summaryrefslogtreecommitdiff
path: root/doc/find-maint.info
diff options
context:
space:
mode:
Diffstat (limited to 'doc/find-maint.info')
-rw-r--r--doc/find-maint.info1585
1 files changed, 1585 insertions, 0 deletions
diff --git a/doc/find-maint.info b/doc/find-maint.info
new file mode 100644
index 0000000..2052013
--- /dev/null
+++ b/doc/find-maint.info
@@ -0,0 +1,1585 @@
+This is find-maint.info, produced by makeinfo version 5.2 from
+find-maint.texi.
+
+This manual explains how GNU findutils is maintained, how changes should
+be made and tested, and what resources exist to help developers.
+
+ This is edition 4.6.0, for findutils version 4.6.0.
+
+ Copyright (C) 2007, 2008, 2010-2015 Free Software Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.3 or
+any later version published by the Free Software Foundation; with no
+Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
+copy of the license is included in the section entitled "GNU Free
+Documentation License".
+INFO-DIR-SECTION GNU organization
+START-INFO-DIR-ENTRY
+* Maintaining Findutils: (find-maint). Maintaining GNU findutils
+END-INFO-DIR-ENTRY
+
+
+File: find-maint.info, Node: Top, Next: Introduction, Prev: (dir), Up: (dir)
+
+Maintaining GNU Findutils
+*************************
+
+This manual explains how GNU findutils is maintained, how changes should
+be made and tested, and what resources exist to help developers.
+
+ This is edition 4.6.0, for findutils version 4.6.0.
+
+ Copyright (C) 2007, 2008, 2010-2015 Free Software Foundation, Inc.
+
+ Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.3 or
+any later version published by the Free Software Foundation; with no
+Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
+copy of the license is included in the section entitled "GNU Free
+Documentation License".
+
+* Menu:
+
+* Introduction::
+* Maintaining GNU Programs::
+* Design Issues::
+* Coding Conventions::
+* Tools::
+* Using the GNU Portability Library::
+* Documentation::
+* Testing::
+* Bugs::
+* Distributions::
+* Internationalisation::
+* Security::
+* Making Releases::
+* GNU Free Documentation License::
+
+
+File: find-maint.info, Node: Introduction, Next: Maintaining GNU Programs, Up: Top
+
+1 Introduction
+**************
+
+This document explains how to contribute to and maintain GNU Findutils.
+It concentrates on developer-specific issues. For information about how
+to use the software please refer to *Note Introduction:
+(find)Introduction.
+
+ This manual aims to be useful without necessarily being verbose.
+It's also a recent document, so there will be a many areas in which
+improvements can be made. If you find that the document misses out
+important information or any part of the document is be so terse as to
+be unuseful, please ask for help on the <bug-findutils@gnu.org> mailing
+list. We'll try to improve this document too.
+
+
+File: find-maint.info, Node: Maintaining GNU Programs, Next: Design Issues, Prev: Introduction, Up: Top
+
+2 Maintaining GNU Programs
+**************************
+
+GNU Findutils is part of the GNU Project and so there are a number of
+documents which set out standards for the maintenance of GNU software.
+
+'standards.texi'
+ GNU Project Coding Standards. All changes to findutils should
+ comply with these standards. In some areas we go somewhat beyond
+ the requirements of the standards, but these cases are explained in
+ this manual.
+'maintain.texi'
+ Information for Maintainers of GNU Software. This document
+ provides guidance for GNU maintainers. Everybody with commit
+ access should read this document. Everybody else is welcome to do
+ so too, of course.
+
+
+File: find-maint.info, Node: Design Issues, Next: Coding Conventions, Prev: Maintaining GNU Programs, Up: Top
+
+3 Design Issues
+***************
+
+The findutils package is installed on many many systems, usually as a
+fundamental component. The programs in the package are often used in
+order to successfully boot or fix the system.
+
+ This fact means that for findutils we bear in mind considerations
+that may not apply so much as for other packages. For example, the fact
+that findutils is often a base component motivates us to
+ * Limit dependencies on libraries
+ * Avoid dependencies on other large packages (for example,
+ interpreters)
+ * Be conservative when making changes to the 'stable' release branch
+
+ All those considerations come before functionality. Functional
+enhancements are still made to findutils, but these are almost
+exclusively introduced in the 'development' release branch, to allow
+extensive testing and proving.
+
+ Sometimes it is useful to have a priority list to provide guidance
+when making design trade-offs. For findutils, that priority list is:
+
+ 1. Correctness
+ 2. Standards compliance
+ 3. Security
+ 4. Backward compatibility
+ 5. Performance
+ 6. Functionality
+
+ For example, we support the '-exec' action because POSIX compliance
+requires this, even though there are security problems with it and we
+would otherwise prefer people to use '-execdir'. There are also cases
+where some performance is sacrificed in the name of security. For
+example, the sanity checks that 'find' performs while traversing a
+directory tree may slow it down. We adopt functional changes, and
+functional changes are allowed to make 'find' slower, but only if there
+is no detectable impact on users who don't use the feature.
+
+ Backward-incompatible changes do get made in order to comply with
+standards (for example the behaviour of '-perm -...' changed in order to
+comply with POSIX). However, they don't get made in order to provide
+better ease of use; for example the semantics of '-size -2G' are almost
+always unexpected by users, but we retain the current behaviour because
+of backward compatibility and for its similarity to the block-rounding
+behaviour of '-size -30'. We might introduce a change which does not
+have the unfortunate rounding behaviour, but we would choose another
+syntax (for example '-size '<2G'') for this.
+
+ In a general sense, we try to do test-driven development of the
+findutils code; that is, we try to implement test cases for new features
+and bug fixes before modifying the code to make the test pass. Some
+features of the code are tested well, but the test coverage for other
+features is less good. If you are about to modify the code for a
+predicate and aren't sure about the test coverage, use 'grep' on the
+test directories and measure the coverage with 'lcov' or another test
+coverage tool.
+
+ You should be able to use the 'coverage' Makefile target (it's
+defined in 'maint.mk' to generate a test coverage report for findutils.
+Due to limitations in 'lcov', this only works if your build directory is
+the same asthe source directory (that is, you're not using a VPATH build
+configuration).
+
+ Lastly, we try not to depend on having a "working system". The
+findutils suite is used for diagnosis of problems, and this applies
+especially to 'find'. We should ensure that 'find' still works on
+relatively broken systems, for example systems with damaged
+'/etc/passwd' or '/etc/fstab' files. Another interesting example is the
+case where a system is a client of one or more unresponsive NFS servers.
+On such a system, if you try to stat all mount points, your program will
+hang indefinitely, waiting for the remote NFS server to respond.
+
+ Another interesting but unusual case is broken NFS servers and
+corrupt filesystems; sometimes they return 'impossible' file modes.
+It's important that find does not entirely fail when encountering such a
+file.
+
+
+File: find-maint.info, Node: Coding Conventions, Next: Tools, Prev: Design Issues, Up: Top
+
+4 Coding Conventions
+********************
+
+Coding style documents which set out to establish a uniform look and
+feel to source code have worthy goals, for example greater ease of
+maintenance and readability. However, I do not believe that in general
+coding style guide authors can envisage every situation, and it is
+always possible that it might on occasion be necessary to break the
+letter of the style guide in order to honour its spirit, or to better
+achieve the style guide's goals.
+
+ I've certainly seen many style guides outside the free software world
+which make bald statements such as "functions shall have exactly one
+return statement". The desire to ensure consistency and obviousness of
+control flow is laudable, but it is all too common for such bald
+requirements to be followed unthinkingly. Certainly I've seen such
+coding standards result in unmaintainable code with terrible
+infelicities such as functions containing 'if' statements nested nine
+levels deep. I suppose such coding standards don't survive in free
+software projects because they tend to drive away potential contributors
+or tend to generate heated discussions on mailing lists. Equally, a
+nine-level-deep function in a free software program would quickly get
+refactored, assuming it is obvious what the function is supposed to
+do...
+
+ Be that as it may, the approach I will take for this document is to
+explain some idioms and practices in use in the findutils source code,
+and leave it up to the reader's engineering judgement to decide which
+considerations apply to the code they are working on, and whether or not
+there is sufficient reason to ignore the guidance in current
+circumstances.
+
+* Menu:
+
+* Make the Compiler Find the Bugs::
+* Factor Out Repeated Code::
+* Debugging is For Users Too::
+* Don't Trust the File System Contents::
+* The File System Is Being Modified::
+
+
+File: find-maint.info, Node: Make the Compiler Find the Bugs, Next: Factor Out Repeated Code, Up: Coding Conventions
+
+4.1 Make the Compiler Find the Bugs
+===================================
+
+Finding bugs is tedious. If I have a filesystem containing two million
+files, and a find command line should print one million of them, but in
+fact it misses out 1%, you can tell the program is printing the wrong
+result only if you know the right answer for that filesystem at that
+time. If you don't know this, you may just not find out about that bug.
+For this reason it is important to have a comprehensive test suite.
+
+ The test suite is of course not the only way to find the bugs. The
+findutils source code makes liberal use of the assert macro. While on
+the one hand these might be a performance drain, the performance impact
+of most of these is negligible compared to the time taken to fetch even
+one sector from a disk drive.
+
+ Assertions should not be used to check the results of operations
+which may be affected by the program's external environment. For
+example, never assert that a file could be opened successfully. Errors
+relating to problems with the program's execution environment should be
+diagnosed with a user-oriented error message. An assertion failure
+should always denote a bug in the program.
+
+ Don't use 'assert' to catch not-fuly-implemented features of your
+code. Finish the implementation, disable the code, or leave the
+unfinished version on a local branch.
+
+ Several programs in the findutils suite perform self-checks. See for
+example the function 'pred_sanity_check' in 'find/pred.c'. This is
+generally desirable.
+
+ There are also a number of small ways in which we can help the
+compiler to find the bugs for us.
+
+4.1.1 Constants in Equality Testing
+-----------------------------------
+
+It's a common error to write '=' when '==' is meant. Sometimes this
+happens in new code and is simply due to finger trouble. Sometimes it
+is the result of the inadvertent deletion of a character. In any case,
+there is a subset of cases where we can persuade the compiler to
+generate an error message when we make this mistake; this is where the
+equality test is with a constant.
+
+ This is an example of a vulnerable piece of code.
+
+ if (x == 2)
+ ...
+
+ A simple typo converts the above into
+
+ if (x = 2)
+ ...
+
+ We've introduced a bug; the condition is always true, and the value
+of 'x' has been changed. However, a simple change to our practice would
+have made us immune to this problem:
+
+ if (2 == x)
+ ...
+
+ Usually, the Emacs keystroke 'M-t' can be used to swap the operands.
+
+4.1.2 Spelling of ASCII NUL
+---------------------------
+
+Strings in C are just sequences of characters terminated by a NUL. The
+ASCII NUL character has the numerical value zero. It is normally
+represented in C code as '\0'. Here is a typical piece of C code:
+
+ *p = '\0';
+
+ Consider what happens if there is an unfortunate typo:
+
+ *p = '0';
+
+ We have changed the meaning of our program and the compiler cannot
+diagnose this as an error. Our string is no longer terminated. Bad
+things will probably happen. It would be better if the compiler could
+help us diagnose this problem.
+
+ In C, the type of ''\0'' is in fact int, not char. This provides us
+with a simple way to avoid this error. The constant '0' has the same
+value and type as the constant ''\0''. However, it is not as vulnerable
+to typos. For this reason I normally prefer to use this code:
+
+ *p = 0;
+
+
+File: find-maint.info, Node: Factor Out Repeated Code, Next: Debugging is For Users Too, Prev: Make the Compiler Find the Bugs, Up: Coding Conventions
+
+4.2 Factor Out Repeated Code
+============================
+
+Repeated code imposes a greater maintenance burden and increases the
+exposure to bugs. For example, if you discover that something you want
+to implement has some similarity with an existing piece of code, don't
+cut and paste it. Instead, factor the code out. The risk of cutting
+and pasting the code, particularly if you do this several times, is that
+you end up with several copies of the same code.
+
+ If the original code had a bug, you now have N places where this
+needs to be fixed. It's all to easy to miss some out when trying to fix
+the bug. Equally, it's quite possible that when pasting the code into
+some function, the pasted code was not quite adapted correctly to its
+new environment. To pick a contrived example, perhaps it modifies a
+global variable which it that code shouldn't be touching in its new
+home. Worse, perhaps it makes some unstated assumption about the nature
+of the input arguments which is in fact not true for the context of the
+now duplicated code.
+
+ A good example of the use of refactoring in findutils is the
+'collect_arg' function in 'find/parser.c'. A less clear-cut but larger
+example is the factoring out of code which would otherwise have been
+duplicated between 'find/oldfind.c' and 'find/ftsfind.c'.
+
+ The findutils test suite is comprehensive enough that refactoring
+code should not generally be a daunting prospect from a testing point of
+view. Nevertheless there are some areas which are only lightly-tested:
+
+ 1. Tests on the ages of files
+ 2. Code which deals with the values returned by operating system calls
+ (for example handling of ENOENT)
+ 3. Code dealing with OS limits (for example, limits on path length or
+ exec arguments)
+ 4. Code relating to features not all systems have (for example Solaris
+ Doors)
+
+ Please exercise caution when working in those areas.
+
+
+File: find-maint.info, Node: Debugging is For Users Too, Next: Don't Trust the File System Contents, Prev: Factor Out Repeated Code, Up: Coding Conventions
+
+4.3 Debugging is For Users Too
+==============================
+
+Debug and diagnostic code is often used to verify that a program is
+working in the way its author thinks it should be. But users are often
+uncertain about what a program is doing, too. Exposing them a little
+more diagnostic information can help. Much of the diagnostic code in
+'find', for example, is controlled by the '-D' flag, as opposed to C
+preprocessor directives.
+
+ Making diagnostic messages available to users also means that the
+phrasing of the diagnostic messages becomes important, too.
+
+
+File: find-maint.info, Node: Don't Trust the File System Contents, Next: The File System Is Being Modified, Prev: Debugging is For Users Too, Up: Coding Conventions
+
+4.4 Don't Trust the File System Contents
+========================================
+
+People use 'find' to search in directories created by other people.
+Sometimes they do this to check to suspicious activity (for example to
+look for new setuid binaries). This means that it would be bad if
+'find' were vulnerable to, say, a security problem exploitable by
+constructing a specially-crafted filename. The same consideration would
+apply to 'locate' and 'updatedb'.
+
+ Henry Spencer said this well in his fifth commandment:
+ Thou shalt check the array bounds of all strings (indeed, all
+ arrays), for surely where thou typest 'foo' someone someday shall
+ type 'supercalifragilisticexpialidocious'.
+
+ Symbolic links can often be a problem. If 'find' calls 'lstat' on
+something and discovers that it is a directory, it's normal for 'find'
+to recurse into it. Even if the 'chdir' system call is used
+immediately, there is still a window of opportunity between the 'lstat'
+and the 'chdir' in which a malicious person could rename the directory
+and substitute a symbolic link to some other directory.
+
+
+File: find-maint.info, Node: The File System Is Being Modified, Prev: Don't Trust the File System Contents, Up: Coding Conventions
+
+4.5 The File System Is Being Modified
+=====================================
+
+The filesystem gets modified while you are traversing it. For, example,
+it's normal for files to get deleted while 'find' is traversing a
+directory. Issuing an error message seems helpful when a file is
+deleted from the one directory you are interested in, but if 'find' is
+searching 15000 directories, such a message becomes less helpful.
+
+ Bear in mind also that it is possible for the directory 'find' is
+currently searching could be moved to another point in the filesystem,
+and that the directory in which 'find' was started could be deleted.
+
+ Henry Spencer's sixth commandment is also apposite here:
+ If a function be advertised to return an error code in the event of
+ difficulties, thou shalt check for that code, yea, even though the
+ checks triple the size of thy code and produce aches in thy typing
+ fingers, for if thou thinkest "it cannot happen to me", the gods
+ shall surely punish thee for thy arrogance.
+
+ There are a lot of files out there. They come in all dates and
+sizes. There is a condition out there in the real world to exercise
+every bit of the code base. So we try to test that code base before
+someone falls over a bug.
+
+
+File: find-maint.info, Node: Tools, Next: Using the GNU Portability Library, Prev: Coding Conventions, Up: Top
+
+5 Tools
+*******
+
+Most of the tools required to build findutils are mentioned in the file
+'README-hacking'. We also use some other tools:
+
+System call traces
+ Much of the execution time of find is spent waiting for filesystem
+ operations. A system call trace (for example, that provided by
+ 'strace') shows what system calls are being made. Using this
+ information we can work to remove unnecessary file system
+ operations.
+
+Valgrind
+ Valgrind is a tool which dynamically verifies the memory accesses a
+ program makes to ensure that they are valid (for example, that the
+ behaviour of the program does not in any way depend on the contents
+ of uninitialized memory).
+
+DejaGnu
+ DejaGnu is the test framework used to run the findutils test suite
+ (the 'runtest' program is part of DejaGnu). It would be ideal if
+ everybody building 'findutils' also ran the test suite, but many
+ people don't have DejaGnu installed. When changes are made to
+ findutils, DejaGnu is invoked a lot. *Note Testing::, for more
+ information.
+
+
+File: find-maint.info, Node: Using the GNU Portability Library, Next: Documentation, Prev: Tools, Up: Top
+
+6 Using the GNU Portability Library
+***********************************
+
+The Gnulib library (<http://www.gnu.org/software/gnulib/>) makes a
+variety of systems look more like a GNU/Linux system and also applies a
+bunch of automatic bug fixes and workarounds. Some of these also apply
+to GNU/Linux systems too. For example, the Gnulib regex implementation
+is used when we determine that we are building on a GNU libc system with
+a bug in the regex implementation.
+
+6.1 How and Why we Import the Gnulib Code
+=========================================
+
+Gnulib does not have a release process which results in a source tarball
+you can download. Instead, the code is simply made available by GIT, so
+we import gnulib via the submodule feature. The bootstrap script
+performs the necessary steps.
+
+ Findutils does not use all the Gnulib code. The modules we need are
+listed in the file 'bootstrap.conf'.
+
+ The upshot of all this is that we can use the findutils git
+repository to track which version of Gnulib every findutils release
+uses.
+
+ A small number of files are installed by automake and will therefore
+vary according to which version of automake was used to generate a
+release. This includes for example boiler-plate GNU files such as
+'ABOUT-NLS', 'INSTALL' and 'COPYING'.
+
+6.2 How We Fix Gnulib Bugs
+==========================
+
+Gnulib is used by quite a number of GNU projects, and this means that it
+gets plenty of testing. Therefore there are relatively few bugs in the
+Gnulib code, but it does happen from time to time.
+
+ However, since there is no waiting around for a Gnulib source release
+tarball, Gnulib bugs are generally fixed quickly. Here is an outline of
+the way we would contribute a fix to Gnulib (assuming you know it is not
+already fixed in the current Gnulib git tree):
+
+Check you already completed a copyright assignment for Gnulib
+Begin with a vanilla git tree
+ Download the Findutils source code from git (or use the tree you
+ have already)
+Run the bootstrap script
+Run configure
+Build findutils
+ Build findutils and run the test suite, which should pass. In our
+ example we assume you have just noticed a bug in Gnulib, not that
+ recent Gnulib changes broke the findutils regression tests.
+Write a test case
+ If in fact Gnulib did break the findutils regression tests, you can
+ probably skip this step, since you already have a test case
+ demonstrating the problem. Otherwise, write a findutils test case
+ for the bug and/or a Gnulib test case.
+Fix the Gnulib bug
+ Make sure your editor follows symbolic links so that your changes
+ to 'gnulib/...' actually affect the files in the git working
+ directory you checked out earlier. Observe that your test now
+ passes.
+Prepare a Gnulib patch
+ In the gnulib subdirectory, use 'git format-patch' to prepare the
+ patch. Follow the normal usage for checkin comments (take a look
+ at the output of 'git log'). Check that the patch conforms with
+ the GNU coding standards, and email it to the Gnulib mailing list.
+Wait for the patch to be applied
+ Once your bug fix has been applied, you can update your gnulib
+ directory from git, and then check in the change to the submodule
+ as normal (you can check 'git help submodule' for details).
+
+ There is an alternative to the method above; it is possible to store
+local diffs to be patched into gnulib beneath the 'gnulib-local'.
+Normally however, there is no need for this, since gnulib updates are
+very prompt.
+
+
+File: find-maint.info, Node: Documentation, Next: Testing, Prev: Using the GNU Portability Library, Up: Top
+
+7 Documentation
+***************
+
+The findutils git tree includes several different types of
+documentation.
+
+7.1 git change log
+==================
+
+The git change log for the source tree contains check-in messages which
+describe each check-in. These have a standard format:
+
+ Summary of the change.
+
+ (ChangeLog-style detail)
+
+ Here, the format of the detail part follows the standard GNU
+ChangeLog style, but without whitespace in the left margin and without
+author/date headers. Take a look at the output of 'git log' to see some
+examples. The README-hacking file also contains an example with an
+explanation.
+
+7.2 User Documentation
+======================
+
+User-oriented documentation is provided as manual pages and in Texinfo.
+See *note Introduction: (find)Introduction.
+
+ Please make sure both sets of documentation are updated if you make a
+change to the code. The GNU coding standards do not normally call for
+maintaining manual pages on the grounds of effort duplication. However,
+the manual page format is more convenient for quick reference, and so
+it's worth maintaining both types of documentation. However, the manual
+pages are normally rather more terse than the Texinfo documentation.
+The manual pages are suitable for reference use, but the Texinfo manual
+should also include introductory and tutorial material.
+
+7.3 Build Guidance
+==================
+
+'ABOUT-NLS'
+ Describes the Free Translation Project, the translation status of
+ various GNU projects, and how to participate by translating an
+ application.
+'AUTHORS'
+ Lists the authors of findutils.
+'COPYING'
+ The copyright license covering findutils; currently, the GNU GPL,
+ version 3.
+'INSTALL'
+ Generic installation instructions for installing GNU programs.
+'README'
+ Information about how to compile findutils in particular
+'README-alpha'
+ A README file which is included with testing releases of findutils.
+'README-hacking'
+ Describes how to build findutils from the code in git.
+'THANKS'
+ Thanks for people who contributed to findutils. Generally, if
+ someone's contribution was significant enough to need a copyright
+ assignment, their name should go in here.
+'TODO'
+ Mainly obsolete. Please add bugs to the Savannah bug tracker
+ instead of adding entries to this file.
+
+7.4 Release Information
+=======================
+
+'NEWS'
+ Enumerates the user-visible change in each release. Typical
+ changes are fixed bugs, functionality changes and documentation
+ changes. Include the date when a release is made.
+'ChangeLog'
+ This file enumerates all changes to the findutils source code (with
+ the possible exception of '.cvsignore' and '.gitignore' changes).
+ The level of detail used for this file should be sufficient to
+ answer the questions "what changed?" and "why was it changed?".
+ The file is generated from the git commit messages during 'make
+ dist'. If a change fixes a bug, always give the bug reference
+ number in the 'NEWS' file and of course also in the checkin
+ message. In general, it should be possible to enumerate all
+ material changes to a function by searching for its name in
+ 'ChangeLog'. Mention when each release is made.
+
+
+File: find-maint.info, Node: Testing, Next: Bugs, Prev: Documentation, Up: Top
+
+8 Testing
+*********
+
+This chapter will explain the general procedures for adding tests to the
+test suite, and the functions defined in the findutils-specific DejaGnu
+configuration. Where appropriate references will be made to the DejaGnu
+documentation.
+
+
+File: find-maint.info, Node: Bugs, Next: Distributions, Prev: Testing, Up: Top
+
+9 Bugs
+******
+
+Bugs are logged in the Savannah bug tracker
+<http://savannah.gnu.org/bugs/?group=findutils>. The tracker offers
+several fields but their use is largely obvious. The life-cycle of a
+bug is like this:
+
+Open
+ Someone, usually a maintainer, a distribution maintainer or a user,
+ creates a bug by filling in the form. They fill in field values as
+ they see fit. This will generate an email to
+ <bug-findutils@gnu.org>.
+
+Triage
+ The bug hangs around with 'Status=None' until someone begins to
+ work on it. At that point they set the "Assigned To" field and
+ will sometimes set the status to 'In Progress', especially if the
+ bug will take a while to fix.
+
+Non-bugs
+ Quite a lot of reports are not actually bugs; for these the usual
+ procedure is to explain why the problem is not a bug, set the
+ status to 'Invalid' and close the bug. Make sure you set the
+ 'Assigned to' field to yourself before closing the bug.
+
+Fixing
+ When you commit a bug fix into git (or in the case of a contributed
+ patch, commit the change), mark the bug as 'Fixed'. Make sure you
+ include a new test case where this is relevant. If you can figure
+ out which releases are affected, please also set the 'Release'
+ field to the earliest release which is affected by the bug.
+ Indicate which source branch the fix is included in (for example,
+ 4.2.x or 4.3.x). Don't close the bug yet.
+
+Release
+ When a release is made which includes the bug fix, make sure the
+ bug is listed in the NEWS file. Once the release is made, fill in
+ the 'Fixed Release' field and close the bug.
+
+
+File: find-maint.info, Node: Distributions, Next: Internationalisation, Prev: Bugs, Up: Top
+
+10 Distributions
+****************
+
+Almost all GNU/Linux distributions include findutils, but only some of
+them have a package maintainer who is a member of the mailing list.
+Distributions don't often feed back patches to the
+<bug-findutils@gnu.org> list, but on the other hand many of their
+patches relate only to standards for file locations and so forth, and
+are therefore distribution specific. On an irregular basis I check the
+current patches being used by one or two distributions, but the total
+number of GNU/Linux distributions is large enough that we could not hope
+to cover them all.
+
+ Often, bugs are raised against a distribution's bug tracker instead
+of GNU's. Periodically (about every six months) I take a look at some
+of the more accessible bug trackers to indicate which bugs have been
+fixed upstream.
+
+ Many distributions include both findutils and the slocate package,
+which provides a replacement 'locate'.
+
+
+File: find-maint.info, Node: Internationalisation, Next: Security, Prev: Distributions, Up: Top
+
+11 Internationalisation
+***********************
+
+Translation is essentially automated from the maintainer's point of
+view. The TP mails the maintainer when a new PO file is available, and
+we just download it and check it in. We copy the '.po' files into the
+git repository. For more information, please see
+<http://translationproject.org/domain/findutils.html>.
+
+
+File: find-maint.info, Node: Security, Next: Making Releases, Prev: Internationalisation, Up: Top
+
+12 Security
+***********
+
+See *note Security Considerations: (find)Security Considerations, for a
+full description of the findutils approach to security considerations
+and discussion of particular tools.
+
+ If someone reports a security bug publicly, we should fix this as
+rapidly as possible. If necessary, this can mean issuing a fixed
+release containing just the one bug fix. We try to avoid issuing
+releases which include both significant security fixes and functional
+changes.
+
+ Where someone reports a security problem privately, we generally try
+to construct and test a patch without pushing the intermediate code to
+the public repository.
+
+ Once everything has been tested, this allows us to make a release and
+push the patch. The advantage of doing things this way is that we avoid
+situations where people watching for git commits can figure out and
+exploit a security problem before a fixed release is available.
+
+ It's important that security problems be fixed promptly, but don't
+rush so much that things go wrong. Make sure the new release really
+fixes the problem. It's usually best not to include functional changes
+in your security-fix release.
+
+ If the security problem is serious, send an alert to
+<vendor-sec@lst.de>. The members of the list include most GNU/Linux
+distributions. The point of doing this is to allow them to prepare to
+release your security fix to their customers, once the fix becomes
+available. Here is an example alert:-
+
+ GNU findutils heap buffer overrun (potential privilege escalation)
+
+
+
+ I. BACKGROUND
+ =============
+
+ GNU findutils is a set of programs which search for files on Unix-like
+ systems. It is maintained by the GNU Project of the Free Software
+ Foundation. For more information, see
+ <http://www.gnu.org/software/findutils>.
+
+
+ II. DESCRIPTION
+ ===============
+
+ When GNU locate reads filenames from an old-format locate database,
+ they are read into a fixed-length buffer allocated on the heap.
+ Filenames longer than the 1026-byte buffer can cause a buffer overrun.
+ The overrunning data can be chosen by any person able to control the
+ names of filenames created on the local system. This will normally
+ include all local users, but in many cases also remote users (for
+ example in the case of FTP servers allowing uploads).
+
+ III. ANALYSIS
+ =============
+
+ Findutils supports three different formats of locate database, its
+ native format "LOCATE02", the slocate variant of LOCATE02, and a
+ traditional ("old") format that locate uses on other Unix systems.
+
+ When locate reads filenames from a LOCATE02 database (the default
+ format), the buffer into which data is read is automatically extended
+ to accommodate the length of the filenames.
+
+ This automatic buffer extension does not happen for old-format
+ databases. Instead a 1026-byte buffer is used. When a longer
+ pathname appears in the locate database, the end of this buffer is
+ overrun. The buffer is allocated on the heap (not the stack).
+
+ If the locate database is in the default LOCATE02 format, the locate
+ program does perform automatic buffer extension, and the program is
+ not vulnerable to this problem. The software used to build the
+ old-format locate database is not itself vulnerable to the same
+ attack.
+
+ Most installations of GNU findutils do not use the old database
+ format, and so will not be vulnerable.
+
+
+ IV. DETECTION
+ =============
+
+ Software
+ --------
+ All existing releases of findutils are affected.
+
+
+ Installations
+ -------------
+
+ To discover the longest path name on a given system, you can use the
+ following command (requires GNU findutils and GNU coreutils):
+
+ find / -print0 | tr -c '\0' 'x' | tr '\0' '\n' | wc -L
+
+ V. EXAMPLE
+ ==========
+
+ This section includes a shell script which determines which of a list
+ of locate binaries is vulnerable to the problem. The shell script has
+ been tested only on glibc based systems having a mktemp binary.
+
+ NOTE: This script deliberately overruns the buffer in order to
+ determine if a binary is affected. Therefore running it on your
+ system may have undesirable effects. We recommend that you read the
+ script before running it.
+
+ #! /bin/sh
+ set +m
+ if vanilla_db="$(mktemp nicedb.XXXXXX)" ; then
+ if updatedb --prunepaths="" --old-format --localpaths="/tmp" \
+ --output="$@{vanilla_db@}" ; then
+ true
+ else
+ rm -f "$@{vanilla_db@}"
+ vanilla_db=""
+ echo "Failed to create old-format locate database; skipping the sanity checks" >&2
+ fi
+ fi
+
+ make_overrun_db() @{
+ # Start with a valid database
+ cat "$@{vanilla_db@}"
+ # Make the final entry really long
+ dd if=/dev/zero bs=1 count=1500 2>/dev/null | tr '\000' 'x'
+ @}
+
+
+
+ ulimit -c 0
+
+ usage() @{ echo "usage: $0 binary [binary...]" >&2; exit $1; @}
+ [ $# -eq 0 ] && usage 1
+
+ bad=""
+ good=""
+ ugly=""
+ if dbfile="$(mktemp nasty.XXXXXX)"
+ then
+ make_overrun_db > "$dbfile"
+ for locate ; do
+ ver="$locate = $("$locate" --version | head -1)"
+ if [ -z "$vanilla_db" ] || "$locate" -d "$vanilla_db" "" >/dev/null ; then
+ "$locate" -d "$dbfile" "" >/dev/null
+ if [ $? -gt 128 ] ; then
+ bad="$bad
+ vulnerable: $ver"
+ else
+ good="$good
+ good: $ver"
+ fi
+ else
+ # the regular locate failed
+ ugly="$ugly
+ buggy, may or may not be vulnerable: $ver"
+ fi
+ done
+ rm -f "$@{dbfile@}" "$@{vanilla_db@}"
+ # good: unaffected. bad: affected (vulnerable).
+ # ugly: doesn't even work for a normal old-format database.
+ echo "$good"
+ echo "$bad"
+ echo "$ugly"
+ else
+ exit 1
+ fi
+
+
+
+
+ VI. VENDOR RESPONSE
+ ===================
+
+ The GNU project discovered the problem while 'locate' was being worked
+ on; this is the first public announcement of the problem.
+
+ The GNU findutils mantainer has issued a patch as p[art of this
+ announcement. The patch appears below.
+
+ A source release of findutils-4.2.31 will be issued on 2007-05-30.
+ That release will of course include the patch. The patch will be
+ committed to the public CVS repository at the same time. Public
+ announcements of the release, including a description of the bug, will
+ be made at the same time as the release.
+
+ A release of findutils-4.3.x will follow and will also include the
+ patch.
+
+
+ VII. PATCH
+ ==========
+
+ This patch should apply to findutils-4.2.23 and later.
+ Findutils-4.2.23 was released almost two years ago.
+ Index: locate/locate.c
+ ===================================================================
+ RCS file: /cvsroot/findutils/findutils/locate/locate.c,v
+ retrieving revision 1.58.2.2
+ diff -u -p -r1.58.2.2 locate.c
+ --- locate/locate.c 22 Apr 2007 16:57:42 -0000 1.58.2.2
+ +++ locate/locate.c 28 May 2007 10:18:16 -0000
+ @@@@ -124,9 +124,9 @@@@ extern int errno;
+
+ #include "locatedb.h"
+ #include <getline.h>
+ -#include "../gnulib/lib/xalloc.h"
+ -#include "../gnulib/lib/error.h"
+ -#include "../gnulib/lib/human.h"
+ +#include "xalloc.h"
+ +#include "error.h"
+ +#include "human.h"
+ #include "dirname.h"
+ #include "closeout.h"
+ #include "nextelem.h"
+ @@@@ -468,10 +468,36 @@@@ visit_justprint_unquoted(struct process_
+ return VISIT_CONTINUE;
+ @}
+
+ +static void
+ +toolong (struct process_data *procdata)
+ +@{
+ + error (EXIT_FAILURE, 0,
+ + _("locate database %s contains a "
+ + "filename longer than locate can handle"),
+ + procdata->dbfile);
+ +@}
+ +
+ +static void
+ +extend (struct process_data *procdata, size_t siz1, size_t siz2)
+ +@{
+ + /* Figure out if the addition operation is safe before performing it. */
+ + if (SIZE_MAX - siz1 < siz2)
+ + @{
+ + toolong (procdata);
+ + @}
+ + else if (procdata->pathsize < (siz1+siz2))
+ + @{
+ + procdata->pathsize = siz1+siz2;
+ + procdata->original_filename = x2nrealloc (procdata->original_filename,
+ + &procdata->pathsize,
+ + 1);
+ + @}
+ +@}
+ +
+ static int
+ visit_old_format(struct process_data *procdata, void *context)
+ @{
+ - register char *s;
+ + register size_t i;
+ (void) context;
+
+ /* Get the offset in the path where this path info starts. */
+ @@@@ -479,20 +505,35 @@@@ visit_old_format(struct process_data *pr
+ procdata->count += getw (procdata->fp) - LOCATEDB_OLD_OFFSET;
+ else
+ procdata->count += procdata->c - LOCATEDB_OLD_OFFSET;
+ + assert(procdata->count > 0);
+
+ - /* Overlay the old path with the remainder of the new. */
+ - for (s = procdata->original_filename + procdata->count;
+ + /* Overlay the old path with the remainder of the new. Read
+ + * more data until we get to the next filename.
+ + */
+ + for (i=procdata->count;
+ (procdata->c = getc (procdata->fp)) > LOCATEDB_OLD_ESCAPE;)
+ - if (procdata->c < 0200)
+ - *s++ = procdata->c; /* An ordinary character. */
+ - else
+ - @{
+ - /* Bigram markers have the high bit set. */
+ - procdata->c &= 0177;
+ - *s++ = procdata->bigram1[procdata->c];
+ - *s++ = procdata->bigram2[procdata->c];
+ - @}
+ - *s-- = '\0';
+ + @{
+ + if (procdata->c < 0200)
+ + @{
+ + /* An ordinary character. */
+ + extend (procdata, i, 1u);
+ + procdata->original_filename[i++] = procdata->c;
+ + @}
+ + else
+ + @{
+ + /* Bigram markers have the high bit set. */
+ + extend (procdata, i, 2u);
+ + procdata->c &= 0177;
+ + procdata->original_filename[i++] = procdata->bigram1[procdata->c];
+ + procdata->original_filename[i++] = procdata->bigram2[procdata->c];
+ + @}
+ + @}
+ +
+ + /* Consider the case where we executed the loop body zero times; we
+ + * still need space for the terminating null byte.
+ + */
+ + extend (procdata, i, 1u);
+ + procdata->original_filename[i] = 0;
+
+ procdata->munged_filename = procdata->original_filename;
+
+
+ VIII. THANKS
+ ============
+
+ Thanks to Rob Holland <rob@inversepath.com> and Tavis Ormandy.
+
+
+ VIII. CVE INFORMATION
+ =====================
+
+ No CVE candidate number has yet been assigned for this vulnerability.
+ If someone provides one, I will include it in the public announcement
+ and change logs.
+
+ The original announcement above was sent out with a cleartext PGP
+signature, of course, but that has been omitted from the example.
+
+ Once a fixed release is available, announce the new release using the
+normal channels. Any CVE number assigned for the problem should be
+included in the 'ChangeLog' and 'NEWS' entries. See
+<http://cve.mitre.org/> for an explanation of CVE numbers.
+
+
+File: find-maint.info, Node: Making Releases, Next: GNU Free Documentation License, Prev: Security, Up: Top
+
+13 Making Releases
+******************
+
+This section will explain how to make a findutils release. For the time
+being here is a terse description of the main steps:
+
+ 1. Commit changes; make sure your working directory has no uncommitted
+ changes.
+ 2. Test; make sure that all changes you have made have tests, and that
+ the tests pass. Verify this with 'make distcheck'.
+ 3. Bugs; make sure all Savannah bug entries fixed in this release are
+ fixed.
+ 4. NEWS; make sure that the NEWS and configure.in file are updated
+ with the new release number (and checked in).
+ 5. Build the release tarball; do this with 'make distcheck'. Copy the
+ tarball somewhere safe.
+ 6. Tag the release; findutils releases are tagged like this for
+ example: v4.5.5. Previously a different format was in use:
+ FINDUTILS_4_3_8-1. You can create a tag with the a command like
+ this: 'git tag -s -m "Findutils release v4.5.7" v4.5.7'.
+ 7. Prepare the upload and upload it. *Note Automated FTP Uploads:
+ (maintain)Automated FTP Uploads, for detailed upload instructions.
+ 8. Make a release announcement; include an extract from the NEWS file
+ which explains what's changed. Announcements for test releases
+ should just go to <bug-findutils@gnu.org>. Announcements for
+ stable releases should go to <info-gnu@gnu.org> as well.
+ 9. Bump the release numbers in git; edit the 'configure.in' and 'NEWS'
+ files to advance the release numbers. For example, if you have
+ just released '4.6.2', bump the release number to '4.6.3-git'. The
+ point of the '-git' suffix here is that a findutils binary built
+ from git will bear a release number indicating it's not built from
+ the "official" source release.
+ 10. Close bugs; any bugs recorded on Savannah which were fixed in this
+ release should now be marked as closed. Update the 'Fixed Release'
+ field of these bugs appropriately and make sure the 'Assigned to'
+ field is populated.
+
+
+File: find-maint.info, Node: GNU Free Documentation License, Prev: Making Releases, Up: Top
+
+Appendix A GNU Free Documentation License
+*****************************************
+
+ Version 1.3, 3 November 2008
+
+ Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
+ <http://fsf.org/>
+
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ 0. PREAMBLE
+
+ The purpose of this License is to make a manual, textbook, or other
+ functional and useful document "free" in the sense of freedom: to
+ assure everyone the effective freedom to copy and redistribute it,
+ with or without modifying it, either commercially or
+ noncommercially. Secondarily, this License preserves for the
+ author and publisher a way to get credit for their work, while not
+ being considered responsible for modifications made by others.
+
+ This License is a kind of "copyleft", which means that derivative
+ works of the document must themselves be free in the same sense.
+ It complements the GNU General Public License, which is a copyleft
+ license designed for free software.
+
+ We have designed this License in order to use it for manuals for
+ free software, because free software needs free documentation: a
+ free program should come with manuals providing the same freedoms
+ that the software does. But this License is not limited to
+ software manuals; it can be used for any textual work, regardless
+ of subject matter or whether it is published as a printed book. We
+ recommend this License principally for works whose purpose is
+ instruction or reference.
+
+ 1. APPLICABILITY AND DEFINITIONS
+
+ This License applies to any manual or other work, in any medium,
+ that contains a notice placed by the copyright holder saying it can
+ be distributed under the terms of this License. Such a notice
+ grants a world-wide, royalty-free license, unlimited in duration,
+ to use that work under the conditions stated herein. The
+ "Document", below, refers to any such manual or work. Any member
+ of the public is a licensee, and is addressed as "you". You accept
+ the license if you copy, modify or distribute the work in a way
+ requiring permission under copyright law.
+
+ A "Modified Version" of the Document means any work containing the
+ Document or a portion of it, either copied verbatim, or with
+ modifications and/or translated into another language.
+
+ A "Secondary Section" is a named appendix or a front-matter section
+ of the Document that deals exclusively with the relationship of the
+ publishers or authors of the Document to the Document's overall
+ subject (or to related matters) and contains nothing that could
+ fall directly within that overall subject. (Thus, if the Document
+ is in part a textbook of mathematics, a Secondary Section may not
+ explain any mathematics.) The relationship could be a matter of
+ historical connection with the subject or with related matters, or
+ of legal, commercial, philosophical, ethical or political position
+ regarding them.
+
+ The "Invariant Sections" are certain Secondary Sections whose
+ titles are designated, as being those of Invariant Sections, in the
+ notice that says that the Document is released under this License.
+ If a section does not fit the above definition of Secondary then it
+ is not allowed to be designated as Invariant. The Document may
+ contain zero Invariant Sections. If the Document does not identify
+ any Invariant Sections then there are none.
+
+ The "Cover Texts" are certain short passages of text that are
+ listed, as Front-Cover Texts or Back-Cover Texts, in the notice
+ that says that the Document is released under this License. A
+ Front-Cover Text may be at most 5 words, and a Back-Cover Text may
+ be at most 25 words.
+
+ A "Transparent" copy of the Document means a machine-readable copy,
+ represented in a format whose specification is available to the
+ general public, that is suitable for revising the document
+ straightforwardly with generic text editors or (for images composed
+ of pixels) generic paint programs or (for drawings) some widely
+ available drawing editor, and that is suitable for input to text
+ formatters or for automatic translation to a variety of formats
+ suitable for input to text formatters. A copy made in an otherwise
+ Transparent file format whose markup, or absence of markup, has
+ been arranged to thwart or discourage subsequent modification by
+ readers is not Transparent. An image format is not Transparent if
+ used for any substantial amount of text. A copy that is not
+ "Transparent" is called "Opaque".
+
+ Examples of suitable formats for Transparent copies include plain
+ ASCII without markup, Texinfo input format, LaTeX input format,
+ SGML or XML using a publicly available DTD, and standard-conforming
+ simple HTML, PostScript or PDF designed for human modification.
+ Examples of transparent image formats include PNG, XCF and JPG.
+ Opaque formats include proprietary formats that can be read and
+ edited only by proprietary word processors, SGML or XML for which
+ the DTD and/or processing tools are not generally available, and
+ the machine-generated HTML, PostScript or PDF produced by some word
+ processors for output purposes only.
+
+ The "Title Page" means, for a printed book, the title page itself,
+ plus such following pages as are needed to hold, legibly, the
+ material this License requires to appear in the title page. For
+ works in formats which do not have any title page as such, "Title
+ Page" means the text near the most prominent appearance of the
+ work's title, preceding the beginning of the body of the text.
+
+ The "publisher" means any person or entity that distributes copies
+ of the Document to the public.
+
+ A section "Entitled XYZ" means a named subunit of the Document
+ whose title either is precisely XYZ or contains XYZ in parentheses
+ following text that translates XYZ in another language. (Here XYZ
+ stands for a specific section name mentioned below, such as
+ "Acknowledgements", "Dedications", "Endorsements", or "History".)
+ To "Preserve the Title" of such a section when you modify the
+ Document means that it remains a section "Entitled XYZ" according
+ to this definition.
+
+ The Document may include Warranty Disclaimers next to the notice
+ which states that this License applies to the Document. These
+ Warranty Disclaimers are considered to be included by reference in
+ this License, but only as regards disclaiming warranties: any other
+ implication that these Warranty Disclaimers may have is void and
+ has no effect on the meaning of this License.
+
+ 2. VERBATIM COPYING
+
+ You may copy and distribute the Document in any medium, either
+ commercially or noncommercially, provided that this License, the
+ copyright notices, and the license notice saying this License
+ applies to the Document are reproduced in all copies, and that you
+ add no other conditions whatsoever to those of this License. You
+ may not use technical measures to obstruct or control the reading
+ or further copying of the copies you make or distribute. However,
+ you may accept compensation in exchange for copies. If you
+ distribute a large enough number of copies you must also follow the
+ conditions in section 3.
+
+ You may also lend copies, under the same conditions stated above,
+ and you may publicly display copies.
+
+ 3. COPYING IN QUANTITY
+
+ If you publish printed copies (or copies in media that commonly
+ have printed covers) of the Document, numbering more than 100, and
+ the Document's license notice requires Cover Texts, you must
+ enclose the copies in covers that carry, clearly and legibly, all
+ these Cover Texts: Front-Cover Texts on the front cover, and
+ Back-Cover Texts on the back cover. Both covers must also clearly
+ and legibly identify you as the publisher of these copies. The
+ front cover must present the full title with all words of the title
+ equally prominent and visible. You may add other material on the
+ covers in addition. Copying with changes limited to the covers, as
+ long as they preserve the title of the Document and satisfy these
+ conditions, can be treated as verbatim copying in other respects.
+
+ If the required texts for either cover are too voluminous to fit
+ legibly, you should put the first ones listed (as many as fit
+ reasonably) on the actual cover, and continue the rest onto
+ adjacent pages.
+
+ If you publish or distribute Opaque copies of the Document
+ numbering more than 100, you must either include a machine-readable
+ Transparent copy along with each Opaque copy, or state in or with
+ each Opaque copy a computer-network location from which the general
+ network-using public has access to download using public-standard
+ network protocols a complete Transparent copy of the Document, free
+ of added material. If you use the latter option, you must take
+ reasonably prudent steps, when you begin distribution of Opaque
+ copies in quantity, to ensure that this Transparent copy will
+ remain thus accessible at the stated location until at least one
+ year after the last time you distribute an Opaque copy (directly or
+ through your agents or retailers) of that edition to the public.
+
+ It is requested, but not required, that you contact the authors of
+ the Document well before redistributing any large number of copies,
+ to give them a chance to provide you with an updated version of the
+ Document.
+
+ 4. MODIFICATIONS
+
+ You may copy and distribute a Modified Version of the Document
+ under the conditions of sections 2 and 3 above, provided that you
+ release the Modified Version under precisely this License, with the
+ Modified Version filling the role of the Document, thus licensing
+ distribution and modification of the Modified Version to whoever
+ possesses a copy of it. In addition, you must do these things in
+ the Modified Version:
+
+ A. Use in the Title Page (and on the covers, if any) a title
+ distinct from that of the Document, and from those of previous
+ versions (which should, if there were any, be listed in the
+ History section of the Document). You may use the same title
+ as a previous version if the original publisher of that
+ version gives permission.
+
+ B. List on the Title Page, as authors, one or more persons or
+ entities responsible for authorship of the modifications in
+ the Modified Version, together with at least five of the
+ principal authors of the Document (all of its principal
+ authors, if it has fewer than five), unless they release you
+ from this requirement.
+
+ C. State on the Title page the name of the publisher of the
+ Modified Version, as the publisher.
+
+ D. Preserve all the copyright notices of the Document.
+
+ E. Add an appropriate copyright notice for your modifications
+ adjacent to the other copyright notices.
+
+ F. Include, immediately after the copyright notices, a license
+ notice giving the public permission to use the Modified
+ Version under the terms of this License, in the form shown in
+ the Addendum below.
+
+ G. Preserve in that license notice the full lists of Invariant
+ Sections and required Cover Texts given in the Document's
+ license notice.
+
+ H. Include an unaltered copy of this License.
+
+ I. Preserve the section Entitled "History", Preserve its Title,
+ and add to it an item stating at least the title, year, new
+ authors, and publisher of the Modified Version as given on the
+ Title Page. If there is no section Entitled "History" in the
+ Document, create one stating the title, year, authors, and
+ publisher of the Document as given on its Title Page, then add
+ an item describing the Modified Version as stated in the
+ previous sentence.
+
+ J. Preserve the network location, if any, given in the Document
+ for public access to a Transparent copy of the Document, and
+ likewise the network locations given in the Document for
+ previous versions it was based on. These may be placed in the
+ "History" section. You may omit a network location for a work
+ that was published at least four years before the Document
+ itself, or if the original publisher of the version it refers
+ to gives permission.
+
+ K. For any section Entitled "Acknowledgements" or "Dedications",
+ Preserve the Title of the section, and preserve in the section
+ all the substance and tone of each of the contributor
+ acknowledgements and/or dedications given therein.
+
+ L. Preserve all the Invariant Sections of the Document, unaltered
+ in their text and in their titles. Section numbers or the
+ equivalent are not considered part of the section titles.
+
+ M. Delete any section Entitled "Endorsements". Such a section
+ may not be included in the Modified Version.
+
+ N. Do not retitle any existing section to be Entitled
+ "Endorsements" or to conflict in title with any Invariant
+ Section.
+
+ O. Preserve any Warranty Disclaimers.
+
+ If the Modified Version includes new front-matter sections or
+ appendices that qualify as Secondary Sections and contain no
+ material copied from the Document, you may at your option designate
+ some or all of these sections as invariant. To do this, add their
+ titles to the list of Invariant Sections in the Modified Version's
+ license notice. These titles must be distinct from any other
+ section titles.
+
+ You may add a section Entitled "Endorsements", provided it contains
+ nothing but endorsements of your Modified Version by various
+ parties--for example, statements of peer review or that the text
+ has been approved by an organization as the authoritative
+ definition of a standard.
+
+ You may add a passage of up to five words as a Front-Cover Text,
+ and a passage of up to 25 words as a Back-Cover Text, to the end of
+ the list of Cover Texts in the Modified Version. Only one passage
+ of Front-Cover Text and one of Back-Cover Text may be added by (or
+ through arrangements made by) any one entity. If the Document
+ already includes a cover text for the same cover, previously added
+ by you or by arrangement made by the same entity you are acting on
+ behalf of, you may not add another; but you may replace the old
+ one, on explicit permission from the previous publisher that added
+ the old one.
+
+ The author(s) and publisher(s) of the Document do not by this
+ License give permission to use their names for publicity for or to
+ assert or imply endorsement of any Modified Version.
+
+ 5. COMBINING DOCUMENTS
+
+ You may combine the Document with other documents released under
+ this License, under the terms defined in section 4 above for
+ modified versions, provided that you include in the combination all
+ of the Invariant Sections of all of the original documents,
+ unmodified, and list them all as Invariant Sections of your
+ combined work in its license notice, and that you preserve all
+ their Warranty Disclaimers.
+
+ The combined work need only contain one copy of this License, and
+ multiple identical Invariant Sections may be replaced with a single
+ copy. If there are multiple Invariant Sections with the same name
+ but different contents, make the title of each such section unique
+ by adding at the end of it, in parentheses, the name of the
+ original author or publisher of that section if known, or else a
+ unique number. Make the same adjustment to the section titles in
+ the list of Invariant Sections in the license notice of the
+ combined work.
+
+ In the combination, you must combine any sections Entitled
+ "History" in the various original documents, forming one section
+ Entitled "History"; likewise combine any sections Entitled
+ "Acknowledgements", and any sections Entitled "Dedications". You
+ must delete all sections Entitled "Endorsements."
+
+ 6. COLLECTIONS OF DOCUMENTS
+
+ You may make a collection consisting of the Document and other
+ documents released under this License, and replace the individual
+ copies of this License in the various documents with a single copy
+ that is included in the collection, provided that you follow the
+ rules of this License for verbatim copying of each of the documents
+ in all other respects.
+
+ You may extract a single document from such a collection, and
+ distribute it individually under this License, provided you insert
+ a copy of this License into the extracted document, and follow this
+ License in all other respects regarding verbatim copying of that
+ document.
+
+ 7. AGGREGATION WITH INDEPENDENT WORKS
+
+ A compilation of the Document or its derivatives with other
+ separate and independent documents or works, in or on a volume of a
+ storage or distribution medium, is called an "aggregate" if the
+ copyright resulting from the compilation is not used to limit the
+ legal rights of the compilation's users beyond what the individual
+ works permit. When the Document is included in an aggregate, this
+ License does not apply to the other works in the aggregate which
+ are not themselves derivative works of the Document.
+
+ If the Cover Text requirement of section 3 is applicable to these
+ copies of the Document, then if the Document is less than one half
+ of the entire aggregate, the Document's Cover Texts may be placed
+ on covers that bracket the Document within the aggregate, or the
+ electronic equivalent of covers if the Document is in electronic
+ form. Otherwise they must appear on printed covers that bracket
+ the whole aggregate.
+
+ 8. TRANSLATION
+
+ Translation is considered a kind of modification, so you may
+ distribute translations of the Document under the terms of section
+ 4. Replacing Invariant Sections with translations requires special
+ permission from their copyright holders, but you may include
+ translations of some or all Invariant Sections in addition to the
+ original versions of these Invariant Sections. You may include a
+ translation of this License, and all the license notices in the
+ Document, and any Warranty Disclaimers, provided that you also
+ include the original English version of this License and the
+ original versions of those notices and disclaimers. In case of a
+ disagreement between the translation and the original version of
+ this License or a notice or disclaimer, the original version will
+ prevail.
+
+ If a section in the Document is Entitled "Acknowledgements",
+ "Dedications", or "History", the requirement (section 4) to
+ Preserve its Title (section 1) will typically require changing the
+ actual title.
+
+ 9. TERMINATION
+
+ You may not copy, modify, sublicense, or distribute the Document
+ except as expressly provided under this License. Any attempt
+ otherwise to copy, modify, sublicense, or distribute it is void,
+ and will automatically terminate your rights under this License.
+
+ However, if you cease all violation of this License, then your
+ license from a particular copyright holder is reinstated (a)
+ provisionally, unless and until the copyright holder explicitly and
+ finally terminates your license, and (b) permanently, if the
+ copyright holder fails to notify you of the violation by some
+ reasonable means prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+ reinstated permanently if the copyright holder notifies you of the
+ violation by some reasonable means, this is the first time you have
+ received notice of violation of this License (for any work) from
+ that copyright holder, and you cure the violation prior to 30 days
+ after your receipt of the notice.
+
+ Termination of your rights under this section does not terminate
+ the licenses of parties who have received copies or rights from you
+ under this License. If your rights have been terminated and not
+ permanently reinstated, receipt of a copy of some or all of the
+ same material does not give you any rights to use it.
+
+ 10. FUTURE REVISIONS OF THIS LICENSE
+
+ The Free Software Foundation may publish new, revised versions of
+ the GNU Free Documentation License from time to time. Such new
+ versions will be similar in spirit to the present version, but may
+ differ in detail to address new problems or concerns. See
+ <http://www.gnu.org/copyleft/>.
+
+ Each version of the License is given a distinguishing version
+ number. If the Document specifies that a particular numbered
+ version of this License "or any later version" applies to it, you
+ have the option of following the terms and conditions either of
+ that specified version or of any later version that has been
+ published (not as a draft) by the Free Software Foundation. If the
+ Document does not specify a version number of this License, you may
+ choose any version ever published (not as a draft) by the Free
+ Software Foundation. If the Document specifies that a proxy can
+ decide which future versions of this License can be used, that
+ proxy's public statement of acceptance of a version permanently
+ authorizes you to choose that version for the Document.
+
+ 11. RELICENSING
+
+ "Massive Multiauthor Collaboration Site" (or "MMC Site") means any
+ World Wide Web server that publishes copyrightable works and also
+ provides prominent facilities for anybody to edit those works. A
+ public wiki that anybody can edit is an example of such a server.
+ A "Massive Multiauthor Collaboration" (or "MMC") contained in the
+ site means any set of copyrightable works thus published on the MMC
+ site.
+
+ "CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0
+ license published by Creative Commons Corporation, a not-for-profit
+ corporation with a principal place of business in San Francisco,
+ California, as well as future copyleft versions of that license
+ published by that same organization.
+
+ "Incorporate" means to publish or republish a Document, in whole or
+ in part, as part of another Document.
+
+ An MMC is "eligible for relicensing" if it is licensed under this
+ License, and if all works that were first published under this
+ License somewhere other than this MMC, and subsequently
+ incorporated in whole or in part into the MMC, (1) had no cover
+ texts or invariant sections, and (2) were thus incorporated prior
+ to November 1, 2008.
+
+ The operator of an MMC Site may republish an MMC contained in the
+ site under CC-BY-SA on the same site at any time before August 1,
+ 2009, provided the MMC is eligible for relicensing.
+
+ADDENDUM: How to use this License for your documents
+====================================================
+
+To use this License in a document you have written, include a copy of
+the License in the document and put the following copyright and license
+notices just after the title page:
+
+ Copyright (C) YEAR YOUR NAME.
+ Permission is granted to copy, distribute and/or modify this document
+ under the terms of the GNU Free Documentation License, Version 1.3
+ or any later version published by the Free Software Foundation;
+ with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
+ Texts. A copy of the license is included in the section entitled ``GNU
+ Free Documentation License''.
+
+ If you have Invariant Sections, Front-Cover Texts and Back-Cover
+Texts, replace the "with...Texts." line with this:
+
+ with the Invariant Sections being LIST THEIR TITLES, with
+ the Front-Cover Texts being LIST, and with the Back-Cover Texts
+ being LIST.
+
+ If you have Invariant Sections without Cover Texts, or some other
+combination of the three, merge those two alternatives to suit the
+situation.
+
+ If your document contains nontrivial examples of program code, we
+recommend releasing these examples in parallel under your choice of free
+software license, such as the GNU General Public License, to permit
+their use in free software.
+
+
+
+Tag Table:
+Node: Top866
+Node: Introduction1937
+Node: Maintaining GNU Programs2674
+Node: Design Issues3474
+Node: Coding Conventions7414
+Node: Make the Compiler Find the Bugs9382
+Node: Factor Out Repeated Code12926
+Node: Debugging is For Users Too14992
+Node: Don't Trust the File System Contents15723
+Node: The File System Is Being Modified17005
+Node: Tools18401
+Node: Using the GNU Portability Library19602
+Node: Documentation23240
+Node: Testing26612
+Node: Bugs26953
+Node: Distributions28695
+Node: Internationalisation29728
+Node: Security30197
+Node: Making Releases41557
+Node: GNU Free Documentation License43671
+
+End Tag Table
View Lorry Controller Status