Wed Apr 24 09:40:38 2013 UTC ()
Update to 3.01a14:

All:

-	Fixed a typo in include/schily/stat.h related to nanosecond
	handling for NetBSD and OpenBSD

-	New autoconf tests for sys/capability.h and cap_*() functions
	from Linux -lcap

	WARNING: If you do not see this:

		checking for cap_get_proc in -lcap... yes
		checking for cap_get_proc... yes
		checking for cap_set_proc... yes
		checking for cap_set_flag... yes
		checking for cap_clear_flag... yes

	your Linux installation is insecure in case you ever use the
	command "setcap" to set up file capabilities for executable commands.

	Note that cdrtools (as any other command) need to be capabylity aware
	in order to avoid security leaks with enhanced privileges. In most
	cases, privileges are only needed for a very limited set of operations.
	If cdrtools (cdrecord, cdda2wav, readcd) are installed suid-root, the
	functions to control privileges are in the basic set of supported
	functions and thus there is no problem for any program to control it's
	privileges - if they have been obtained via suid root, you are on a
	secure system.

	If you are however on an incomplete installation, that supports to
	raise privileges via fcaps but that does not include developer support
	for caps, the programs get the privileges without being able to know
	about the additional privileges and thus keep them because they cannot
	control them.

	WARNING: If you are on a Linux system that includes support for
	fcaps (this is seems to be true for all newer systems with
	Linux >= 2.6.24) and there is no development support for capabilities
	in the base system, you are on an inherently insecure system that allows
	to compile and set up programs with enhanced privileges that cannot
	control them.

	In such a case, try to educate the security manager for the related
	Linux distribution. Note that you may turn your private installation
	into a secure installation by installing development support for libcap.

-	The autofconf tests for broken Linux kernel headers now avoid to
	warn for /usr/src/linux/include if this directory is missing.

-	include/schily/priv.h now includes sys/capabilitiy.h if available.

Libscg:

-	Trying to support suid-root-less installation of librscg users on Linux.
	librscg now understands that a non-root program may be able to
	create sockets for a privileged port.

Cdrecord:

-	Trying to support suid-root-less installation of cdrecord on Linux.
	NOTE: You need "file caps" support built into your Linux installation.

	Call:

		setcap cap_sys_resource,cap_dac_override,cap_sys_admin,cap_sys_nice,cap_net_bind_service,cap_ipc_lock,cap_sys_rawio+ep /opt/schily/bin/cdrecord
	To set up the capabilities on Linux.

Cdda2wav (Maintained/enhanced by J�rg Schilling, originated by Heiko Ei゚feldt heiko@hexco.de):

-	Trying to support suid-root-less installation of cdda2wav on Linux.
	NOTE: You need "file caps" support built into your Linux installation.

	Call:

		setcap cap_dac_override,cap_sys_admin,cap_sys_nice,cap_net_bind_service,cap_sys_rawio+ep /opt/schily/bin/cdda2wav
	To set up the capabilities on Linux.

Readcd:

-	Trying to support suid-root-less installation of readcd on Linux.
	NOTE: You need "file caps" support built into your Linux installation.

	Call:

		setcap cap_dac_override,cap_sys_admin,cap_net_bind_service,cap_sys_rawio+ep /opt/schily/bin/readcd
	To set up the capabilities on Linux.

Scgcheck:

-	Link now against $(LIB_CAP) also as librscg needs it on Linux

Scgskeleton:

-	Link now against $(LIB_CAP) also as librscg needs it on Linux

Btcflash:

-	Link now against $(LIB_CAP) also as librscg needs it on Linux

Mkisofs (Maintained/enhanced by J�rg Schilling since 1997, originated by Eric Youngdale):

-	-new-dir-mode now just superseeds the effect of -dir-mode on
	directories that have been "invented" by mkisofs.
	This is a more intuitive behavior.

-	Link now against $(LIB_CAP) also as librscg needs it on Linux


(wiz)
diff -r1.94 -r1.95 pkgsrc/sysutils/cdrtools/Makefile
diff -r1.72 -r1.73 pkgsrc/sysutils/cdrtools/distinfo
diff -r1.1 -r0 pkgsrc/sysutils/cdrtools/patches/patch-include_schily_stat.h
cvs diff -r1.94 -r1.95 pkgsrc/sysutils/cdrtools/Makefile (switch to unified diff)

--- pkgsrc/sysutils/cdrtools/Makefile 2013/02/27 08:40:37 1.94
+++ pkgsrc/sysutils/cdrtools/Makefile 2013/04/24 09:40:38 1.95
@@ -1,144 +1,144 @@ @@ -1,144 +1,144 @@
1# $NetBSD: Makefile,v 1.94 2013/02/27 08:40:37 wiz Exp $ 1# $NetBSD: Makefile,v 1.95 2013/04/24 09:40:38 wiz Exp $
2 2
3DISTNAME= cdrtools-3.01a13 3DISTNAME= cdrtools-3.01a14
4PKGNAME= ${DISTNAME:S/a/alpha/:S/-pre/pre/} 4PKGNAME= ${DISTNAME:S/a/alpha/:S/-pre/pre/}
5CATEGORIES= sysutils 5CATEGORIES= sysutils
6#MASTER_SITES= ftp://ftp.berlios.de/pub/cdrecord/ \ 6#MASTER_SITES= ftp://ftp.berlios.de/pub/cdrecord/ \
7# http://ftp.berlios.de/pub/cdrecord/ 7# http://ftp.berlios.de/pub/cdrecord/
8MASTER_SITES= ftp://ftp.berlios.de/pub/cdrecord/alpha/ \ 8MASTER_SITES= ftp://ftp.berlios.de/pub/cdrecord/alpha/ \
9 http://ftp.berlios.de/pub/cdrecord/alpha/ 9 http://ftp.berlios.de/pub/cdrecord/alpha/
10EXTRACT_SUFX= .tar.bz2 10EXTRACT_SUFX= .tar.bz2
11 11
12MAINTAINER= wiz@NetBSD.org 12MAINTAINER= wiz@NetBSD.org
13HOMEPAGE= http://cdrecord.berlios.de/old/private/cdrecord.html 13HOMEPAGE= http://cdrecord.berlios.de/old/private/cdrecord.html
14COMMENT= Software for creating ISO9660 images and writing CD/DVD/Blu-ray 14COMMENT= Software for creating ISO9660 images and writing CD/DVD/Blu-ray
15#LICENSE= CDDL.Schily.txt AND gnu-gpl-v2 AND gnu-lgpl-v2.1 15#LICENSE= CDDL.Schily.txt AND gnu-gpl-v2 AND gnu-lgpl-v2.1
16 16
17CONFLICTS= mkisofs-[0-9]* cdrtools-ossdvd-[0-9]* cdrecord-[0-9]* cdrkit-[0-9]* 17CONFLICTS= mkisofs-[0-9]* cdrtools-ossdvd-[0-9]* cdrecord-[0-9]* cdrkit-[0-9]*
18 18
19PKG_INSTALLATION_TYPES= overwrite pkgviews 19PKG_INSTALLATION_TYPES= overwrite pkgviews
20 20
21WRKSRC= ${WRKDIR}/${DISTNAME:C/a[0-9]*//} 21WRKSRC= ${WRKDIR}/${DISTNAME:C/a[0-9]*//}
22 22
23.include "../../mk/bsd.prefs.mk" 23.include "../../mk/bsd.prefs.mk"
24 24
25USE_TOOLS+= gm4 gmake tbl 25USE_TOOLS+= gm4 gmake tbl
26 26
27CFLAGS.NetBSD+= -DUSE_GETRAWPARTITION 27CFLAGS.NetBSD+= -DUSE_GETRAWPARTITION
28LDFLAGS.NetBSD+= -lutil 28LDFLAGS.NetBSD+= -lutil
29 29
30# avoid picking up a bad ${ARCH} during the build 30# avoid picking up a bad ${ARCH} during the build
31MAKE_ENV+= ARCH="" 31MAKE_ENV+= ARCH=""
32MAKE_ENV+= MAKEPROG="gmake" 32MAKE_ENV+= MAKEPROG="gmake"
33MAKE_ENV+= COPTX=${CFLAGS:Q} 33MAKE_ENV+= COPTX=${CFLAGS:Q}
34MAKE_ENV+= LDOPTX=${LDFLAGS:Q} 34MAKE_ENV+= LDOPTX=${LDFLAGS:Q}
35MAKE_ENV+= INS_BASE=${PREFIX:Q} 35MAKE_ENV+= INS_BASE=${PREFIX:Q}
36MAKE_FLAGS+= GMAKE_NOWARN=true 36MAKE_FLAGS+= GMAKE_NOWARN=true
37# do we want to compile shared libraries? 37# do we want to compile shared libraries?
38# needs changes in the install target and PLIST 38# needs changes in the install target and PLIST
39#MAKE_ENV+= LINKMODE=dynamic 39#MAKE_ENV+= LINKMODE=dynamic
40 40
41# Map PKGSRC_COMPILER to CCOM used by cdrtools build system. 41# Map PKGSRC_COMPILER to CCOM used by cdrtools build system.
42ccmap.gcc= gcc 42ccmap.gcc= gcc
43MAKE_FLAGS+= CCOM=${ccmap.${PKGSRC_COMPILER}:Ucc} 43MAKE_FLAGS+= CCOM=${ccmap.${PKGSRC_COMPILER}:Ucc}
44 44
45# allow us to override the default /etc/default/cdrecord by patching 45# allow us to override the default /etc/default/cdrecord by patching
46# the documentation appropriately. Additionally, we also provide a 46# the documentation appropriately. Additionally, we also provide a
47# MESSAGE stating the reasons we do this, as required by the license. 47# MESSAGE stating the reasons we do this, as required by the license.
48CDRECORD_CONF?= ${PKG_SYSCONFDIR}/cdrecord.conf 48CDRECORD_CONF?= ${PKG_SYSCONFDIR}/cdrecord.conf
49 49
50.if ${CDRECORD_CONF} != "/etc/default/cdrecord" 50.if ${CDRECORD_CONF} != "/etc/default/cdrecord"
51MESSAGE_SRC+= MESSAGE.cdrecord.conf 51MESSAGE_SRC+= MESSAGE.cdrecord.conf
52MESSAGE_SUBST+= PKGNAME_NOREV=${PKGNAME_NOREV:Q} 52MESSAGE_SUBST+= PKGNAME_NOREV=${PKGNAME_NOREV:Q}
53MESSAGE_SUBST+= CDRECORD_CONF=${CDRECORD_CONF:Q} 53MESSAGE_SUBST+= CDRECORD_CONF=${CDRECORD_CONF:Q}
54.endif 54.endif
55 55
56CONF_FILES+= share/examples/cdrtools/cdrecord ${CDRECORD_CONF} 56CONF_FILES+= share/examples/cdrtools/cdrecord ${CDRECORD_CONF}
57 57
58INSTALLATION_DIRS= bin lib/siconv ${PKGMANDIR}/man1 ${PKGMANDIR}/man8 \ 58INSTALLATION_DIRS= bin lib/siconv ${PKGMANDIR}/man1 ${PKGMANDIR}/man8 \
59 share/doc/cdrtools/cdda2wav \ 59 share/doc/cdrtools/cdda2wav \
60 share/doc/cdrtools/cdrecord \ 60 share/doc/cdrtools/cdrecord \
61 share/doc/cdrtools/mkisofs \ 61 share/doc/cdrtools/mkisofs \
62 share/examples/cdrtools 62 share/examples/cdrtools
63 63
64SUBST_CLASSES+= fix 64SUBST_CLASSES+= fix
65SUBST_STAGE.fix= post-patch 65SUBST_STAGE.fix= post-patch
66SUBST_FILES.fix= btcflash/btcflash.1 66SUBST_FILES.fix= btcflash/btcflash.1
67SUBST_FILES.fix+= cdrecord/cdrecord.1 67SUBST_FILES.fix+= cdrecord/cdrecord.1
68SUBST_FILES.fix+= libcdrdeflt/cdrdeflt.c 68SUBST_FILES.fix+= libcdrdeflt/cdrdeflt.c
69SUBST_FILES.fix+= mkisofs/diag/isoinfo.8 69SUBST_FILES.fix+= mkisofs/diag/isoinfo.8
70SUBST_FILES.fix+= readcd/readcd.1 70SUBST_FILES.fix+= readcd/readcd.1
71SUBST_SED.fix= -e "s,/etc/default/cdrecord,${CDRECORD_CONF},g" 71SUBST_SED.fix= -e "s,/etc/default/cdrecord,${CDRECORD_CONF},g"
72SUBST_MESSAGE.fix= Fixing paths. 72SUBST_MESSAGE.fix= Fixing paths.
73 73
74SUBST_CLASSES+= oss 74SUBST_CLASSES+= oss
75SUBST_STAGE.oss= post-patch 75SUBST_STAGE.oss= post-patch
76SUBST_FILES.oss= cdda2wav/local.cnf.in 76SUBST_FILES.oss= cdda2wav/local.cnf.in
77SUBST_SED.oss= -e "s,/dev/dsp,${DEVOSSSOUND},g" 77SUBST_SED.oss= -e "s,/dev/dsp,${DEVOSSSOUND},g"
78SUBST_MESSAGE.oss= Fixing OSS sound device path. 78SUBST_MESSAGE.oss= Fixing OSS sound device path.
79 79
80SUBST_CLASSES+= ins_base 80SUBST_CLASSES+= ins_base
81SUBST_STAGE.ins_base= pre-configure 81SUBST_STAGE.ins_base= pre-configure
82SUBST_FILES.ins_base= DEFAULTS/Defaults.* 82SUBST_FILES.ins_base= DEFAULTS/Defaults.*
83SUBST_SED.ins_base= -e "/^INS_BASE=/d" 83SUBST_SED.ins_base= -e "/^INS_BASE=/d"
84SUBST_MESSAGE.ins_base= Fixing INS_BASE. 84SUBST_MESSAGE.ins_base= Fixing INS_BASE.
85 85
86do-configure: 86do-configure:
87 cd ${WRKSRC}/RULES; \ 87 cd ${WRKSRC}/RULES; \
88 for suffix in netbsd-cc.rul netbsd-gcc.rul; do \ 88 for suffix in netbsd-cc.rul netbsd-gcc.rul; do \
89 if [ ! -f ${MACHINE}-$$suffix ]; then \ 89 if [ ! -f ${MACHINE}-$$suffix ]; then \
90 ln -sf i386-$$suffix ${MACHINE}-$$suffix; \ 90 ln -sf i386-$$suffix ${MACHINE}-$$suffix; \
91 fi; \ 91 fi; \
92 done; \ 92 done; \
93 cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} config 93 cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} config
94 94
95post-build: 95post-build:
96 cd ${WRKSRC}; \ 96 cd ${WRKSRC}; \
97 for manpage in cdda2wav/cdda2wav.1 mkisofs/mkisofs.8; do \ 97 for manpage in cdda2wav/cdda2wav.1 mkisofs/mkisofs.8; do \
98 tbl $${manpage} > $${manpage}.tmp; \ 98 tbl $${manpage} > $${manpage}.tmp; \
99 mv -f $${manpage}.tmp $${manpage}; \ 99 mv -f $${manpage}.tmp $${manpage}; \
100 done 100 done
101 101
102do-install: 102do-install:
103 for program in btcflash cdda2wav cdrecord mkisofs \ 103 for program in btcflash cdda2wav cdrecord mkisofs \
104 readcd scgcheck scgskeleton; do \ 104 readcd scgcheck scgskeleton; do \
105 cd ${WRKSRC}/$${program}; \ 105 cd ${WRKSRC}/$${program}; \
106 ${INSTALL_PROGRAM} OBJ/*/$${program} \ 106 ${INSTALL_PROGRAM} OBJ/*/$${program} \
107 ${DESTDIR}${PREFIX}/bin; \ 107 ${DESTDIR}${PREFIX}/bin; \
108 done 108 done
109 for program in cdda2mp3 cdda2ogg; do \ 109 for program in cdda2mp3 cdda2ogg; do \
110 ${INSTALL_SCRIPT} ${WRKSRC}/cdda2wav/$${program} \ 110 ${INSTALL_SCRIPT} ${WRKSRC}/cdda2wav/$${program} \
111 ${DESTDIR}${PREFIX}/bin; \ 111 ${DESTDIR}${PREFIX}/bin; \
112 ${INSTALL_MAN} ${WRKSRC}/cdda2wav/$${program}.1 \ 112 ${INSTALL_MAN} ${WRKSRC}/cdda2wav/$${program}.1 \
113 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1; \ 113 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1; \
114 done 114 done
115 for program in btcflash cdda2wav cdrecord \ 115 for program in btcflash cdda2wav cdrecord \
116 readcd scgcheck; do \ 116 readcd scgcheck; do \
117 ${INSTALL_MAN} ${WRKSRC}/$${program}/$${program}.1 \ 117 ${INSTALL_MAN} ${WRKSRC}/$${program}/$${program}.1 \
118 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1; \ 118 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1; \
119 done 119 done
120 for program in mkisofs; do \ 120 for program in mkisofs; do \
121 ${INSTALL_MAN} ${WRKSRC}/$${program}/$${program}.8 \ 121 ${INSTALL_MAN} ${WRKSRC}/$${program}/$${program}.8 \
122 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8; \ 122 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8; \
123 done 123 done
124 cd ${WRKSRC}/mkisofs/diag; \ 124 cd ${WRKSRC}/mkisofs/diag; \
125 for f in devdump isodebug isodump isoinfo isovfy; do \ 125 for f in devdump isodebug isodump isoinfo isovfy; do \
126 ${INSTALL_PROGRAM} OBJ/*/$$f ${DESTDIR}${PREFIX}/bin; \ 126 ${INSTALL_PROGRAM} OBJ/*/$$f ${DESTDIR}${PREFIX}/bin; \
127 ${INSTALL_MAN} $$f.8 \ 127 ${INSTALL_MAN} $$f.8 \
128 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/$$f.8; \ 128 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/$$f.8; \
129 done 129 done
130 ${INSTALL_DATA} ${WRKSRC}/libsiconv/tables/[cik]* \ 130 ${INSTALL_DATA} ${WRKSRC}/libsiconv/tables/[cik]* \
131 ${DESTDIR}${PREFIX}/lib/siconv 131 ${DESTDIR}${PREFIX}/lib/siconv
132 ${RM} ${DESTDIR}${PREFIX}/lib/siconv/*mk 132 ${RM} ${DESTDIR}${PREFIX}/lib/siconv/*mk
133 ${INSTALL_DATA} ${WRKSRC}/cdda2wav/README* \ 133 ${INSTALL_DATA} ${WRKSRC}/cdda2wav/README* \
134 ${DESTDIR}${PREFIX}/share/doc/cdrtools/cdda2wav 134 ${DESTDIR}${PREFIX}/share/doc/cdrtools/cdda2wav
135 ${INSTALL_DATA} ${WRKSRC}/cdrecord/README* \ 135 ${INSTALL_DATA} ${WRKSRC}/cdrecord/README* \
136 ${DESTDIR}${PREFIX}/share/doc/cdrtools/cdrecord 136 ${DESTDIR}${PREFIX}/share/doc/cdrtools/cdrecord
137 ${INSTALL_DATA} ${WRKSRC}/mkisofs/README* \ 137 ${INSTALL_DATA} ${WRKSRC}/mkisofs/README* \
138 ${DESTDIR}${PREFIX}/share/doc/cdrtools/mkisofs 138 ${DESTDIR}${PREFIX}/share/doc/cdrtools/mkisofs
139 ${INSTALL_DATA} ${WRKSRC}/cdrecord/cdrecord.dfl \ 139 ${INSTALL_DATA} ${WRKSRC}/cdrecord/cdrecord.dfl \
140 ${DESTDIR}${PREFIX}/share/examples/cdrtools/cdrecord 140 ${DESTDIR}${PREFIX}/share/examples/cdrtools/cdrecord
141 141
142.include "../../mk/oss.buildlink3.mk" 142.include "../../mk/oss.buildlink3.mk"
143.include "../../devel/gettext-lib/buildlink3.mk" 143.include "../../devel/gettext-lib/buildlink3.mk"
144.include "../../mk/bsd.pkg.mk" 144.include "../../mk/bsd.pkg.mk"
cvs diff -r1.72 -r1.73 pkgsrc/sysutils/cdrtools/distinfo (switch to unified diff)

--- pkgsrc/sysutils/cdrtools/distinfo 2013/02/27 08:40:37 1.72
+++ pkgsrc/sysutils/cdrtools/distinfo 2013/04/24 09:40:38 1.73
@@ -1,7 +1,6 @@ @@ -1,7 +1,6 @@
1$NetBSD: distinfo,v 1.72 2013/02/27 08:40:37 wiz Exp $ 1$NetBSD: distinfo,v 1.73 2013/04/24 09:40:38 wiz Exp $
2 2
3SHA1 (cdrtools-3.01a13.tar.bz2) = 0b65c16e0e18f6b16ab2d8daa0b0c39e0c8a2b1d 3SHA1 (cdrtools-3.01a14.tar.bz2) = 6ca420d07e34e2d1546671d1d8e62cec309d01f1
4RMD160 (cdrtools-3.01a13.tar.bz2) = d5a5dfa57a5aa48d1ebc204f6dedba1d0745eab4 4RMD160 (cdrtools-3.01a14.tar.bz2) = b310cc346ff80244c24f974f15446135a20c3e3d
5Size (cdrtools-3.01a13.tar.bz2) = 2053012 bytes 5Size (cdrtools-3.01a14.tar.bz2) = 2055811 bytes
6SHA1 (patch-include_schily_sha2.h) = dab2dd40b20a37f1f2ff8cbd64f8361e800e1753 6SHA1 (patch-include_schily_sha2.h) = dab2dd40b20a37f1f2ff8cbd64f8361e800e1753
7SHA1 (patch-include_schily_stat.h) = cb5a1af437a62413da020e7f5962edc845310907 
File Deleted: pkgsrc/sysutils/cdrtools/patches/Attic/patch-include_schily_stat.h