The first patch should be applied by any user of git-cvsserver, and hashes for all pserver accounts updated; because the code originally was using the username instead of the password to validate accounts, and it might had even worked if the first 2 characters of the password where the same (ex: cvsuser/cvspassword). The second one allows for successfully running t9400 in OpenBSD and will protect the code further from the possible use of an undef variable, and shows that support for better password hashes than DES is possible. Carlo Marcelo Arenas Belón (3): git-cvsserver: use crypt correctly to compare password hashes git-cvsserver: protect against NULL in crypt(3) Documentation: cleanup git-cvsserver Documentation/git-cvsserver.txt | 27 +++++++++++++-------------- git-cvsserver.perl | 7 ++++--- t/t9400-git-cvsserver-server.sh | 9 ++++++++- 3 files changed, 25 insertions(+), 18 deletions(-) -- 2.33.0.481.g26d3bed244
