--- - branch: MAIN date: Mon Jun 3 08:13:13 UTC 2013 files: - new: '1.96' old: '1.95' path: pkgsrc/sysutils/cdrtools/Makefile pathrev: pkgsrc/sysutils/cdrtools/Makefile@1.96 type: modified - new: '1.74' old: '1.73' path: pkgsrc/sysutils/cdrtools/distinfo pathrev: pkgsrc/sysutils/cdrtools/distinfo@1.74 type: modified id: 20130603T081313Z.e1a4d86bb3e9c7942fcd1c627cf318a8e5b5103e log: "Update to 3.01a15:\n\nAll:\n\n-\tDue to an incorrect message from last release, here is corrected\n\tinformation on when a Linux installation is potentially dangerous:\n\n\tNew autoconf tests for sys/capability.h and cap_*() functions\n\tfrom Linux -lcap\n\n\tWARNING: If you do not see this:\n\n\t\tchecking for sys/capability.h... yes\n\n\t\t...\n\n\t\tchecking for cap_get_proc in -lcap... yes\n\t\tchecking for cap_get_proc... yes\n\t\tchecking for cap_set_proc... yes\n\t\tchecking for cap_set_flag... yes\n\t\tchecking for cap_clear_flag... yes\n\n\tyour Linux installation is insecure in case you ever use the\n\tcommand \"setcap\" to set up file capabilities for executable commands.\n\n\tNote that cdrtools (as any other command) need to be capabylity aware\n\tin order to avoid security leaks with enhanced privileges. In most\n\tcases, privileges are only needed for a very limited set of operations.\n\tIf cdrtools (cdrecord, cdda2wav, readcd) are installed suid-root, the\n\tfunctions to control privileges are in the basic set of supported\n\tfunctions and thus there is no problem for any program to control it's\n\tprivileges - if they have been obtained via suid root, you are on a\n\tsecure system.\n\n\tIf you are however on an incomplete installation, that supports to\n\traise privileges via fcaps but that does not include developer support\n\tfor caps, the programs get the privileges without being able to know\n\tabout the additional privileges and thus keep them because they cannot\n\tcontrol them.\n\n\tWARNING: If you are on a Linux system that includes support for\n\tfcaps (this is seems to be true for all newer systems with\n\tLinux >= 2.6.24) and there is no development support for capabilities\n\tin the base system, you are on an inherently insecure system that allows\n\tto compile and set up programs with enhanced privileges that cannot\n\tcontrol them.\n\n\tIn such a case, try to educate the security manager for the related\n\tLinux distribution. Note that you may turn your private installation\n\tinto a secure installation by installing development support for libcap.\n\n-\tWARNING: the include structure of include/schily/*.h and several sources\n\thas been restructured to cause less warnings with older OS platforms.\n\tIf you see any new problem on your personal platform, please report.\n\n-\tNew includefiles:\n\n\tschily/poll.h\t\tSupport poll()\n\tschily/stdarg.h\t\tAn alias to schily/varargs.h (but using the std name)\n\tschily/sunos4_proto.h\tMissing prototypes for SunOS-4.x to make gcc quiet\n\tschily/timeb.h\t\tNeeded for users of ftime()\n\n-\tMany minor bug-fixes for the files include/schily/*.h\n\n-\tinclude/schily/archconf.h now defines __SUNOS5 for easier coding\n\n-\tinclude/schily/priv.h now defines platform independent fine grained privileges\n\n-\tUpdated README.compile:\n\n\tSome typo patches from Jan Engelhardt \n\n\tDocumented the \"LINKMODE=\" macro to explain how to create dynamically\n\tlinked bynaries.\n\nLibschily:\n\n-\tAdded #include to libschily/fnmatch.c\n\nLibedc (Optimized by J�rg Schilling, originated by Heiko Eiï¾\x9Ffeldt heiko@hexco.de):\n\n-\tAdded #include \n\nLibdeflt:\n\n-\tAdded #include \n\nLibfind:\n\n-\tdirname -> dir_name to avoid a gcc warning\n\nLibhfs_iso:\n\n-\tRename variable \"utime\" to \"uxtime\" to avoid a compiler warning\n\nLibscg:\n\n-\tRepositioned #ifdefs to avoid unused variable definitions in\n\tlibscg/scsi-sun.c\n\n-\tlibscg/scsi-linux-ata.c now aborts early if errno == EPERM. This now\n\tmakes it behave like libscg/scsi-linux-sg.c\n\n-\tA new scg flag SCGF_PERM_PRINT tells libscg to print a more verbose error\n\tin case that a SCSI comand was aborted with errno == EPERM.\n\nCdrecord:\n\n-\tAllow to compile without Linux libcap using \"smake COPTX=-DNO_LINUX_CAPS LIB_CAP=\"\n\n-\tCdrecord now checks whether there are sufficient fine grained privileges.\n\n-\tCdrecord now uses the new flag SCGF_PERM_PRINT to get better warnings if the\n\tpermissions granted by the OS are not sufficient.\n\nCdda2wav (Maintained/enhanced by J�rg Schilling, originated by Heiko Eiï¾\x9Ffeldt heiko@hexco.de):\n\n-\tInclude file reordering to avoid warnings on older platforms\n\n-\tAllow to compile without Linux libcap using \"smake COPTX=-DNO_LINUX_CAPS LIB_CAP=\"\n\n-\tRepositioned #ifdefs to avoid unused variable definitions in\n\tcdda2wav/sndconfig.c\n\n-\tCdda2wav now checks whether there are sufficient fine grained privileges.\n\n-\tWork around a bug in sys/param.h FreeBSD-9.1, that #define's __FreeBSD_kernel__\n\tinstead of #define __FreeBSD_kernel__ 9 that would be needed for Debian\n\tk-FreeBSD compatibility.\n\tThe bug affects cdda2wav/mycdrom.h\n\nReadcd:\n\n-\tAllow to compile without Linux libcap using \"smake COPTX=-DNO_LINUX_CAPS LIB_CAP=\"\n\n-\tReadcd now checks whether there are sufficient fine grained privileges.\n\nMkisofs (Maintained/enhanced by J�rg Schilling since 1997, originated by Eric Youngdale):\n\n-\tMake mkisofs compile without -DUDF and without -DDVD_VIDEO\n\tThanks to a hint from rmd4work@mail.ru\n" module: pkgsrc subject: 'CVS commit: pkgsrc/sysutils/cdrtools' unixtime: '1370247193' user: wiz