On Tue, May 03, 2005, Matthias Kurz wrote: > When i try e.g. 'cvs status' with a CVSROOT of ":ext:..." and > CVS_RSH=ssh, i get an output like: > Yes, cvs 1.12.11 is flawed. I believe it is not a packaging issue, but then again I've not looked too hard at it. I choose instead to stick with 1.12.9 which works correctly.
> Any idea ? Or do i need to debug this ? > There is a new version now cvs-1.12.12 which might fixe the problem. It will take a little more effort than usual to get this update out though, due to Ralf's important patch which normally needs to be painstakingly adjusted. Keep a look out, or if you are impatient then repackage the new version without the rse patch for testing. > Another issue. The zlib included in the cvs package is 1.2.1, which has a > security problem (according to www.zlib.org). The cvs configure recommends > to use --with-external-zlib, because i have 1.2.2 from CURRENT installed. > Should this be the default (and cvs depend on zlib) ? > Good idea, that way we can control CVS's compression and security problems from one source. Packages since today have the feature you mention: $ openpkg rpm --rebuild ftp://ftp.openpkg.org/current/SRC/cvs-1.12.11-20050504.src.rpm The question remains how or what to merge into the 2.2 and 2.3 branches. That's a related security matter which we should consider separately, however. It might be necessary to patch the internal zlib code rather than merging '--with-external-zlib' in (which would be easier of course). Regards, Michael -- Michael Schloh von Bennewitz <[EMAIL PROTECTED]> Development Team, Operations Northern Europe Cable & Wireless Telecommunications Services Tel +49-89-92699-227, Fax +49-89-92699-808
pgpP3G0fuVhly.pgp
Description: PGP signature
