Menu
▾
▴
[Sandweb-commit] CVS: sandweb ChangeLog,1.5,1.6 NEWS,1.5,1.6 README,1.10,1.11 install.cfg,1.21,1.22
|
From: Rob H. <for...@us...> - 2003-04-01 05:40:31
|
Update of /cvsroot/sandweb/sandweb In directory sc8-pr-cvs1:/tmp/cvs-serv26971 Modified Files: ChangeLog NEWS README install.cfg Log Message: bumping version number to 1.0RC1 Index: ChangeLog =================================================================== RCS file: /cvsroot/sandweb/sandweb/ChangeLog,v retrieving revision 1.5 retrieving revision 1.6 diff -U2 -r1.5 -r1.6 --- ChangeLog 24 Feb 2003 07:01:25 -0000 1.5 +++ ChangeLog 1 Apr 2003 05:40:21 -0000 1.6 @@ -1,2 +1,89 @@ +2003-03-31 19:06 formnull + + * INSTALL: cool, the only known issue that was our fault was + already fixed :) booyah! + +2003-03-31 18:53 formnull + + * INSTALL: added known issue + +2003-03-31 18:46 formnull + + * bin/sandweb.cgi, debian/sandweb.cfg, etc/sandweb.cfg, + lib/SandWeb/Repository.pm, lib/SandWeb/Shell.pm, + lib/SandWeb/Repository/cvs.pm: made timeout a global option, now + you can easily set a number of seconds in the sandweb.cfg and CLI + ops will time out at that time ( prevents runaway CVS/SSH processes + and such ). + + Default is 300 seconds ( 5 minutes ). + +2003-03-31 17:21 formnull + + * bin/sandweb-editor, bin/sandweb-expect, bin/sandweb-ssh, + lib/SandWeb/Repository/cvs.pm, tools/install_script.pl: finally! + conquered SSH host key checking and Expect. + + We need a wrapper around SSH for SandWeb to use, so we can pass the + "-o StrictHostKeyChecking no" option ( works in both OpenSSH and + SSH.com versions ). + + This eliminates the timeouts and complexity in sandweb-expect. + +2003-03-05 00:41 formnull + + * lib/SandWeb/Security.pm: hmm.. i think "/" is a safe character, + we need it for CVSROOT anyway. + +2003-03-05 00:31 formnull + + * bin/sandweb.cgi: erase alot of unsafe characters, should prevent + any security breaches. + +2003-03-05 00:19 formnull + + * lib/SandWeb/: Security.pm, Repository/cvs.pm: added some + much-needed security - now Security->shell() just erases unsafe + characters, and tag complains if you don't enter a tag name. + + It's possible for the user to enter an invalid tag name ( e.g. + begins with a number or - or _ ) but they shouldn't be able to make + arbitrary calls to the shell. + +2003-03-03 23:19 formnull + + * bin/sandweb-editor, lib/SandWeb/Repository/cvs.pm, + tools/install_script.pl: ah, another standalone binary that SandWeb + depends on :) + + This is a shell script that acts as CVSEDITOR. + + So, instead of dealing with the security nightmare of passing the + commit message on the command line (cvs commit -m "$message"), now + we can just (CVSEDITOR=/usr/bin/sandweb-editor && export CVSEDITOR + ) first, and write the commit message to $sandweb_dir/commitmsg + + This is very similar to the way we pass the VCS password to + sandweb-expect (that's where I got the inspiration from). + +2003-02-28 03:04 formnull + + * lib/SandWeb/Browse.pm: fix the bug that prevented browse_menu + from not showing anything when pointing at a module that just + contained a single directory, turns out we weren't escaping the . + character when trying to get rid of the "." and ".." dirs (we don't + need those, we have the location bar ). + + closing associated bug on sf.net ( bug#692770 ) + +2003-02-24 18:59 formnull + + * NEWS: oops, forgot to update news file :P oh well, not a huge + deal, we\'ll probably end up doing another beta at some point. + +2003-02-23 23:01 formnull + + * ChangeLog: updating changelog again.. :) + 2003-02-23 23:00 formnull Index: NEWS =================================================================== RCS file: /cvsroot/sandweb/sandweb/NEWS,v retrieving revision 1.5 retrieving revision 1.6 diff -U2 -r1.5 -r1.6 --- NEWS 25 Feb 2003 02:59:58 -0000 1.5 +++ NEWS 1 Apr 2003 05:40:21 -0000 1.6 @@ -1,2 +1,15 @@ +2003-03-31 + + SandWeb 1.0RC1 Released + + This is the first release candidate! If we don't find + any show-stopper bugs, then this will be 1.0! + + Big changes : + + * All known security bugs squashed + * Global timeout for CVS operations added to sandweb.cfg + * Fixed timeout problems in Expect script + 2003-02-24 Index: README =================================================================== RCS file: /cvsroot/sandweb/sandweb/README,v retrieving revision 1.10 retrieving revision 1.11 diff -U2 -r1.10 -r1.11 --- README 2 Feb 2003 23:59:23 -0000 1.10 +++ README 1 Apr 2003 05:40:21 -0000 1.11 @@ -1,4 +1,4 @@ ============================================================================ -SandWeb Summary - BETA Release +SandWeb Summary - 1.0RC1 Release ============================================================================ @@ -8,5 +8,5 @@ It is essentially a multi-user client to version control systems ( VCS ) such as CVS, SVN ( Subversion ), arch or RCS ( only CVS is supported for -the BETA release ). +the 1.0RC1 release ). SandWeb requires a user agent that supports and allows Javascript @@ -20,5 +20,5 @@ using SandWeb. -The BETA release only supports "FlatFile" authentication, in +The 1.0RC1 release only supports "FlatFile" authentication, in which SandWeb uses it's own password file and format. More authentication systems are planned for future releases. @@ -86,5 +86,5 @@ You are now at the repository menu. You can enter username, password, version control system, server name and version control root for as -many repositories as you want. For the BETA release, SandWeb supports +many repositories as you want. For the 1.0RC1 release, SandWeb supports "local", "pserver" and "SSH" CVS repositories. Index: install.cfg =================================================================== RCS file: /cvsroot/sandweb/sandweb/install.cfg,v retrieving revision 1.21 retrieving revision 1.22 diff -U2 -r1.21 -r1.22 --- install.cfg 6 Jan 2003 08:17:37 -0000 1.21 +++ install.cfg 1 Apr 2003 05:40:21 -0000 1.22 @@ -2,13 +2,13 @@ package config; -$bindir = '/usr/local/bin'; -$cfgdir = '/usr/local/etc/sandweb'; -$cgidir = '/var/www/cgi-bin'; -$imgdir = '/var/www/images'; -$tmpldir = '/usr/local/lib/sandweb/templates'; -$cachedir = '/usr/local/share/sandweb'; -$logdir = '/var/log'; -$httpuser = 'www'; +$cfgdir = './debian/tmp/etc/sandweb'; +$cgidir = './debian/tmp/usr/lib/cgi-bin'; +$imgdir = './debian/tmp/var/www/images'; +$tmpldir = './debian/tmp/usr/lib/sandweb/templates'; +$cachedir = './debian/tmp/usr/share/sandweb'; +$logdir = './debian/tmp/var/log'; +$httpuser = 'www-data'; $expectbin = '/usr/bin/expect'; +$bindir = './debian/tmp/usr/bin'; $ssh_bin = '/usr/bin/ssh'; $cvs_bin = '/usr/bin/cvs'; |
