--- cvstrac-2.0.1.orig/db.c +++ cvstrac-2.0.1/db.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include "config.h" #include "db.h" @@ -125,7 +126,6 @@ ** routine NULLs-out fields of the database we do not want arbitrary ** users to see, such as the USER.PASSWD field. */ -extern int sqlite3StrICmp(const char*, const char*); static int access_authorizer( void *NotUsed, int type, @@ -141,34 +141,34 @@ return SQLITE_OK; #endif }else if( type==SQLITE_READ ){ - if( sqlite3StrICmp(zArg1,"user")==0 ){ - if( sqlite3StrICmp(zArg2,"passwd")==0 || sqlite3StrICmp(zArg2,"email")==0 ){ + if( strcasecmp(zArg1,"user")==0 ){ + if( strcasecmp(zArg2,"passwd")==0 || strcasecmp(zArg2,"email")==0 ){ return SQLITE_IGNORE; } - }else if( sqlite3StrICmp(zArg1, "cookie")==0 ){ + }else if( strcasecmp(zArg1, "cookie")==0 ){ return SQLITE_IGNORE; - }else if( sqlite3StrICmp(zArg1, "config")==0 ){ + }else if( strcasecmp(zArg1, "config")==0 ){ return SQLITE_IGNORE; - }else if( !g.okSetup && sqlite3StrICmp(zArg1, "access_load")==0 ){ + }else if( !g.okSetup && strcasecmp(zArg1, "access_load")==0 ){ return SQLITE_IGNORE; - }else if( (!g.okWrite || g.isAnon) && sqlite3StrICmp(zArg1,"ticket")==0 - && sqlite3StrICmp(zArg2,"contact")==0){ + }else if( (!g.okWrite || g.isAnon) && strcasecmp(zArg1,"ticket")==0 + && strcasecmp(zArg2,"contact")==0){ return SQLITE_IGNORE; - }else if( !g.okCheckout && sqlite3StrICmp(zArg1,"chng")==0 ){ + }else if( !g.okRead && strcasecmp(zArg1,"chng")==0 ){ return SQLITE_IGNORE; - }else if( !g.okCheckout && sqlite3StrICmp(zArg1,"filechng")==0 ){ + }else if( !g.okCheckout && strcasecmp(zArg1,"filechng")==0 ){ return SQLITE_IGNORE; - }else if( !g.okCheckout && sqlite3StrICmp(zArg1,"file")==0 ){ + }else if( !g.okCheckout && strcasecmp(zArg1,"file")==0 ){ return SQLITE_IGNORE; - }else if( !g.okCheckout && sqlite3StrICmp(zArg1,"inspect")==0 ){ + }else if( !g.okRead && strcasecmp(zArg1,"inspect")==0 ){ return SQLITE_IGNORE; - }else if( !g.okRead && sqlite3StrICmp(zArg1,"ticket")==0 ){ + }else if( !g.okRead && strcasecmp(zArg1,"ticket")==0 ){ return SQLITE_IGNORE; - }else if( !g.okRead && sqlite3StrICmp(zArg1,"tktchng")==0 ){ + }else if( !g.okRead && strcasecmp(zArg1,"tktchng")==0 ){ return SQLITE_IGNORE; - }else if( !g.okRdWiki && sqlite3StrICmp(zArg1,"attachment")==0 ){ + }else if( !g.okRdWiki && strcasecmp(zArg1,"attachment")==0 ){ return SQLITE_IGNORE; - }else if( !g.okRdWiki && sqlite3StrICmp(zArg1,"wiki")==0 ){ + }else if( !g.okRdWiki && strcasecmp(zArg1,"wiki")==0 ){ return SQLITE_IGNORE; } return SQLITE_OK; @@ -326,7 +326,7 @@ db_err( zErrMsg ? zErrMsg : sqlite3_errmsg(pDb), zSql, "db_query: Database query failed" ); } - free(zSql); + sqlite3_free(zSql); if( sResult.azElem==0 ){ db_query_callback(&sResult, 0, 0, 0); } @@ -385,7 +385,7 @@ db_err( zErrMsg ? zErrMsg : sqlite3_errmsg(pDb), zSql, "db_short_query: Database query failed" ); } - free(zSql); + sqlite3_free(zSql); return zResult; } @@ -409,7 +409,7 @@ if( rc!=SQLITE_OK ){ db_err(zErrMsg, zSql, "db_execute: Database execute failed"); } - free(zSql); + sqlite3_free(zSql); } /* @@ -448,7 +448,7 @@ if( rc!=SQLITE_OK ){ db_err(zErrMsg, zSql, "db_exists: Database exists query failed"); } - free(zSql); + sqlite3_free(zSql); return iResult; } @@ -470,6 +470,7 @@ db_restrict_query(1); rc = sqlite3_exec(pDb, zSql, 0, 0, &zErrMsg); db_restrict_query(0); + sqlite3_free(zSql); return (rc!=SQLITE_OK) ? zErrMsg : 0; } @@ -538,7 +539,7 @@ db_err(zErrMsg ? zErrMsg : sqlite3_errmsg(pDb), zSql, "db_callback_query: Database query failed"); } - free(zSql); + sqlite3_free(zSql); } /* @@ -565,7 +566,7 @@ db_err(zErrMsg ? zErrMsg : sqlite3_errmsg(pDb), zSql, "db_callback_execute: Database query failed"); } - free(zSql); + sqlite3_free(zSql); } /* @@ -672,7 +673,6 @@ ** name as an argument and returns the value that the user enters in the ** resulting HTML form. A second optional parameter provides a default value. */ -extern int sqlite3StrICmp(const char*, const char*); static void f_aux(sqlite3_context *context, int argc, sqlite3_value **argv){ int i; const char *zParm; @@ -682,7 +682,7 @@ if( zParm==0 ) return; for(i=0; iindex.html + sed -f $(SRCDIR)/VERSION $(SRCDIR)/webpage.html >cvstrac.html clean: rm -f *.o *_.c $(APPNAME) --- cvstrac-2.0.1.orig/maketestdb.c +++ cvstrac-2.0.1/maketestdb.c @@ -62,7 +62,7 @@ sprintf(zBase,"dir_%d",rand()%MAX_DIR); zSql = sqlite3_mprintf("REPLACE INTO file VALUES(1,'%q','%q')",zBase,zDir); sqlite3_exec(db,zSql,0,0,&zErrMsg); - free(zSql); + sqlite3_free(zSql); if(zDir[0]) strcat(zDir,"/"); strcat(zDir,zBase); } @@ -74,14 +74,14 @@ sprintf(zBase,"file_%d.c",k); zSql = sqlite3_mprintf("REPLACE INTO file VALUES(0,'%q','%q')",zBase,zDir); sqlite3_exec(db,zSql,0,0,&zErrMsg); - free(zSql); + sqlite3_free(zSql); /* FIXME: this is definitely _not_ generating CVS version numbers */ zSql = sqlite3_mprintf("INSERT INTO filechng " "VALUES(%d,'%q/%q','%d',%d,%d)", cn,zDir,zBase,cn,rand()%10,rand()%10); sqlite3_exec(db,zSql,0,0,&zErrMsg); - free(zSql); + sqlite3_free(zSql); } zSql = sqlite3_mprintf("INSERT INTO chng " @@ -89,7 +89,7 @@ "COMMIT", cn, when, cn, MAX_CHNG); rc = sqlite3_exec(db,zSql,0,0,&zErrMsg); - free(zSql); + sqlite3_free(zSql); } /***********************************************************************/ --- cvstrac-2.0.1.orig/format.c +++ cvstrac-2.0.1/format.c @@ -701,11 +701,10 @@ ** Return TRUE if the HTML element given in the argument is a form of ** external reference (i.e. A, IMG, etc). */ -extern int sqlite3StrNICmp(const char *, const char*, int); static int isLinkTag(const char *zElem, int nElem){ - return (nElem==1 && 0==sqlite3StrNICmp(zElem,"A",nElem)) - || (nElem==3 && 0==sqlite3StrNICmp(zElem,"IMG",nElem)) - || (nElem==4 && 0==sqlite3StrNICmp(zElem,"CITE",nElem)); + return (nElem==1 && 0==strncasecmp(zElem,"A",nElem)) + || (nElem==3 && 0==strncasecmp(zElem,"IMG",nElem)) + || (nElem==4 && 0==strncasecmp(zElem,"CITE",nElem)); } /* @@ -713,12 +712,11 @@ ** before it ends, then return the number of characters through the end of ** the . If the or the is missing, return 0. */ -extern int sqlite3StrNICmp(const char *, const char*, int); static int is_html(const char *z){ int i; - if( sqlite3StrNICmp(z, "", 6) ) return 0; + if( strncasecmp(z, "", 6) ) return 0; for(i=6; z[i]; i++){ - if( z[i]=='<' && sqlite3StrNICmp(&z[i],"",7)==0 ) return i+7; + if( z[i]=='<' && strncasecmp(&z[i],"",7)==0 ) return i+7; } return 0; } --- cvstrac-2.0.1.orig/search.c +++ cvstrac-2.0.1/search.c @@ -29,11 +29,6 @@ /* -** We'll use this routine in several places. -*/ -extern int sqlite3StrNICmp(const char*,const char*,int); - -/* ** Search for a keyword in text. Return a matching score: ** ** 0 No sign of the word was found in the text @@ -54,7 +49,7 @@ } if( n<=0 ) n = strlen(zWord); for(i=0; zText[i]; i++){ - if( (zText[i]==c1 || zText[i]==c2) && sqlite3StrNICmp(zWord,&zText[i],n)==0){ + if( (zText[i]==c1 || zText[i]==c2) && strncasecmp(zWord,&zText[i],n)==0){ int score = 6; if( (i==0 || !isalnum(zText[i-1])) && (zText[i+n]==0 || !isalnum(zText[i+n])) ){ @@ -282,7 +277,7 @@ int n; if( tolower(c)!=tolower(azKey[k][0]) ) continue; n = keySize[k]; - if( sqlite3StrNICmp(&zAll[j],azKey[k],n)==0 ){ + if( strncasecmp(&zAll[j],azKey[k],n)==0 ){ strcpy(z,""); z += 3; while( n ){ --- cvstrac-2.0.1.orig/makewikiinit.c +++ cvstrac-2.0.1/makewikiinit.c @@ -98,7 +98,7 @@ "SELECT name, text FROM wiki WHERE name='%s' LIMIT 1", azName[i]); rc = sqlite3_exec(db,zSql,generate_page,0,&zErrMsg); - free(zSql); + sqlite3_free(zSql); if( rc!=SQLITE_OK ){ fprintf(stderr,"Database error: %s\n", zErrMsg); exit(1); --- cvstrac-2.0.1.orig/view.c +++ cvstrac-2.0.1/view.c @@ -219,8 +219,6 @@ ** pointer to an error message string (obtained from malloc) if ** there is a problem. */ -extern int sqlite3StrNICmp(const char*,const char*,int); -extern int sqlite3StrICmp(const char*,const char*); char *verify_sql_statement(char *zSql){ int i; @@ -228,7 +226,7 @@ ** the first token is "SELECT" and that there are no unquoted semicolons. */ for(i=0; isspace(zSql[i]); i++){} - if( sqlite3StrNICmp(&zSql[i],"select",6)!=0 ){ + if( strncasecmp(&zSql[i],"select",6)!=0 ){ return mprintf("The SQL must be a SELECT statement"); } for(i=0; zSql[i]; i++){ --- cvstrac-2.0.1.orig/Makefile +++ cvstrac-2.0.1/Makefile @@ -0,0 +1,36 @@ +#!/usr/bin/make +# +#### The toplevel directory of the source tree. +# +SRCDIR = $(shell pwd) + +#### C Compiler and options for use in building executables that +# will run on the platform that is doing the build. +# +BCC = gcc -g -O2 + +#### The suffix to add to executable files. ".exe" for windows. +# Nothing for unix. +# +E = + +#### C Compile and options for use in building executables that +# will run on the target platform. This is usually the same +# as BCC, unless you are cross-compiling. +# +#TCC = gcc -O6 +TCC = gcc -g -O0 -Wall +#TCC = gcc -g -O0 -Wall -fprofile-arcs -ftest-coverage + +#### Extra arguments for linking against SQLite +# +LIBSQLITE = -lsqlite3 -lcrypt -lm + +#### Installation directory +# +INSTALLDIR = $(DESTDIR)/usr/bin + + +# You should not need to change anything below this line +############################################################################### +include $(SRCDIR)/main.mk --- cvstrac-2.0.1.orig/cvstrac.html +++ cvstrac-2.0.1/cvstrac.html @@ -0,0 +1,78 @@ + + +CVSTrac - A Web-Based Bug And Patch-Set Tracking System For CVS + + +

CVSTrac

+

A Web-Based Bug And Patch-Set Tracking System For CVS, +Subversion and GIT

+ +
+Latest version: 2.0.1 + +
+ +

+

+ + + + + + + +
Web Service:http://www.cvstrac.org/
CVSTrac Service:http://www.cvstrac.org/cvstrac/
AnonCVS Service::pserver:anonymous@cvs.cvstrac.org:/cvstrac
+
+ +

Features

+ +

+

    +
  • Automatically generates a patch-set log + from check-in comments
    • +
  • User-defined color-coded database queries
    • +
  • Web-based administration of the CVSROOT/passwd file
    • +
  • Built-in repository browser
    • +
  • Built-in Wiki
    • +
  • Very simple setup - a self-contained executable runs as CGI, from inetd, or + as a stand-alone web server
    • +
  • Minimal memory, disk and CPU requirements - works on old hardware
    • +
  • Access permissions configurable separately for each user
    • +
  • Allows for anonymous users
    • +
  • Uses a built-in SQL database engine + (SQLite) - + no external RDBMS required
    • +
  • Tested under Linux - works on other versions of Unix. + Also + works under Windows
    • +
  • Can be run from a + + chroot jail for added security.
    • +
  • GNU Public License
    • +
+

+ +

Status

+ +

+CVSTrac is self-hosting. To experiment with using CVSTrac, or +for information on the change history, +additional documentation, and +current status of CVSTrac, or to enter new bug reports or new feature +requests, visit the CVSTrac server at +http://www.cvstrac.org/cvstrac/. +

+ +

Downloading, Compiling, Installing, Etc.

+ +

+Instructions on how to +download, +compile, and +install +CVSTrac are contained in the +CVSTrac wiki. +

+ + + --- cvstrac-2.0.1.orig/debian/dirs +++ cvstrac-2.0.1/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/sbin --- cvstrac-2.0.1.orig/debian/docs +++ cvstrac-2.0.1/debian/docs @@ -0,0 +1 @@ +cvstrac.html --- cvstrac-2.0.1.orig/debian/control +++ cvstrac-2.0.1/debian/control @@ -0,0 +1,19 @@ +Source: cvstrac +Section: devel +Priority: optional +Maintainer: Edelhard Becker +Build-Depends: debhelper (>= 4.0.0), libsqlite3-dev +Standards-Version: 3.7.3 + +Package: cvstrac +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, rcs +Description: Low-ceremony bug tracker for medium-sized projects under CVS + CVSTrac implements a low-ceremony Web-based bug and patch-set tracking system + for use with CVS. Features include automatic changelog generation, repository + change history browsing, user-defined bug database queries, Wiki pages, and + Web-based administration of the CVSROOT/passwd file. CVSTrac is a stand-alone + C program that operates either as CGI or as its own Web server. + . + Author: D. Richard Hipp + Homepage: http://www.cvstrac.org/ --- cvstrac-2.0.1.orig/debian/rules +++ cvstrac-2.0.1/debian/rules @@ -0,0 +1,98 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + + + + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + #docbook-to-man debian/cvstrac.sgml > cvstrac.1 + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + $(MAKE) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/cvstrac. + $(MAKE) install DESTDIR=$(CURDIR)/debian/cvstrac + + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installexamples +# dh_install +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime +# dh_installinit +# dh_installcron +# dh_installinfo + dh_installman debian/cvstrac.1 + dh_link + dh_strip + dh_compress + dh_fixperms +# dh_perl +# dh_python +# dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- cvstrac-2.0.1.orig/debian/cvstrac.doc-base +++ cvstrac-2.0.1/debian/cvstrac.doc-base @@ -0,0 +1,10 @@ +Document: cvstrac +Title: CVSTrac Overview +Author: D. Richard Hipp +Abstract: Short overview of CVSTrac +Section: Apps/Programming + +Format: HTML +Index: /usr/share/doc/cvstrac/cvstrac.html +Files: /usr/share/doc/cvstrac/cvstrac.html + --- cvstrac-2.0.1.orig/debian/changelog +++ cvstrac-2.0.1/debian/changelog @@ -0,0 +1,71 @@ +cvstrac (2.0.1-3) unstable; urgency=medium + + * applied patchsets [932] and [994] from upstream (Closes: #473964) + http://www.cvstrac.org/cvstrac/chngview?cn=932 + http://www.cvstrac.org/cvstrac/chngview?cn=994 + * applied patchset [969] from upstream (Closes: #471000) + http://www.cvstrac.org/cvstrac/chngview?cn=969 + * set urgency to medium to get cvstrac faster back into testing + * bumped standards to 3.7.3 (no changes needed) + + -- Edelhard Becker Thu, 10 Apr 2008 15:31:04 +0200 + +cvstrac (2.0.1-2) unstable; urgency=low + + * install svntrac and gittrac (Closes: #362580) + (in fact, just install symbolic links because the binary is always the + same) + + -- Edelhard Becker Mon, 03 Sep 2007 13:51:20 +0200 + +cvstrac (2.0.1-1) unstable; urgency=low + + * new upstream release (Closes: #402936) + + -- Edelhard Becker Sun, 02 Sep 2007 20:09:45 +0200 + +cvstrac (2.0.0-1) unstable; urgency=low + + * new upstream release (Closes: #402012) + * added dependency to libsqlite3-dev + * bumped standards to 3.7.2 (no changes needed) + * make package lintian clean + * updated debian/watch file + + -- Edelhard Becker Sun, 02 Sep 2007 18:16:55 +0200 + +cvstrac (1.1.5-2) unstable; urgency=low + + * updated build-deps to libsqlite0 >= 2.8.0 + + -- Edelhard Becker Thu, 30 Dec 2004 15:29:05 +0100 + +cvstrac (1.1.5-1) unstable; urgency=low + + * New upstream release + * repackaged upstream tar file to remove double files and CVS directory + + -- Edelhard Becker Sat, 18 Dec 2004 18:15:22 +0100 + +cvstrac (1.1.4-3) unstable; urgency=low + + * upstream author provides a versioned source file name, watch file now + works + + -- Edelhard Becker Sat, 18 Dec 2004 16:00:01 +0100 + +cvstrac (1.1.4-2) unstable; urgency=low + + * fixed typos in doc-base (Closes: #283694) + * added a watch file template + + -- Edelhard Becker Sun, 12 Dec 2004 14:47:06 +0100 + +cvstrac (1.1.4-1) unstable; urgency=low + + * Initial Release. + * updated reference to upstream wiki in the man page + * Initial upload (Closes: #186793) + + -- Edelhard Becker Thu, 7 Oct 2004 00:22:04 +0200 + --- cvstrac-2.0.1.orig/debian/cvstrac.1 +++ cvstrac-2.0.1/debian/cvstrac.1 @@ -0,0 +1,201 @@ +.TH CVSTRAC 1 "6 October 2004" 1.1.4 +.\" Please adjust this date whenever revising the manpage. + +.SH NAME +cvstrac \- Low\-ceremony bug tracker for projects under CVS + +.SH SYNOPSIS +.B cvstrac [ command\ [ params\ ...\ ]\ ... ] + +.SH DESCRIPTION +The +.B cvstrac +command is used to run the CVSTrac web service, or to initialise +new databases for projects. + +.PP +Please read the section titled +.B Security and Setup +for details of the default password and why you should change it. + +.PP +This manual page was written for the Debian distribution because the +original program source does contain a manual page. However CVSTrac is +well documented at the CVSTrac Wiki, , +and you will be able to fin d more up-to-date information there. + +.PP +.SH OPTIONS +Running cvstrac without options produces a usage message. A summary of +the command sequences which can be passed to cvstrac is included +below. For more details, see +.I /usr/share/doc/cvstrac +on this system. + +.TP +.B chroot dir user +Tells cvstrac to put itself into the chroot gaol +.B dir +and switch to the named user, dropping root privileges. These three +parameters must be the first passed to cvstrac, and processing of +command line parameters continues as normal after the chroot. + +.TP +.B init dir project +Initialises a new CVSTrac database. +.B dir +is the name of the directory in which you want the database to reside, +and +.B project +is the name of the project that CVSTrac will be hosting. The database +file will be created as +.I dir/project.db + +.PP +The following parameters cause CVSTrac to begin responding to HTTP +requests by various methods. You will need to set up the database +before use to ensure that only authorised users have administrative +access. +.B PLEASE READ +and understand the section below entitled +.B Security and Setup +before using these commands, because unless you understand what to do +you'll be leaving your system vulnerable to arbitrary code execution +as the user invoking CVSTrac. + +.TP +.B http dir [ project ] +Causes CVSTrac to start running as an HTTP server on the standard +input, displaying responses to the standard out. +.B dir +should be the name of a directory holding project database or +databases created by +.I cvstrac init +and +.B project +is the name of a project database without the ".db" extension, as for +.I cvstrac init. +If the latter option is given, access is restricted to just the named +project DB, and the access URL will change slightly. See below for +details. + +.TP +.B cgi dir [ project ] +Causes CVSTrac to respond as a CGI script. +.B dir +and +.B project +are interpreted as for +.I cvstrac http. +This invocation can be installed into a simple shell or Perl CGI +script anywhere on a server supporting the Common Gateway Interface. + +.TP +.B server port dir [ project ] +Causes CVSTrac to run as a self-hosted HTTP server on the specified +port. +.B dir +and +.B project +are interpreted as above. + +.SH Access to CVSTrac + +CVSTrac accesses databases created by its own +.B init +command, and is accessed remotely by HTTP. If you did not specify a +single project to access in any of the +.B http, +.B cgi, +or +.B server +commands, then the running CVSTrac instance can be used to access any +database in that directory simply by modifying the URL, but you will +need to supply the name of the database in order to access it. + +.PP +For self-hosted +.B server +instances of CVSTrac, and +.B http +instances started from inetd, the URL to use is of the form + +.PP +.RS +http://hostname[:port]/ +.RE +.PP +if you specified a project in the invocation, or +.PP +.RS +http://hostname[:port]/project/ +.RE +.PP +if you didn't. + +.PP +If running as a CGI script, simply use the URL you would normally use +for the CGI script, with the project name you wish to access tacked on +if necessary, as above. + +.PP +For details of the default password, and why you should change it, +read on! + + +.SH Security and Setup + +Once CVSTrac is installed and running, you should immediately access +it as the setup user, and change the password. The username and +password of the setup user are both "setup". Passwords, rather +counterintuitively, are changed by following the "Logout" hyperlink at +the bottom of the main menu on the start screen. + +.PP +The setup user is able, in normal operation, to configure the service +in a way that can cause arbitrary code to be executed under the same +userid as CVSTrac itself. You should be aware of this, and the fact +that this can easily lead to more serious exploits if the setup user +is compromised. + +.PP +The chroot functionality described above is not a perfect fix for +this, but can be used as an additional security measure. See the +section below entitled +.B Runtime Dependencies +for details of what binaries the chroot gaol will need. + + +.SH Access to the CVS repository +CVSTrac should be installed running as a user with read access to the +CVS repository specified during the interactive setup. Certain +commands, such as the ability to modify +.I CVSROOT/passwd +require the write permissions too. + + +.SH Runtime Dependencies +Besides its libraries, CVSTrac requires the following binaries by +default: +.B co, +.B rcsdiff, +.B rlog +and +.B diff. +If running cvstrac on a Debian system, these will have been installed +as dependencies of the +.I cvstrac +package, or as part of the base system. + + +.SH SEE ALSO +The CVSTrac wiki +.I http://www.cvstrac.org/cvstrac/wiki +and +.I /usr/share/doc/cvstrac/examples +on this system. + + +.SH AUTHOR +This manual page was written by Andrew Chadwick , +for the Debian GNU/Linux system (but may be used by others). --- cvstrac-2.0.1.orig/debian/compat +++ cvstrac-2.0.1/debian/compat @@ -0,0 +1 @@ +4 --- cvstrac-2.0.1.orig/debian/README.Debian +++ cvstrac-2.0.1/debian/README.Debian @@ -0,0 +1,37 @@ +cvstrac for Debian +================== + +Quickstart +---------- + +Let's assume you have a CVS repository called test in /home/hugo, i.e. + + /home/hugo $ ll + total 1 + drwxrwxrwx 3 hugo hugo 856 Jan 12 2004 CVSROOT/ + drwxrwxrwx 3 hugo hugo 128 Apr 27 13:59 test/ + +Then inititalize your database: + + /home/hugo $ cvstrac init /home/hugo test + /home/hugo $ ll + total 73 + drwxrwxrwx 3 hugo hugo 856 Jan 12 2004 CVSROOT/ + drwxrwxrwx 3 hugo hugo 128 Apr 27 13:59 test/ + -rw-r--r-- 1 hugo hugo 70656 Oct 6 22:00 test.db + +Now run your cvstrac server standalone (for more advanced +methods via inetd, with chroot etc. see the CVSTrac Wiki at +http://www.cvstrac.org/cvstrac/wiki?p=CvstracInstallation): + + /home/hugo $ cvstrac server 8722 /home/hugo + +Point your favourite browser to http://localhost:8722/test/ and login with +UserID=setup and Password=setup. Select "User".."setup" and define a new +password, define additional users as needed. +Select "Home".."Setup".."CVS Repository" and enter /home/hugo for the +repository, Module prefix as needed. Then use the button "Reread +CVSROOT/history", on the next screen "Reconstruct" and finally (back on the +"CVS Repository" screen) "Submit". + + -- Edelhard Becker , Wed, 6 Oct 2004 14:10:24 +0200 --- cvstrac-2.0.1.orig/debian/copyright +++ cvstrac-2.0.1/debian/copyright @@ -0,0 +1,29 @@ +This package was debianized by Edelhard Becker on +Wed, 6 Oct 2004 14:10:24 +0200. The manpage was copied from a draft +package made by Andrew Chadwick . + +It was downloaded from http://www.cvstrac.org/cvstrac-src.tar.gz + +Copyright: GPL + +Upstream Author: D. Richard Hipp + +License: + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + 02110-1301, USA. + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + --- cvstrac-2.0.1.orig/debian/watch +++ cvstrac-2.0.1/debian/watch @@ -0,0 +1,6 @@ +# cvstracs watch control file for uscan +# Site Directory Pattern Version Script +version=2 +# Currently the source is only available as cvstrac-src.tar.gz. Once there's a +# versioned archive name, something like the following should do it: +http://www.cvstrac.org/cvstrac/wiki?p=DownloadCvstrac http://www.cvstrac.org/cvstrac-([\d\.]*)\.tar\.gz --- cvstrac-2.0.1.orig/debian/cvstrac.links +++ cvstrac-2.0.1/debian/cvstrac.links @@ -0,0 +1,4 @@ +usr/bin/cvstrac usr/bin/svntrac +usr/share/man/man1/cvstrac.1.gz usr/share/man/man1/svntrac.1.gz +usr/bin/cvstrac usr/bin/gittrac +usr/share/man/man1/cvstrac.1.gz usr/share/man/man1/gittrac.1.gz --- cvstrac-2.0.1.orig/debian/NEWS +++ cvstrac-2.0.1/debian/NEWS @@ -0,0 +1,23 @@ +cvstrac (2.0.0-1) unstable; urgency=low + + * Convert your databases when updating from 1.x releases[1]: + + The most important change in moving from version 1.2.1 to version 2.0.0 + (and up) is that CVSTrac now uses SQLite version 3 instead of SQLite + version 2. If you are upgrading, you will need to convert your database + file to the SQLite version 3 format. This can be done by first making a + text backup of your original database file like this: + + # sqlite myproject.db .dump >myproject.sql + + Then save your original myproject.db as a backup. + + # mv myproject.db myproject.db.bu-v2 + + Next reconstruct your project as an SQLite 3 database: + + # sqlite3 myproject.db Sun, 02 Sep 2007 19:48:58 +0200