diff --git a/ChangeLog b/ChangeLog index 5e66cb6..3d4e2a2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,20 @@ -2016-04-25 Brian Cox +2016-07-25 Brian Cox * Bump version to 2.4.3.2 + * DOS/DJGPP platform support. * Use posix_fadvise() to reduce disk cache impact (where available). - + * Use O_NOATIME where available, so scans don't update file access times. + * Optional HASH_DIRECT_IO (Linux only) to access files via direct i/o when hashing, per user request. + * Optional support for iconv character conversion, for db/report file portability. + * Improved display of multibyte characters in reports. + * On OSX, use builtin CommonCrypto hashes instead of impls provided with OST. + * Update build system to automake 1.15 + * Cross compiling can use OpenSSL now. + * 'make dist' now creates a buildable source bundle. + * Can use build dir outside of source tree + * Include 'what'-style version strings. + * AROS: Correctly hide passphrases & delete temp files. + * Remove dead code & unused files. + 2016-04-20 Brian Cox * Bump version to 2.4.3.1 * Revive old 'twtest' unit test suite (such as it is); move _t.cpp files into twtest dir. diff --git a/ReadMe-2.4.3 b/ReadMe-2.4.3 index 6db0662..411223d 100644 --- a/ReadMe-2.4.3 +++ b/ReadMe-2.4.3 @@ -1,4 +1,18 @@ -What's new in Open Source Tripwire 2.4.3: +What's new in Open Source Tripwire 2.4.3.2: + +* OST now includes optional iconv support when configured with --enable-iconv. +When enabled, binary database & report files store paths as UTF-16, making these files more +portable across machines with different character encodings. This is disabled by default +for the sake of compatibility with existing db & report files. + +* Use posix_fadvise (or equivalent) to avoid filling system disk cache with files we've already +read and aren't about to read again. Also use O_NOATIME where available, to avoid updating +file access times when we read a file. Optional new config param "HASH_DIRECT_IO" to use +direct i/o when hashing files. This doesn't seem to be any faster than normal i/o, but +including it anyway due to user request. + + +What was new in earlier 2.4.3 versions: * This update fixes compilation errors on modern compilers (GCC 4.7+ and LLVM/clang), as well as some additional errors encountered on various platforms. This is intended @@ -28,6 +42,7 @@ defined incorrectly otherwise. * Added the long-requested MAILFROMADDRESS config param for email reporting. + The update has been tested on a variety of platforms: Linuxes @@ -69,26 +84,25 @@ Other - Sortix 1.0 + gcc 5.3.0 - Icaros 2.1 (AROS) + gcc 4.6.4 - MiNT 1.17 (Atari ST/TT) + gcc 4.6.4 +- FreeDOS 1.1 + gcc 6.1.0 (DJGPP) Building Notes: -* If cross compiling, a '--disable-openssl' argument must be passed to ./configure, -since its OpenSSL existence check currently uses an AC_TRY_RUN macro. Additionally, -generated Makefiles don't automagically find the cross-compiler's 'ar' and try to -use the local one, which fails. Until this is resolved, this can be fixed with a symlink -named 'ar' pointing at the cross-compiler copy, with a path such that make finds it -instead of the local 'ar'. - * The '--enable-static' configure argument is not guaranteed to work on all -platforms, and your mileage may vary. And when it works, it may not be doing -what you expect. For example, even if a program is statically linked with -glibc, the static glibc code may still load shared libraries behind the -scenes, for things like iconv character conversion and nsswitch name lookups. +platforms (it's known not to work on MacOS, for instance) and your mileage may vary. +And when it works, it may not be doing what you expect. For example, even if +a program is statically linked with glibc, the static glibc code may still load +shared libraries behind the scenes, for things like iconv character conversion +and nsswitch name lookups. -* To create PIE (Position-Independent Executable) binaries, add “-fPIE" to CFLAGS -and "-fPIE -pie" to LDFLAGS. This is required by recent Android versions, and -may be desirable elsewhere. It's simplest to add these to configure.in and run -autoreconf -i instead of hand-editing each Makefile individually. +* The build system currently doesn't autodetect clang at configure time +(though it detects llvm-gcc). To use clang, you'll need to set CC and CXX to +point at clang and clang++ before configuring & building. + +* The default compile flags don't include hardening options such as creating +PIE (Position-Independent Executable) binaries. To set these, you'll want to +set CFLAGS/CXXFLAGS/LDFLAGS by hand before running 'configure', or use a tool +such as dpkg-buildflags to set them to recommended values. * Older versions of Open Source Tripwire reportedly do not build on Tru64 UNIX. This is likely to be true with 2.4.3 as well, due to the lack of appropriate