cdrtools-2.01a18 fixes RSCSI security problem
Sorry for posting this late bu yesterday was a hard day with other
things and the cdrtools update has been made in the rare spare time.
NEW features of cdrtools-2.01a18:
Please have a look at the German open Source Center BerliOS at www.berlios.de
BerliOS will continue to support free hosting of cryptography projects even
when US laws change and don't allow to host cryptography projects in the USA.
Also look at sourcewell.berlios.de, the first Open Source announcement service
that itself is implemented as Open Source project.
***************** Important news ****************************
For the 'Slottable Source Plugin Module' SSPM Features read README.SSPM
***************** Please Test *********************************
NOTICE: for supporting the CW-7501 and for supporting SAO/DAO with the
Sony CDU-920, Sony CDU-924, Sony CDU-948, the driver interface has
been modified. This change did affect more than 3000 lines of code.
The new driver interface again is more simple and more extendable than
the old one, but the change may affect -dummy and -multi writing for
any other drive. Please test if the change did not introduce new bugs.
Also the change on the packet writing structures may affect packet writing.
The changes for the DVD+ drive/media recognition may affect drive or
media type recognition for any other drive.
The changes for DVD+RW & DVD+R media support may cause cdrecod to fail
in other circumstances.
With cdrecord-2.01a13, the track parsing has been completely rearranged
in order to support new features in the future. This causes a high risk
for bugs.
With cdrecord-2.01a14, CUE Sheet handling has been introduced and
1200 lines of new code has been integrated.
Please test.
All:
Libparanoia (Ported by Jörg Schilling, originated by Monty xiphmont@mit.edu):
Libedc (Optimized by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
Libscg:
Rscsi:
- Security update. Forbid to write arbitrary debug files, only allow
a debug file name that has been configured in /etc/default/rscsi.
Writing arbitrary files with a siud root program could be used to become
root on a local machine if you are already logged into that local machine.
Cdrecord:
Cdda2wav (By Heiko Eißfeldt heiko@hexco.de):
Readcd:
Scgcheck:
Mkisofs (By Jörg Schilling and James Pearson j.pearson@ge.ucl.ac.uk):
TODO:
- read Joliet filenames with multi-session if no TRANS.TBL
or RR is present. I am looking for a volouteer for this task!
Note that this can never be 100% correct as there is no relation
between the names on the master (UNIX) filesystem, the ISO-9660
names and the Joliet names. Only the Rock Ridge names are
untranslated with respect to the original files on the
master (UNIX) filesystem.
- add libecc/edc for CDI and similar.
CYGWIN NT-4.0 NOTES:
To compile on Cygwin32, get Cygwin and install it.
For more information read README.win32
The files are located on:
ftp://ftp.berlios.de/pub/cdrecord/alpha ...
NOTE: These tar archives are 100% POSIX compatible. GNU tar may get some
minor trouble. If you like a 100% POSIX compliant tar, get star from
ftp://ftp.berlios.de/pub/star/
WARNING: Do not use 'winzip' to extract the tar file!
Winzip cannot extract symbolic links correctly.
Jörg
--
EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin
js@cs.tu-berlin.de (uni) If you don't have iso-8859-1
schilling@fokus.fraunhofer.de (work) chars I am J"org Schilling
URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
Reply to: