Hello community, here is the log from the commit of package cdrtools for openSUSE:Factory checked in at 2016-01-11 19:10:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cdrtools (Old) and /work/SRC/openSUSE:Factory/.cdrtools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cdrtools" Changes: -------- --- /work/SRC/openSUSE:Factory/cdrtools/cdrtools.changes 2015-12-27 02:00:13.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.cdrtools.new/cdrtools.changes 2016-01-11 19:10:30.000000000 +0100 @@ -1,0 +2,11 @@ +Thu Dec 31 23:29:41 UTC 2015 - [email protected] + +- Update to new upstream release 3.02~a05 +* mkisofs now tries to be more immune against rotten iso images + when in multi session mode. +* mkisofs no longer tries to access a string past the null byte + when dealing with Joliet. +* mkisofs fixed a bug related to sorting with multi extent files + (greater than 4 GB). + +------------------------------------------------------------------- schily-libs.changes: same change Old: ---- cdrtools-3.02a04.tar.bz2 New: ---- cdrtools-3.02a05.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cdrtools.spec ++++++ --- /var/tmp/diff_new_pack.Kp9z4T/_old 2016-01-11 19:10:32.000000000 +0100 +++ /var/tmp/diff_new_pack.Kp9z4T/_new 2016-01-11 19:10:32.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package cdrtools # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,9 +17,9 @@ Name: cdrtools -Version: 3.02~a04 +Version: 3.02~a05 Release: 0 -%define rver 3.02a04 +%define rver 3.02a05 Summary: Tools for recording CD/DVD/BluRay media License: CDDL-1.0 and GPL-2.0 and GPL-2.0+ and BSD-2-Clause and BSD-3-Clause and HPND and ISC Group: Productivity/Multimedia/CD/Record ++++++ schily-libs.spec ++++++ --- /var/tmp/diff_new_pack.Kp9z4T/_old 2016-01-11 19:10:32.000000000 +0100 +++ /var/tmp/diff_new_pack.Kp9z4T/_new 2016-01-11 19:10:32.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package schily-libs # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,9 +17,9 @@ Name: schily-libs -Version: 3.02~a04 +Version: 3.02~a05 Release: 0 -%define rver 3.02a04 +%define rver 3.02a05 Summary: A collection of libraries to support cdrtools License: CDDL-1.0 and GPL-2.0 and GPL-2.0+ and BSD-2-Clause and BSD-3-Clause and HPND and ISC Group: Development/Libraries/C and C++ ++++++ cdrtools-3.02a04.tar.bz2 -> cdrtools-3.02a05.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/AN-3.02a05 new/cdrtools-3.02/AN-3.02a05 --- old/cdrtools-3.02/AN-3.02a05 1970-01-01 01:00:00.000000000 +0100 +++ new/cdrtools-3.02/AN-3.02a05 2015-12-30 21:03:05.000000000 +0100 @@ -0,0 +1,187 @@ +***************** Important news ****************************** + +For the 'Slottable Source Plugin Module' SSPM Features read README.SSPM + +***************** Please Test ********************************* + +NEW features of cdrtools-3.02a05: + +This is the first localization step for cdrtools. All programs now (hopefully) +call gettext() for all strings that need localization. + +- The next step will include dgettext() calls for the libraries. + +- The following step will include the extracted strings + +- The last step will include German translations and install support + for the resulting binary message object files. + +----------> Please test and report compilation problems! <--------- + +***** NOTE: As mentioned since 2004, frontends to cdrtools should ***** +***** call all programs from cdrtools in the "C" locale ***** +***** by e.g. calling: LC_ALL=C cdrecord .... ***** +***** unless these frontends support localized strings ***** +***** used by the cdrtools with NLS support. ***** + +This version compiles on Win-DOS using the Microsoft compiler cl.exe but +warning: due to missing POSIX compliance with basic features (e.g. stat() +does not return inode numbers), there are many problems with the resulting +code and thus it is recommended to better use a POSIX layer on top of +WIN-DOS. + + *** WARNING *** + *** Need new smake *** + + *** Due to the fact that schily-2014-04-03 introduced to use new macro + *** expansions and a related bug fix in smake, you need a new smake + *** to compile this source. To ensure this, get a recent "schily" + *** tarball from http://sourceforge.net/projects/schilytools/files/ + *** and call: + + cd ./psmake + ./MAKE-all + cd .. + psmake/smake + psmake/smake install + + The new smake version mentioned above is smake-1.2.4. + Note that smake-1.2.5 exists and is preferrable. + + Now you have a new smake that is able to compile this source. + + Note that the major makefile restructuring introduced in + schily-2014-04-03 is now more than one month ago and thus seems + to work without problems. + + WARNING: the new version of the isoinfo program makes use of the + *at() series of functions that have been introduced by Sun + in August 2001 and added to POSIX.1-2008. For older platforms, + libschily now includes emulations for these functions but + these emulations have not yet been tested thoroughly. + Please report problems! + + +All: + +- include/schily/prototyp.h now defines ALERT to abstract from + the K&R C vs. ANSI C and the missing support for \a in K&R C + +Libschily: + +- libschily/getfp.c Try to disable the address sanitizer for getfp() + to avoid unhelpful messages. + Thanks to a hint from Heiko Ei�feldt. + +- libschily/searchinpath.c Avoid a memory leak on platforms that do not + support getexecname() + Thanks to a hint from Heiko Ei�feldt. + +Libcdrdeflt: + +Libdeflt: + +Libedc (Optimized by J�rg Schilling, originated by Heiko Ei�feldt [email protected]): + +Libfile: + +Libfind: + +Libhfs_iso: + +Libmdigest: + +- libmdigest: sha3 entry function names changed to match + other digest functions. + +- libmdigest: the shared library mapfile now includes the sha3 functions + +Libparanoia (Ported/enhanced by J�rg Schilling, originated by Monty [email protected]): + +Libscg: + +Libscgcmd: + +Libsiconv: + +Rscsi: + +Cdrecord: + +Cdda2wav (Maintained/enhanced by J�rg Schilling, originated by Heiko Ei�feldt [email protected]): + +Readcd: + +Scgcheck: + +Scgskeleton: + +Btcflash: + +Mkisofs (Maintained/enhanced by J�rg Schilling since 1997, originated by Eric Youngdale): + +- mkisofs: Avoid coredumps from dereferencing NULL pointers with some + kind of rotten iso images when in multi session mode. + Thanks for Heiko Ei�feldt for reporting this problem based on a test + using "The American fuzzy lop". + +- mkisofs: Avoid coredumps from dereferencing NULL pointers with some + kind of rotten iso images when in multi session mode and other incorrect + length computations. This in special means multi.c + Thanks for Heiko Ei�feldt for reporting and for doing a code review. + +- mkisofs: Avoid to address wrong memory when scanning old ISO images. + Thanks for Heiko Ei�feldt for reporting and for doing a code review. + +- mkisofs/joliet.c: convert_to_unicode() no longer tries to access the + input string past the null byte. + Thanks to a hint from Heiko Ei�feldt. + +- mkisofs/write.c: mkisofs -sort with multi extent files (files > 4 GB) + no longer computes the size of the file twice while computing the + start sectors for files. + Thanks to a report from Arpad Biro <[email protected]> + + + +HELIOS TODO: + + - Add the HELIOS UNICODE mapping code. This needs to be done + at UCS-2 level for Joliet and UDF (instead of UTF-8) and only + for Rock Ridge (in case of a UTF-8 based target locale) using + UTF-8 based translations. + + - Make the Apple extensions work again with "mkisofs -find" + +TODO: + + - read Joliet filenames with multi-session if no TRANS.TBL + or RR is present. I am looking for a volunteer for this task! + + Note that this can never be 100% correct as there is no relation + between the names on the master (UNIX) filesystem, the ISO-9660 + names and the Joliet names. Only the Rock Ridge names are + untranslated with respect to the original files on the + master (UNIX) filesystem. + + - add libecc/edc for CDI and similar. + + +CYGWIN NT-4.0 NOTES: + +To compile on Cygwin32, get Cygwin and install it. +For more information read README.win32 + +The files are located on: + +http://sourceforge.net/projects/cdrtools/files/alpha/ ... + +NOTE: These tar archives are 100% POSIX compatible. GNU tar may get some + minor trouble. If you like a 100% POSIX compliant tar, get star from + http://sourceforge.net/projects/s-tar/files/ of from the schily-* + tarball at: http://sourceforge.net/projects/schilytools/files/ + +WARNING: Do not use 'winzip' to extract the tar file! + Winzip cannot extract symbolic links correctly. + +Joerg diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/cdrecord/version.h new/cdrtools-3.02/cdrecord/version.h --- old/cdrtools-3.02/cdrecord/version.h 2015-12-16 00:10:33.000000000 +0100 +++ new/cdrtools-3.02/cdrecord/version.h 2015-12-31 00:29:31.000000000 +0100 @@ -1,6 +1,6 @@ -/* @(#)version.h 1.90 15/12/16 Copyright 2007-2015 J. Schilling */ +/* @(#)version.h 1.91 15/12/31 Copyright 2007-2015 J. Schilling */ /* * The version for cdrtools programs */ -#define VERSION "3.02a04" +#define VERSION "3.02a05" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/inc/getfp.c new/cdrtools-3.02/inc/getfp.c --- old/cdrtools-3.02/inc/getfp.c 2008-06-14 00:32:03.000000000 +0200 +++ new/cdrtools-3.02/inc/getfp.c 2015-12-23 21:18:33.000000000 +0100 @@ -1,8 +1,8 @@ -/* @(#)getfp.c 1.18 08/06/14 Copyright 1988-2008 J. Schilling */ +/* @(#)getfp.c 1.19 15/12/23 Copyright 1988-2015 J. Schilling */ /* * Get frame pointer * - * Copyright (c) 1988-2008 J. Schilling + * Copyright (c) 1988-2015 J. Schilling */ /* * The contents of this file are subject to the terms of the @@ -11,6 +11,8 @@ * with the License. * * See the file CDDL.Schily.txt in this distribution for details. + * A copy of the CDDL is also available via the Internet at + * http://www.opensource.org/licenses/cddl1.txt * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file CDDL.Schily.txt from this distribution. @@ -50,8 +52,17 @@ # define FP_OFF 0 #endif +#if defined(__clang__) || \ + (defined(__GNUC__) && \ + ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ > 7))) +#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address)) +#else +#define ATTRIBUTE_NO_SANITIZE_ADDRESS +#endif + EXPORT void **___fpoff __PR((char *cp)); +ATTRIBUTE_NO_SANITIZE_ADDRESS EXPORT void ** getfp() { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/include/schily/prototyp.h new/cdrtools-3.02/include/schily/prototyp.h --- old/cdrtools-3.02/include/schily/prototyp.h 2013-10-23 11:36:56.000000000 +0200 +++ new/cdrtools-3.02/include/schily/prototyp.h 2015-12-26 20:32:27.000000000 +0100 @@ -1,8 +1,8 @@ -/* @(#)prototyp.h 1.16 13/10/22 Copyright 1995-2013 J. Schilling */ +/* @(#)prototyp.h 1.17 15/12/26 Copyright 1995-2015 J. Schilling */ /* * Definitions for dealing with ANSI / KR C-Compilers * - * Copyright (c) 1995-2013 J. Schilling + * Copyright (c) 1995-2015 J. Schilling */ /* * The contents of this file are subject to the terms of the @@ -118,6 +118,12 @@ # endif #endif +#ifdef PROTOTYPES +#define ALERT '\a' +#else +#define ALERT '\07' +#endif + #ifdef __cplusplus } #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/include/schily/sha3.h new/cdrtools-3.02/include/schily/sha3.h --- old/cdrtools-3.02/include/schily/sha3.h 2015-11-22 01:18:33.000000000 +0100 +++ new/cdrtools-3.02/include/schily/sha3.h 2015-12-27 16:50:57.000000000 +0100 @@ -1,4 +1,4 @@ -/* @(#)sha3.h 1.3 15/11/22 2015 J. Schilling */ +/* @(#)sha3.h 1.4 15/12/27 2015 J. Schilling */ /* sha3.h */ /* * SHA3 hash code taken from @@ -54,14 +54,14 @@ size_t size)); void rhash_sha3_final __PR((sha3_ctx *ctx, unsigned char *result)); -void SHA3_224_INIT __PR((SHA3_CTX *ctx)); -void SHA3_256_INIT __PR((SHA3_CTX *ctx)); -void SHA3_384_INIT __PR((SHA3_CTX *ctx)); -void SHA3_512_INIT __PR((SHA3_CTX *ctx)); -void SHA3_UPDATE __PR((SHA3_CTX *ctx, +void SHA3_224_Init __PR((SHA3_CTX *ctx)); +void SHA3_256_Init __PR((SHA3_CTX *ctx)); +void SHA3_384_Init __PR((SHA3_CTX *ctx)); +void SHA3_512_Init __PR((SHA3_CTX *ctx)); +void SHA3_Update __PR((SHA3_CTX *ctx, const unsigned char *msg, size_t size)); -void SHA3_FINAL __PR((unsigned char *result, SHA3_CTX *ctx)); +void SHA3_Final __PR((unsigned char *result, SHA3_CTX *ctx)); #ifdef USE_KECCAK #define rhash_keccak_224_init rhash_sha3_224_init diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/libmdigest/libmdigest-mapvers new/cdrtools-3.02/libmdigest/libmdigest-mapvers --- old/cdrtools-3.02/libmdigest/libmdigest-mapvers 2010-10-02 22:09:34.000000000 +0200 +++ new/cdrtools-3.02/libmdigest/libmdigest-mapvers 2015-12-27 16:52:04.000000000 +0100 @@ -1,5 +1,15 @@ # /* %Z%%M% %I% %E% Copyright 2009-2010 J. Schilling */ +SCHILY_1.1 { +global: + SHA3_224_Init; + SHA3_256_Init; + SHA3_384_Init; + SHA3_512_Init; + SHA3_Update; + SHA3_Final; +} SCHILY_1.0; + SCHILY_1.0 { global: MD4Final; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/libmdigest/sha3.c new/cdrtools-3.02/libmdigest/sha3.c --- old/cdrtools-3.02/libmdigest/sha3.c 2015-11-22 12:59:07.000000000 +0100 +++ new/cdrtools-3.02/libmdigest/sha3.c 2015-12-27 16:50:57.000000000 +0100 @@ -1,8 +1,8 @@ -/* @(#)sha3.c 1.3 15/11/22 2015 J. Schilling */ +/* @(#)sha3.c 1.4 15/12/27 2015 J. Schilling */ #include <schily/mconfig.h> #ifndef lint static UConst char sccsid[] = - "@(#)sha3.c 1.3 15/11/22 2015 J. Schilling"; + "@(#)sha3.c 1.4 15/12/27 2015 J. Schilling"; #endif /* * SHA3 hash code taken from @@ -65,51 +65,51 @@ * defined. */ #if defined(HAVE_PRAGMA_WEAK) && defined(HAVE_LINK_WEAK) -#pragma weak SHA3_224_INIT = rhash_sha3_224_init -#pragma weak SHA3_256_INIT = rhash_sha3_256_init -#pragma weak SHA3_384_INIT = rhash_sha3_384_init -#pragma weak SHA3_512_INIT = rhash_sha3_512_init -#pragma weak SHA3_UPDATE = rhash_sha3_update +#pragma weak SHA3_224_Init = rhash_sha3_224_init +#pragma weak SHA3_256_Init = rhash_sha3_256_init +#pragma weak SHA3_384_Init = rhash_sha3_384_init +#pragma weak SHA3_512_Init = rhash_sha3_512_init +#pragma weak SHA3_Update = rhash_sha3_update #else -void SHA3_224_INIT __PR((SHA3_CTX *ctx)); -void SHA3_256_INIT __PR((SHA3_CTX *ctx)); -void SHA3_384_INIT __PR((SHA3_CTX *ctx)); -void SHA3_512_INIT __PR((SHA3_CTX *ctx)); -void SHA3_UPDATE __PR((SHA3_CTX *ctx, +void SHA3_224_Init __PR((SHA3_CTX *ctx)); +void SHA3_256_Init __PR((SHA3_CTX *ctx)); +void SHA3_384_Init __PR((SHA3_CTX *ctx)); +void SHA3_512_Init __PR((SHA3_CTX *ctx)); +void SHA3_Update __PR((SHA3_CTX *ctx, const unsigned char *msg, size_t size)); void -SHA3_224_INIT(ctx) +SHA3_224_Init(ctx) SHA3_CTX *ctx; { rhash_sha3_224_init(ctx); } void -SHA3_256_INIT(ctx) +SHA3_256_Init(ctx) SHA3_CTX *ctx; { rhash_sha3_256_init(ctx); } void -SHA3_384_INIT(ctx) +SHA3_384_Init(ctx) SHA3_CTX *ctx; { rhash_sha3_384_init(ctx); } void -SHA3_512_INIT(ctx) +SHA3_512_Init(ctx) SHA3_CTX *ctx; { rhash_sha3_512_init(ctx); } void -SHA3_UPDATE(ctx, msg, size) +SHA3_Update(ctx, msg, size) SHA3_CTX *ctx; const unsigned char *msg; size_t size; @@ -466,7 +466,7 @@ } void -SHA3_FINAL(result, ctx) +SHA3_Final(result, ctx) UInt8_t *result; SHA3_CTX *ctx; { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/libschily/getfp.c new/cdrtools-3.02/libschily/getfp.c --- old/cdrtools-3.02/libschily/getfp.c 2008-06-14 00:32:03.000000000 +0200 +++ new/cdrtools-3.02/libschily/getfp.c 2015-12-23 21:18:33.000000000 +0100 @@ -1,8 +1,8 @@ -/* @(#)getfp.c 1.18 08/06/14 Copyright 1988-2008 J. Schilling */ +/* @(#)getfp.c 1.19 15/12/23 Copyright 1988-2015 J. Schilling */ /* * Get frame pointer * - * Copyright (c) 1988-2008 J. Schilling + * Copyright (c) 1988-2015 J. Schilling */ /* * The contents of this file are subject to the terms of the @@ -11,6 +11,8 @@ * with the License. * * See the file CDDL.Schily.txt in this distribution for details. + * A copy of the CDDL is also available via the Internet at + * http://www.opensource.org/licenses/cddl1.txt * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file CDDL.Schily.txt from this distribution. @@ -50,8 +52,17 @@ # define FP_OFF 0 #endif +#if defined(__clang__) || \ + (defined(__GNUC__) && \ + ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ > 7))) +#define ATTRIBUTE_NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address)) +#else +#define ATTRIBUTE_NO_SANITIZE_ADDRESS +#endif + EXPORT void **___fpoff __PR((char *cp)); +ATTRIBUTE_NO_SANITIZE_ADDRESS EXPORT void ** getfp() { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/libschily/searchinpath.c new/cdrtools-3.02/libschily/searchinpath.c --- old/cdrtools-3.02/libschily/searchinpath.c 2010-11-18 23:49:52.000000000 +0100 +++ new/cdrtools-3.02/libschily/searchinpath.c 2015-12-30 00:49:25.000000000 +0100 @@ -1,14 +1,14 @@ -/* @(#)searchinpath.c 1.3 10/11/18 Copyright 1999-2010 J. Schilling */ +/* @(#)searchinpath.c 1.4 15/12/29 Copyright 1999-2015 J. Schilling */ #include <schily/mconfig.h> #ifndef lint static UConst char sccsid[] = - "@(#)searchinpath.c 1.3 10/11/18 Copyright 1999-2010 J. Schilling"; + "@(#)searchinpath.c 1.4 15/12/29 Copyright 1999-2015 J. Schilling"; #endif /* * Search a file name in the PATH of the current exeecutable. * Return the path to the file name in allocated space. * - * Copyright (c) 1999-2010 J. Schilling + * Copyright (c) 1999-2015 J. Schilling */ /* * The contents of this file are subject to the terms of the @@ -17,6 +17,8 @@ * with the License. * * See the file CDDL.Schily.txt in this distribution for details. + * A copy of the CDDL is also available via the Internet at + * http://www.opensource.org/licenses/cddl1.txt * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file CDDL.Schily.txt from this distribution. @@ -78,9 +80,16 @@ int oerrno = geterrno(); int err = 0; #ifdef HAVE_GETEXECNAME - char *pn = (char *)getexecname(); + char *pn = (char *)getexecname(); /* pn is on the stack */ #else - char *pn = getexecpath(); + char *pn = getexecpath(); /* pn is from strdup() */ + char ebuf[NAMEMAX]; + + if (pn) { + strlcpy(ebuf, pn, sizeof (ebuf)); + free(pn); + pn = ebuf; + } #endif if (pn == NULL) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/mkisofs/joliet.c new/cdrtools-3.02/mkisofs/joliet.c --- old/cdrtools-3.02/mkisofs/joliet.c 2015-12-15 20:15:56.000000000 +0100 +++ new/cdrtools-3.02/mkisofs/joliet.c 2015-12-30 19:04:32.000000000 +0100 @@ -1,15 +1,15 @@ -/* @(#)joliet.c 1.66 15/12/15 joerg */ +/* @(#)joliet.c 1.68 15/12/30 joerg */ #include <schily/mconfig.h> #ifndef lint static UConst char sccsid[] = - "@(#)joliet.c 1.66 15/12/15 joerg"; + "@(#)joliet.c 1.68 15/12/30 joerg"; #endif /* * File joliet.c - handle Win95/WinNT long file/unicode extensions for iso9660. * * Copyright 1997 Eric Youngdale. * APPLE_HYB James Pearson [email protected] 22/2/2000 - * Copyright (c) 1999-2010 J. Schilling + * Copyright (c) 1999-2015 J. Schilling * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -255,6 +255,7 @@ int j; UInt16_t unichar; unsigned char uc; + int jsize = size; /* * If we get a NULL pointer for the source, it means we have an @@ -277,8 +278,14 @@ * Let all valid unicode characters pass * through (according to charset). Others are set to '_' . */ - uc = tmpbuf[j]; /* temporary copy */ - if (uc != '\0') { /* must be converted */ + if (j < jsize) + uc = tmpbuf[j]; /* temporary copy */ + else + uc = '\0'; + if (uc == '\0') { + jsize = j; + unichar = 0; + } else { /* must be converted */ #ifdef USE_ICONV if (use_iconv(inls)) { Uchar ob[2]; @@ -287,6 +294,12 @@ char *obuf = (char *)ob; size_t osize = 2; + /* + * iconv() from glibc ignores osize and thus + * may try to access more than a single multi + * byte character from the input and read from + * non-existent memory. + */ if (iconv(inls->sic_cd2uni, &inbuf, &isize, &obuf, &osize) == -1) { int err = geterrno(); @@ -332,8 +345,6 @@ } all_chars: ; - } else { - unichar = 0; } buffer[i] = unichar >> 8 & 0xFF; /* final UNICODE */ buffer[i + 1] = unichar & 0xFF; /* conversion */ @@ -379,6 +390,12 @@ char *obuf = (char *)ob; size_t osize = 2; + /* + * iconv() from glibc ignores osize and thus + * may try to access more than a single multi + * byte character from the input and read from + * non-existent memory. + */ if (iconv(inls->sic_cd2uni, &inbuf, &isize, &obuf, &osize) == -1) { int err = geterrno(); @@ -873,13 +890,12 @@ } else { finddir = dpnt->subdir; } - while (1 == 1) { - if (finddir->self == s_entry1) - break; + while (finddir && finddir->self != s_entry1) { finddir = finddir->next; - if (!finddir) { - comerrno(EX_BAD, _("Fatal goof - unable to find directory location\n")); - } + } + if (!finddir) { + comerrno(EX_BAD, + _("Fatal goof - unable to find directory location\n")); } set_733((char *)jrec.extent, finddir->jextent); set_733((char *)jrec.size, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/mkisofs/multi.c new/cdrtools-3.02/mkisofs/multi.c --- old/cdrtools-3.02/mkisofs/multi.c 2015-12-10 21:03:48.000000000 +0100 +++ new/cdrtools-3.02/mkisofs/multi.c 2015-12-29 22:51:22.000000000 +0100 @@ -1,8 +1,8 @@ -/* @(#)multi.c 1.100 15/12/10 joerg */ +/* @(#)multi.c 1.103 15/12/29 joerg */ #include <schily/mconfig.h> #ifndef lint static UConst char sccsid[] = - "@(#)multi.c 1.100 15/12/10 joerg"; + "@(#)multi.c 1.103 15/12/29 joerg"; #endif /* * File multi.c - scan existing iso9660 image and merge into @@ -71,6 +71,9 @@ struct directory_entry *current, struct stat *statbuf, struct stat *lstatbuf)); +LOCAL BOOL valid_iso_directory __PR((struct iso_directory_record *idr, + int idr_off, + size_t space_left)); LOCAL struct directory_entry ** read_merging_directory __PR((struct iso_directory_record *, int *)); LOCAL int free_mdinfo __PR((struct directory_entry **, int len)); @@ -560,6 +563,100 @@ return (same_file); } +LOCAL BOOL +valid_iso_directory(idr, idr_off, space_left) + struct iso_directory_record *idr; + int idr_off; + size_t space_left; +{ + size_t idr_length = idr->length[0] & 0xFF; + size_t idr_ext_length = idr->ext_attr_length[0] & 0xFF; + size_t idr_namelength = idr->name_len[0] & 0xFF; + int namelimit = space_left - + offsetof(struct iso_directory_record, name[0]); + int nlimit = (idr_namelength < namelimit) ? + idr_namelength : namelimit; + + /* + * Check for sane length entries. + */ + if (idr_length > space_left) { + comerrno(EX_BAD, + _("Bad directory length %zu (> %d available) for '%.*s'.\n"), + idr_length, namelimit, nlimit, idr->name); + } + + if (idr_length == 0) { + if ((idr_off % SECTOR_SIZE) != 0) { + /* + * It marks a valid continuation entry. + */ + return (TRUE); + } else { + comerrno(EX_BAD, + _("Zero directory length for '%.*s'.\n"), + nlimit, idr->name); + } + } + if (idr_length <= offsetof(struct iso_directory_record, name[0])) { + comerrno(EX_BAD, _("Bad directory length %zu (< %zu minimum).\n"), + idr_length, 1 + offsetof(struct iso_directory_record, name[0])); + } + if ((idr_length & 1) != 0) { + comerrno(EX_BAD, _("Odd directory length %zu for '%.*s'.\n"), + idr_length, nlimit, idr->name); + } + + if (idr_namelength == 0) { + comerrno(EX_BAD, _("Zero filename length.\n")); + } + + if (!(idr_namelength & 1)) { + /* + * if nam_len[0] is even, there has to be a pad byte at the end + * to make the directory length even + */ + idr_namelength++; + } + if ((offsetof(struct iso_directory_record, name[0]) + + idr_namelength + idr_ext_length) > idr_length) { + int xlimit = idr_length - + offsetof(struct iso_directory_record, name[0]) - + idr_namelength; + + comerrno(EX_BAD, _("Bad extended attribute length %zu (> %d) for '%.*s'.\n"), + idr_ext_length, xlimit, nlimit, idr->name); + } + if ((offsetof(struct iso_directory_record, name[0]) + + idr_namelength) > idr_length) { + int xlimit = idr_length - + offsetof(struct iso_directory_record, name[0]); + + if (nlimit < xlimit) + xlimit = nlimit; + comerrno(EX_BAD, _("Bad filename length %zu (> %d) for '%.*s'.\n"), + idr_namelength, xlimit, xlimit, idr->name); + } + +#ifdef __do_rr_ + /* check for rock ridge extensions */ + + if (no_rr) { + /* + * Rock Ridge extensions are not present or manually disabled. + */ + return (TRUE); + } else { + int rlen = idr_length - + offsetof(struct iso_directory_record, name[0]) - + idr_namelength; + + /* Check for the minimum of Rock Ridge extensions. */ + } +#endif + return (TRUE); +} + LOCAL struct directory_entry ** read_merging_directory(mrootp, nentp) struct iso_directory_record *mrootp; @@ -610,16 +707,14 @@ nent = 0; nmult = 0; mx = 0; - while (i < len) { + while ((i + offsetof(struct iso_directory_record, name[0])) < len) { idr = (struct iso_directory_record *)&dirbuff[i]; - if (idr->length[0] == 0) { - int oi = i; + if (!valid_iso_directory(idr, i, len - i)) + break; + + if (idr->length[0] == 0) { i = ISO_ROUND_UP(i); - if (i == 0 || oi == i) - comerrno(EX_BAD, - _("Zero directory length for '%.*s'.\n"), - idr->name_len[0] & 0xFF, idr->name); continue; } nent++; @@ -649,12 +744,12 @@ seen_rockridge = 0; tt_size = 0; mx = 0; - while (i < len) { + while ((i + offsetof(struct iso_directory_record, name[0])) < len) { idr = (struct iso_directory_record *)&dirbuff[i]; - if ((i + (idr->length[0] & 0xFF)) > len) { - comerrno(EX_BAD, _("Bad directory length for '%.*s'.\n"), - idr->name_len[0] & 0xFF, idr->name); - } + + if (!valid_iso_directory(idr, i, len - i)) + break; + if (idr->length[0] == 0) { i = ISO_ROUND_UP(i); continue; @@ -753,7 +848,7 @@ /* * If the filename len from the old session is more * then 31 chars, there is a high risk of hard violations - * if the ISO9660 standard. + * of the ISO9660 standard. * Run it through our name canonication machine.... */ if (idr->name_len[0] > LEN_ISONAME || check_oldnames) { @@ -814,7 +909,7 @@ /* * Sum up the total file size for the multi extent file */ - while (i2 < len) { + while ((i2 + offsetof(struct iso_directory_record, name[0])) < len) { idr2 = (struct iso_directory_record *)&dirbuff[i2]; if (idr2->length[0] == 0) { i2 = ISO_ROUND_UP(i2); @@ -1552,9 +1647,14 @@ } /* Set the name for this directory. */ - strlcpy(whole_path, parent->de_name, sizeof (whole_path)); - strcat(whole_path, SPATH_SEPARATOR); - strcat(whole_path, dpnt->name); + if (strlcpy(whole_path, parent->de_name, sizeof (whole_path)) >= sizeof (whole_path) || + strlcat(whole_path, SPATH_SEPARATOR, sizeof (whole_path)) >= sizeof (whole_path) || + strlcat(whole_path, dpnt->name, sizeof (whole_path)) >= sizeof (whole_path)) + comerrno(EX_BAD, _("Path name '%s%s%s' exceeds max length %zd\n"), + parent->de_name, + SPATH_SEPARATOR, + dpnt->name, + sizeof (whole_path)); this_dir->de_name = e_strdup(whole_path); this_dir->whole_name = e_strdup(whole_path); @@ -1596,9 +1696,14 @@ /* * Set the whole name for this file. */ - strlcpy(whole_path, this_dir->whole_name, sizeof (whole_path)); - strcat(whole_path, SPATH_SEPARATOR); - strcat(whole_path, contents[i]->name); + if (strlcpy(whole_path, this_dir->whole_name, sizeof (whole_path)) >= sizeof (whole_path) || + strlcat(whole_path, SPATH_SEPARATOR, sizeof (whole_path)) >= sizeof (whole_path) || + strlcat(whole_path, contents[i]->name, sizeof (whole_path)) >= sizeof (whole_path)) + comerrno(EX_BAD, _("Path name '%s%s%s' exceeds max length %zd\n"), + this_dir->whole_name, + SPATH_SEPARATOR, + contents[i]->name, + sizeof (whole_path)); contents[i]->whole_name = e_strdup(whole_path); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/mkisofs/udf.c new/cdrtools-3.02/mkisofs/udf.c --- old/cdrtools-3.02/mkisofs/udf.c 2015-12-15 20:15:57.000000000 +0100 +++ new/cdrtools-3.02/mkisofs/udf.c 2015-12-28 18:49:55.000000000 +0100 @@ -1,8 +1,8 @@ -/* @(#)udf.c 1.44 15/12/15 Copyright 2001-2015 J. Schilling */ +/* @(#)udf.c 1.45 15/12/28 Copyright 2001-2015 J. Schilling */ #include <schily/mconfig.h> #ifndef lint static UConst char sccsid[] = - "@(#)udf.c 1.44 15/12/15 Copyright 2001-2015 J. Schilling"; + "@(#)udf.c 1.45 15/12/28 Copyright 2001-2015 J. Schilling"; #endif /* * udf.c - UDF support for mkisofs @@ -11,20 +11,7 @@ * * Copyright 2001-2015 J. Schilling. */ -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; see the file COPYING. If not, write to the Free Software - * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ +/*@@C@@*/ /* * Some remaining issues: @@ -2431,7 +2418,8 @@ }; static const struct dvd_spec_dir_rec dvd_spec_dirs[] = -{ /* +{ + /* * top-level entries (dvd_spec_dir_rec's) are in sorts order */ { "AUDIO_TS", (DVD_SPEC_AUDIO | DVD_SPEC_HYBRD), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cdrtools-3.02/mkisofs/write.c new/cdrtools-3.02/mkisofs/write.c --- old/cdrtools-3.02/mkisofs/write.c 2015-12-15 20:15:57.000000000 +0100 +++ new/cdrtools-3.02/mkisofs/write.c 2015-12-31 18:08:04.000000000 +0100 @@ -1,8 +1,8 @@ -/* @(#)write.c 1.140 15/12/15 joerg */ +/* @(#)write.c 1.143 15/12/31 joerg */ #include <schily/mconfig.h> #ifndef lint static UConst char sccsid[] = - "@(#)write.c 1.140 15/12/15 joerg"; + "@(#)write.c 1.143 15/12/31 joerg"; #endif /* * Program write.c - dump memory structures to file for iso9660 filesystem. @@ -1021,17 +1021,28 @@ if (s_entry->de_flags & MULTI_EXTENT) { struct directory_entry *s_e; + UInt32_t ext = start_extent; + /* + * For unknown reason, we sometimes get mxroot as + * part of the chain and sometime it's missing. + * Be careful to distinct between the mxroot entry and + * others to select both corectly in a conservative way. + */ s_entry->mxroot->starting_block = start_extent; set_733((char *)s_entry->mxroot->isorec.extent, start_extent); + start_extent += ISO_BLOCKS(s_entry->mxroot->size); + for (s_e = s_entry; s_e && s_e->mxroot == s_entry->mxroot; s_e = s_e->next) { - set_733((char *)s_e->isorec.extent, - start_extent); - s_entry->starting_block = start_extent; - start_extent += ISO_BLOCKS(s_e->size); + if (s_e == s_entry->mxroot) + continue; + + set_733((char *)s_e->isorec.extent, ext); + s_entry->starting_block = ext; + ext += ISO_BLOCKS(s_e->size); } } else { set_733((char *)s_entry->isorec.extent, start_extent); @@ -1181,20 +1192,18 @@ strcmp(s_entry->name, "..") != 0 && s_entry->isorec.flags[0] & ISO_DIRECTORY) { finddir = dpnt->subdir; - while (1 == 1) { - if (finddir->self == s_entry) - break; + while (finddir && finddir->self != s_entry) { finddir = finddir->next; - if (!finddir) { + } + if (!finddir) { #ifdef DVD_AUD_VID - if (title_set_info != 0) { - DVDFreeFileSet(title_set_info); - } -#endif - comerrno(EX_BAD, - _("Fatal goof - could not find dir entry for '%s'\n"), - s_entry->name); + if (title_set_info != 0) { + DVDFreeFileSet(title_set_info); } +#endif + comerrno(EX_BAD, + _("Fatal goof - could not find dir entry for '%s'\n"), + s_entry->name); } set_733((char *)s_entry->isorec.extent, finddir->extent);
