- Changed to use ${CFLAGS} in /etc/make.conf
- Added do-install:, so proper INSTALL macros could be used
PR: 16595
Submitted by: Christopher J. Michaels <cjm2@altavista.net>
the user to remove the client's home directory and the mirrored
files.
INSTALL: Create a home directory for the client user, since one
is needed to hold the authentication key file. Also create an
empty "auth" file so that its permissions will be right. Set the
gcos fields more appropriately.
setuid nobody. If the maintainer would like to develop a workaround
similar to one discussed on the security list then please let me know.
Submitted by: Sergey N. Voronkov <serg@dor.zaural.ru>
packets. A popular ADSL service in Korea sends this result code.
It is wrong, but the patch doesn't harm anybody else.
PR: ports/16372
Submitted by: CHOI Junho <cjh@kr.FreeBSD.ORG>
Reviewed by: jdp
honor of the occasion I have bumped the version number to 1.1.
The port now depends upon the cvsup-bin and cvsupd-bin ports rather
than on the more trouble-prone cvsup port.
The CVSup server is run with "-C 100" (max. 100 clients at a time)
and the true limit is set in the "/usr/local/etc/cvsup/cvsupd.access"
file. This is nice because you can change the limit by editing
the file; you don't have to restart the server. The cvsupd.access
file also contains a rule to limit each individual host to one
connection at a time.
The CVSup client is now run under its own unprivileged user ID
instead of root. This is a security enhancement. It makes it
impossible for a compromised master site to install files into
places outside the mirror area of the filesystem. The permissions
of various other files such as /usr/local/etc/cvsup have also been
strengthened to enhance security.
Both client and server now cd to /var/tmp to run, so that if they
decide to croak they'll be able to write the core file. :-)
The /usr/local/etc/rc.d/cvsupd.sh script now honors the "start"
and "stop" arguments.
The configure script no longer attempts to tell you the sizes of
the various collections. That's impossible to maintain. When I
have time I plan to make a web page where one can obtain that
information from an automatically-updated source. Then I will
reference the URL in the configure script.
It is possible to upgrade an existing cvsup-mirror-1.0 installation
to this new version, but it is tricky because of the change in
ownership of the mirrored files. I will post instructions to the
freebsd-hubs mailing list after I make sure I have the procedure
just right.
