[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

cdrtools-2.01a18 fixes RSCSI security problem

Sorry for posting this late bu yesterday was a hard day with other
things and the cdrtools update has been made in  the rare spare time.

NEW features of cdrtools-2.01a18:

Please have a look at the German open Source Center BerliOS at www.berlios.de
BerliOS will continue to support free hosting of cryptography projects even
when US laws change and don't allow to host cryptography projects in the USA.
Also look at sourcewell.berlios.de, the first Open Source announcement service
that itself is implemented as Open Source project.

***************** Important news ****************************

For the 'Slottable Source Plugin Module' SSPM Features read README.SSPM

***************** Please Test *********************************

NOTICE: for supporting the CW-7501 and for supporting SAO/DAO with the
	Sony CDU-920, Sony CDU-924, Sony CDU-948, the driver interface has
	been modified.  This change did affect more than 3000 lines of code.
	The new driver interface again is more simple and more extendable than
	the old one, but the change may affect -dummy and -multi writing for
	any other drive. Please test if the change did not introduce new bugs.

	Also the change on the packet writing structures may affect packet writing.

	The changes for the DVD+ drive/media recognition may affect drive or
	media type recognition for any other drive.

	The changes for DVD+RW & DVD+R media support may cause cdrecod to fail 
	in other circumstances.

	With cdrecord-2.01a13, the track parsing has been completely rearranged
	in order to support new features in the future. This causes a high risk
	for bugs.

	With cdrecord-2.01a14, CUE Sheet handling has been introduced and
	1200 lines of new code has been integrated.

	Please test.


Libparanoia (Ported by Jörg Schilling, originated by Monty xiphmont@mit.edu):

Libedc (Optimized by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):



-	Security update. Forbid to write arbitrary debug files, only allow
	a debug file name that has been configured in /etc/default/rscsi.
	Writing arbitrary files with a siud root program could be used to become
	root on a local machine if you are already logged into that local machine.


Cdda2wav (By Heiko Eißfeldt heiko@hexco.de):



Mkisofs (By Jörg Schilling and James Pearson j.pearson@ge.ucl.ac.uk):

	-	read Joliet filenames with multi-session if no TRANS.TBL
		or RR is present. I am looking for a volouteer for this task!

		Note that this can never be 100% correct as there is no relation
		between the names on the master (UNIX) filesystem, the ISO-9660
		names and the Joliet names. Only the Rock Ridge names are
		untranslated with respect to the original files on the
		master (UNIX) filesystem.

	-	add libecc/edc for CDI and similar.


To compile on Cygwin32, get Cygwin and install it.
For more information read README.win32

The files are located on:

ftp://ftp.berlios.de/pub/cdrecord/alpha ...

NOTE:	These tar archives are 100% POSIX compatible. GNU tar may get some
	minor trouble. If you like a 100% POSIX compliant tar, get star from

WARNING: Do not use 'winzip' to extract the tar file!
	Winzip cannot extract symbolic links correctly.


 EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
       js@cs.tu-berlin.de		(uni)  If you don't have iso-8859-1
       schilling@fokus.fraunhofer.de	(work) chars I am J"org Schilling
 URL:  http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily

Reply to: