Author: qboosh Date: Sun Nov 6 14:56:12 2011 GMT Module: packages Tag: HEAD ---- Log message: - split from krb5.spec since 1.8; not build-tested
---- Files affected: packages/krb5-appl: kftpd.inetd (NONE -> 1.1) (NEW), kftpd.pamd (NONE -> 1.1) (NEW), klogin.pamd (NONE -> 1.1) (NEW), klogind.inetd (NONE -> 1.1) (NEW), krb5-appl.spec (NONE -> 1.1) (NEW), krb5-ftp-glob.patch (NONE -> 1.1) (NEW), krb5-ftp_fdleak.patch (NONE -> 1.1) (NEW), krb5-ftp_glob_runique.patch (NONE -> 1.1) (NEW), krb5-io.patch (NONE -> 1.1) (NEW), krb5-login-lpass.patch (NONE -> 1.1) (NEW), krb5-manpages.patch (NONE -> 1.1) (NEW), krb5-netkit-rsh.patch (NONE -> 1.1) (NEW), krb5-pam.patch (NONE -> 1.1) (NEW), krb5-passive.patch (NONE -> 1.1) (NEW), krb5-paths.patch (NONE -> 1.1) (NEW), krb5-rcp-markus.patch (NONE -> 1.1) (NEW), krb5-rcp-sendlarge.patch (NONE -> 1.1) (NEW), krb5-rlogind-environ.patch (NONE -> 1.1) (NEW), krb5-selinux-label.patch (NONE -> 1.1) (NEW), krb5-size.patch (NONE -> 1.1) (NEW), krb5-telnet-environ.patch (NONE -> 1.1) (NEW), krb5-tests.patch (NONE -> 1.1) (NEW), krb5-trunk-ftp_mget_case.patch (NONE -> 1.1) (NEW), kshell.inetd (NONE -> 1.1) (NEW), kshell.pamd (NONE -> 1.1) (NEW), ktelnetd.inetd (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/krb5-appl/kftpd.inetd diff -u /dev/null packages/krb5-appl/kftpd.inetd:1.1 --- /dev/null Sun Nov 6 15:56:12 2011 +++ packages/krb5-appl/kftpd.inetd Sun Nov 6 15:56:06 2011 @@ -0,0 +1,9 @@ +SERVICE_NAME=kftpd +SOCK_TYPE=stream +PROTOCOL=tcp +PORT=21 +FLAGS=nowait +USER=root +SERVER=tcpd +DAEMON=/usr/sbin/kftpd +DAEMONARGS="-a -l" ================================================================ Index: packages/krb5-appl/kftpd.pamd diff -u /dev/null packages/krb5-appl/kftpd.pamd:1.1 --- /dev/null Sun Nov 6 15:56:12 2011 +++ packages/krb5-appl/kftpd.pamd Sun Nov 6 15:56:06 2011 @@ -0,0 +1,12 @@ +#%PAM-1.0 +auth required pam_listfile.so item=user sense=deny file=/etc/ftpd/ftpusers onerr=succeed +auth include system-auth +account required pam_nologin.so +account include system-auth +# pam_selinux.so close should be the first session rule +# session required pam_selinux.so close +session include system-auth +session required pam_loginuid.so +# pam_selinux.so open should only be followed by sessions to be executed in the user context +# session required pam_selinux.so open +session optional pam_keyinit.so force revoke ================================================================ Index: packages/krb5-appl/klogin.pamd diff -u /dev/null packages/krb5-appl/klogin.pamd:1.1 --- /dev/null Sun Nov 6 15:56:12 2011 +++ packages/krb5-appl/klogin.pamd Sun Nov 6 15:56:06 2011 @@ -0,0 +1,19 @@ +#%PAM-1.0 +auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist.klogin onerr=succeed +auth required pam_securetty.so +auth include system-auth +account required pam_shells.so +account required pam_nologin.so +account required pam_access.so +account include system-auth +password include system-auth +# pam_selinux.so close should be the first session rule +# session required pam_selinux.so close +session include system-auth +session required pam_loginuid.so +session optional pam_console.so +session optional pam_mail.so +# pam_selinux.so open should only be followed by sessions to be executed in the user context +#session required pam_selinux.so open +#session optional pam_keyinit.so force revoke +session optional pam_ck_connector.so ================================================================ Index: packages/krb5-appl/klogind.inetd diff -u /dev/null packages/krb5-appl/klogind.inetd:1.1 --- /dev/null Sun Nov 6 15:56:12 2011 +++ packages/krb5-appl/klogind.inetd Sun Nov 6 15:56:06 2011 @@ -0,0 +1,10 @@ +SERVICE_NAME=klogin +SOCK_TYPE=stream +PROTOCOL=tcp +FLAGS=nowait +USER=root +SERVER=tcpd +DAEMON=/usr/sbin/klogind +DAEMONARGS="-5" +# for encrypted sessions use the following +#DAEMONARGS="-e -c -5" ================================================================ Index: packages/krb5-appl/krb5-appl.spec diff -u /dev/null packages/krb5-appl/krb5-appl.spec:1.1 --- /dev/null Sun Nov 6 15:56:13 2011 +++ packages/krb5-appl/krb5-appl.spec Sun Nov 6 15:56:06 2011 @@ -0,0 +1,414 @@ +# $Revision$, $Date$ +# +# Conditional build: +%bcond_with selinux # build with selinux support +%bcond_without tests # don't perform make check +# +%define krb5_ver 1.9.1 +Summary: Kerberos V5 Applications +Summary(pl.UTF-8): Aplikacje systemu Kerberos V5 +Name: krb5-appl +Version: 1.0.2 +Release: 0.1 +License: MIT +Group: Networking +Source0: http://web.mit.edu/kerberos/dist/krb5-appl/1.0/%{name}-%{version}-signed.tar +# Source0-md5: 60b2579e65c58c8677d492a50a1398e3 +Source1: klogind.inetd +Source2: kftpd.inetd +Source3: ktelnetd.inetd +Source4: kshell.inetd +Source5: kftpd.pamd +Source6: klogin.pamd +Source7: kshell.pamd +Patch0: krb5-manpages.patch +Patch1: krb5-netkit-rsh.patch +Patch2: krb5-rlogind-environ.patch +Patch3: krb5-passive.patch +Patch4: krb5-size.patch +Patch5: krb5-ftp-glob.patch +Patch6: krb5-paths.patch +Patch7: krb5-io.patch +Patch8: krb5-login-lpass.patch +Patch9: krb5-rcp-markus.patch +Patch10: krb5-rcp-sendlarge.patch +Patch11: krb5-telnet-environ.patch +Patch12: krb5-tests.patch +Patch13: krb5-ftp_fdleak.patch +Patch14: krb5-ftp_glob_runique.patch +Patch15: krb5-pam.patch +Patch16: krb5-selinux-label.patch +Patch17: krb5-trunk-ftp_mget_case.patch +URL: http://web.mit.edu/kerberos/www/ +BuildRequires: autoconf +BuildRequires: bison +BuildRequires: krb5-devel >= %{krb5_ver} +BuildRequires: ncurses-devel +BuildRequires: pam-devel +%{?with_selinux:BuildRequires: libselinux-devel} +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) + +%define _localstatedir /var/lib/kerberos +# doesn't handle %{__cc} with spaces properly +%undefine with_ccache +# mungles cflags +%undefine configure_cache + +%description +This package contains Kerberized versions of telnet, rlogin, rsh, rcp, +and ftp clients and daemons, as well as a terminal login program which +can obtain Kerberos credentials when presented with the user's +password. + +These programs are no longer in wide use, having been supplanted in +many environments by OpenSSH, but there is still some interest in +their continued maintenance. These programs were included in the main +Kerberos 5 distribution through release 1.7, but are now packaged +separately. + +%description -l pl.UTF-8 +Ten pakiet zawiera skerberyzowane wersje klientów i demonów usług +telnet, rlogin, rsh, rcp i ftp, a także terminalowy program login, +wszystkie potrafiące uzyskać dane uwierzytelniające Kerberosa w +przypadku przekazania wraz z hasłem użytkownika. + +Programy te nie są już w szerokim użyciu, w większości środowisk +zostały zastąpione przez OpenSSH, ale jest jeszcze trochę +zainteresowanych ich utrzymywaniem. Były dołączone do dystrybucji +głównej części Kerberosa 5 do wersji 1.7, ale obecnie są rozprowadzane +osobno. + +%package -n krb5-login +Summary: Kerberized version of login program +Summary(pl.UTF-8): Skerberyzowana wersja programu login +Group: Networking +Conflicts: krb5-common < 1.8 + +%description -n krb5-login +login is used when signing onto a system. It can also be used to +switch from one user to another at any time (most modern shells have +support for this feature built into them, however). This package +contains login.krb5 - a kerberized version of login program. + +%description -n krb5-login -l pl.UTF-8 +login jest używany przy logowaniu do systemu. Może być także użyty do +przełączenia z jednego użytkownika na innego w dowolnej chwili +(większość współczesnych powłok ma wbudowaną obsługę tego). Ten pakiet +zawiera program login.krb5 - skerberyzowaną wersję programu login. + +%package -n krb5-rsh +Summary: Clients for remote access commands (rsh, rcp) +Summary(pl.UTF-8): Klienci zdalnego dostępu (rsh, rcp) +Group: Applications/Networking +Requires: krb5-common >= %{krb5_ver} +Obsoletes: rcp +Obsoletes: rsh +Obsoletes: heimdal-rsh + +%description -n krb5-rsh +The rsh package contains a set of programs which allow users to run +commands on remote machines and copy files between machines (rsh and +rcp). Both of these commands use rhosts style authentication. This +package contains the clients needed for all of these services. + +%description -n krb5-rsh -l pl.UTF-8 +Ten pakiet zawiera zestaw narzędzi pozwalających na wykonywanie +poleceń na zdalnych maszynach oraz kopiowanie plików pomiędzy +maszynami (rsh, rcp). + +%package -n krb5-rlogin +Summary: Kerberized remote login program +Summary(pl.UTF-8): Skerberyzowany program do zdalnego logowania +Group: Networking +Requires: krb5-common >= %{krb5_ver} +Provides: rlogin + +%description -n krb5-rlogin +rlogin is a program that connects your terminal on the current local +host system to the remote host system. This package contains +kerberized version of rlogin. + +%description -n krb5-rlogin -l pl.UTF-8 +rlogin to program dołączający terminal systemu lokalnego do systemu na +zdalnym hoście. Ten pakiet zawiera skerberyzowaną wersję programu +rlogin. + +%package -n krb5-kshd +Summary: Kerberized remote shell server +Summary(pl.UTF-8): Skerberyzowany serwer zdalnego dostępu +Group: Networking/Daemons +Requires: krb5-common >= %{krb5_ver} +Requires: rc-inetd >= 0.8.1 +Obsoletes: rshd +Conflicts: heimdal-rshd + +%description -n krb5-kshd +The kshd package contains kerberized remote shell server which +provides remote execution facilities with authentication based on the +Kerberos authentication system. + +%description -n krb5-kshd -l pl.UTF-8 +Ten pakiet zawiera skerberyzowaną wersję serwer zdalnego dostępu, +który umożliwia zdalne wykonywanie poleceń w oparciu o system +uwierzytelniania Kerberos. + +%package -n krb5-klogind +Summary: Kerberized remote login server +Summary(pl.UTF-8): Skerberyzowany serwer zdalnego logowania +Group: Networking/Daemons +Requires: krb5-common >= %{krb5_ver} +Requires: rc-inetd >= 0.8.1 +Obsoletes: rlogind + +%description -n krb5-klogind +Klogind is the server for the rlogin program. The server is based on +rlogind but uses Kerberos authentication. + +%description -n krb5-klogind -l pl.UTF-8 +Klogind jest serwerem dla programu rlogin. Oparty jest na rlogind ale +wykorzystuje system uwierzytelniania Kerberos. + +%package -n krb5-ftp +Summary: Kerberized UNIX FTP (file transfer protocol) client +Summary(pl.UTF-8): Skerberyzowany klient protokołu FTP +Group: Networking +Requires: krb5-common >= %{krb5_ver} +Obsoletes: heimdal-ftp + +%description -n krb5-ftp +The ftp package provides the standard UNIX command-line FTP client +with kerberos authentication support. FTP is the file transfer +protocol, which is a widely used Internet protocol for transferring +files and for archiving files. + +This package contains Kerberized version of FTP client. + +%description -n krb5-ftp -l pl.UTF-8 +Ten pakiet dostarcza standardowego klienta FTP z wbudowaną obsługą +kerberosa. FTP jest protokołem do przesyłania plików szeroko +rozpowszechnionym w Internecie. + +Ten pakiet zawiera skerberyzowaną wersję klienta FTP. + +%package -n krb5-ftpd +Summary: Kerberized UNIX FTP (file transfer protocol) server +Summary(pl.UTF-8): Skerberyzowana wersja serwera FTP +Group: Networking/Daemons +Requires: krb5-common >= %{krb5_ver} +Requires: rc-inetd >= 0.8.1 +Obsoletes: ftpd +Conflicts: heimdal-ftpd + +%description -n krb5-ftpd +FTP is the file transfer protocol, which is a widely used Internet +protocol for transferring files and for archiving files. + +This package contains Kerberized version of FTP server. + +%description -n krb5-ftpd -l pl.UTF-8 +FTP jest protokołem transmisji plików szeroko rozpowszechnionym w +Internecie. + +Ten pakiet zawiera skerberyzowaną wersję serwera FTP. + +%package -n krb5-telnetd +Summary: Kerberized server for the telnet remote login +Summary(pl.UTF-8): Skerberyzowany serwer protokołu telnet +Group: Networking/Daemons +Requires: krb5-common >= %{krb5_ver} +Requires: rc-inetd >= 0.8.1 +Obsoletes: telnetd +Obsoletes: heimdal-telnetd + +%description -n krb5-telnetd +Telnet is a popular protocol for remote logins across the Internet. +This package provides a kerberized telnet daemon which allows remote +logins into the machine it is running on. + +%description -n krb5-telnetd -l pl.UTF-8 +Telnet jest popularnym protokołem zdalnego logowania. Ten pakiet +zawiera skerberyzowany serwer pozwalający na zdalne logowanie się +klientów na maszynę na której działa. + +%package -n krb5-telnet +Summary: Kerberized client for the telnet remote login +Summary(pl.UTF-8): Skerberyzowany klient usługi telnet +Group: Networking +Requires: krb5-common >= %{krb5_ver} +Obsoletes: telnet +Obsoletes: heimdal-telnet + +%description -n krb5-telnet +Telnet is a popular protocol for remote logins across the Internet. +This package provides kerberized command line telnet client. + +%description -n krb5-telnet -l pl.UTF-8 +Telnet jest popularnym protokołem zdalnego logowania. Ten pakiet +zawiera skerberyzowanego klienta tej usługi. + +%prep +%setup -q -c +tar xf %{name}-%{version}.tar.gz +mv %{name}-%{version}/* . +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%{?with_selinux:%patch16 -p1} +%patch17 -p1 + +%build +# Get LFS support on systems that need it which aren't already 64-bit. +%ifarch %{ix86} s390 ppc sparc +CFLAGS="%{rpmcflags} -D_FILE_OFFSET_BITS=64 -I%{_includedir}/ncurses" +CPPFLAGS="-D_FILE_OFFSET_BITS=64 -I%{_includedir}/ncurses" +%else +CFLAGS="%{rpmcflags} -I%{_includedir}/ncurses" +CPPFLAGS="-I%{_includedir}/ncurses" +%endif + +%{__autoconf} +%{__autoheader} +%configure \ + %{?with_selinux:--with-selinux} + +%{__make} + +%{?with_tests:%{__make} -j1 check SKIP_NET_TESTS=1} + +%install +rm -rf $RPM_BUILD_ROOT +install -d $RPM_BUILD_ROOT{%{_sysconfdir},%{_localstatedir},/var/log/kerberos} \ + $RPM_BUILD_ROOT{%{_infodir},%{_mandir}} \ + $RPM_BUILD_ROOT/etc/{pam.d,rc.d/init.d,sysconfig/rc-inetd,shrc.d,logrotate.d} + +%{__make} install \ + DESTDIR=$RPM_BUILD_ROOT + +install %{SOURCE1} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/klogind +install %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/ftpd +install %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/telnetd +install %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/rc-inetd/kshd + +install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/kftpd +install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/klogin +install %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/kshell + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -n krb5-kshd +%service -q rc-inetd reload + +%postun -n krb5-kshd +if [ "$1" = 0 ]; then + %service -q rc-inetd reload +fi + +%post -n krb5-klogind +%service -q rc-inetd reload + +%postun -n krb5-klogind +if [ "$1" = 0 ]; then + %service -q rc-inetd reload +fi + +%post -n krb5-ftpd +%service -q rc-inetd reload + +%postun -n krb5-ftpd +if [ "$1" = 0 ]; then + %service -q rc-inetd reload +fi + +%post -n krb5-telnetd +%service -q rc-inetd reload + +%postun -n krb5-telnetd +if [ "$1" = 0 ]; then + %service -q rc-inetd reload +fi + +%files -n krb5-login +%defattr(644,root,root,755) +%doc NOTICE README +%attr(755,root,root) %{_sbindir}/login.krb5 +%{_mandir}/man8/login.krb5.8* + +%files -n krb5-rsh +%defattr(644,root,root,755) +%doc NOTICE README +%attr(755,root,root) %{_bindir}/rcp +%attr(755,root,root) %{_bindir}/rsh +%{_mandir}/man1/rsh.1* +%{_mandir}/man1/rcp.1* + +%files -n krb5-rlogin +%defattr(644,root,root,755) +%doc NOTICE README +%attr(755,root,root) %{_bindir}/rlogin +%{_mandir}/man1/rlogin.1* + +%files -n krb5-kshd +%defattr(644,root,root,755) +%doc NOTICE README +%attr(755,root,root) %{_sbindir}/kshd +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/rc-inetd/kshd +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/kshell +%{_mandir}/man8/kshd.8* + +%files -n krb5-klogind +%defattr(644,root,root,755) +%doc NOTICE README +%attr(755,root,root) %{_sbindir}/klogind +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/rc-inetd/klogind +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/klogin +%{_mandir}/man8/klogind.8* + +%files -n krb5-ftp +%defattr(644,root,root,755) +%doc NOTICE README gssftp/README.gssftp +%attr(755,root,root) %{_bindir}/ftp +%{_mandir}/man1/ftp.1* + +%files -n krb5-ftpd +%defattr(644,root,root,755) +%doc NOTICE README gssftp/README.gssftp +%attr(755,root,root) %{_sbindir}/ftpd +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/rc-inetd/ftpd +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/kftpd +%{_mandir}/man8/ftpd.8* + +%files -n krb5-telnet +%defattr(644,root,root,755) +%doc NOTICE README +%attr(755,root,root) %{_bindir}/telnet +%{_mandir}/man1/telnet.1* + +%files -n krb5-telnetd +%defattr(644,root,root,755) +%doc NOTICE README +%attr(755,root,root) %{_sbindir}/telnetd +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/rc-inetd/telnetd +%{_mandir}/man8/telnetd.8* + +%define date %(echo `LC_ALL="C" date +"%a %b %d %Y"`) +%changelog +* %{date} PLD Team <[email protected]> +All persons listed below can be reached at <cvs_login>@pld-linux.org + +$Log$ +Revision 1.1 2011/11/06 14:56:06 qboosh +- split from krb5.spec since 1.8; not build-tested ================================================================ Index: packages/krb5-appl/krb5-ftp-glob.patch diff -u /dev/null packages/krb5-appl/krb5-ftp-glob.patch:1.1 --- /dev/null Sun Nov 6 15:56:13 2011 +++ packages/krb5-appl/krb5-ftp-glob.patch Sun Nov 6 15:56:06 2011 @@ -0,0 +1,273 @@ +--- krb5-1.3/gssftp/ftp/cmds.c ++++ krb5-1.3/gssftp/ftp/cmds.c +@@ -99,6 +99,62 @@ + static void quote1 (char *, int, char **); + static char *dotrans (char *); + static char *domap (char *); ++static int checkglob(const char *filename, const char *pattern); ++ ++/* ++ * pipeprotect: protect against "special" local filenames by prepending ++ * "./". Special local filenames are "-" and any "filename" which begins ++ * with either "|" or "/". ++ */ ++static char *pipeprotect(char *name) ++{ ++ static char nu[MAXPATHLEN]; ++ if ((name == NULL) || ++ ((strcmp(name, "-") != 0) && (*name != '|') && (*name != '/'))) { ++ return name; ++ } ++ strcpy(nu, "."); ++ if (*name != '/') strcat(nu, "/"); ++ if (strlen(nu) + strlen(name) >= sizeof(nu)) { ++ return NULL; ++ } ++ strcat(nu, name); ++ return nu; ++} ++ ++/* ++ * Look for embedded ".." in a pathname and change it to "!!", printing ++ * a warning. ++ */ ++static char *pathprotect(char *name) ++{ ++ int gotdots=0, i, len; ++ ++ /* Convert null terminator to trailing / to catch a trailing ".." */ ++ len = strlen(name)+1; ++ name[len-1] = '/'; ++ ++ /* ++ * State machine loop. gotdots is < 0 if not looking at dots, ++ * 0 if we just saw a / and thus might start getting dots, ++ * and the count of dots seen so far if we have seen some. ++ */ ++ for (i=0; i<len; i++) { ++ if (name[i]=='.' && gotdots>=0) gotdots++; ++ else if (name[i]=='/' && gotdots<0) gotdots=0; ++ else if (name[i]=='/' && gotdots==2) { ++ printf("Warning: embedded .. in %.*s (changing to !!)\n", ++ len-1, name); ++ name[i-1] = '!'; ++ name[i-2] = '!'; ++ gotdots = 0; ++ } ++ else if (name[i]=='/') gotdots = 0; ++ else gotdots = -1; ++ } ++ name[len-1] = '\0'; ++ return name; ++} + + /* + * `Another' gets another argument, and stores the new argc and argv. +@@ -844,7 +900,15 @@ + + if (argc == 2) { + argc++; +- argv[2] = argv[1]; ++ /* ++ * Protect the user from accidentally retrieving special ++ * local names. ++ */ ++ argv[2] = pipeprotect(argv[1]); ++ if (!argv[2]) { ++ code = -1; ++ return 0; ++ } + loc++; + } + if (argc < 2 && !another(&argc, &argv, "remote-file")) +@@ -1016,8 +1080,19 @@ + if (mapflag) { + tp = domap(tp); + } +- recvrequest("RETR", tp, cp, "w", +- tp != cp || !interactive, 1); ++ ++ /* Reject embedded ".." */ ++ tp = pathprotect(tp); ++ ++ /* Prepend ./ to "-" or "!*" or leading "/" */ ++ tp = pipeprotect(tp); ++ if (tp == NULL) { ++ /* hmm... how best to handle this? */ ++ mflag = 0; <<Diff was trimmed, longer than 597 lines>> _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
