pkglint --only "https instead of http" -r -F
With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.
This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
Problems found with existing digests:
Package memconf distfile memconf-2.16/memconf.gz
b6f4b736cac388dddc5070670351cf7262aba048 [recorded]
95748686a5ad8144232f4d4abc9bf052721a196f [calculated]
Problems found locating distfiles:
Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9
Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz
Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz
Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz
Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Lines 83 to 84 of AN-2015-09-16 mention an issue affecting
unpriviledged users running cdda2wav on NetBSD:
cdda2wav: fixed the file setuid.c to work on NetBSD. Thanks to
Heiko Eißfeldt for reporting.
This is the referenced patch, extracted by fbrosson2014.
Bump PKGREVISION.
NEW features of cdrtools-3.01:
This is the first localization step for cdrtools. All programs now (hopefully)
call gettext() for all strings that need localization.
- The next step will include dgettext() calls for the libraries.
- The following step will include the extracted strings
- The last step will include German translations and install support
for the resulting binary message object files.
NEW features of cdrtools-3.01a30:
****************
This is the final release candidate for cdrtools-3.01-final
****************
All:
- include/schily/signal.h now includes siginfo.h to make sure it
compiles even on very old Solaris versions where signal.h did not
yet include siginfo.h.
- include/schily/wait.h add a missing closing bracket for Haiku
- include/schily/wait.h added CLD_* macros and the enum idtype_t in case
they are missing. This allows to implement a waitid() emulation.
- include/schily/wait.h now includes schily/signal.h in case that
the local /usrinclude/sys/wait.h is non-POSIX and does not
define siginfo_t. This is e.g. the case on FreeBSD.
- The configure tests now include test that correctly identify Mac OS X as
non-POSIX with respect to waitid(). This prevents potential users of
waitid() from the unusable implementation on Mac OS X.
The rule for accepting an existing waitid() is the following:
- si.si_pid is set to be equal to the awaited pid
- si.si_code == CLD_EXITED for a chilt terminated by exit(2)
- si.si_status contains at least 16 bits from the exit(2)
code. This is still not POSIX but better than what we would
get from a historical wait*() call.
- The configure tests now check for the new FreeBSD wait6() and for
idtype_t.
- A new symlink for x86_64-cygwin32_nt-gcc.rul was added
- Added support for cygwin32_wow (not the already present cygwin32_wow64).
- The makefile system now allows to use:
COPTX=-DNO_PRAGMA_WEAK
to disable the use of #pragma weak. This may help to debug some
oddities of the GNU linker.
- The makefile system now includes a new test that needs constraints
that are not really supported by autoconf: it checks whether the
linker supports to link against external weak symbols in another
file. For this reason, a handcrafted complest was written.
This (currently) should fail on Cygwin due to a Cygwin bug.
A platform that allows to link against weak symbols defines
HAVE_LINK_WEAK. This permits the system to automatically detect
usability once e.g. linking on Cygwin will be fixed.
Thanks to Thomas Plank for reporting the known #pragma weak problem
in a new source file (libschily/error.c). Note that error() is a
UNIX (UNOS) libc function that exists since 1980 but some libc
implementors do not follow the rule not to introduce incompatible
interfaces for existing names. So we need to find a workaround
on these platforms.
- autoconf now checks for the type rlim_t in sys/resource.h
Libschily:
- libschily/comerr.c and libschily/fcomerr.c now have better
comment.
- libschily now uses the test:
#if defined(HAVE_PRAGMA_WEAK) && defined(HAVE_LINK_WEAK)
to prevent assuming that is suffucuent when the compiler supports
#pragma weak. We also need to have a linker that links against
weak symbols in libraries. HAVE_LINK_WEAK is e.g. not defined
on Cygwin...
Libmdigest:
- libmdigest now uses the test:
#if defined(HAVE_PRAGMA_WEAK) && defined(HAVE_LINK_WEAK)
to prevent assuming that is suffucuent when the compiler supports
#pragma weak. We also need to have a linker that links against
weak symbols in libraries. HAVE_LINK_WEAK is e.g. not defined
on Cygwin...
All:
- include/schily/sysexits.h adopts to the recent changes on Haiku that
prevent usual autoconf tests as #include <sysexits.h> works but symbols
are only defined with #define _BSD_SOURCE
- include/schily/wait.h now knows about the Haiku specific macro
WIFCORED() and #defines WCOREDUMP() to WIFCORED().
- Support for x86_64-haiku-cc.rul and x86_64-haiku-gcc.rul was added
to the makefile system.
- The file RULES/r-gmake.dep was modified to make sure that the
dependency files (*.d) depend from the include files as well.
Previous versions included xxx.d instead of $(ARCHDIR)/xxx.d
- Makefile system: two new targets have been added:
man creates localized versions of the man pages in the
OBJ directory
installman installs only the manual pages
Libschily:
- New function j_error() works where error() is to generic.
- make strlcatl() and wcslcatl() work with K&R compilers
- libschily/getargs.c now is more careful with calling va_arg()
and only calls it as many times as a related format is found in the
format string.
- libschily now contains a getdelim() implementation and always uses
getdelim() to implement the fgetaline() function.
- libschily: the *mem.c implementations now include new *mexval()
functions to set the exit code on failure to a static value instead
of the default "errno" value for the failure.
- libschily: the linker map file now also lists the forgotten new entries:
strlcatl() and wcslcatl()
- libschily/spawn.c:wait_chld() no longer returns 0 if the child process
was killed by a signal.
- libschily now adds some of the existing (old) man pages for various
functions from libschily.
Libfind:
- libfind/idcache.c now saves uname/gname as long as possible and uses
strlcpy() instead of strncpy().
- libfind: the forgotten entries find_hasexec() and find_hasprint()
have been added to the linker map file
Libsiconv:
- libsiconv: the forgotten sic_base() was added to the linker map file
Cdrecord:
- The programs cdrecord adopts to the recent Haiku
changes with a randomized address space and now use B_EXACT_ADDRESS
instead of B_ANY_ADDRESS for the clone_area() call to get shared memory
for a FIFO.
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- The programs cdda2wav adopts to the recent Haiku
changes with a randomized address space and now use B_EXACT_ADDRESS
instead of B_ANY_ADDRESS for the clone_area() call to get shared memory
for a FIFO.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- mkisofs: isodump did not compile on non c99 compilers.
cdrtools-3.01a25:
All:
- Fixed a typo in autoconf/xconfig.h.in that caused the Win-DOS function
LoadLibrary() not to be recognised correctly.
- Added compile support for: amd64-freebsd-clang*.rul
- include/schily/unistd.h now extends some exceptions to work around
problems with the MS C-compiler to MinGW32.
Libschily:
- libschily/faccessat.c with a faccessat() was added. This has been forgotten
when the *at() functions have been implemented.
- libschily/eaccess.c no longer calls access() in case the the OS does not
implement eaccess() but rather first checks whether uid == euid and gid == egid.
- libschily/eaccess.c compiles again in HP-UX using the HP C-compiler
- libschily/dlfcn.c new file to emulate dlopen() and friends on Win-DOS
and HP-UX
- libschily/lchmod.c was added
- libschily/fchmodat.c no longer contains lchmod()
- The linker mapfile libschily/libschily-mapvers now correctly
makes the entry faccessat() depend on HAVE_FACCESSAT
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- Flush stderr before a question in cdda2wav. This is a workaround
for a Linux libc bug (stderr must be unbuffered acording to the
standard).
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- Fixed a bug in mkisofs: -eltorito-platform Mac no longer uses the
constant EL_TORITO_ARCH_PPC but EL_TORITO_ARCH_MAC as expected.
Thanks to Ady <ady-sf@hotmail.com> for reporting.
- Fixed an option parsing bug in mkisofs that was a result from
option names that are beginning substrings of others. Mkisofs did
try to fix this in 2006, but it seems that one option was missed
in 2006. Now -hide-hfs was fixed, thanks to: Valery Ushakov
cdrtools-3.01a26:
All:
- Various README's, scripts and man pages have been revised to replace
berlios.de by sourceforge.net
Note that some files have not yet been completely updated for that
change as there is no easy way to deal with a site like sourceforge
that does not support ftp:
./conf/src-get
./conf/setup.sh
Because we now assume that any UNIX distro includes a ftp(1) program,
but we cannot assume that there is wget.
cdrtools-3.01a27:
All:
- include/schily//dlfcn.h now includes a #define HAVE_LOADABLE_LIBS
in case we compile on a system that implements runtime loadable
libraries and that libschily implements an adoption for this
local method to the POSIX dlopen()/dlsym()/dlclose(). This is currently
true for Solaris (and similar) that implement dlopen()/dlsym()/dlclose()
natively and for HP-UX and Win-DOS.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- The mkisofs program isoinfo no longer tries to print Rock Ridge
attribute data for ISO images that do not have correct RR data.
- The mkisofs program isovfy no longer tries to print Rock Ridge
attribute data for ISO images that do not have correct RR data.
- The mkisofs program isodump no longer tries to print Rock Ridge
attribute data for ISO images that do not have correct RR data.
This is a result from trying to use these programs on the
plan9 CD image.
cdrtools-3.01a28:
All:
- The makefile rules for installing man pages have been changed so that
OBJ/<archdir>/man/ is no longer a direct dependency of the man page.
This results in repeated "make install" calls not to reinstall
up-to-date man pages again.
- The makefile rules for installing localized sripts have been changed so
hat OBJ/<archdir>/ is no longer a direct dependency of the man page.
This results in repeated "make install" calls not to reinstall
up-to-date scripts again.
- New autoconf test checks whether printf() supports %z
- Some documentation now mentions sourceforge instead of BerliOS
- README.compile now mentions how to use instrumented compilers with
the Schily Makefilesystem.
Libschily:
- strlcatl() wcslcatl(): new functions
- libschily::linkat.c now manually null-terminates the result from
resolvepath() as the Solaris syscall implementation does not
null-terminate it in all cases.
- libschily::resolvepath.c comment added to remind on the fact that
in contrary to out implementation the Solaris resolvepath() syscall
does not null-terminate the buffer.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- mkisofs: isodump did not compile on non c99 compilers.
The bug prevents mkisofs from creating old-style distrib/cdrom ISO
image for macppc. Trying to create bootable macppc CD in distrib/cdrom
using cdrtools mkisofs fails with:
mkisofs: No such file or directory. Invalid node - '--macbin'.
The bug is in option spec that causes mkisofs to misparse
-hide-hfs-list option. The patch is actually a single whitespace
character.
Bump PKGREVISION.
All:
- Fixed the autoconf test for #pragma weak, so it will not
believe that "clang" supports #pragma weak in a compatible way.
This is needed in order to compile libmdigest/sha2.c using clang.
- New autoconf tests added for:
libexpat
libpcsclite / winscard.lib
libcrypto / libeay32.lib
libssl / ssleay32.lib
- New autoconf test for expat.h
- The makefile system added the INVERSE_SUBARCHDIR= to allow local
autoconfiguration for shared libraries.
- RULES/rules.top now also calls MKLINKS in the directory TEMPLATES
- New compiler configuration files:
RULES/cc-clang.rul
RULES/cc-clang32.rul
RULES/cc-clang64.rul
- The Mac OS X related rules now support a new macro:
LDFRAMEWORKS=
that allows to add Apple specific libraries.
- Added a new WIN32_LIBS= macro for Win-DOS specific libraries.
These libraries have to be specified in the portable -lfoo
format for "libfoo" and also work when compiling for MinGW32.
When cl.exe is used, -lfoo is converted to foo.lib.
- New configuration files:
RULES/i386-darwin-clang.rul
RULES/i386-darwin-clang32.rul
RULES/i386-darwin-clang64.rul
- New configuration files:
RULES/i386-freebsd-clang.rul
RULES/i586-linux-clang.rul
RULES/x86_64-linux-clang.rul
RULES/i86pc-sunos5-clang.rul
RULES/sun4-sunos5-clang.rul
Note that these files have not been tested yet.
- RULES/cc-sunpro.rul now also includes rules for
RULES/cc-sunpro32.rul and
RULES/cc-sunpro64.rul
- RULES/cc-gcc.rul now also includes rules for
RULES/cc-gcc32.rul and
RULES/cc-gcc64.rul
- RULES/cc-sunpro32.rul added for orthogonality
- RULES/cc-sunpro32.rul and
RULES/cc-sunpro64.rul are symlinks to RULES/cc-sunpro.rul
and RULES/cc-sunpro.rul uses a macro to include
cc-sunpro.rul
cc-sunpro32.rul
cc-sunpro64.rul
as needed
- RULES/i86pc-sunos5-cc.rul now also includes rules for
RULES/i86pc-sunos5-cc32.rul and
RULES/i86pc-sunos5-cc64.rul
- RULES/i86pc-sunos5-gcc.rul now also includes rules for
RULES/i86pc-sunos5-gcc32.rul and
RULES/i86pc-sunos5-gcc64.rul
- RULES/sun4-sunos5-cc.rul now also includes rules for
RULES/sun4-sunos5-cc32.rul and
RULES/sun4-sunos5-cc64.rul
- RULES/sun4-sunos5-gcc.rul now also includes rules for
RULES/sun4-sunos5-gcc32.rul and
RULES/sun4-sunos5-gcc64.rul
- RULES/i586-linux-suncc.rul now also includes rules for
RULES/i586-linux-suncc32.rul and
RULES/i586-linux-suncc64.rul
- RULES/9000-725-hp-ux-cc.rul now also includes rules for
RULES/9000-725-hp-ux-cc32.rul and
RULES/9000-725-hp-ux-cc64.rul
- RULES/i486-cygwin32_nt-cc.rul now also includes rules for
RULES/i486-cygwin32_nt-cc32.rul and
RULES/i486-cygwin32_nt-cc64.rul
- RULES/i486-cygwin32_nt-gcc.rul now also includes rules for
RULES/i486-cygwin32_nt-gcc32.rul and
RULES/i486-cygwin32_nt-gcc64.rul
- RULES/ip22-irix-cc.rul now also includes rules for
RULES/ip22-irix-cc64.rul
- RULES/ip22-irix-gcc.rul now also includes rules for
RULES/ip22-irix-gcc64.rul
- RULES/power-macintosh-darwin-cc.rul now also includes rules for
RULES/power-macintosh-darwin-cc32.rul and
RULES/power-macintosh-darwin-cc64.rul
- RULES/power-macintosh-darwin-gcc.rul now also includes rules for
RULES/power-macintosh-darwin-gcc32.rul and
RULES/power-macintosh-darwin-gcc64.rul
- conf/makeinc now knows that a compiler name may not follow
the "cc*" text rule. This helps to support "clang".
- conf/cc-config.sh has been enhanced to detect whether
"cc" or "gcc" are emulated via "clang".
- New files in TEMPLATES/ related to "clang"
- TEMPLATES/ now includes config files for gcc32 and gcc64
- TEMPLATES/ now includes config files for clang, clang32 and clang64
- Add comment to DEFAULTS_CSW/sparc-cc.defs
- config.guess now understands Mac OS X on 64 bit Intel
Libschily:
- libschily/format.c fixed to compile again with K&R C that does
not support "long double".
- No longer use fgets() for fgetaline(), fgetline() and fgetstr()
as fgets() cannot deal with embedded '\0' chars before the '\n'.
- libschily/fstream.c now supports local flags (for the caller)
and pushable streams to keep blocks of pushed text atomically.
- libschily/fchmodat.c was added, it has been forgotten when
the emulations for the *at() functions have been introduced.
It is needed for the new enhanced isoinfo command.
- libschily/mknodat.c now correctly provides a mknodat() function even
when there is no mknod() command.
- libschily/futimens.c now is more Sun specific when trying to implement
futimens() via utimensat(), as only Solaris supports a f*() interface
in case that the path name is a NULL pointer.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
WARNING: the new version of the isoinfo program makes use of the
*at() series of functions that have been introduced by Sun
in August 2001 and added to POSIX.1-2008. For older platforms,
libschily now includes emulations for these functions but
these emulations have not yet been tested thouroughly.
Please report problems!
- The man page isoinfo.8 was enhanced by mentioning the option -s (print
file sizes in multiple if 2048 byte sectors) and by documenting the
list format that us used with -l.
- isoinfo now evaluates the Rock Ridge "PN" signature and thus supports
to display and use the major/minor device numbers.
- isoinfo now extracts time stamps with sub second granularity in
order to be able to set fine grained file timestamps, see -X option
below.
- isoinfo now knows how to find out whether a ISO-9660 filesystem was
created by a newer mkisofs and thus includes useful inode numbers
in ISO-9660. These ISO-9660 based inode numbers are used in case that
there is no Rock Ridge-1.12 that includes inode numbers in the "PX"
signature.
- isoinfo now has a new option -X that extracts alls files (in case that
-find is not used) or files secected by a -find expression. Note that
-find expressions may include -chown, -chgrp and -chmod to modify the
meta data of files.
All:
- Typo fix in README.compile for the mail address.
Thanks to Dennis Clarke for the catch!
Libschily:
- libschily/sleep.c and libschily/usleep.c have been modified to work
with MinGW.
Cdrecord:
- The timediff function now in addition prints the time diff in
hours : minutes : seconds . thausands of a second.
Thanks to a hint from Donald R Laster Jr from Slackware.
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- Cdda2wav no longer includes the new paranoia mode "c2check" in the macro
"proof". This has been done because of a report from Géraud Meyer <graud@gmx.com>
that gives hints that the drive:
Type: ROM, Vendor 'TSSTcorp' Model 'CDDVDW SH-222AB ' Revision 'SB00' MMC+CDDA
does not handle hidden tracks when "c2check" is active.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- mkisofs was slightly modified to reduce CPU time requirements.
It now reads/writes in 64kBytes chunks instead of stdio buffer
size which is typically 8 kB.
- Fixed a typo in the mkisofs man page.
Thanks to a hint from Donald R Laster Jr from Slackware.
- Mkisofs now in addition prints "-iso-level 3 or more required"
in case that a large file was skipped because of the current mkisofs settings.
Thanks to a hint from Donald R Laster Jr from Slackware.
- A problem in isoinfo has been fixed.
This problem caused "isoinfo -R -find -ls" to print Jan 1 1970 timestamps
in case that Rock Ridge was not present.
3.01a22:
mkisofs includes a new option, -legacy, that allows it to reenable
the short options -H/-L/-P; these have been disabled in 2006 for
compatibility with scripts that have not been updated during the
past 10 years. libsiconv now only tries to open a file when the
argument includes a slash in its name. libschily::printf() now
includes support for %n$ argument reordering for the first 30
arguments.
This release adds some workarounds for compiling with MinGW. New
functions xcomerr(), xcomerrno(), fxcomerr(), and fxcomerrno() in
libschily. A bug in libschily/format.c that caused %.*s to be
printed incorrectly has been fixed. libschily/fprformat.c gives
better printf() performance on Solaris. Some bugs in the mkisofs
man page have been fixed. Mkisofs now opens "NUL" on Win-DOS instead
of "/dev/null".
All:
- New Schily Makefiles rules for armv7l-linux
- autoconf/xconfig.h.in now treats MinGW32 the same as when compiling
with cl.exe
Libschily:
- libschily::format.c (printf) now supports length modifiers
like h hh l ll t z for the %n format.
- libschily::format.c has been restructured for parsing the
field width parameters in a way that would allow to later
introduce support for %n$
- Try to take care about the fact that MinGW32 does not support
a standard compliant mkdir() function with two parameters.
This applies top libschily/mkdirat.c and libschily/mkdirs.c
- Corrected a typo in libschily/mkfifoat.c that called mkdir()
instead of mkfifo()
- libschily/getdtablesize.c needs the same treatment for MinGW32 as for
cl.exe
Libparanoia (Ported/enhanced by Jörg Schilling, originated by Monty xiphmont@mit.edu):
- libparanoia now implements the first stage in C2 error pointer
support: it now is able to deal with input data that contains
C2 pointers and it implements new callbacks to report C2
statistics back to the caller.
- libparanoia now supports to control the size of the read ahead buffer.
This allows libparanoia to be adopted to the current constraints.
All:
- New autoconf tests for:
- NFSv4 ACL support
- issetugid()
- lpathconf()
- utimens()
- futimens()
- lutimens()
- The rules in the Schily Makefilesystem have been restructured in order
to allow to avoid problems on platforms like FreeBSD and Mac OS X:
FreeBSD and Mac OS X banned the not-free-enough (because GPLd)
software to /usr/local, forcing us to add -I/usr/local/include
and -L/usr/local/lib. Unfortunately, /usr/local/include frequently
carries a _very_ outdated and thus wrong copy of "cdda_paranoia.h"
which is more than 10 years old and definitely incompatible with
dynamic linking on Mac OS X. This defective copy was first in the
search path and prevented compilation.
We now have a new macro: DEFOSINCDIRS= that grants to add include
directories to the end of the search PATH to allow us to find the
correct "cdda_paranoia.h" first.
Please test and report in case of problems.
- gmake and SunPro make include COMPILE.c with wrong content in their
built-in rules. We now clear this macro un RULES/rules.top. It is
still possible to provice a modified version from command line
or from the environment.
- include/schily/stdio.h was reordered, as it prevented compilation
of the "bsh" on Linux. This was a problem recently introduced,
when we added #ifndef NO_SCHILY_STDIO_H
- Fixed autoconf typo HAVE_MKNODKAT -> HAVE_MKNODAT
- include/schily/intcvt.h is now self contained.
- include/schily/windows.h now includes the same type workaround
for MINGW32 as fir the Microsoft C compiler, as there are the same
autoconf detection problems.
- Addded missing include/schily/err_type.h
- New file include/schily/shedit.h
Libschily:
- New files for libschily:
at-base.c generic implementation for *at() functions.
fchownat.c fchownat()
fdopendir.c fdopendir()
fstatat.c fstatat()
futimens.c futimens()
futimesat.c futimesat() Solaris specific old for utimensat()
lutimens.c lutimens()
linkat.c linkat()
mkdirat.c mkdirat()
mkfifo.c mkfifo()
mkfifoat.c mkfifoat()
mknodat.c mknodat()
readlinkat.c readlinkat()
renameat.c renameat()
symlinkat.c symlinkat()
unlinkat.c unlinkat()
utimens.c utimens()
utimensat.c utimensat()
at-base.c The base code for all single fd *at() functions.
at-base2.c The base code for all double fd *at() functions.
contain emulations for system interfaces introduced in summer 2001 by Sun
and with POSIX.1-2008.
- New functions in libschily:
absfpath()
resolvefpath()
allow to better control the behavior using flags.
- The linker map file for libschily now adds some forgotten functions.
- libschily/strstr.c and libschily/wcsstr.c now include a
CDDL License hint
Libfind:
- Libfind now allows to check for -type P (Solaris event port).
A missing "case 'P':" was added to the parser.
Cdrecord:
- Trying to avoid to confuse users
on Solaris and Linux where a fine grained privilege implementation
exists. Before, fine grained privileges have been given up after
initializing the program and this may result in a root user that
is treated as a normal user that cannot write into directories
without global write permission. The named programs now no longer
give up privileges in case they have been called with the needed
privileges already and thus the programs cannot be used for
privilege escalations anymore.
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- Trying to avoid to confuse users
on Solaris and Linux where a fine grained privilege implementation
exists. Before, fine grained privileges have been given up after
initializing the program and this may result in a root user that
is treated as a normal user that cannot write into directories
without global write permission. The named programs now no longer
give up privileges in case they have been called with the needed
privileges already and thus the programs cannot be used for
privilege escalations anymore.
- Cddda2wav now flushes stderr before asking for a specific cddb
entry index. It seems that on Linux stderr may not be unbuffered
as expected.
- Cdda2wav moved the option parsing code into a separate function
gargs().
Readcd:
- Trying to avoid to confuse users
on Solaris and Linux where a fine grained privilege implementation
exists. Before, fine grained privileges have been given up after
initializing the program and this may result in a root user that
is treated as a normal user that cannot write into directories
without global write permission. The named programs now no longer
give up privileges in case they have been called with the needed
privileges already and thus the programs cannot be used for
privilege escalations anymore.
This release fixes a copy+paste bug in the Linux support code for
fine-grained privileges. Libfind no longer leaks filedescriptors
with -empty. New OS version ID rules have been added for various
newer WIN-DOS versions.
All:
- The Schily Makefilesystem no longer uses CC= for internal tasks.
People who now set $CC to a different value will fail in a similar
way as they would fail with other build systems.
- Added automatic support for ARMv5 and ARMv6. This makes compilation
on the RaspberryPI also possible with the non-automake aware gmake.
- Allow "static" compilation (a compilation that does not use the
dynamic defines from the Schily Makefilesystem) on Linux ARMv6 (which
is used by RaspberryPI).
- Allow a "static" compilation (a compilation without using dynamic -I
Paths) on Linux on ARMv5 and ARMv6 by adding static #includes for
Linux ARM in:
include/schily//align.h
include/schily//archdefs.h
include/schily//avoffset.h
include/schily//xconfig.h
This is needed if you like to install the schily include files
to /usr/include/schily and allow users to "manually" compile
programs that use e.g libparanoia.
To allow this, the autoconf results need to be installed as:
<schily/armv5l-linux-gcc/*.h>
and
<schily/armv6l-linux-gcc/*.h>
- Many sources have been modified to deal __CYGWIN32__ like __CYGWIN__
This is neded as newer Cygwin versions that run in 64 Bit mode
do no longer define __CYGWIN32__ but __CYGWIN__
Libmdigest:
- Sources have been modified to deal __CYGWIN32__ like __CYGWIN__
This is neded as newer Cygwin versions that run in 64 Bit mode
do no longer define __CYGWIN32__ but __CYGWIN__
Libscg:
- Sources have been modified to deal __CYGWIN32__ like __CYGWIN__
This is neded as newer Cygwin versions that run in 64 Bit mode
do no longer define __CYGWIN32__ but __CYGWIN__
Cdrecord:
- Sources have been modified to deal __CYGWIN32__ like __CYGWIN__
This is neded as newer Cygwin versions that run in 64 Bit mode
do no longer define __CYGWIN32__ but __CYGWIN__
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- Sources have been modified to deal __CYGWIN32__ like __CYGWIN__
This is neded as newer Cygwin versions that run in 64 Bit mode
do no longer define __CYGWIN32__ but __CYGWIN__
All:
- The SCCS keyword expansion for "Mocsw" has been limited to
prevent expansion of date '+%Y%m%d%H%M%S'
- Mocsw now sets link mode to -Bdirect for recent OpenCSW rules
- pkgdefs/OCSW/*/checkpkg_override modified to match current OpenCSW
rules.
- Make sure that all schily include files except the primary wrappers
include schily/*.h instead of including the system include files directly.
- Allow a "static" compilation (a compilation without using dynamic -I
Paths) on Linux x86 by adding static #includes for Linux x86 in:
include/schily//align.h
include/schily//archdefs.h
include/schily//avoffset.h
include/schily//xconfig.h
This is needed if you like to install the schily include files
to /usr/include/schily and allow users to "manually" compile
programs that use e.g libparanoia.
To allow this, the autoconf results need to be installed as:
<schily/i686-linux-gcc/*.h>
and
<schily/x86_64-linux-gcc/*.h>
Libparanoia (Ported/enhanced by Jörg Schilling, originated by Monty xiphmont@mit.edu):
- memset() call in i_silence_match() now uses the correct size
instead of sizeof (avec).
Thanks to a hint from Andrew Dudman <ajdudman@sbcglobal.net>
- Use dynamic arrays instead of alloca()/malloc() if available.
All:
- Due to an incorrect message from last release, here is corrected
information on when a Linux installation is potentially dangerous:
New autoconf tests for sys/capability.h and cap_*() functions
from Linux -lcap
WARNING: If you do not see this:
checking for sys/capability.h... yes
...
checking for cap_get_proc in -lcap... yes
checking for cap_get_proc... yes
checking for cap_set_proc... yes
checking for cap_set_flag... yes
checking for cap_clear_flag... yes
your Linux installation is insecure in case you ever use the
command "setcap" to set up file capabilities for executable commands.
Note that cdrtools (as any other command) need to be capabylity aware
in order to avoid security leaks with enhanced privileges. In most
cases, privileges are only needed for a very limited set of operations.
If cdrtools (cdrecord, cdda2wav, readcd) are installed suid-root, the
functions to control privileges are in the basic set of supported
functions and thus there is no problem for any program to control it's
privileges - if they have been obtained via suid root, you are on a
secure system.
If you are however on an incomplete installation, that supports to
raise privileges via fcaps but that does not include developer support
for caps, the programs get the privileges without being able to know
about the additional privileges and thus keep them because they cannot
control them.
WARNING: If you are on a Linux system that includes support for
fcaps (this is seems to be true for all newer systems with
Linux >= 2.6.24) and there is no development support for capabilities
in the base system, you are on an inherently insecure system that allows
to compile and set up programs with enhanced privileges that cannot
control them.
In such a case, try to educate the security manager for the related
Linux distribution. Note that you may turn your private installation
into a secure installation by installing development support for libcap.
- WARNING: the include structure of include/schily/*.h and several sources
has been restructured to cause less warnings with older OS platforms.
If you see any new problem on your personal platform, please report.
- New includefiles:
schily/poll.h Support poll()
schily/stdarg.h An alias to schily/varargs.h (but using the std name)
schily/sunos4_proto.h Missing prototypes for SunOS-4.x to make gcc quiet
schily/timeb.h Needed for users of ftime()
- Many minor bug-fixes for the files include/schily/*.h
- include/schily/archconf.h now defines __SUNOS5 for easier coding
- include/schily/priv.h now defines platform independent fine grained privileges
- Updated README.compile:
Some typo patches from Jan Engelhardt <jengelh@inai.de>
Documented the "LINKMODE=" macro to explain how to create dynamically
linked bynaries.
Libschily:
- Added #include <schily/libport.h> to libschily/fnmatch.c
Libedc (Optimized by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- Added #include <schily/libport.h>
Libdeflt:
- Added #include <schily/libport.h>
Libfind:
- dirname -> dir_name to avoid a gcc warning
Libhfs_iso:
- Rename variable "utime" to "uxtime" to avoid a compiler warning
Libscg:
- Repositioned #ifdefs to avoid unused variable definitions in
libscg/scsi-sun.c
- libscg/scsi-linux-ata.c now aborts early if errno == EPERM. This now
makes it behave like libscg/scsi-linux-sg.c
- A new scg flag SCGF_PERM_PRINT tells libscg to print a more verbose error
in case that a SCSI comand was aborted with errno == EPERM.
Cdrecord:
- Allow to compile without Linux libcap using "smake COPTX=-DNO_LINUX_CAPS LIB_CAP="
- Cdrecord now checks whether there are sufficient fine grained privileges.
- Cdrecord now uses the new flag SCGF_PERM_PRINT to get better warnings if the
permissions granted by the OS are not sufficient.
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- Include file reordering to avoid warnings on older platforms
- Allow to compile without Linux libcap using "smake COPTX=-DNO_LINUX_CAPS LIB_CAP="
- Repositioned #ifdefs to avoid unused variable definitions in
cdda2wav/sndconfig.c
- Cdda2wav now checks whether there are sufficient fine grained privileges.
- Work around a bug in sys/param.h FreeBSD-9.1, that #define's __FreeBSD_kernel__
instead of #define __FreeBSD_kernel__ 9 that would be needed for Debian
k-FreeBSD compatibility.
The bug affects cdda2wav/mycdrom.h
Readcd:
- Allow to compile without Linux libcap using "smake COPTX=-DNO_LINUX_CAPS LIB_CAP="
- Readcd now checks whether there are sufficient fine grained privileges.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- Make mkisofs compile without -DUDF and without -DDVD_VIDEO
Thanks to a hint from rmd4work@mail.ru
All:
- Fixed a typo in include/schily/stat.h related to nanosecond
handling for NetBSD and OpenBSD
- New autoconf tests for sys/capability.h and cap_*() functions
from Linux -lcap
WARNING: If you do not see this:
checking for cap_get_proc in -lcap... yes
checking for cap_get_proc... yes
checking for cap_set_proc... yes
checking for cap_set_flag... yes
checking for cap_clear_flag... yes
your Linux installation is insecure in case you ever use the
command "setcap" to set up file capabilities for executable commands.
Note that cdrtools (as any other command) need to be capabylity aware
in order to avoid security leaks with enhanced privileges. In most
cases, privileges are only needed for a very limited set of operations.
If cdrtools (cdrecord, cdda2wav, readcd) are installed suid-root, the
functions to control privileges are in the basic set of supported
functions and thus there is no problem for any program to control it's
privileges - if they have been obtained via suid root, you are on a
secure system.
If you are however on an incomplete installation, that supports to
raise privileges via fcaps but that does not include developer support
for caps, the programs get the privileges without being able to know
about the additional privileges and thus keep them because they cannot
control them.
WARNING: If you are on a Linux system that includes support for
fcaps (this is seems to be true for all newer systems with
Linux >= 2.6.24) and there is no development support for capabilities
in the base system, you are on an inherently insecure system that allows
to compile and set up programs with enhanced privileges that cannot
control them.
In such a case, try to educate the security manager for the related
Linux distribution. Note that you may turn your private installation
into a secure installation by installing development support for libcap.
- The autofconf tests for broken Linux kernel headers now avoid to
warn for /usr/src/linux/include if this directory is missing.
- include/schily/priv.h now includes sys/capabilitiy.h if available.
Libscg:
- Trying to support suid-root-less installation of librscg users on Linux.
librscg now understands that a non-root program may be able to
create sockets for a privileged port.
Cdrecord:
- Trying to support suid-root-less installation of cdrecord on Linux.
NOTE: You need "file caps" support built into your Linux installation.
Call:
setcap cap_sys_resource,cap_dac_override,cap_sys_admin,cap_sys_nice,cap_net_bind_service,cap_ipc_lock,cap_sys_rawio+ep /opt/schily/bin/cdrecord
To set up the capabilities on Linux.
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- Trying to support suid-root-less installation of cdda2wav on Linux.
NOTE: You need "file caps" support built into your Linux installation.
Call:
setcap cap_dac_override,cap_sys_admin,cap_sys_nice,cap_net_bind_service,cap_sys_rawio+ep /opt/schily/bin/cdda2wav
To set up the capabilities on Linux.
Readcd:
- Trying to support suid-root-less installation of readcd on Linux.
NOTE: You need "file caps" support built into your Linux installation.
Call:
setcap cap_dac_override,cap_sys_admin,cap_net_bind_service,cap_sys_rawio+ep /opt/schily/bin/readcd
To set up the capabilities on Linux.
Scgcheck:
- Link now against $(LIB_CAP) also as librscg needs it on Linux
Scgskeleton:
- Link now against $(LIB_CAP) also as librscg needs it on Linux
Btcflash:
- Link now against $(LIB_CAP) also as librscg needs it on Linux
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- -new-dir-mode now just superseeds the effect of -dir-mode on
directories that have been "invented" by mkisofs.
This is a more intuitive behavior.
- Link now against $(LIB_CAP) also as librscg needs it on Linux
All:
- include/schily/stat.h now contains macros to set the nanoseconds
in timestamps in a OS independent way
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- mkisofs now identifies itdelf by default (inside the APPID string)
as being UDF capable.
- mkisofs now sets link count and "unique id" == inode number for files.
Note that this may still not result in useful hardlinked files on all
platforms as e.g. Solaris and Linux ignore the UDF unique ID and rather
use the location of the file_entry as inode number. This will never
return the same number for different filenames that point to the
same file data and thus prevents hard linked files from being visible.
This is however not a Solaris problem, the problem is rather in the
UDF standard that does not require the unique id to be in a 32 bit
range as long as the media size is = 8 TB. Note that 32 bit UNIX
programs cannot access files with an inode number that cannot be
expressed as 32 bit number, so inode numbers that do not fit into
32 bits may cause problems. Ths only way to work around this problem
would be to enance the Solaris and Linux UDF filesystem module to
recognize whether a filesystem has been created by mkisofs that grants
useful inode numbers. The same is already done for ISO-9660.
- mkisofs now supports additional file types with UDF:
- named pipes
- sockets
- character devices
- block devices
- mkisofs now supports all three UNIX times with microsecond granularity in UDF
- mkisofs now sets correct user/group/permission for symlinks in UDF
- mkisofs now supports S_ISUID, S_ISGID, S_ISVTX (set uid, set gid, sticky) in UDF
All:
- The Schily makefilesystem now supports CC++_COM for all platforms to
allow to overwrite the low level command for the C++-compiler.
Libschily:
- libschily::fexecv() now allows to use the parameter "ac" with the
value -1 to indicate that the arg count is to be determined by the
NULL pointer at the end of the arg list.
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- cdda2wav now only prints "load cdrom please and press enter" once
per line and does not repeat the text for garbage characters that
have been in stdin. Thanks to Phi Tran from Oracle for reporting.
Readcd:
- avoid a GCC warning when compiling readcd.c
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- mkisofs now reserves more space for the file names to avoid a
path buffer overrun
- Fixed a bug that caused to put more than one UDF direcory entry for a file
in case that the file is a ISO-0660 multi-segment file.
- Fixed a bug that caused the wrong start sector address to be used for UDF
in case that the file is a ISO-9660 multi-segment file and the -sort option
was used.
All:
- The make program specific configuration files for the Schily Makefilesystem
RULES/mk-.id (for SunPro make), RULES/mk-smake.id RULES/mk-gmake.id
now include definitions for the macros:
SPACE A single space character (' ')
NUMBER_SIGN The ASCII number sing ('#')
Note that the POSIX standard otherwise requires the make program
to be unable to have the '#' appear in non-comment sections of
Makefiles.
- Try to work around an imprudent change in the file windef.h from
Cygwin-1.7.17 (Autumn 2012) related to the type BOOL that makes
windefs.h from the recent Cygwin no longer compatible to the
original file from Microsoft. The fix is in include/schily/windows.h
Thanks to Alain Hoang, Thomas Plank and others for reporting and
help with getting a fix for the problem named above
Libschily:
- Better comment in comerr.c to help to understand exit() code folding
to 8 bits and how it may be avoided.
Libscg:
- For newer Cygwin versions, we need an own PACKED definition in
libscg/scg/aspi-win32.h
NEW features of cdrtools-3.01a10:
This is the first localization step for cdrtools. All programs now (hopefully)
call gettext() for all strings that need localization.
- The next step will include dgettext() calls for the libraries.
- The following step will include the extracted strings
- The last step will include German translations and install support
for the resulting binary message object files.
All:
- Add support for semi-static (preconfigured) include files for Android:
include/schily/armv5tejl-linux-gcc/xconfig.h
- New include files include/schily/err_*.h are used to encapsulate
#error CPP statements that would otherwise always prevent compilation
with K&R compilers.
Mkisofs (Maintained/enhanced by J
- Revert a change to dvd_file.c::uniq() that was made because of a "valgrind"
warning that claims illegal memory access. With the change from 3.01a09, mkisofs
however does not deal correctly with DVD-Video padding, so the valgrind warning is
wrong.
All:
- Better support for Win32 sockets when using cl.exe
- Avoid problems with the non-standard prototypes for link() unlink()
read() and write() from cl.exe
- Support for Pyro (a Syllable clone) was added.
Thanks to Flemming H. S
Libschily:
- Avoid warnings from cl.exe for libschily/gettimeofday.c
Libedc (Optimized by J
- Some cstyle changes
Libmdigest:
- Some cstyle changes
Libscg:
- Some cstyle changes
Libmdigest:
- CSTYLED comment added
Cdda2wav (Maintained/enhanced by J
- Better handling of CLONE AREAs on newer Haiku versions.
- Some cstyle changes
Mkisofs (Maintained/enhanced by J
- Avoid to access illegal memory from dvd_file.c::uniq()
- Avoid a 32 bit integer overflow while computing sector addresses for
Rock Ridge CE entries.
- A compile bug with QNX was corrected
- A new option -ignore-error alows to continue on some errors.
version's bug fix really fixes the bug.
All:
- conf/runrmt_android has been enhanced to better deal with the
"runrmt -r file-to-test" calling variant.
- configure now ignores a stramge directory that is created on Mac OS X
when compiling with cc -g and that is in conflict with other rules.
- Introduce a deoendency for man page subdiretories to allow syning
parallel make calls.
- Try to support Debian with FreeBSD kernel
Libschily:
- getperm.c now correctly supports umask +w
- Libschily is now linked against $(LIB_INTL) when a shared libschily
is created.
Libscg:
- struct scsi_inquiry is now using a union around the vendor ID strings in
order to avoid incorrect buffer overflow warnings from GCC-4.x
Libmdigest:
- Cygwin is broken, when using #pragma weak, so we cannot create
weak symbols on Cygwin for sha2.c
Cdrecord:
- struct scsi_inquiry is now using a union around the vendor ID strings in
order to avoid incorrect buffer overflow warnings from GCC-4.x
Readcd:
- Cygwin is broken, when using #pragma weak, so we cannot create
weak symbols on Cygwin for sha2.c
Mkisofs (Maintained/enhanced by J
- While introducing the new option -modification-date, we did accidently remove the
code to set up the creation date in te PVD. Now creation date again contains
correct data.
All:
- The file COPYING has been reworded to be more obvious with
explaining work limits.
- A workaround for a bug in llvm-gcc-4.2 has been introduced in
inc/avoffset.c. The llvm-gcc-4.2 bug caused an endless loop at an
unexpected place.
- New target "htmlxn" to only rebuild html versions of man pages
only in case there was a change
- The CSW packaging definitions in the schily makefilesystem was
enhanced to permit referencing files in the package definition directory
- include/schily/sigset.h added new macros: blocked_sigs(),
block_sigs()
- include/schily/fcntl.h now includes O_SEARCH for POSIX.1-2008 compliance.
- Schily autoconf now tests for the size of mode_t, uid_t, gid_t, pid_t,
dev_t, major_t, minor_t
- Schily autoconf now defines a promoted type for mode_t that can be
used together with varargs. This is needed as mode_t is smaller than
int on some systems.
- New autoconf tests for getdelim() and strncasecmp()
- Added a workaround for a auto-dependency creation bug in the HP-UX
c-compiler that resulted in wrong dependency files for all files
in libshcily/stdio/ and for these files prevented an automated
recompilation in case that an include file was changed.
- Added links for:
amd64-freebsd-cc.rul
amd64-freebsd-gcc.rul
amd64-openbsd-cc.rul
amd64-openbsd-gcc.rul
x86_64-darwin-cc.rul
x86_64-darwin-gcc.rul
x86_64-darwin-cc64.rul
x86_64-darwin-gcc64.rul
x86_64-darwin-cc32.rul
x86_64-darwin-gcc32.rul
- RULES/rules.loc now makes $(PTARGET) to depend on $(ARCHDIR) to
support make -j 2
- New include files include/schily/inttypes.h and include/schily/stdint.h
- The script conf/makeinc is no longer confused by OpenBSD
that has man.7 and mandoc.7 and both match on man*
Libschily:
- New functions strstr() and wcsstr()
- New libschily::fgetaline() and libschily::getaline() implement the
functionality of the POSIX violating "getline()" from POSIX.1-2008.
- New file libschily/abspath.c
- New file libschily/resolvepath.c
- New file libschily/mkdirs.c
- An openat() emulation was added to libschily for platforms that
miss openat().
- An fchdir() emulation was added to libschily for platforms that
miss fchdir()
- libschily/at-defs.h new support file for internals from the *at()
emulation
- libschily/lxchdir.c new file to support chdir() to long
path names
- libschily/procnameat.c new file to support *at() functions in case
that a newer /proc file system implementation is available
- libschily/savewd.c new file to support to save the current working
directory regardless of whether fchdir() is present or not.
- libschily/wdabort.c new file with abort functions that are needed
in libschily for the case that no system fchdir is available and
an attempt to emulate *at() functions fails
- New functions strcasecmp() and strncasecmp() for libschily.
- New functions diropen() dirrdopen() dirclose() for libschily.
These functions are needed in order to emulate fchdir() on platforms
that do not support fchdir().
- file_raise(NULL, FALSE) now also affects files that have been
opened before the file_raise() call.
Libdeflt:
- The function defltcntl() in libdeflt is now working and allows to
select a case insensitive mode.
- New function defltsect() in libdeflt allows to create sub-sections
in configuration files. These subsections need to be named:
"[section-name]" and the '[' must be at the beginning of a line.
Libfind:
- libfind/walk.c now uses O_SEARCH to open directories
Cdrecord:
- cdrecord man page corrected some small typos in the EXAMPLES section.
- cdrecord has been converted to be able to run completely root-less
and suid-root-less and with no script that calls pfexec(1). This
works on OpenSolaris ONNV_140 or later because the functionality
of pfexec(1) has been integrated into the kernel.
To enable this feature. edit the file /etc/security/exec_attr and add:
Basic Solaris User:solaris:cmd:::/usr/bin/cdrecord:privs=file_dac_read,sys_devices,proc_lock_memory,proc_priocntl,net_privaddr
or
Basic Solaris User:solaris:cmd:::/opt/schily/bin/cdrecord:privs=file_dac_read,sys_devices,proc_lock_memory,proc_priocntl,net_privaddr
depending on where you install cdrecord.
No special shell is needed anymore.
Cdda2wav (Maintained/enhanced by J
- cdda2wav has been converted to be able to run completely root-less
and suid-root-less and with no script that calls pfexec(1). This
works on OpenSolaris ONNV_140 or later because the functionality
of pfexec(1) has been integrated into the kernel.
To enable this feature. edit the file /etc/security/exec_attr and add:
Basic Solaris User:solaris:cmd:::/usr/bin/cdda2wav:privs=file_dac_read,sys_devices,proc_priocntl,net_privaddr
or
Basic Solaris User:solaris:cmd:::/opt/schily/bin/cdda2wav:privs=file_dac_read,sys_devices,proc_priocntl,net_privaddr
depending on where you install cdda2wav.
No special shell is needed anymore.
Readcd:
- readcd has been converted to be able to run completely root-less
and suid-root-less and with no script that calls pfexec(1). This
works on OpenSolaris ONNV_140 or later because the functionality
of pfexec(1) has been integrated into the kernel.
To enable this feature. edit the file /etc/security/exec_attr and add:
Basic Solaris User:solaris:cmd:::/usr/bin/readcd:privs=file_dac_read,sys_devices,net_privaddr
or
Basic Solaris User:solaris:cmd:::/opt/schily/bin/readcd:privs=file_dac_read,sys_devices,net_privaddr
depending on where you install readcd.
No special shell is needed anymore.
