++ # endif
++ #endif
++
+++int datesep = '-';
+++
++ /* The RCS -k options, and a set of enums that must match the array.
++ These come first so that we can use enum kflag in function
++ prototypes. */
++@@ -3537,8 +3539,8 @@
++ &sec);
++ if (year < 1900)
++ year += 1900;
++- sprintf (buf, "%04d/%02d/%02d %02d:%02d:%02d", year, mon, mday,
++- hour, min, sec);
+++ sprintf (buf, "%04d%c%02d%c%02d %02d:%02d:%02d", year, datesep, mon,
+++ datesep, mday, hour, min, sec);
++ return xstrdup (buf);
++ }
++
++diff -ruN cvs-1.12.13-old/src/rcs.h cvs-1.12.13/src/rcs.h
++--- cvs-1.12.13-old/src/rcs.h 2005-03-18 06:36:24.000000000 +0800
+++++ cvs-1.12.13/src/rcs.h 2006-02-26 23:03:05.000000000 +0800
++@@ -254,6 +254,7 @@
++ void RCS_setlocalid (const char *, unsigned int, void **, const char *arg);
++ char *make_file_label (const char *, const char *, RCSNode *);
++
+++extern int datesep;
++ extern bool preserve_perms;
++
++ /* From import.c. */
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/68_DSA_external_passwd_file
++++ cvs-1.12.13/debian/patches/68_DSA_external_passwd_file
+@@ -0,0 +1,388 @@
++# Add support for overriding lookups in CVSROOT/passwd
++# Specify --password-file <file> on the pserver command line to use it
++# Initial patch from the Debian DSA team, adapted by Steve McIntyre.
++# See README.Debian for more details.
++diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h
++--- cvs-1.12.13-old/src/cvs.h 2005-10-02 16:17:20.000000000 +0100
+++++ cvs-1.12.13/src/cvs.h 2006-08-19 01:20:33.000000000 +0100
++@@ -371,6 +371,7 @@
++ extern int use_editor;
++ extern int cvswrite;
++ extern mode_t cvsumask;
+++extern char *PasswordFileName;
++
++ /* Temp dir abstraction. */
++ /* From main.c. */
++diff -ruN cvs-1.12.13-old/src/main.c cvs-1.12.13/src/main.c
++--- cvs-1.12.13-old/src/main.c 2006-08-17 00:25:16.000000000 +0100
+++++ cvs-1.12.13/src/main.c 2006-08-19 01:20:03.000000000 +0100
++@@ -43,8 +43,7 @@
++ int noexec = 0;
++ int readonlyfs = 0;
++ int logoff = 0;
++-
++-
+++char *PasswordFileName = NULL;
++
++ /***
++ ***
++@@ -519,6 +518,7 @@
++ {"help-commands", 0, NULL, 1},
++ {"help-synonyms", 0, NULL, 2},
++ {"help-options", 0, NULL, 4},
+++ {"password-file", required_argument, NULL, 5},
++ #ifdef SERVER_SUPPORT
++ {"allow-root", required_argument, NULL, 3},
++ #endif /* SERVER_SUPPORT */
++@@ -646,6 +646,10 @@
++ root_allow_add (optarg, gConfigPath);
++ break;
++ #endif /* SERVER_SUPPORT */
+++ case 5:
+++ /* --password-file */
+++ PasswordFileName = xstrdup(optarg);
+++ break;
++ case 'Q':
++ really_quiet = 1;
++ /* FALL THROUGH */
++diff -ruN cvs-1.12.13-old/src/Makefile.in cvs-1.12.13/src/Makefile.in
++--- cvs-1.12.13-old/src/Makefile.in 2005-10-03 14:37:18.000000000 +0100
+++++ cvs-1.12.13/src/Makefile.in 2006-08-17 00:28:35.000000000 +0100
++@@ -146,7 +146,7 @@
++ ls.$(OBJEXT) main.$(OBJEXT) mkmodules.$(OBJEXT) \
++ modules.$(OBJEXT) ms-buffer.$(OBJEXT) myndbm.$(OBJEXT) \
++ no_diff.$(OBJEXT) parseinfo.$(OBJEXT) patch.$(OBJEXT) \
++- rcs.$(OBJEXT) rcscmds.$(OBJEXT) recurse.$(OBJEXT) \
+++ rcs.$(OBJEXT) rcscmds.$(OBJEXT) readpw.$(OBJEXT) recurse.$(OBJEXT) \
++ release.$(OBJEXT) remove.$(OBJEXT) repos.$(OBJEXT) \
++ root.$(OBJEXT) rsh-client.$(OBJEXT) run.$(OBJEXT) \
++ scramble.$(OBJEXT) server.$(OBJEXT) stack.$(OBJEXT) \
++@@ -349,6 +349,7 @@
++ patch.c \
++ rcs.c \
++ rcscmds.c \
+++ readpw.c \
++ recurse.c \
++ release.c \
++ remove.c \
++@@ -543,6 +544,7 @@
++ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/patch.Po@am__quote@
++ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rcs.Po@am__quote@
++ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rcscmds.Po@am__quote@
+++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/readpw.Po@am__quote@
++ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/recurse.Po@am__quote@
++ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/release.Po@am__quote@
++ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/remove.Po@am__quote@
++diff -ruN cvs-1.12.13-old/src/parseinfo.h cvs-1.12.13/src/parseinfo.h
++--- cvs-1.12.13-old/src/parseinfo.h 2006-08-17 00:25:16.000000000 +0100
+++++ cvs-1.12.13/src/parseinfo.h 2006-08-17 00:58:25.000000000 +0100
++@@ -21,6 +21,7 @@
++ char *HistoryLogPath;
++ char *HistorySearchPath;
++ char *TmpDir;
+++ char *PasswordFileName;
++
++ /* Should the logmsg be re-read during the do_verify phase?
++ * RereadLogAfterVerify=no|stat|yes
++diff -ruN cvs-1.12.13-old/src/readpw.c cvs-1.12.13/src/readpw.c
++--- cvs-1.12.13-old/src/readpw.c 1970-01-01 01:00:00.000000000 +0100
+++++ cvs-1.12.13/src/readpw.c 2006-08-19 01:45:26.000000000 +0100
++@@ -0,0 +1,158 @@
+++/*
+++ readpw.c - read the CVS password from an external file
+++ Copyright (c) 2006 Martin Schulze <joey@infodrom.org>
+++
+++ This program is free software; you can redistribute it and/or modify
+++ it under the terms of the GNU General Public License as published by
+++ the Free Software Foundation; either version 2 of the License, or
+++ (at your option) any later version.
+++
+++ This program is distributed in the hope that it will be useful,
+++ but WITHOUT ANY WARRANTY; without even the implied warranty of
+++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+++ GNU General Public License for more details.
+++
+++ You should have received a copy of the GNU General Public License
+++ along with this program; if not, write to the Free Software
+++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+++*/
+++
+++#include <string.h>
+++#include <stdio.h>
+++#include <errno.h>
+++#include <syslog.h>
+++
+++#define PWFILE "/tmp/work/cvs/cvs.passwd"
+++
+++/*
+++ * Source: control_nextline() in dtaus.c from dtaus
+++ */
+++size_t readline (FILE *f, char **buf, unsigned int len)
+++{
+++ char line[100];
+++ char tmp[100];
+++ char *cp;
+++ int i;
+++
+++ memset (line, 0, sizeof(line));
+++ memset (*buf, 0, len);
+++
+++ cp = line;
+++
+++ while (!strlen(line) && (cp = fgets(line, 100, f))) {
+++ if (strlen(line)) {
+++ if (line[0] != '#') {
+++ if (line[strlen(line)-1] != '\n') {
+++ strcpy(tmp, line);
+++ while (tmp[strlen(tmp)-1] != '\n' && (cp = fgets(tmp, 100, f)));
+++ } else
+++ line[strlen(line)-1] = '\0';
+++ if (line[strlen(line)-1] == '\r')
+++ line[strlen(line)-1] = '\0';
+++ for (i=strlen(line);(line[i-1] == ' '||line[i-1] == '\t')&&i>0; i--)
+++ line[i-1] = '\0';
+++ } else
+++ line[0] = '\0';
+++ }
+++ }
+++ for (cp=line; *cp==' '; cp++);
+++
+++ if (strlen(cp)) {
+++ memcpy(*buf, cp, strlen(cp) >= len ? len-1 : strlen(cp));
+++ return (strlen (cp));
+++ } else
+++ return 0;
+++}
+++
+++#define MAXLINE 100
+++#define PWLEN 20
+++
+++char *getpwline (const char *fname, const char *repository, const char *logname)
+++{
+++ FILE *f;
+++ char buf[MAXLINE], *bp = buf;
+++ static char line[MAXLINE];
+++ int inrepo = 0;
+++ char *cp;
+++
+++ memset (line, 0, sizeof (line));
+++
+++ if ((f = fopen (fname, "r")) == NULL) {
+++ perror ("fopen");
+++ return line;
+++ }
+++
+++ while (readline (f, &bp, 50)) {
+++ if (buf[0] == '/') {
+++ syslog(LOG_ERR, "Looking for repo %s in %s\n", repository, buf);
+++ if (!inrepo && !strcmp (buf, repository))
+++ {
+++ syslog(LOG_ERR, "matched repository %s\n", repository);
+++ inrepo = 1;
+++ }
+++ else if (inrepo)
+++ inrepo = 0;
+++ } else {
+++ if (inrepo) {
+++ if ((cp = strchr (buf, ':')) != NULL) {
+++ if ( (cp - buf) == strlen (logname)
+++ && !strncmp (buf, logname, strlen (logname))) {
+++ memcpy (line, buf, strlen(buf) >= MAXLINE ? MAXLINE-1 : strlen(buf));
+++ }
+++ }
+++ }
+++ }
+++ }
+++
+++ if (ferror (f))
+++ perror ("ferror");
+++ if (fclose (f) < 0)
+++ perror ("fclose");
+++
+++ return line;
+++}
+++
+++/*
+++*****************************************************************
+++ */
+++#ifdef TEST_READPW
+++
+++void getpasswd (const char *fname, const char *repository, const char *logname, char **pw, char **user)
+++{
+++ char *line;
+++ char *cp, *xp;
+++
+++ memset (*pw, 0, PWLEN);
+++ memset (*user, 0, PWLEN);
+++
+++ line = getpwline(fname, repository, logname);
+++
+++ if (line[0] == '\0')
+++ return;
+++
+++ cp = strchr (line, ':');
+++ cp++;
+++
+++ if ((xp = strchr (cp, ':')) != NULL) {
+++ memcpy (*pw, cp, xp-cp >= PWLEN ? PWLEN-1 : xp-cp);
+++
+++ xp++;
+++
+++ if (strlen (xp))
+++ memcpy (*user, xp, strlen(xp) >= PWLEN ? PWLEN-1 : strlen(xp));
+++ }
+++}
+++
+++int main ()
+++{
+++ char pw[PWLEN], *ppw = pw;
+++ char cvsuser[PWLEN], *pcu = cvsuser;
+++
+++ getpasswd (PWFILE, "/cvs/debian-doc", "jseidel", &ppw, &pcu);
+++
+++ printf ("%s<:>%s\n", pw, cvsuser);
+++ printf ("XXXXXXXXXXXXX\n");
+++
+++ return 0;
+++}
+++#endif /*TEST_READPW */
++diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
++--- cvs-1.12.13-old/src/server.c 2006-08-17 00:25:16.000000000 +0100
+++++ cvs-1.12.13/src/server.c 2006-08-20 00:31:22.000000000 +0100
++@@ -22,6 +22,8 @@
++
++ int server_active = 0;
++
+++char *getpwline (const char *fname, const char *repository, const char *logname);
+++
++ #if defined (SERVER_SUPPORT) || defined (CLIENT_SUPPORT)
++
++ # include "log-buffer.h"
++@@ -6689,51 +6691,71 @@
++ {
++ int retval = 0;
++ FILE *fp;
++- char *filename;
+++ char *filename = NULL;
+++ char *cp;
++ char *linebuf = NULL;
++ size_t linebuf_len;
++ int found_it = 0;
++ int namelen;
++
++- /* We don't use current_parsed_root->directory because it hasn't been
++- * set yet -- our `repository' argument came from the authentication
++- * protocol, not the regular CVS protocol.
++- */
++-
++- filename = xmalloc (strlen (repository)
++- + 1
++- + strlen (CVSROOTADM)
++- + 1
++- + strlen (CVSROOTADM_PASSWD)
++- + 1);
+++ if (!PasswordFileName)
+++ {
+++ /* We don't use current_parsed_root->directory because it hasn't been
+++ * set yet -- our `repository' argument came from the authentication
+++ * protocol, not the regular CVS protocol.
+++ */
+++
+++ filename = xmalloc (strlen (repository)
+++ + 1
+++ + strlen (CVSROOTADM)
+++ + 1
+++ + strlen (CVSROOTADM_PASSWD)
+++ + 1);
++
++- (void) sprintf (filename, "%s/%s/%s", repository,
++- CVSROOTADM, CVSROOTADM_PASSWD);
+++ (void) sprintf (filename, "%s/%s/%s", repository,
+++ CVSROOTADM, CVSROOTADM_PASSWD);
++
++- fp = CVS_FOPEN (filename, "r");
++- if (fp == NULL)
++- {
++- if (!existence_error (errno))
++- error (0, errno, "cannot open %s", filename);
++- free (filename);
++- return 0;
++- }
+++ fp = CVS_FOPEN (filename, "r");
+++ if (fp == NULL)
+++ {
+++ if (!existence_error (errno))
+++ error (0, errno, "cannot open %s", filename);
+++ free (filename);
+++ return 0;
+++ }
++
++- /* Look for a relevant line -- one with this user's name. */
++- namelen = strlen (username);
++- while (getline (&linebuf, &linebuf_len, fp) >= 0)
++- {
++- if ((strncmp (linebuf, username, namelen) == 0)
++- && (linebuf[namelen] == ':'))
++- {
++- found_it = 1;
++- break;
++- }
+++ /* Look for a relevant line -- one with this user's name. */
+++ namelen = strlen (username);
+++ while (getline (&linebuf, &linebuf_len, fp) >= 0)
+++ {
+++ if ((strncmp (linebuf, username, namelen) == 0)
+++ && (linebuf[namelen] == ':'))
+++ {
+++ found_it = 1;
+++ break;
+++ }
+++ }
+++ if (ferror (fp))
+++ error (0, errno, "cannot read %s", filename);
+++ if (fclose (fp) < 0)
+++ error (0, errno, "cannot close %s", filename);
+++ }
+++ else /* DSA_VERSION */
+++ {
+++ namelen = strlen (username);
+++
+++ cp = getpwline (PasswordFileName, repository, username);
+++ /* syslog (LOG_NOTICE, "cp=%s", cp); */
+++ if (strlen (cp)) {
+++ linebuf = xmalloc (strlen (cp) + 1);
+++ memcpy (linebuf, cp, strlen(cp)+1);
+++ /* syslog (LOG_NOTICE, "line=%s", linebuf); */
+++ found_it = 1;
+++ } else
+++ found_it = 0;
+++
+++ /* syslog (LOG_NOTICE, "username=%s, password=%s, repository=%s", username, password, repository); */
++ }
++- if (ferror (fp))
++- error (0, errno, "cannot read %s", filename);
++- if (fclose (fp) < 0)
++- error (0, errno, "cannot close %s", filename);
++
++ /* If found_it, then linebuf contains the information we need. */
++ if (found_it)
++@@ -6823,6 +6845,7 @@
++ retval = 0;
++ }
++
+++ if (filename)
++ free (filename);
++ if (linebuf)
++ free (linebuf);
++@@ -7043,7 +7066,10 @@
++ letting you in if it won't say why, and I am not convinced
++ that the potential information disclosure to an attacker
++ outweighs this. */
++- printf ("error 0 no such user %s in CVSROOT/passwd\n", username);
+++ if (PasswordFileName)
+++ printf ("error 0 no such user %s in %s\n", username, PasswordFileName);
+++ else
+++ printf ("error 0 no such user %s in CVSROOT/passwd\n", username);
++
++ exit (EXIT_FAILURE);
++ }
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/14_ext_expansion
++++ cvs-1.12.13/debian/patches/14_ext_expansion
+@@ -0,0 +1,29 @@
++#
++# Make the "ext" method more intelligent; allow specification of the
++# "rsh" command using ext=<command>. Extended to recognise "extssh" the
++# same way as "ext=ssh"
++#
++# Original patch by Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>,
++# extension by Steve McIntyre <steve@einval.com>. Bugs #165432 and #276328
++diff -Nru3 ./cvs-1.12.13/src/root.c ../build-tree.new/cvs-1.12.13/src/root.c
++--- ./cvs-1.12.13/src/root.c 2006-05-05 23:35:40.000000000 +0800
+++++ ../build-tree.new/cvs-1.12.13/src/root.c 2006-05-05 23:34:12.000000000 +0800
++@@ -553,6 +547,18 @@
++ newroot->method = gserver_method;
++ else if (!strcasecmp (method, "server"))
++ newroot->method = server_method;
+++ else if (strncmp (method, "ext=", 4) == 0)
+++ {
+++ const char *rsh = method + 4;
+++ setenv ("CVS_RSH", rsh, 1); /* This is a hack, but simplifies */
+++ newroot->method = ext_method;
+++ }
+++ else if (strncmp (method, "extssh", 6) == 0)
+++ {
+++ const char *rsh = method + 3;
+++ setenv ("CVS_RSH", rsh, 1); /* This is a hack, but simplifies */
+++ newroot->method = ext_method;
+++ }
++ else if (!strcasecmp (method, "ext"))
++ newroot->method = ext_method;
++ else if (!strcasecmp (method, "fork"))
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/56_extra_tags
++++ cvs-1.12.13/debian/patches/56_extra_tags
+@@ -0,0 +1,29 @@
++#
++# Add extra tag keyword expansion options
++#
++# Patch by Steve McIntyre <steve@einval.com>
++diff -ruN cvs-1.12.13-old/src/logmsg.c cvs-1.12.13/src/logmsg.c
++--- cvs-1.12.13-old/src/logmsg.c 2006-02-26 22:54:52.000000000 +0800
+++++ cvs-1.12.13/src/logmsg.c 2006-02-26 22:56:36.000000000 +0800
++@@ -642,7 +642,11 @@
++ break;
++ case 'T':
++ li = p->data;
++- arg = li->tag ? li->tag : "";
+++ arg = li->tag ? li->tag : "TRUNK";
+++ break;
+++ case 'S':
+++ arg = xmalloc(strlen(p->key) + 5);
+++ sprintf(arg, "\\\"%s\\\"", p->key);
++ break;
++ case 'V':
++ li = p->data;
++@@ -814,7 +818,7 @@
++ #endif /* SERVER_SUPPORT */
++ "p", "s", srepos,
++ "r", "s", current_parsed_root->directory,
++- "sVv", ",", changes,
+++ "SsTVv", ",", changes,
++ logmsg_list_to_args_proc, (void *) NULL,
++ (char *) NULL);
++ if (!cmdline || !strlen (cmdline))
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/95_flag_conflicted_copies
++++ cvs-1.12.13/debian/patches/95_flag_conflicted_copies
+@@ -0,0 +1,21 @@
++# Undo not flagging conflicted copies anymore, as reported by
++# Henrique de Moraes Holschuh <hmh@debian.org>
++# Closes: #368681
++# Fix as described in message to the CVS mailing list at
++# http://lists.gnu.org/archive/html/info-cvs/2006-06/msg00050.html
++--- cvs-1.12.13/src/client.c~ 2005-10-02 16:17:20.000000000 +0100
+++++ cvs-1.12.13/src/client.c 2006-06-09 20:12:06.000000000 +0100
++@@ -4533,10 +4533,9 @@
++ /* File no longer exists. Don't do anything, missing files
++ just happen. */
++ }
++- else if (!vers->ts_rcs || args->force
++- || strcmp (vers->ts_conflict
++- ? vers->ts_conflict : vers->ts_rcs, vers->ts_user)
++- || (vers->ts_conflict && !strcmp (cvs_cmd_name, "diff")))
+++ else if (vers->ts_rcs == NULL
+++ || args->force
+++ || strcmp (vers->ts_user, vers->ts_rcs) != 0)
++ {
++ if (args->no_contents
++ && supported_request ("Is-modified"))
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/93_homedir
++++ cvs-1.12.13/debian/patches/93_homedir
+@@ -0,0 +1,44 @@
++# Fix handling of homedirectory for pserver, patch from
++# Jim Studt <jim@federated.com>. Closes: Bug#51234
++diff -ruN cvs-1.12.13-old/src/filesubr.c cvs-1.12.13/src/filesubr.c
++--- cvs-1.12.13-old/src/filesubr.c 2005-09-28 23:25:59.000000000 +0800
+++++ cvs-1.12.13/src/filesubr.c 2006-02-26 22:31:57.000000000 +0800
++@@ -795,6 +795,11 @@
++ The workaround is to put -f in inetd.conf which means that
++ get_homedir won't get called until after the switch in user ID.
++
+++ NOTE: the above paragraph is not sufficient if the HOME environment
+++ variable is set, it overrides the uid based password lookup, hence
+++ the change_uid logic path that blocks the HOME environment variable
+++ when the uid gets changed.
+++
++ The whole concept of a "home directory" on the server is pretty
++ iffy, although I suppose some people probably are relying on it for
++ .cvsrc and such, in the cases where it works. */
++@@ -802,15 +807,24 @@
++ get_homedir (void)
++ {
++ static char *home = NULL;
+++ static uid_t home_uid = 0;
+++ static int changed_uid = 0;
++ char *env;
+++ uid_t uid = getuid();
++ struct passwd *pw;
++
+++ if ( home && home_uid != uid) {
+++ home = 0;
+++ home_uid = uid;
+++ changed_uid = 1;
+++ }
+++
++ if (home != NULL)
++ return home;
++
++- if (!server_active && (env = getenv ("HOME")) != NULL)
+++ if (!server_active && ((env = getenv ("HOME")) != NULL) && !changed_uid)
++ home = env;
++- else if ((pw = (struct passwd *) getpwuid (getuid ()))
+++ else if ((pw = (struct passwd *) getpwuid (uid))
++ && pw->pw_dir)
++ home = xstrdup (pw->pw_dir);
++ else
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/25_import-n-X
++++ cvs-1.12.13/debian/patches/25_import-n-X
+@@ -0,0 +1,15 @@
++# Fix `cvs import -X' failure
++# Fixes: #374964
++# Patch by Florian Zschocke <zschocke@gmx.net>
++diff -ruN cvs-1.12.13-old/src/import.c cvs-1.12.13/src/import.c
++--- cvs-1.12.13-old/src/import.c 2005-09-04 02:27:44.000000000 +0200
+++++ cvs-1.12.13/src/import.c 2006-06-19 19:41:57.000000000 +0200
++@@ -595,7 +595,7 @@
++ /* Attempt to make the Attic directory, in case it
++ does not exist. */
++ (void) sprintf (rcs, "%s/%s", repository, CVSATTIC);
++- if (CVS_MKDIR (rcs, 0777 ) != 0 && errno != EEXIST)
+++ if (noexec == 0 && CVS_MKDIR (rcs, 0777 ) != 0 && errno != EEXIST)
++ error (1, errno, "cannot make directory `%s'", rcs);
++
++ /* Note that the above clobbered the path name, so we
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/97_cvs.info.typo
++++ cvs-1.12.13/debian/patches/97_cvs.info.typo
+@@ -0,0 +1,58 @@
++# Minor documentation changes
++#
++# Patch by Steve McIntyre <steve@einval.com> and Britton Leo Kerin <fsblk@aurora.uaf.edu>
++diff -ruN cvs-1.12.13-old/doc/cvsclient.texi cvs-1.12.13/doc/cvsclient.texi
++--- cvs-1.12.13-old/doc/cvsclient.texi 2005-07-20 18:39:59.000000000 +0800
+++++ cvs-1.12.13/doc/cvsclient.texi 2006-02-26 22:39:20.000000000 +0800
++@@ -3,9 +3,10 @@
++ @setfilename cvsclient.info
++ @include version-client.texi
++
++-@dircategory Programming
+++@dircategory Development
++ @direntry
++-* cvsclient: (cvsclient). The CVS client/server protocol.
+++* CVS client/server: (cvsclient). Describes the client/server protocol
+++ used by CVS.
++ @end direntry
++
++ @node Top
++diff -ruN cvs-1.12.13-old/doc/cvs.texinfo cvs-1.12.13/doc/cvs.texinfo
++--- cvs-1.12.13-old/doc/cvs.texinfo 2006-02-26 22:39:19.000000000 +0800
+++++ cvs-1.12.13/doc/cvs.texinfo 2006-02-26 22:39:20.000000000 +0800
++@@ -97,7 +97,7 @@
++ @end macro
++ @end ifhtml
++
++-@dircategory GNU Packages
+++@dircategory Development
++ @direntry
++ * CVS: (cvs). Concurrent Versions System
++ @end direntry
++@@ -2385,13 +2385,16 @@
++ There are two access methods that you use in @code{CVSROOT}
++ for rsh. @code{:server:} specifies an internal rsh
++ client, which is supported only by some @sc{cvs} ports.
+++This is not supported on most Unix-style systems,
+++including Debian.
++ @code{:ext:} specifies an external rsh program. By
++ default this is @code{rsh} (unless otherwise specified
++ by the @file{--with-rsh} flag to configure) but you may set the
++ @code{CVS_RSH} environment variable to invoke another
++ program which can access the remote server (for
++ example, @code{remsh} on HP-UX 9 because @code{rsh} is
++-something different). It must be a program which can
+++something different, or @code{ssh} to allow the use of
+++secure and/or compressed connections). It must be a program which can
++ transmit data to and from the server without modifying
++ it; for example the Windows NT @code{rsh} is not
++ suitable since it by default translates between CRLF
++@@ -12711,7 +12714,7 @@
++ @item @var{mname} [ options ] @var{dir} [ @var{files}@dots{} ]
++ In the simplest case, this form of module definition
++ reduces to @samp{@var{mname} @var{dir}}. This defines
++-all the files in directory @var{dir} as module mname.
+++all the files in directory @var{dir} as module @var{mname}.
++ @var{dir} is a relative path (from @code{$CVSROOT}) to a
++ directory of source in the source repository. In this
++ case, on checkout, a single directory called
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/55_keyword_alphanumerics
++++ cvs-1.12.13/debian/patches/55_keyword_alphanumerics
+@@ -0,0 +1,27 @@
++# Fix keyword handling to accept alphanumerics, not just alphabetics.
++# Thanks to Branden Robinson for this fix.
++diff -ruN cvs-1.12.13-old/src/rcs.c cvs-1.12.13/src/rcs.c
++--- cvs-1.12.13-old/src/rcs.c 2005-09-28 23:25:59.000000000 +0800
+++++ cvs-1.12.13/src/rcs.c 2006-02-26 17:58:32.000000000 +0800
++@@ -3680,13 +3680,18 @@
++ srch_len -= (srch_next + 1) - srch;
++ srch = srch_next + 1;
++
++- /* Look for the first non alphabetic character after the '$'. */
+++ /*
+++ * Accept alphanumerics, not just alphabetics. XFree86, anyone?
+++ * Branden Robinson Sat, 7 Sep 2002 02:04:59 -0500
+++ */
+++
+++ /* Look for the first non alphanumeric character after the '$'. */
++ send = srch + srch_len;
++ for (s = srch; s < send; s++)
++- if (! isalpha ((unsigned char) *s))
+++ if (! isalnum ((unsigned char) *s))
++ break;
++
++- /* If the first non alphabetic character is not '$' or ':',
+++ /* If the first non alphanumeric character is not '$' or ':',
++ then this is not an RCS keyword. */
++ if (s == send || (*s != '$' && *s != ':'))
++ continue;
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/81_fix_-l
++++ cvs-1.12.13/debian/patches/81_fix_-l
+@@ -0,0 +1,26 @@
++# Re-added -l option to the client. Does nothing, but stops
++# warnings/errors. Will really fix #219950 and #224737, and also a
++# differently-described bug (220379). Closes: #219950, #220379
++#
++# Patch by Steve McIntyre <steve@einval.com>
++diff -ruN cvs-1.12.13-old/src/main.c cvs-1.12.13/src/main.c
++--- cvs-1.12.13-old/src/main.c 2006-02-26 22:09:42.000000000 +0800
+++++ cvs-1.12.13/src/main.c 2006-02-26 22:09:43.000000000 +0800
++@@ -511,7 +511,7 @@
++ int help = 0; /* Has the user asked for help? This
++ lets us support the `cvs -H cmd'
++ convention to give help for cmd. */
++- static const char short_options[] = "+QqrwtnRvb:T:e:d:Hfz:s:xa";
+++ static const char short_options[] = "+QqrwtnRvb:T:e:d:Hfz:s:xal";
++ static struct option long_options[] =
++ {
++ {"help", 0, NULL, 'H'},
++@@ -669,6 +669,8 @@
++ noexec = 1;
++ logoff = 1;
++ break;
+++ case 'l': /* no-op to simply ignore the old -l option */
+++ break;
++ case 'v':
++ (void) fputs ("\n", stdout);
++ version (0, NULL);
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/51_newlines_in_commit_template
++++ cvs-1.12.13/debian/patches/51_newlines_in_commit_template
+@@ -0,0 +1,32 @@
++# Change commit template so that there are two newlines at the
++# beginning. (closes: #102624)
++#
++# Patch from Tollef Fog Heen <tfheen@debian.org>
++diff -ruN cvs-1.12.13-old/src/logmsg.c cvs-1.12.13/src/logmsg.c
++--- cvs-1.12.13-old/src/logmsg.c 2005-09-04 08:27:44.000000000 +0800
+++++ cvs-1.12.13/src/logmsg.c 2006-02-26 17:57:28.000000000 +0800
++@@ -264,6 +264,11 @@
++ }
++ }
++
+++ if (!*messagep)
+++ {
+++ (void) fprintf (fp, "\n");
+++ }
+++
++ (void) fprintf (fp,
++ "%s----------------------------------------------------------------------\n",
++ CVSEDITPREFIX);
++@@ -349,7 +354,11 @@
++ *messagep = NULL;
++ }
++
++- if (pre_stbuf.st_mtime == post_stbuf.st_mtime || *messagep == NULL)
+++ if (pre_stbuf.st_mtime == post_stbuf.st_mtime ||
+++ *messagep == NULL ||
+++ (*messagep)[0] == '\0' ||
+++ strcmp (*messagep, "\n") == 0 ||
+++ strcmp (*messagep, "\n\n") == 0)
++ {
++ for (;;)
++ {
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/85_normalize_correct_roots
++++ cvs-1.12.13/debian/patches/85_normalize_correct_roots
+@@ -0,0 +1,34 @@
++# Apply patch from 120042, which only tries to parse pserver, gserver
++# and kserver methods when doing cvs login. (closes: #120042).
++#
++# Patch from Horms <horms@vergenet.net>
++diff -ruN cvs-1.12.13-old/src/login.c cvs-1.12.13/src/login.c
++--- cvs-1.12.13-old/src/login.c 2006-02-26 22:10:42.000000000 +0800
+++++ cvs-1.12.13/src/login.c 2006-02-26 22:25:14.000000000 +0800
++@@ -200,11 +200,21 @@
++ return NULL;
++ }
++ *p = ' ';
++- tmp_root_canonical = normalize_cvsroot (tmp_root);
++- if (strcmp (cvsroot_canonical, tmp_root_canonical) == 0)
++- password = p + 1;
++-
++- free (tmp_root_canonical);
+++ switch (tmp_root->method)
+++ {
+++ case gserver_method:
+++ case pserver_method:
+++#ifdef HAVE_KERBEROS
+++ case kserver_method:
+++#endif /* HAVE_KERBEROS */
+++ tmp_root_canonical = normalize_cvsroot (tmp_root);
+++ if (strcmp (cvsroot_canonical, tmp_root_canonical) == 0)
+++ password = p + 1;
+++ free (tmp_root_canonical);
+++ break;
+++ default:
+++ break;
+++ }
++ }
++
++ return password;
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/60_PAM_support
++++ cvs-1.12.13/debian/patches/60_PAM_support
+@@ -0,0 +1,144 @@
++#
++# Add in extra PAM options compared to upstream's own PAM code:
++# * Add an extra option PamAuth to control use of PAM separately from
++# SystemAuth
++# * Add support for DefaultPamUser - try that if the specified
++# user does not exist
++#
++# Patch by Steve McIntyre <steve@einval.com>
++diff -ruN cvs-1.12.13-old/doc/cvs.texinfo cvs-1.12.13/doc/cvs.texinfo
++--- cvs-1.12.13-old/doc/cvs.texinfo 2005-09-23 03:02:53.000000000 +0100
+++++ cvs-1.12.13/doc/cvs.texinfo 2006-05-19 23:50:10.000000000 +0100
++@@ -2662,8 +2662,18 @@
++ system has PAM (Pluggable Authentication Modules)
++ and your @sc{cvs} server executable was configured to
++ use it at compile time (using @code{./configure --enable-pam} - see the
++-INSTALL file for more). In this case, PAM will be consulted instead.
++-This means that @sc{cvs} can be configured to use any password
+++INSTALL file for more). In this case, PAM may be
+++consulted first (or instead). The
+++"fallback" behaviour can be controlled using the two
+++variables @code{PamAuth} and @code{SystemAuth}. On a
+++Debian system, @code{PamAuth} defaults to @code{yes}
+++and @code{SystemAuth} to @code{no} - after all, PAM can
+++supports passwd file lookups itself. Changing these is
+++possible by setting @code{PamAuth=no} and
+++@code{SystemAuth=yes} in the @sc{cvs} @file{config}
+++file, @pxref{config}).
+++
+++Use of PAM means that @sc{cvs} can be configured to use any password
++ authentication source PAM can be configured to use (possibilities
++ include a simple UNIX password, NIS, LDAP, and others) in its
++ global configuration file (usually @file{/etc/pam.conf}
++@@ -2691,7 +2701,7 @@
++ cvs session required pam_unix.so
++ @end example
++
++-The the equivalent @file{/etc/pam.d/cvs} would contain
+++The equivalent @file{/etc/pam.d/cvs} would contain
++
++ @example
++ auth required pam_unix.so
++@@ -2715,6 +2725,13 @@
++ feature should not be used if you may not have control of the name
++ @sc{cvs} will be invoked as.
++
+++If you wish to use PAM for authentication, and details
+++of your users are not available using getpwnam(), you
+++may set a default name for the account on the server
+++that will be used after authentication. To do this,
+++either set @code{DefaultPamUser=user} in the @sc{cvs}
+++@file{config} file, @pxref{config}.
+++
++ Be aware, also, that falling back to system
++ authentication might be a security risk: @sc{cvs}
++ operations would then be authenticated with that user's
++diff -ruN cvs-1.12.13-old/src/parseinfo.c cvs-1.12.13/src/parseinfo.c
++--- cvs-1.12.13-old/src/parseinfo.c 2005-09-06 05:40:37.000000000 +0100
+++++ cvs-1.12.13/src/parseinfo.c 2006-05-19 22:46:00.000000000 +0100
++@@ -303,8 +303,12 @@
++ */
++ #endif /* PROXY_SUPPORT */
++ #ifdef AUTH_SERVER_SUPPORT
++- new->system_auth = true;
+++ new->system_auth = false;
++ #endif /* AUTH_SERVER_SUPPORT */
+++#ifdef HAVE_PAM
+++ new->PamAuth = true;
+++ new->DefaultPamUser = NULL;
+++#endif
++
++ return new;
++ }
++@@ -696,6 +700,13 @@
++ readSizeT (infopath, "MaxCompressionLevel", p,
++ &retval->MaxCompressionLevel);
++ #endif /* SERVER_SUPPORT */
+++#ifdef HAVE_PAM
+++ else if (!strcmp (line, "DefaultPamUser"))
+++ retval->DefaultPamUser = xstrdup(p);
+++ else if (!strcmp (line, "PamAuth"))
+++ readBool (infopath, "PamAuth", p,
+++ &retval->PamAuth);
+++#endif
++ else
++ /* We may be dealing with a keyword which was added in a
++ subsequent version of CVS. In that case it is a good idea
++diff -ruN cvs-1.12.13-old/src/parseinfo.h cvs-1.12.13/src/parseinfo.h
++--- cvs-1.12.13-old/src/parseinfo.h 2005-09-05 04:03:38.000000000 +0100
+++++ cvs-1.12.13/src/parseinfo.h 2006-05-19 22:40:31.000000000 +0100
++@@ -59,6 +59,10 @@
++ #ifdef PRESERVE_PERMISSIONS_SUPPORT
++ bool preserve_perms;
++ #endif /* PRESERVE_PERMISSIONS_SUPPORT */
+++#ifdef HAVE_PAM
+++ char *DefaultPamUser;
+++ bool PamAuth;
+++#endif
++ };
++
++ bool parse_error (const char *, unsigned int);
++diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
++--- cvs-1.12.13-old/src/server.c 2005-09-28 16:25:59.000000000 +0100
+++++ cvs-1.12.13/src/server.c 2006-05-20 00:45:14.000000000 +0100
++@@ -6919,6 +6919,15 @@
++ {
++ pam_stage = "get pam user";
++ retval = pam_get_item (pamh, PAM_USER, (const void **)username);
+++ if ((retval != PAM_SUCCESS) && (NULL != config->DefaultPamUser))
+++ {
+++ /* An issue with using pam is that the host may well not have
+++ a local user entry to match the authenticated user. If this
+++ has failed, optionally fall back to a specified local
+++ username */
+++ *username = xstrdup(config->DefaultPamUser);
+++ retval = PAM_SUCCESS;
+++ }
++ }
++
++ if (retval != PAM_SUCCESS)
++@@ -7022,7 +7031,11 @@
++
++ assert (rc == 0);
++
+++#ifdef HAVE_PAM
+++ if (!config->system_auth && !config->PamAuth)
+++#else
++ if (!config->system_auth)
+++#endif
++ {
++ /* Note that the message _does_ distinguish between the case in
++ which we check for a system password and the case in which
++@@ -7037,9 +7050,10 @@
++
++ /* No cvs password found, so try /etc/passwd. */
++ #ifdef HAVE_PAM
++- if (check_pam_password (&username, password))
+++ if ( (config->PamAuth && check_pam_password (&username, password)) ||
+++ (config->system_auth && check_system_password (username, password)))
++ #else /* !HAVE_PAM */
++- if (check_system_password (username, password))
+++ if (config->system_auth && check_system_password (username, password))
++ #endif /* HAVE_PAM */
++ host_user = xstrdup (username);
++ else
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/94_parseopts
++++ cvs-1.12.13/debian/patches/94_parseopts
+@@ -0,0 +1,108 @@
++diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h
++--- cvs-1.12.13-old/src/cvs.h 2006-08-19 00:05:38.000000000 +0100
+++++ cvs-1.12.13/src/cvs.h 2006-08-19 00:05:41.000000000 +0100
++@@ -177,6 +177,7 @@
++ #define CVSROOTADM_LOGINFO "loginfo"
++ #define CVSROOTADM_MODULES "modules"
++ #define CVSROOTADM_NOTIFY "notify"
+++#define CVSROOTADM_OPTIONS "options"
++ #define CVSROOTADM_PASSWD "passwd"
++ #define CVSROOTADM_POSTADMIN "postadmin"
++ #define CVSROOTADM_POSTPROXY "postproxy"
++@@ -506,6 +507,7 @@
++ char *strcat_filename_onto_homedir (const char *, const char *);
++ char *cvs_temp_name (void);
++ FILE *cvs_temp_file (char **filename);
+++void parseopts (const char *root);
++
++ int ls (int argc, char *argv[]);
++ int unlink_file (const char *f);
++diff -ruN cvs-1.12.13-old/src/main.c cvs-1.12.13/src/main.c
++--- cvs-1.12.13-old/src/main.c 2006-08-19 00:05:38.000000000 +0100
+++++ cvs-1.12.13/src/main.c 2006-08-19 00:08:14.000000000 +0100
++@@ -1108,6 +1108,8 @@
++ CVSROOT/config file to fix the broken one! */
++ if (config) free_config (config);
++ config = parse_config (current_parsed_root->directory, NULL);
+++ /* Now is a convenient time to read CVSROOT/options */
+++ parseopts(current_parsed_root->directory);
++
++ /* Can set TMPDIR in the environment if necessary now, since
++ * if it was set in config, we now know it.
++@@ -1482,5 +1484,63 @@
++ exit (EXIT_FAILURE);
++ }
++
+++void
+++parseopts(root)
+++ const char *root;
+++{
+++ char path[PATH_MAX];
+++ int save_errno;
+++ char buf[1024];
+++ const char *p;
+++ char *q;
+++ FILE *fp;
+++
+++ if (root == NULL) {
+++ printf("no CVSROOT in parseopts\n");
+++ return;
+++ }
+++ p = strchr (root, ':');
+++ if (p)
+++ p++;
+++ else
+++ p = root;
+++ if (p == NULL) {
+++ printf("mangled CVSROOT in parseopts\n");
+++ return;
+++ }
+++ (void) sprintf (path, "%s/%s/%s", p, CVSROOTADM, CVSROOTADM_OPTIONS);
+++ if ((fp = fopen(path, "r")) != NULL) {
+++ while (fgets(buf, sizeof buf, fp) != NULL) {
+++ if (buf[0] == '#')
+++ continue;
+++ q = strrchr(buf, '\n');
+++ if (q)
+++ *q = '\0';
+++
+++ if (!strncmp(buf, "tag=", 4)) {
+++ char *what;
+++ char *rcs_localid;
+++
+++ rcs_localid = buf + 4;
+++ RCS_setlocalid(path, 0, &config->keywords, rcs_localid);
+++ }
+++ if (!strncmp(buf, "tagexpand=", 10)) {
+++ char *what;
+++ char *rcs_incexc;
+++
+++ rcs_incexc = buf + 10;
+++ RCS_setincexc(&config->keywords, rcs_incexc);
+++ }
+++ /*
+++ * OpenBSD has a "umask=" and "dlimit=" command, we silently
+++ * ignore them here since they are not much use to us. cvsumask
+++ * defaults to 002 already, and the dlimit (data size limit)
+++ * should really be handled elsewhere (eg: login.conf).
+++ */
+++ }
+++ fclose(fp);
+++ }
+++}
+++
++ /* vim:tabstop=8:shiftwidth=4
++ */
++diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
++--- cvs-1.12.13-old/src/server.c 2006-08-19 00:05:38.000000000 +0100
+++++ cvs-1.12.13/src/server.c 2006-08-19 00:05:41.000000000 +0100
++@@ -985,6 +985,9 @@
++ config->MaxCompressionLevel);
++ }
++
+++ /* Now is a good time to read CVSROOT/options too. */
+++ parseopts(current_parsed_root->directory);
+++
++ path = xmalloc (strlen (current_parsed_root->directory)
++ + sizeof (CVSROOTADM)
++ + 2);
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/89_history_val-tag_world_writeable
++++ cvs-1.12.13/debian/patches/89_history_val-tag_world_writeable
+@@ -0,0 +1,31 @@
++# Don't make history and val-tags files world-writable when creating a
++# new repository. (Closes: #125892)
++#
++# Author unknown, probably Eric Gillespie, Jr. <epg@debian.org>
++diff -ruN cvs-1.12.13-old/src/mkmodules.c cvs-1.12.13/src/mkmodules.c
++--- cvs-1.12.13-old/src/mkmodules.c 2005-05-25 04:59:01.000000000 +0800
+++++ cvs-1.12.13/src/mkmodules.c 2006-02-26 22:27:55.000000000 +0800
++@@ -1249,11 +1249,6 @@
++ fp = xfopen (info, "w");
++ if (fclose (fp) < 0)
++ error (1, errno, "cannot close %s", info);
++-
++- /* Make the new history file world-writeable, since every CVS
++- user will need to be able to write to it. We use chmod()
++- because xchmod() is too shy. */
++- chmod (info, 0666);
++ }
++
++ /* Make an empty val-tags file to prevent problems creating it later. */
++@@ -1267,11 +1262,6 @@
++ fp = xfopen (info, "w");
++ if (fclose (fp) < 0)
++ error (1, errno, "cannot close %s", info);
++-
++- /* Make the new val-tags file world-writeable, since every CVS
++- user will need to be able to write to it. We use chmod()
++- because xchmod() is too shy. */
++- chmod (info, 0666);
++ }
++
++ free (info);
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/12_rcs2log_POSIX_sort
++++ cvs-1.12.13/debian/patches/12_rcs2log_POSIX_sort
+@@ -0,0 +1,15 @@
++# Make rcs2log use POSIX 1003.1-2001 compliant `sort'. Closes: #368909
++# Patch taken from http://cvs.pld.org.pl/SOURCES/cvs-POSIX.patch?rev=1.1 ,
++# Thanks to the PLD Team.
++diff -Nru ../build-tree.old/cvs-1.12.13/contrib/rcs2log.sh ./cvs-1.12.13/contrib/rcs2log.sh
++--- ../build-tree.old/cvs-1.12.13/contrib/rcs2log.sh 2006-05-26 15:16:54.000000000 +0800
+++++ ./cvs-1.12.13/contrib/rcs2log.sh 2006-05-26 15:16:35.000000000 +0800
++@@ -649,7 +649,7 @@
++ # Sort the log entries, first by date+time (in reverse order),
++ # then by author, then by log entry, and finally by file name and revision
++ # (just in case).
++-sort -t"$SOH" +2 -4r +4 +0 |
+++sort -t"$SOH" -k 3,4r -k 5 -k 1 |
++
++ # Finally, reformat the sorted log entries.
++ $AWK -F"$SOH" '
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/80_cvs-repouid-0.1
++++ cvs-1.12.13/debian/patches/80_cvs-repouid-0.1
+@@ -0,0 +1,111 @@
++#
++# cvs-repouid patch for controlling pserver access. See
++# README.Debian for details.
++#
++# Original patch by Wichert Akkerman <wakkerma@debian.org>, fixes by
++# Steve McIntyre <steve@einval.com> with help from Alberto Garcia
++# <agarcia@igalia.com>
++diff -ruN cvs-1.12.13-old/src/cvs.h cvs-1.12.13/src/cvs.h
++--- cvs-1.12.13-old/src/cvs.h 2005-10-02 23:17:20.000000000 +0800
+++++ cvs-1.12.13/src/cvs.h 2006-02-26 22:08:16.000000000 +0800
++@@ -145,6 +145,13 @@
++ #define CVSADM_TEMPLATE "CVS/Template"
++ #endif /* USE_VMS_FILENAMES */
++
+++/* Global configuration file mapping repositories to uids. This can be
+++ used instead of getting the unix user. This is prevents a security
+++ problem where anyone with commit access can basically become any
+++ user on the machine. Combined with the insecure pserver that is a
+++ problem waiting to happen. */
+++#define CVS_REPOUIDFILE "/etc/cvs-repouids"
+++
++ /* This is the special directory which we use to store various extra
++ per-directory information in the repository. It must be the same as
++ CVSADM to avoid creating a new reserved directory name which users cannot
++diff -ruN cvs-1.12.13-old/src/server.c cvs-1.12.13/src/server.c
++--- cvs-1.12.13-old/src/server.c 2005-09-28 23:25:59.000000000 +0800
+++++ cvs-1.12.13/src/server.c 2006-02-26 22:08:16.000000000 +0800
++@@ -6570,6 +6570,12 @@
++ exit (EXIT_FAILURE);
++ }
++
+++ if (pw->pw_uid == 0)
+++ {
+++ printf("error 0: root not allowed\n");
+++ exit (EXIT_FAILURE);
+++ }
+++
++ #if HAVE_INITGROUPS
++ if (initgroups (pw->pw_name, pw->pw_gid) < 0
++ # ifdef EPERM
++@@ -6667,6 +6673,51 @@
++ }
++ #endif
++
+++static char*
+++global_repo_uid(const char* repository)
+++{
+++ FILE *fp;
+++ char *linebuf = NULL;
+++ size_t linebuf_len;
+++ int found_it = 0;
+++ size_t repolen = strlen (repository);
+++ char *user;
+++
+++ fp = fopen (CVS_REPOUIDFILE, "r");
+++ if (fp == NULL)
+++ {
+++ if (!existence_error (errno))
+++ error (0, errno, "cannot open %s", CVS_REPOUIDFILE);
+++ return NULL;
+++ }
+++
+++ while (getline (&linebuf, &linebuf_len, fp) >= 0)
+++ {
+++ if ((strncmp (linebuf, repository, repolen) == 0)
+++ && (linebuf[repolen] == ':'))
+++ {
+++ found_it = 1;
+++ break;
+++ }
+++ }
+++
+++ if (ferror (fp))
+++ error (0, errno, "cannot read %s", CVS_REPOUIDFILE);
+++ if (fclose (fp) < 0)
+++ error (0, errno, "cannot close %s", CVS_REPOUIDFILE);
+++
+++ if (!found_it) {
+++ free (linebuf);
+++ return NULL;
+++ }
+++
+++ strtok (linebuf + repolen, "\n");
+++ user = xstrdup (linebuf + repolen + 1);
+++ free (linebuf);
+++
+++ return user;
+++}
+++
++ #ifdef AUTH_SERVER_SUPPORT
++
++ extern char *crypt (const char *, const char *);
++@@ -6738,7 +6789,7 @@
++ /* If found_it, then linebuf contains the information we need. */
++ if (found_it)
++ {
++- char *found_password, *host_user_tmp;
+++ char *found_password, *host_user_tmp, *user_override;
++ char *non_cvsuser_portion;
++
++ /* We need to make sure lines such as
++@@ -6805,6 +6856,9 @@
++ /* Give host_user_ptr permanent storage. */
++ *host_user_ptr = xstrdup (host_user_tmp);
++ retval = 1;
+++ user_override = global_repo_uid (repository);
+++ if (user_override)
+++ *host_user_ptr = user_override;
++ }
++ else
++ {
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/10_rsc2log_fix
++++ cvs-1.12.13/debian/patches/10_rsc2log_fix
+@@ -0,0 +1,49 @@
++#
++# Patch to make the rcs2log script cope with old-format (5 parameter)
++# and new-format (6 parameter) log output. Bug#258140
++#
++# Patch from Ludovic Rousseau <rousseau@debian.org>
++diff -ruN cvs-1.12.13-old/contrib/rcs2log.sh cvs-1.12.13/contrib/rcs2log.sh
++--- cvs-1.12.13-old/contrib/rcs2log.sh 2005-07-12 22:12:55.000000000 +0800
+++++ cvs-1.12.13/contrib/rcs2log.sh 2006-02-26 17:43:11.000000000 +0800
++@@ -416,11 +416,24 @@
++ : ;;
++ esac >$llogout || exit
++
+++# the date format in 'cvs -q log' changed
+++# it was
+++# date: 2003/05/06 21:23:30; author: rousseau; state: Exp; lines: +29 -31
+++# it is now
+++# date: 2003-05-06 21:23:30 +0000; author: rousseau; state: Exp; lines: +29 -31
++ output_authors='/^date: / {
++- if ($2 ~ /^[0-9]*[-\/][0-9][0-9][-\/][0-9][0-9]$/ && $3 ~ /^[0-9][0-9]:[0-9][0-9]:[0-9][0-9][-+0-9:]*;$/ && $4 == "author:" && $5 ~ /^[^;]*;$/) {
++- print substr($5, 1, length($5)-1)
++- }
+++ # old date format
+++ if ($2 ~ /^[0-9]*[-\/][0-9][0-9][-\/][0-9][0-9]$/ && $3 ~ /^[0-9][0-9]:[0-9][0-9]:[0-9][0-9][-+0-9:]*;$/ && $4 == "author:" && $5 ~ /^[^;]*;$/) {
+++ print substr($5, 1, length($5)-1)
+++ }
+++ else {
+++ # new date format
+++ if ($2 ~ /^[0-9]*[-\/][0-9][0-9][-\/][0-9][0-9]$/ && $3 ~ /^[0-9][0-9]:[0-9][0-9]:[0-9][0-9][-+0-9:]*$/ && $5 == "author:" && $6 ~ /^[^;]*;$/) {
+++ print substr($6, 1, length($6)-1)
+++ }
+++ }
++ }'
+++
++ authors=`
++ $AWK "$output_authors" <"$rlogfile" | sort -u | comm -23 - $llogout
++ `
++@@ -611,7 +624,11 @@
++ date = newdate date
++ }
++ time = substr($3, 1, length($3) - 1)
++- author = substr($5, 1, length($5)-1)
+++ author = substr($5, 1, length($5)-1)
+++ if (author ~ /author/) {
+++ # new date format
+++ author = substr($6, 1, length($6)-1)
+++ }
++ printf "%s%s%s%s%s%s%s%s%s%s", filename, SOH, rev, SOH, date, SOH, time, SOH, author, SOH
++ rev = "?"
++ next
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/86_server_wrapper
++++ cvs-1.12.13/debian/patches/86_server_wrapper
+@@ -0,0 +1,51 @@
++#
++# Added patch to support cvs -W ! - clears all wrappers (patch also
++# forwarded to CVS people) #3374
++#
++# Patch by Michael Alan Dorman <mdorman@lot49.med.miami.edu>
++diff -ruN cvs-1.12.13-old/src/wrapper.c cvs-1.12.13/src/wrapper.c
++--- cvs-1.12.13-old/src/wrapper.c 2005-09-04 08:27:44.000000000 +0800
+++++ cvs-1.12.13/src/wrapper.c 2006-02-26 22:26:53.000000000 +0800
++@@ -86,7 +86,7 @@
++ move this to a per-connection data structure, or better yet
++ think about a cleaner solution. */
++ static int wrap_setup_already_done = 0;
++- char *homedir;
+++ char *homedir = NULL;
++
++ if (wrap_setup_already_done != 0)
++ return;
++@@ -107,6 +107,11 @@
++ free (file);
++ }
++
+++#ifdef SERVER_SUPPORT
+++ if (!server_active)
+++#endif
+++ {
+++
++ /* Then add entries found in home dir, (if user has one) and file
++ exists. */
++ homedir = get_homedir ();
++@@ -115,6 +120,8 @@
++ hand it might be obnoxious to complain when CVS will function
++ just fine without .cvswrappers (and many users won't even know what
++ .cvswrappers is). */
+++ }
+++
++ if (homedir != NULL)
++ {
++ char *file = strcat_filename_onto_homedir (homedir, CVSDOTWRAPPER);
++@@ -339,6 +346,12 @@
++ if (!line || line[0] == '#')
++ return;
++
+++ /* Allows user to declare all wrappers null and void */
+++ if ( line[0] == '!') {
+++ wrap_kill ( );
+++ return;
+++ }
+++
++ memset (&e, 0, sizeof(e));
++
++ /* Search for the wild card */
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/98_fix_sparc_sigbus.diff
++++ cvs-1.12.13/debian/patches/98_fix_sparc_sigbus.diff
+@@ -0,0 +1,30 @@
++diff -Nru cvs-1.12.13.orig/src/update.c cvs-1.12.13/src/update.c
++--- cvs-1.12.13.orig/src/update.c 2005-09-22 20:49:17.000000000 +0200
+++++ cvs-1.12.13/src/update.c 2006-12-15 01:35:54.000000000 +0100
++@@ -58,7 +58,7 @@
++ static int patch_file (struct file_info *finfo,
++ Vers_TS *vers_ts,
++ int *docheckout, struct stat *file_info,
++- unsigned char *checksum);
+++ md5_uint32 *checksum);
++ static void patch_file_write (void *, const char *, size_t);
++ #endif
++ static int merge_file (struct file_info *finfo, Vers_TS *vers);
++@@ -723,7 +723,7 @@
++ {
++ int docheckout;
++ struct stat file_info;
++- unsigned char checksum[16];
+++ md5_uint32 checksum[4];
++
++ retval = patch_file (finfo,
++ vers, &docheckout,
++@@ -1511,7 +1511,7 @@
++ */
++ static int
++ patch_file (struct file_info *finfo, Vers_TS *vers_ts, int *docheckout,
++- struct stat *file_info, unsigned char *checksum)
+++ struct stat *file_info, md5_uint32 *checksum)
++ {
++ char *backup;
++ char *file1;
--- /dev/null
+--- cvs-1.12.13.orig/debian/patches/90zlib-read-compressed.diff
++++ cvs-1.12.13/debian/patches/90zlib-read-compressed.diff
+@@ -0,0 +1,11 @@
++--- cvs-1.12.13/src/zlib.c~ 3 Jun 2005 18:26:09 -0000 1.31
+++++ cvs-1.12.13/src/zlib.c 27 Oct 2005 17:59:49 -0000
++@@ -229,7 +229,7 @@ compress_buffer_input (void *closure, ch
++ would fetch all the available bytes, and at least one byte. */
++
++ status = (*cb->buf->input) (cb->buf->closure, bd->text,
++- need, BUFFER_DATA_SIZE, &nread);
+++ need ? 1 : 0, BUFFER_DATA_SIZE, &nread);
++
++ if (status == -2)
++ /* Don't try to recover from memory allcoation errors. */