- fixed WNOHANG compile bug on Mandrake,suse,debian 
  and possible other distributions.
- Started README.FAQ
- Re-Added autocert directory.
  Seems it dissappered in some of the last realeases.
  This can happen, when a the "make dist" is run on a host
  without SSL.

- added script which allows user based read/write access in every module.
  (Module based access is a feature, which cvs does't support

  Please read the README.modules file, for further setup information

- compiler fix for RedHat7.1

- added logic so that the you can set for every repository
  allowPasswd=true (or false)
  (default= true)
  When set to false, then cvasuth:

  - does not resolve "passwd" when found in password field
    - exit with "I HATE YOU" - access denied
  - if an encrypted password is found:
          - checks if UserName exists on the machine
          - if cvspass == systempass - "I HATE YOU"- access denied

   - fixed security related bug.
     Even if AllowLocal=false, it was set to true!

- removed debug output when setting up SSL connection
- added patch script
- fixed a segfault in cvs when there is no login found in .cvspass
  (updated the patch against cvs-1.10, cvs-1.11 and WinCVS-ssl)

In general it is a convinient/lazy admin release. 

- First there are minor patches by Achim for BSD like setenv. 
  Now this works with POSIX putenv,which may be more portable.(Solaris port)

- Second: I moved the setuid operation at the very beginning to
          the authentication process. The WriterUID is valid
          if the repository exists, not only if the user sends
	  the correct password. This change made the 
	  "allowLocal" patch safe enough.

- new keys in every repository.
  cvsrootADMIN=name     You can specifiy a name of a CVS User. This
                        name is exported to the environment as
                        CVSROOTADMIN. This is used later in the
                        checkAdminRights script to check if
                        the person is allowed to commit in CVSROOT
			(make sure to enable/disable emailnotify)

  allowLocal=true    (or false). Use this if you want cvsauth to
                     look in $CVSROOT for a file called:
                     This file can contain User=name:passwd:access
                     key/values like you setup for every repository.
                     The benefit of this is, that an admin != root
                     can add users. The lookup of this file, is
                     already done under the writerUID of the CVS
                     repository, there is no more setuid done.

  So, if you are a lazy sysadmin (me) you will do repository setups
  like this:


  And all other users can be added by "joe". (Who is the only
  person who can CVSROOT commits as well.)
  PLEASE: 1. joe must be a person "of trust". Someone who can do CVSROOT
             commits can get a shell on your machine rather easily.
          2. "joe" should be an ssl encrypted account, otherwise every
             "network sniffer" can become "joe" on your machine.
  NOTE:   Because cvsauth installs the secureCVSROOT scripts
          always it is not possible that "joe" grants commit rights
          in CVSROOT to other persons.

- changed log level to 3 , if env variables are NULL and
  are not exported.(the log appeared on pserver without
  the security scripts)
- changed the security scripts, they now use a direkt
  SMTP connect to a mailserver. (needs perl, because
  this module is written in perl)
- new variables in cvsauth.conf:
  They are exported to the environment as:

- added VERSION to help text
- enhancements for sserver/sslserver. Now the -l switch
  decides that you do SSL. If a normal BEGIN AUTH REQUEST
  comes in we do full SSL server. This makes it compatible
  with pure SSL tunnels.
  If BEGIN AUTH SSERVER REQUEST request comes in
  we drop SSL after the authentication phase.

- updated the patches to apply against 1.10.8
- rewritten config file parser to accept empty values
  for example you can leave adminMail or scriptPath empty.
  If your leave things empty which _shouldn't_ you may get
  trouble now :-)
- You can debug the parser with 
  ./cvsauth -d 10 -y -c ./cvsauth.conf -a ./auth.txt 
  On the Command line.

- split the huge patch into smaller ones

- new definition for SSL.
  You need to start cvsauth with the -l option (for ssL).
  cvsauth then starts as first thing a ssl negotiation,
  before expection a BEGIN AUTH REQUEST.
  This makes it compatible with any ssl tunnel you setup,
  but has the disadvantage that you cannot have "one port for all"
  sserver and sslserver is now on port 2405.
  sserver only does the authentication over ssl sslserver encrypts
  everything (slower!)
  s2server now longer exists.  

  - configure.in fixes
  - compile fixes
  - defines NOIDEA as defaults. Its not needed and you need
    to pay licence fees if you compiled openssl with IDEA.

- code cleanup
- bug fixes in security scripts

- added adminMail. cvsauth sets the environment variable CVS_ADMINMAIL.
  An admin is the admin for all repositories, he gets all error
  messages (on login failure, etc..) Its usefull to setup
  a mailinglist for this, set adminMail to this mailinglist
  and subscribe the real CVSAdmin to this list.
- added scriptPath to cvsauth. This sets an environment variable
- added preRun to cvsauth. preRun is executed after setuid but
  before we start cvs.
  cvsauth stops if preRun returns a value != 0.
- added secureCVSROOT script. It checks (and adds it if check fails)
  if you have in your CVSROOT/commitinfo in the _first_ line:
  ^CVSROOT $SCRIPTPATH/checkAdminRights
- added checkAdminRights scripts. This script denies access
  to all cvs users and sends an email to adminMail
  if a user tries to do a commit in CVSROOT.

- ssl support in cvsauth. patch agains cvs for two new access methods
  (sserver,s2server). Please read the README and INSTALL.

- setting supplementary group access. Usefull for links
  through your filesystem. setuid/setgid do not the things
  like "su"

- unset HOME environment variable after the setuid
  (bugfix, if /root is chmod 700)

- if the password in cvsauth.conf is "passwd" it gets the
  encrypted password from the system.(Usefull for NIS)

- if the writerUID does not exists we only warn. If we
  need to cast to it, we abort.

- Many thanks to KOIE Hidetaka for his patch.
  This patch improves the way the passwords are created.
  It is _really_ very random now.
  It fixes a bug, that passwords can contain $ in it
  an improves the lexer definitions for STRING.

- Many thanks to Miles Lott. You now should cvsauth build with

  ./configure --prefix=/usr --sysconfdir=/etc

  This installs the cvsauth.conf in /etc and the excutable in

- changed getline to getline_safe


* initial release