Please have a look at the German open Source Center BerliOS at www.berlios.de BerliOS will continue to support free hosting of cryptography projects even when US laws change and don't allow to host cryptography projects in the USA. Also look at sourcewell.berlios.de, the first Open Source announcement service that itself is implemented as Open Source project. ***************** Important news **************************** For the 'Slottable Source Plugin Module' SSPM Features read README.SSPM ***************** Please Test ********************************* NEW features of cdrtools-3.01a14: This is the first localization step for cdrtools. All programs now (hopefully) call gettext() for all strings that need localization. - The next step will include dgettext() calls for the libraries. - The following step will include the extracted strings - The last step will include German translations and install support for the resulting binary message object files. ----------> Please test and report compilation problems! <--------- ***** NOTE: As mentioned since 2004, frontends to cdrtools should ***** ***** call all programs from cdrtools in the "C" locale ***** ***** by e.g. calling: LC_ALL=C cdrecord .... ***** ***** unless these frontends support localized strings ***** ***** used by the cdrtools with NLS support. ***** This version compiles on Win-DOS using the Microsoft compiler cl.exe but warning: due to missing POSIX compliance with basic features (e.g. stat() does not return inode numbers), there are many problems with the resulting code and thus it is recommended to better use a POSIX layer on top of WIN-DOS. All: - Fixed a typo in include/schily/stat.h related to nanosecond handling for NetBSD and OpenBSD - New autoconf tests for sys/capability.h and cap_*() functions from Linux -lcap WARNING: If you do not see this: checking for cap_get_proc in -lcap... yes checking for cap_get_proc... yes checking for cap_set_proc... yes checking for cap_set_flag... yes checking for cap_clear_flag... yes your Linux installation is insecure in case you ever use the command "setcap" to set up file capabilities for executable commands. Note that cdrtools (as any other command) need to be capabylity aware in order to avoid security leaks with enhanced privileges. In most cases, privileges are only needed for a very limited set of operations. If cdrtools (cdrecord, cdda2wav, readcd) are installed suid-root, the functions to control privileges are in the basic set of supported functions and thus there is no problem for any program to control it's privileges - if they have been obtained via suid root, you are on a secure system. If you are however on an incomplete installation, that supports to raise privileges via fcaps but that does not include developer support for caps, the programs get the privileges without being able to know about the additional privileges and thus keep them because they cannot control them. WARNING: If you are on a Linux system that includes support for fcaps (this is seems to be true for all newer systems with Linux >= 2.6.24) and there is no development support for capabilities in the base system, you are on an inherently insecure system that allows to compile and set up programs with enhanced privileges that cannot control them. In such a case, try to educate the security manager for the related Linux distribution. Note that you may turn your private installation into a secure installation by installing development support for libcap. - The autofconf tests for broken Linux kernel headers now avoid to warn for /usr/src/linux/include if this directory is missing. - include/schily/priv.h now includes sys/capabilitiy.h if available. Libschily: Libparanoia (Ported/enhanced by Jörg Schilling, originated by Monty xiphmont@mit.edu): Libedc (Optimized by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de): Libcdrdeflt: Libdeflt: Libfind: Libfile: Libhfs_iso: Libmdigest: Libsiconv: Libscg: - Trying to support suid-root-less installation of librscg users on Linux. librscg now understands that a non-root program may be able to create sockets for a privileged port. Libscgcmd: Libmdigest: Rscsi: Cdrecord: - Trying to support suid-root-less installation of cdrecord on Linux. NOTE: You need "file caps" support built into your Linux installation. Call: setcap cap_sys_resource,cap_dac_override,cap_sys_admin,cap_sys_nice,cap_net_bind_service,cap_ipc_lock,cap_sys_rawio+ep /opt/schily/bin/cdrecord To set up the capabilities on Linux. Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de): - Trying to support suid-root-less installation of cdda2wav on Linux. NOTE: You need "file caps" support built into your Linux installation. Call: setcap cap_dac_override,cap_sys_admin,cap_sys_nice,cap_net_bind_service,cap_sys_rawio+ep /opt/schily/bin/cdda2wav To set up the capabilities on Linux. Readcd: - Trying to support suid-root-less installation of readcd on Linux. NOTE: You need "file caps" support built into your Linux installation. Call: setcap cap_dac_override,cap_sys_admin,cap_net_bind_service,cap_sys_rawio+ep /opt/schily/bin/readcd To set up the capabilities on Linux. Scgcheck: - Link now against $(LIB_CAP) also as librscg needs it on Linux Scgskeleton: - Link now against $(LIB_CAP) also as librscg needs it on Linux Btcflash: - Link now against $(LIB_CAP) also as librscg needs it on Linux Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale): - -new-dir-mode now just superseeds the effect of -dir-mode on directories that have been "invented" by mkisofs. This is a more intuitive behavior. - Link now against $(LIB_CAP) also as librscg needs it on Linux HELIOS TODO: - Add the HELIOS UNICODE mapping code. This needs to be done at UCS-2 level for Joliet and UDF (instead of UTF-8) and only for Rock Ridge (in case of a UTF-8 based target locale) using UTF-8 based translations. - Make the Apple extensions work again with "mkisofs -find" TODO: - read Joliet filenames with multi-session if no TRANS.TBL or RR is present. I am looking for a volunteer for this task! Note that this can never be 100% correct as there is no relation between the names on the master (UNIX) filesystem, the ISO-9660 names and the Joliet names. Only the Rock Ridge names are untranslated with respect to the original files on the master (UNIX) filesystem. - add libecc/edc for CDI and similar. CYGWIN NT-4.0 NOTES: To compile on Cygwin32, get Cygwin and install it. For more information read README.win32 The files are located on: ftp://ftp.berlios.de/pub/cdrecord/alpha ... NOTE: These tar archives are 100% POSIX compatible. GNU tar may get some minor trouble. If you like a 100% POSIX compliant tar, get star from ftp://ftp.berlios.de/pub/star/ WARNING: Do not use 'winzip' to extract the tar file! Winzip cannot extract symbolic links correctly. Joerg