summaryrefslogtreecommitdiff
path: root/sysutils/cdrtools
diff options
context:
space:
mode:
authorwiz <wiz@pkgsrc.org>2013-04-24 09:40:38 +0000
committerwiz <wiz@pkgsrc.org>2013-04-24 09:40:38 +0000
commitba4d68ed4f8caa8272f5f2bd0138ac3ea662261c (patch)
treeea441c711d35fbe4dd53a68eb28a427bd448c7e9 /sysutils/cdrtools
parenta6e81922387ceed941b12a533d527b1c5b8cbb69 (diff)
downloadpkgsrc-ba4d68ed4f8caa8272f5f2bd0138ac3ea662261c.tar.gz
Update to 3.01a14:
All: - Fixed a typo in include/schily/stat.h related to nanosecond handling for NetBSD and OpenBSD - New autoconf tests for sys/capability.h and cap_*() functions from Linux -lcap WARNING: If you do not see this: checking for cap_get_proc in -lcap... yes checking for cap_get_proc... yes checking for cap_set_proc... yes checking for cap_set_flag... yes checking for cap_clear_flag... yes your Linux installation is insecure in case you ever use the command "setcap" to set up file capabilities for executable commands. Note that cdrtools (as any other command) need to be capabylity aware in order to avoid security leaks with enhanced privileges. In most cases, privileges are only needed for a very limited set of operations. If cdrtools (cdrecord, cdda2wav, readcd) are installed suid-root, the functions to control privileges are in the basic set of supported functions and thus there is no problem for any program to control it's privileges - if they have been obtained via suid root, you are on a secure system. If you are however on an incomplete installation, that supports to raise privileges via fcaps but that does not include developer support for caps, the programs get the privileges without being able to know about the additional privileges and thus keep them because they cannot control them. WARNING: If you are on a Linux system that includes support for fcaps (this is seems to be true for all newer systems with Linux >= 2.6.24) and there is no development support for capabilities in the base system, you are on an inherently insecure system that allows to compile and set up programs with enhanced privileges that cannot control them. In such a case, try to educate the security manager for the related Linux distribution. Note that you may turn your private installation into a secure installation by installing development support for libcap. - The autofconf tests for broken Linux kernel headers now avoid to warn for /usr/src/linux/include if this directory is missing. - include/schily/priv.h now includes sys/capabilitiy.h if available. Libscg: - Trying to support suid-root-less installation of librscg users on Linux. librscg now understands that a non-root program may be able to create sockets for a privileged port. Cdrecord: - Trying to support suid-root-less installation of cdrecord on Linux. NOTE: You need "file caps" support built into your Linux installation. Call: setcap cap_sys_resource,cap_dac_override,cap_sys_admin,cap_sys_nice,cap_net_bind_service,cap_ipc_lock,cap_sys_rawio+ep /opt/schily/bin/cdrecord To set up the capabilities on Linux. Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de): - Trying to support suid-root-less installation of cdda2wav on Linux. NOTE: You need "file caps" support built into your Linux installation. Call: setcap cap_dac_override,cap_sys_admin,cap_sys_nice,cap_net_bind_service,cap_sys_rawio+ep /opt/schily/bin/cdda2wav To set up the capabilities on Linux. Readcd: - Trying to support suid-root-less installation of readcd on Linux. NOTE: You need "file caps" support built into your Linux installation. Call: setcap cap_dac_override,cap_sys_admin,cap_net_bind_service,cap_sys_rawio+ep /opt/schily/bin/readcd To set up the capabilities on Linux. Scgcheck: - Link now against $(LIB_CAP) also as librscg needs it on Linux Scgskeleton: - Link now against $(LIB_CAP) also as librscg needs it on Linux Btcflash: - Link now against $(LIB_CAP) also as librscg needs it on Linux Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale): - -new-dir-mode now just superseeds the effect of -dir-mode on directories that have been "invented" by mkisofs. This is a more intuitive behavior. - Link now against $(LIB_CAP) also as librscg needs it on Linux
Diffstat (limited to 'sysutils/cdrtools')
-rw-r--r--sysutils/cdrtools/Makefile4
-rw-r--r--sysutils/cdrtools/distinfo9
-rw-r--r--sysutils/cdrtools/patches/patch-include_schily_stat.h15
3 files changed, 6 insertions, 22 deletions
diff --git a/sysutils/cdrtools/Makefile b/sysutils/cdrtools/Makefile
index 631e10be74a..7b7f84f9642 100644
--- a/sysutils/cdrtools/Makefile
+++ b/sysutils/cdrtools/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.94 2013/02/27 08:40:37 wiz Exp $
+# $NetBSD: Makefile,v 1.95 2013/04/24 09:40:38 wiz Exp $
-DISTNAME= cdrtools-3.01a13
+DISTNAME= cdrtools-3.01a14
PKGNAME= ${DISTNAME:S/a/alpha/:S/-pre/pre/}
CATEGORIES= sysutils
#MASTER_SITES= ftp://ftp.berlios.de/pub/cdrecord/ \
diff --git a/sysutils/cdrtools/distinfo b/sysutils/cdrtools/distinfo
index 11a8ca57b07..57de5842496 100644
--- a/sysutils/cdrtools/distinfo
+++ b/sysutils/cdrtools/distinfo
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.72 2013/02/27 08:40:37 wiz Exp $
+$NetBSD: distinfo,v 1.73 2013/04/24 09:40:38 wiz Exp $
-SHA1 (cdrtools-3.01a13.tar.bz2) = 0b65c16e0e18f6b16ab2d8daa0b0c39e0c8a2b1d
-RMD160 (cdrtools-3.01a13.tar.bz2) = d5a5dfa57a5aa48d1ebc204f6dedba1d0745eab4
-Size (cdrtools-3.01a13.tar.bz2) = 2053012 bytes
+SHA1 (cdrtools-3.01a14.tar.bz2) = 6ca420d07e34e2d1546671d1d8e62cec309d01f1
+RMD160 (cdrtools-3.01a14.tar.bz2) = b310cc346ff80244c24f974f15446135a20c3e3d
+Size (cdrtools-3.01a14.tar.bz2) = 2055811 bytes
SHA1 (patch-include_schily_sha2.h) = dab2dd40b20a37f1f2ff8cbd64f8361e800e1753
-SHA1 (patch-include_schily_stat.h) = cb5a1af437a62413da020e7f5962edc845310907
diff --git a/sysutils/cdrtools/patches/patch-include_schily_stat.h b/sysutils/cdrtools/patches/patch-include_schily_stat.h
deleted file mode 100644
index f893578731d..00000000000
--- a/sysutils/cdrtools/patches/patch-include_schily_stat.h
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-include_schily_stat.h,v 1.1 2013/02/27 08:40:37 wiz Exp $
-
-Fix typo.
-
---- include/schily/stat.h.orig 2013-02-12 19:51:21.000000000 +0000
-+++ include/schily/stat.h
-@@ -290,7 +290,7 @@
-
- #define stat_set_ansecs(s, n) ((s)->st_atimensec = n)
- #define stat_set_mnsecs(s, n) ((s)->st_mtimensec = n)
--#define stat_set_cnsecs(s. n) ((s)->st_ctimensec = n)
-+#define stat_set_cnsecs(s, n) ((s)->st_ctimensec = n)
-
- #define _FOUND_STAT_NSECS_
- #endif