1 This is ../../../findutils/doc/find-maint.info, produced by makeinfo
2 version 4.13 from ../../../findutils/doc/find-maint.texi.
4 INFO-DIR-SECTION GNU organization
6 * Maintaining Findutils: (find-maint). Maintaining GNU findutils
9 This manual explains how GNU findutils is maintained, how changes
10 should be made and tested, and what resources exist to help developers.
12 This is edition 4.5.14, for findutils version 4.5.14.
14 Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc.
16 Permission is granted to copy, distribute and/or modify this document
17 under the terms of the GNU Free Documentation License, Version 1.3 or
18 any later version published by the Free Software Foundation; with no
19 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
20 Texts. A copy of the license is included in the section entitled "GNU
21 Free Documentation License".
24 File: find-maint.info, Node: Top, Next: Introduction, Prev: (dir), Up: (dir)
26 Maintaining GNU Findutils
27 *************************
29 This manual explains how GNU findutils is maintained, how changes should
30 be made and tested, and what resources exist to help developers.
32 This is edition 4.5.14, for findutils version 4.5.14.
34 Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc.
36 Permission is granted to copy, distribute and/or modify this document
37 under the terms of the GNU Free Documentation License, Version 1.3 or
38 any later version published by the Free Software Foundation; with no
39 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
40 Texts. A copy of the license is included in the section entitled "GNU
41 Free Documentation License".
46 * Maintaining GNU Programs::
48 * Coding Conventions::
50 * Using the GNU Portability Library::
55 * Internationalisation::
58 * GNU Free Documentation License::
61 File: find-maint.info, Node: Introduction, Next: Maintaining GNU Programs, Prev: Top, Up: Top
66 This document explains how to contribute to and maintain GNU Findutils.
67 It concentrates on developer-specific issues. For information about
68 how to use the software please refer to *Note Introduction:
71 This manual aims to be useful without necessarily being verbose.
72 It's also a recent document, so there will be a many areas in which
73 improvements can be made. If you find that the document misses out
74 important information or any part of the document is be so terse as to
75 be unuseful, please ask for help on the <bug-findutils@gnu.org> mailing
76 list. We'll try to improve this document too.
79 File: find-maint.info, Node: Maintaining GNU Programs, Next: Design Issues, Prev: Introduction, Up: Top
81 2 Maintaining GNU Programs
82 **************************
84 GNU Findutils is part of the GNU Project and so there are a number of
85 documents which set out standards for the maintenance of GNU software.
88 GNU Project Coding Standards. All changes to findutils should
89 comply with these standards. In some areas we go somewhat beyond
90 the requirements of the standards, but these cases are explained
94 Information for Maintainers of GNU Software. This document
95 provides guidance for GNU maintainers. Everybody with commit
96 access should read this document. Everybody else is welcome to
100 File: find-maint.info, Node: Design Issues, Next: Coding Conventions, Prev: Maintaining GNU Programs, Up: Top
105 The findutils package is installed on many many systems, usually as a
106 fundamental component. The programs in the package are often used in
107 order to successfully boot or fix the system.
109 This fact means that for findutils we bear in mind considerations
110 that may not apply so much as for other packages. For example, the fact
111 that findutils is often a base component motivates us to
112 * Limit dependencies on libraries
114 * Avoid dependencies on other large packages (for example,
117 * Be conservative when making changes to the 'stable' release branch
119 All those considerations come before functionality. Functional
120 enhancements are still made to findutils, but these are almost
121 exclusively introduced in the 'development' release branch, to allow
122 extensive testing and proving.
124 Sometimes it is useful to have a priority list to provide guidance
125 when making design trade-offs. For findutils, that priority list is:
129 2. Standards compliance
133 4. Backward compatibility
139 For example, we support the `-exec' action because POSIX compliance
140 requires this, even though there are security problems with it and we
141 would otherwise prefer people to use `-execdir'. There are also cases
142 where some performance is sacrificed in the name of security. For
143 example, the sanity checks that `find' performs while traversing a
144 directory tree may slow it down. We adopt functional changes, and
145 functional changes are allowed to make `find' slower, but only if there
146 is no detectable impact on users who don't use the feature.
148 Backward-incompatible changes do get made in order to comply with
149 standards (for example the behaviour of `-perm -...' changed in order
150 to comply with POSIX). However, they don't get made in order to
151 provide better ease of use; for example the semantics of `-size -2G'
152 are almost always unexpected by users, but we retain the current
153 behaviour because of backward compatibility and for its similarity to
154 the block-rounding behaviour of `-size -30'. We might introduce a
155 change which does not have the unfortunate rounding behaviour, but we
156 would choose another syntax (for example `-size '<2G'') for this.
158 In a general sense, we try to do test-driven development of the
159 findutils code; that is, we try to implement test cases for new
160 features and bug fixes before modifying the code to make the test pass.
161 Some features of the code are tested well, but the test coverage for
162 other features is less good. If you are about to modify the code for a
163 predicate and aren't sure about the test coverage, use `grep' on the
164 test directories and measure the coverage with `lcov' or another test
167 You should be able to use the `coverage' Makefile target (it's
168 defined in `maint.mk' to generate a test coverage report for findutils.
169 Due to limitations in `lcov', this only works if your build directory
170 is the same asthe source directory (that is, you're not using a VPATH
171 build configuration).
173 Lastly, we try not to depend on having a "working system". The
174 findutils suite is used for diagnosis of problems, and this applies
175 especially to `find'. We should ensure that `find' still works on
176 relatively broken systems, for example systems with damaged
177 `/etc/passwd' or `/etc/fstab' files. Another interesting example is
178 the case where a system is a client of one or more unresponsive NFS
179 servers. On such a system, if you try to stat all mount points, your
180 program will hang indefinitely, waiting for the remote NFS server to
183 Another interesting but unusual case is broken NFS servers and
184 corrupt filesystems; sometimes they return `impossible' file modes.
185 It's important that find does not entirely fail when encountering such a
189 File: find-maint.info, Node: Coding Conventions, Next: Tools, Prev: Design Issues, Up: Top
194 Coding style documents which set out to establish a uniform look and
195 feel to source code have worthy goals, for example greater ease of
196 maintenance and readability. However, I do not believe that in general
197 coding style guide authors can envisage every situation, and it is
198 always possible that it might on occasion be necessary to break the
199 letter of the style guide in order to honour its spirit, or to better
200 achieve the style guide's goals.
202 I've certainly seen many style guides outside the free software world
203 which make bald statements such as "functions shall have exactly one
204 return statement". The desire to ensure consistency and obviousness of
205 control flow is laudable, but it is all too common for such bald
206 requirements to be followed unthinkingly. Certainly I've seen such
207 coding standards result in unmaintainable code with terrible
208 infelicities such as functions containing `if' statements nested nine
209 levels deep. I suppose such coding standards don't survive in free
210 software projects because they tend to drive away potential
211 contributors or tend to generate heated discussions on mailing lists.
212 Equally, a nine-level-deep function in a free software program would
213 quickly get refactored, assuming it is obvious what the function is
216 Be that as it may, the approach I will take for this document is to
217 explain some idioms and practices in use in the findutils source code,
218 and leave it up to the reader's engineering judgement to decide which
219 considerations apply to the code they are working on, and whether or
220 not there is sufficient reason to ignore the guidance in current
225 * Make the Compiler Find the Bugs::
226 * Factor Out Repeated Code::
227 * The File System Is Being Modified::
228 * Don't Trust the File System Contents::
229 * Debugging is For Users Too::
232 File: find-maint.info, Node: Make the Compiler Find the Bugs, Next: Factor Out Repeated Code, Up: Coding Conventions
234 4.1 Make the Compiler Find the Bugs
235 ===================================
237 Finding bugs is tedious. If I have a filesystem containing two million
238 files, and a find command line should print one million of them, but in
239 fact it misses out 1%, you can tell the program is printing the wrong
240 result only if you know the right answer for that filesystem at that
241 time. If you don't know this, you may just not find out about that
242 bug. For this reason it is important to have a comprehensive test
245 The test suite is of course not the only way to find the bugs. The
246 findutils source code makes liberal use of the assert macro. While on
247 the one hand these might be a performance drain, the performance impact
248 of most of these is negligible compared to the time taken to fetch even
249 one sector from a disk drive.
251 Assertions should not be used to check the results of operations
252 which may be affected by the program's external environment. For
253 example, never assert that a file could be opened successfully. Errors
254 relating to problems with the program's execution environment should be
255 diagnosed with a user-oriented error message. An assertion failure
256 should always denote a bug in the program.
258 Don't use `assert' to catch not-fuly-implemented features of your
259 code. Finish the implementation, disable the code, or leave the
260 unfinished version on a local branch.
262 Several programs in the findutils suite perform self-checks. See for
263 example the function `pred_sanity_check' in `find/pred.c'. This is
266 There are also a number of small ways in which we can help the
267 compiler to find the bugs for us.
269 4.1.1 Constants in Equality Testing
270 -----------------------------------
272 It's a common error to write `=' when `==' is meant. Sometimes this
273 happens in new code and is simply due to finger trouble. Sometimes it
274 is the result of the inadvertent deletion of a character. In any case,
275 there is a subset of cases where we can persuade the compiler to
276 generate an error message when we make this mistake; this is where the
277 equality test is with a constant.
279 This is an example of a vulnerable piece of code.
284 A simple typo converts the above into
289 We've introduced a bug; the condition is always true, and the value
290 of `x' has been changed. However, a simple change to our practice
291 would have made us immune to this problem:
296 Usually, the Emacs keystroke `M-t' can be used to swap the operands.
298 4.1.2 Spelling of ASCII NUL
299 ---------------------------
301 Strings in C are just sequences of characters terminated by a NUL. The
302 ASCII NUL character has the numerical value zero. It is normally
303 represented in C code as `\0'. Here is a typical piece of C code:
307 Consider what happens if there is an unfortunate typo:
311 We have changed the meaning of our program and the compiler cannot
312 diagnose this as an error. Our string is no longer terminated. Bad
313 things will probably happen. It would be better if the compiler could
314 help us diagnose this problem.
316 In C, the type of `'\0'' is in fact int, not char. This provides us
317 with a simple way to avoid this error. The constant `0' has the same
318 value and type as the constant `'\0''. However, it is not as
319 vulnerable to typos. For this reason I normally prefer to use this
325 File: find-maint.info, Node: Factor Out Repeated Code, Next: The File System Is Being Modified, Prev: Make the Compiler Find the Bugs, Up: Coding Conventions
327 4.2 Factor Out Repeated Code
328 ============================
330 Repeated code imposes a greater maintenance burden and increases the
331 exposure to bugs. For example, if you discover that something you want
332 to implement has some similarity with an existing piece of code, don't
333 cut and paste it. Instead, factor the code out. The risk of cutting
334 and pasting the code, particularly if you do this several times, is
335 that you end up with several copies of the same code.
337 If the original code had a bug, you now have N places where this
338 needs to be fixed. It's all to easy to miss some out when trying to
339 fix the bug. Equally, it's quite possible that when pasting the code
340 into some function, the pasted code was not quite adapted correctly to
341 its new environment. To pick a contrived example, perhaps it modifies a
342 global variable which it that code shouldn't be touching in its new
343 home. Worse, perhaps it makes some unstated assumption about the
344 nature of the input arguments which is in fact not true for the context
345 of the now duplicated code.
347 A good example of the use of refactoring in findutils is the
348 `collect_arg' function in `find/parser.c'. A less clear-cut but larger
349 example is the factoring out of code which would otherwise have been
350 duplicated between `find/find.c' and `find/ftsfind.c'.
352 The findutils test suite is comprehensive enough that refactoring
353 code should not generally be a daunting prospect from a testing point of
354 view. Nevertheless there are some areas which are only lightly-tested:
356 1. Tests on the ages of files
358 2. Code which deals with the values returned by operating system
359 calls (for example handling of ENOENT)
361 3. Code dealing with OS limits (for example, limits on path length or
364 4. Code relating to features not all systems have (for example
367 Please exercise caution when working in those areas.
370 File: find-maint.info, Node: Debugging is For Users Too, Prev: Don't Trust the File System Contents, Up: Coding Conventions
372 4.3 Debugging is For Users Too
373 ==============================
375 Debug and diagnostic code is often used to verify that a program is
376 working in the way its author thinks it should be. But users are often
377 uncertain about what a program is doing, too. Exposing them a little
378 more diagnostic information can help. Much of the diagnostic code in
379 `find', for example, is controlled by the `-D' flag, as opposed to C
380 preprocessor directives.
382 Making diagnostic messages available to users also means that the
383 phrasing of the diagnostic messages becomes important, too.
386 File: find-maint.info, Node: Don't Trust the File System Contents, Next: Debugging is For Users Too, Prev: The File System Is Being Modified, Up: Coding Conventions
388 4.4 Don't Trust the File System Contents
389 ========================================
391 People use `find' to search in directories created by other people.
392 Sometimes they do this to check to suspicious activity (for example to
393 look for new setuid binaries). This means that it would be bad if
394 `find' were vulnerable to, say, a security problem exploitable by
395 constructing a specially-crafted filename. The same consideration
396 would apply to `locate' and `updatedb'.
398 Henry Spencer said this well in his fifth commandment:
400 Thou shalt check the array bounds of all strings (indeed, all
401 arrays), for surely where thou typest `foo' someone someday shall
402 type `supercalifragilisticexpialidocious'.
404 Symbolic links can often be a problem. If `find' calls `lstat' on
405 something and discovers that it is a directory, it's normal for `find'
406 to recurse into it. Even if the `chdir' system call is used
407 immediately, there is still a window of opportunity between the `lstat'
408 and the `chdir' in which a malicious person could rename the directory
409 and substitute a symbolic link to some other directory.
412 File: find-maint.info, Node: The File System Is Being Modified, Next: Don't Trust the File System Contents, Prev: Factor Out Repeated Code, Up: Coding Conventions
414 4.5 The File System Is Being Modified
415 =====================================
417 The filesystem gets modified while you are traversing it. For,
418 example, it's normal for files to get deleted while `find' is
419 traversing a directory. Issuing an error message seems helpful when a
420 file is deleted from the one directory you are interested in, but if
421 `find' is searching 15000 directories, such a message becomes less
424 Bear in mind also that it is possible for the directory `find' is
425 currently searching could be moved to another point in the filesystem,
426 and that the directory in which `find' was started could be deleted.
428 Henry Spencer's sixth commandment is also apposite here:
430 If a function be advertised to return an error code in the event of
431 difficulties, thou shalt check for that code, yea, even though the
432 checks triple the size of thy code and produce aches in thy typing
433 fingers, for if thou thinkest "it cannot happen to me", the gods
434 shall surely punish thee for thy arrogance.
436 There are a lot of files out there. They come in all dates and
437 sizes. There is a condition out there in the real world to exercise
438 every bit of the code base. So we try to test that code base before
439 someone falls over a bug.
442 File: find-maint.info, Node: Tools, Next: Using the GNU Portability Library, Prev: Coding Conventions, Up: Top
447 Most of the tools required to build findutils are mentioned in the file
448 `README-hacking'. We also use some other tools:
451 Much of the execution time of find is spent waiting for filesystem
452 operations. A system call trace (for example, that provided by
453 `strace') shows what system calls are being made. Using this
454 information we can work to remove unnecessary file system
458 Valgrind is a tool which dynamically verifies the memory accesses a
459 program makes to ensure that they are valid (for example, that the
460 behaviour of the program does not in any way depend on the
461 contents of uninitialized memory).
464 DejaGnu is the test framework used to run the findutils test suite
465 (the `runtest' program is part of DejaGnu). It would be ideal if
466 everybody building `findutils' also ran the test suite, but many
467 people don't have DejaGnu installed. When changes are made to
468 findutils, DejaGnu is invoked a lot. *Note Testing::, for more
472 File: find-maint.info, Node: Using the GNU Portability Library, Next: Documentation, Prev: Tools, Up: Top
474 6 Using the GNU Portability Library
475 ***********************************
477 The Gnulib library (`http://www.gnu.org/software/gnulib/') makes a
478 variety of systems look more like a GNU/Linux system and also applies a
479 bunch of automatic bug fixes and workarounds. Some of these also apply
480 to GNU/Linux systems too. For example, the Gnulib regex implementation
481 is used when we determine that we are building on a GNU libc system
482 with a bug in the regex implementation.
484 6.1 How and Why we Import the Gnulib Code
485 =========================================
487 Gnulib does not have a release process which results in a source
488 tarball you can download. Instead, the code is simply made available
489 by GIT. The code is also available via `git-cvspserver', but we
490 decided not to use this, since `import-gnulib.sh' depended on `cvs
491 update -D', which at the time `git-cvspserver' did not support.
493 GNU projects vary in how they interact with Gnulib. Many import a
494 selection of code from Gnulib into the working directory and then check
495 the updated files into the repository for their project. The coreutils
496 project does this, for example.
498 At the last maintainer changeover for findutils (2003) it turned out
499 that there was a lot of material in findutils in common with Gnulib,
500 but it had not been updated in a long time. It was difficult to figure
501 out which source files were intended to track external sources and
502 which were intended to contain incompatible changes, or diverge for
505 To reduce this uncertainty, I decided to treat Gnulib much like
506 Automake. Files supplied by Automake are simply absent from the
507 findutils source tree. When Automake is run with `automake
508 --add-missing --copy', it adds in all the files it thinks should be
509 there which aren't there already.
511 An analogous approach is taken with Gnulib. The Gnulib code is
512 imported from the git repository for Gnulib with a findutils helper
513 script, `import-gnulib.sh'. That script fetches a copy of the Gnulib
514 code into the subdirectory `gnulib-git' and then runs `gnulib-tool'.
515 The `gnulib-tool' program copies the required parts of Gnulib into the
516 findutils source tree in the subdirectory `gnulib'. This process gives
517 us the property that the code in `gnulib' and `gnulib-git' is not
518 included in the findutils git tree. Both directories are listed in
519 `.gitignore' and so git ignores them.
521 Findutils does not use all the Gnulib code. The modules we need are
522 listed in the file `import-gnulib.config'. The same file also
523 indicates the version of Gnulib that we want to use. Since Gnulib has
524 no actual release process, we just use a date. Both `import-gnulib.sh'
525 and `import-gnulib.config' are in the findutils git repository.
527 The upshot of all this is that we can use the findutils git
528 repository to track which version of Gnulib every findutils release
529 uses. That information is also provided when the user invokes a
530 findutils program with the `--version' option.
532 A small number of files are installed by automake and will therefore
533 vary according to which version of automake was used to generate a
534 release. This includes for example boiler-plate GNU files such as
535 `ABOUT-NLS', `INSTALL' and `COPYING'.
537 6.2 How We Fix Gnulib Bugs
538 ==========================
540 If we always directly import the Gnulib code directly from the git
541 repository in this way, it is impossible to maintain a locally
542 different copy of Gnulib. This is often a benefit in that accidental
543 version skew is prevented.
545 However, sometimes we want deliberate version skew in order to use a
546 findutils-specific patched version of a Gnulib file, for example
547 because we fixed a bug.
549 Gnulib is used by quite a number of GNU projects, and this means that
550 it gets plenty of testing. Therefore there are relatively few bugs in
551 the Gnulib code, but it does happen from time to time.
553 However, since there is no waiting around for a Gnulib source release
554 tarball, Gnulib bugs are generally fixed quickly. Here is an outline
555 of the way we would contribute a fix to Gnulib (assuming you know it is
556 not already fixed in the current Gnulib git tree):
558 Check you already completed a copyright assignment for Gnulib
560 Begin with a vanilla git tree
561 Download the Findutils source code from git (or use the tree you
564 Check out a copy of the Gnulib source
565 Check out a copy of the Gnulib source tree. The
566 `import-gnulib.sh' script may have generated a shallow git clone
567 as opposed to a normal, full clone in the directory `gnulib-git'.
568 This means that you may not be able to clone the repository that
569 `import-gnulib.sh' generates. However, you can make a normal
570 (full) clone with `git clone
571 git_repo="git://git.savannah.gnu.org/gnulib.git"'. Do this
572 somewhere outside the findutils source tree.
574 Import Gnulib from your local copy
575 The `import-gnulib.sh' tool has a `-d' option which you can use to
576 import the code from a local copy of Gnulib.
579 Build findutils and run the test suite, which should pass. In our
580 example we assume you have just noticed a bug in Gnulib, not that
581 recent Gnulib changes broke the findutils regression tests.
584 If in fact Gnulib did break the findutils regression tests, you
585 can probably skip this step, since you already have a test case
586 demonstrating the problem. Otherwise, write a findutils test case
587 for the bug and/or a Gnulib test case.
590 Make sure your editor follows symbolic links so that your changes
591 to `gnulib/...' actually affect the files in the git working
592 directory you checked out earlier. Observe that your test now
595 Prepare a Gnulib patch
596 Use `git format-patch' to prepare the patch. Follow the normal
597 usage for checkin comments (take a look at the output of `git
598 log'). Check that the patch conforms with the GNU coding
599 standards, and email it to the Gnulib mailing list.
601 Wait for the patch to be applied
602 Once your bug fix has been applied, you can update your local
603 directory from git, re-import the code into Findutils (still using
604 the `-d' option), and re-run the tests. This verifies that the
605 fix the Gnulib team made actually fixes your problem.
607 Reimport the Gnulib code
608 Update the findutils file `import-gnulib.config' to specify git
609 commit which is after the point at which the bug fix was committed
610 to Gnulib. You can do this with `git rev-parse HEAD'. Finally,
611 re-import the Gnulib code directly from git by using
612 `import-gnulib.sh' without the `-d' option, and run the tests
613 again. This verifies that there was no remaining local change
614 that we were relying on to fix the bug. Make sure you checked
615 everything in by running `git status'.
617 There is an alternative to the method above; it is possible to store
618 local diffs to be patched into gnulib beneath the `gnulib-local'.
619 Normally however, there is no need for this, since gnulib updates are
623 File: find-maint.info, Node: Documentation, Next: Testing, Prev: Using the GNU Portability Library, Up: Top
628 The findutils git tree includes several different types of
631 7.1 User Documentation
632 ======================
634 User-oriented documentation is provided as manual pages and in Texinfo.
635 See *note Introduction: (find)Introduction.
637 Please make sure both sets of documentation are updated if you make a
638 change to the code. The GNU coding standards do not normally call for
639 maintaining manual pages on the grounds of effort duplication.
640 However, the manual page format is more convenient for quick reference,
641 and so it's worth maintaining both types of documentation. However,
642 the manual pages are normally rather more terse than the Texinfo
643 documentation. The manual pages are suitable for reference use, but
644 the Texinfo manual should also include introductory and tutorial
651 Describes the Free Translation Project, the translation status of
652 various GNU projects, and how to participate by translating an
656 Lists the authors of findutils.
659 The copyright license covering findutils; currently, the GNU GPL,
663 Generic installation instructions for installing GNU programs.
666 Information about how to compile findutils in particular
669 A README file which is included with testing releases of findutils.
672 Describes how to build findutils from the code in git.
675 Thanks for people who contributed to findutils. Generally, if
676 someone's contribution was significant enough to need a copyright
677 assignment, their name should go in here.
682 7.3 Release Information
683 =======================
686 Enumerates the user-visible change in each release. Typical
687 changes are fixed bugs, functionality changes and documentation
688 changes. Include the date when a release is made.
691 This file enumerates all changes to the findutils source code (with
692 the possible exception of `.cvsignore' and `.gitignore' changes).
693 The level of detail used for this file should be sufficient to
694 answer the questions "what changed?" and "why was it changed?".
695 If a change fixes a bug, always give the bug reference number in
696 both the `ChangeLog' and `NEWS' files and of course also in the
697 checkin message. In general, it should be possible to enumerate
698 all material changes to a function by searching for its name in
699 `ChangeLog'. Mention when each release is made.
702 File: find-maint.info, Node: Testing, Next: Bugs, Prev: Documentation, Up: Top
707 This chapter will explain the general procedures for adding tests to
708 the test suite, and the functions defined in the findutils-specific
709 DejaGnu configuration. Where appropriate references will be made to
710 the DejaGnu documentation.
713 File: find-maint.info, Node: Bugs, Next: Distributions, Prev: Testing, Up: Top
718 Bugs are logged in the Savannah bug tracker
719 `http://savannah.gnu.org/bugs/?group=findutils'. The tracker offers
720 several fields but their use is largely obvious. The life-cycle of a
724 Someone, usually a maintainer, a distribution maintainer or a user,
725 creates a bug by filling in the form. They fill in field values
726 as they see fit. This will generate an email to
727 <bug-findutils@gnu.org>.
730 The bug hangs around with `Status=None' until someone begins to
731 work on it. At that point they set the "Assigned To" field and
732 will sometimes set the status to `In Progress', especially if the
733 bug will take a while to fix.
736 Quite a lot of reports are not actually bugs; for these the usual
737 procedure is to explain why the problem is not a bug, set the
738 status to `Invalid' and close the bug. Make sure you set the
739 `Assigned to' field to yourself before closing the bug.
742 When you commit a bug fix into git (or in the case of a contributed
743 patch, commit the change), mark the bug as `Fixed'. Make sure you
744 include a new test case where this is relevant. If you can figure
745 out which releases are affected, please also set the `Release'
746 field to the earliest release which is affected by the bug.
747 Indicate which source branch the fix is included in (for example,
748 4.2.x or 4.3.x). Don't close the bug yet.
751 When a release is made which includes the bug fix, make sure the
752 bug is listed in the NEWS file. Once the release is made, fill in
753 the `Fixed Release' field and close the bug.
756 File: find-maint.info, Node: Distributions, Next: Internationalisation, Prev: Bugs, Up: Top
761 Almost all GNU/Linux distributions include findutils, but only some of
762 them have a package maintainer who is a member of the mailing list.
763 Distributions don't often feed back patches to the
764 <bug-findutils@gnu.org> list, but on the other hand many of their
765 patches relate only to standards for file locations and so forth, and
766 are therefore distribution specific. On an irregular basis I check the
767 current patches being used by one or two distributions, but the total
768 number of GNU/Linux distributions is large enough that we could not
769 hope to cover them all.
771 Often, bugs are raised against a distribution's bug tracker instead
772 of GNU's. Periodically (about every six months) I take a look at some
773 of the more accessible bug trackers to indicate which bugs have been
776 Many distributions include both findutils and the slocate package,
777 which provides a replacement `locate'.
780 File: find-maint.info, Node: Internationalisation, Next: Security, Prev: Distributions, Up: Top
782 11 Internationalisation
783 ***********************
785 Translation is essentially automated from the maintainer's point of
786 view. The TP mails the maintainer when a new PO file is available, and
787 we just download it and check it in. We copy the `.po' files into the
788 git repository. For more information, please see
789 `http://translationproject.org/domain/findutils.html'.
792 File: find-maint.info, Node: Security, Next: Making Releases, Prev: Internationalisation, Up: Top
797 See *note Security Considerations: (find)Security Considerations, for a
798 full description of the findutils approach to security considerations
799 and discussion of particular tools.
801 If someone reports a security bug publicly, we should fix this as
802 rapidly as possible. If necessary, this can mean issuing a fixed
803 release containing just the one bug fix. We try to avoid issuing
804 releases which include both significant security fixes and functional
807 Where someone reports a security problem privately, we generally try
808 to construct and test a patch without pushing the intermediate code to
809 the public repository.
811 Once everything has been tested, this allows us to make a release and
812 push the patch. The advantage of doing things this way is that we
813 avoid situations where people watching for git commits can figure out
814 and exploit a security problem before a fixed release is available.
816 It's important that security problems be fixed promptly, but don't
817 rush so much that things go wrong. Make sure the new release really
818 fixes the problem. It's usually best not to include functional changes
819 in your security-fix release.
821 If the security problem is serious, send an alert to
822 <vendor-sec@lst.de>. The members of the list include most GNU/Linux
823 distributions. The point of doing this is to allow them to prepare to
824 release your security fix to their customers, once the fix becomes
825 available. Here is an example alert:-
827 GNU findutils heap buffer overrun (potential privilege escalation)
834 GNU findutils is a set of programs which search for files on Unix-like
835 systems. It is maintained by the GNU Project of the Free Software
836 Foundation. For more information, see
837 `http://www.gnu.org/software/findutils'.
843 When GNU locate reads filenames from an old-format locate database,
844 they are read into a fixed-length buffer allocated on the heap.
845 Filenames longer than the 1026-byte buffer can cause a buffer overrun.
846 The overrunning data can be chosen by any person able to control the
847 names of filenames created on the local system. This will normally
848 include all local users, but in many cases also remote users (for
849 example in the case of FTP servers allowing uploads).
854 Findutils supports three different formats of locate database, its
855 native format "LOCATE02", the slocate variant of LOCATE02, and a
856 traditional ("old") format that locate uses on other Unix systems.
858 When locate reads filenames from a LOCATE02 database (the default
859 format), the buffer into which data is read is automatically extended
860 to accommodate the length of the filenames.
862 This automatic buffer extension does not happen for old-format
863 databases. Instead a 1026-byte buffer is used. When a longer
864 pathname appears in the locate database, the end of this buffer is
865 overrun. The buffer is allocated on the heap (not the stack).
867 If the locate database is in the default LOCATE02 format, the locate
868 program does perform automatic buffer extension, and the program is
869 not vulnerable to this problem. The software used to build the
870 old-format locate database is not itself vulnerable to the same
873 Most installations of GNU findutils do not use the old database
874 format, and so will not be vulnerable.
882 All existing releases of findutils are affected.
888 To discover the longest path name on a given system, you can use the
889 following command (requires GNU findutils and GNU coreutils):
891 find / -print0 | tr -c '\0' 'x' | tr '\0' '\n' | wc -L
897 This section includes a shell script which determines which of a list
898 of locate binaries is vulnerable to the problem. The shell script has
899 been tested only on glibc based systems having a mktemp binary.
901 NOTE: This script deliberately overruns the buffer in order to
902 determine if a binary is affected. Therefore running it on your
903 system may have undesirable effects. We recommend that you read the
904 script before running it.
908 if vanilla_db="$(mktemp nicedb.XXXXXX)" ; then
909 if updatedb --prunepaths="" --old-format --localpaths="/tmp" \
910 --output="$@{vanilla_db@}" ; then
913 rm -f "$@{vanilla_db@}"
915 echo "Failed to create old-format locate database; skipping the sanity checks" >&2
920 # Start with a valid database
921 cat "$@{vanilla_db@}"
922 # Make the final entry really long
923 dd if=/dev/zero bs=1 count=1500 2>/dev/null | tr '\000' 'x'
930 usage() @{ echo "usage: $0 binary [binary...]" >&2; exit $1; @}
931 [ $# -eq 0 ] && usage 1
936 if dbfile="$(mktemp nasty.XXXXXX)"
938 make_overrun_db > "$dbfile"
940 ver="$locate = $("$locate" --version | head -1)"
941 if [ -z "$vanilla_db" ] || "$locate" -d "$vanilla_db" "" >/dev/null ; then
942 "$locate" -d "$dbfile" "" >/dev/null
943 if [ $? -gt 128 ] ; then
951 # the regular locate failed
953 buggy, may or may not be vulnerable: $ver"
956 rm -f "$@{dbfile@}" "$@{vanilla_db@}"
957 # good: unaffected. bad: affected (vulnerable).
958 # ugly: doesn't even work for a normal old-format database.
973 The GNU project discovered the problem while 'locate' was being worked
974 on; this is the first public announcement of the problem.
976 The GNU findutils mantainer has issued a patch as p[art of this
977 announcement. The patch appears below.
979 A source release of findutils-4.2.31 will be issued on 2007-05-30.
980 That release will of course include the patch. The patch will be
981 committed to the public CVS repository at the same time. Public
982 announcements of the release, including a description of the bug, will
983 be made at the same time as the release.
985 A release of findutils-4.3.x will follow and will also include the
992 This patch should apply to findutils-4.2.23 and later.
993 Findutils-4.2.23 was released almost two years ago.
994 Index: locate/locate.c
995 ===================================================================
996 RCS file: /cvsroot/findutils/findutils/locate/locate.c,v
997 retrieving revision 1.58.2.2
998 diff -u -p -r1.58.2.2 locate.c
999 --- locate/locate.c 22 Apr 2007 16:57:42 -0000 1.58.2.2
1000 +++ locate/locate.c 28 May 2007 10:18:16 -0000
1001 @@@@ -124,9 +124,9 @@@@ extern int errno;
1003 #include "locatedb.h"
1004 #include <getline.h>
1005 -#include "../gnulib/lib/xalloc.h"
1006 -#include "../gnulib/lib/error.h"
1007 -#include "../gnulib/lib/human.h"
1008 +#include "xalloc.h"
1011 #include "dirname.h"
1012 #include "closeout.h"
1013 #include "nextelem.h"
1014 @@@@ -468,10 +468,36 @@@@ visit_justprint_unquoted(struct process_
1015 return VISIT_CONTINUE;
1019 +toolong (struct process_data *procdata)
1021 + error (EXIT_FAILURE, 0,
1022 + _("locate database %s contains a "
1023 + "filename longer than locate can handle"),
1024 + procdata->dbfile);
1028 +extend (struct process_data *procdata, size_t siz1, size_t siz2)
1030 + /* Figure out if the addition operation is safe before performing it. */
1031 + if (SIZE_MAX - siz1 < siz2)
1033 + toolong (procdata);
1035 + else if (procdata->pathsize < (siz1+siz2))
1037 + procdata->pathsize = siz1+siz2;
1038 + procdata->original_filename = x2nrealloc (procdata->original_filename,
1039 + &procdata->pathsize,
1045 visit_old_format(struct process_data *procdata, void *context)
1048 + register size_t i;
1051 /* Get the offset in the path where this path info starts. */
1052 @@@@ -479,20 +505,35 @@@@ visit_old_format(struct process_data *pr
1053 procdata->count += getw (procdata->fp) - LOCATEDB_OLD_OFFSET;
1055 procdata->count += procdata->c - LOCATEDB_OLD_OFFSET;
1056 + assert(procdata->count > 0);
1058 - /* Overlay the old path with the remainder of the new. */
1059 - for (s = procdata->original_filename + procdata->count;
1060 + /* Overlay the old path with the remainder of the new. Read
1061 + * more data until we get to the next filename.
1063 + for (i=procdata->count;
1064 (procdata->c = getc (procdata->fp)) > LOCATEDB_OLD_ESCAPE;)
1065 - if (procdata->c < 0200)
1066 - *s++ = procdata->c; /* An ordinary character. */
1069 - /* Bigram markers have the high bit set. */
1070 - procdata->c &= 0177;
1071 - *s++ = procdata->bigram1[procdata->c];
1072 - *s++ = procdata->bigram2[procdata->c];
1076 + if (procdata->c < 0200)
1078 + /* An ordinary character. */
1079 + extend (procdata, i, 1u);
1080 + procdata->original_filename[i++] = procdata->c;
1084 + /* Bigram markers have the high bit set. */
1085 + extend (procdata, i, 2u);
1086 + procdata->c &= 0177;
1087 + procdata->original_filename[i++] = procdata->bigram1[procdata->c];
1088 + procdata->original_filename[i++] = procdata->bigram2[procdata->c];
1092 + /* Consider the case where we executed the loop body zero times; we
1093 + * still need space for the terminating null byte.
1095 + extend (procdata, i, 1u);
1096 + procdata->original_filename[i] = 0;
1098 procdata->munged_filename = procdata->original_filename;
1105 Thanks to Rob Holland <rob@inversepath.com> and Tavis Ormandy.
1108 VIII. CVE INFORMATION
1109 =====================
1111 No CVE candidate number has yet been assigned for this vulnerability.
1112 If someone provides one, I will include it in the public announcement
1115 The original announcement above was sent out with a cleartext PGP
1116 signature, of course, but that has been omitted from the example.
1118 Once a fixed release is available, announce the new release using the
1119 normal channels. Any CVE number assigned for the problem should be
1120 included in the `ChangeLog' and `NEWS' entries. See
1121 `http://cve.mitre.org/' for an explanation of CVE numbers.
1124 File: find-maint.info, Node: Making Releases, Next: GNU Free Documentation License, Prev: Security, Up: Top
1129 This section will explain how to make a findutils release. For the
1130 time being here is a terse description of the main steps:
1132 1. Commit changes; make sure your working directory has no
1133 uncommitted changes.
1135 2. Test; make sure that all changes you have made have tests, and
1136 that the tests pass. Verify this with `make distcheck'.
1138 3. Bugs; make sure all Savannah bug entries fixed in this release are
1141 4. NEWS; make sure that the NEWS and configure.in file are updated
1142 with the new release number (and checked in).
1144 5. Build the release tarball; do this with `make distcheck'. Copy
1145 the tarball somewhere safe.
1147 6. Tag the release; findutils releases are tagged like this for
1148 example: v4.5.5. Previously a different format was in use:
1149 FINDUTILS_4_3_8-1. You can create a tag with the a command like
1150 this: `git tag -s -m "Findutils release v4.5.7" v4.5.7'.
1152 7. Prepare the upload and upload it. *Note Automated FTP Uploads:
1153 (maintain)Automated FTP Uploads, for detailed upload instructions.
1155 8. Make a release announcement; include an extract from the NEWS file
1156 which explains what's changed. Announcements for test releases
1157 should just go to <bug-findutils@gnu.org>. Announcements for
1158 stable releases should go to <info-gnu@gnu.org> as well.
1160 9. Bump the release numbers in git; edit the `configure.in' and
1161 `NEWS' files to advance the release numbers. For example, if you
1162 have just released `4.6.2', bump the release number to
1163 `4.6.3-git'. The point of the `-git' suffix here is that a
1164 findutils binary built from git will bear a release number
1165 indicating it's not built from the "official" source release.
1167 10. Close bugs; any bugs recorded on Savannah which were fixed in this
1168 release should now be marked as closed. Update the `Fixed
1169 Release' field of these bugs appropriately and make sure the
1170 `Assigned to' field is populated.
1173 File: find-maint.info, Node: GNU Free Documentation License, Prev: Making Releases, Up: Top
1175 Appendix A GNU Free Documentation License
1176 *****************************************
1178 Version 1.3, 3 November 2008
1180 Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
1183 Everyone is permitted to copy and distribute verbatim copies
1184 of this license document, but changing it is not allowed.
1188 The purpose of this License is to make a manual, textbook, or other
1189 functional and useful document "free" in the sense of freedom: to
1190 assure everyone the effective freedom to copy and redistribute it,
1191 with or without modifying it, either commercially or
1192 noncommercially. Secondarily, this License preserves for the
1193 author and publisher a way to get credit for their work, while not
1194 being considered responsible for modifications made by others.
1196 This License is a kind of "copyleft", which means that derivative
1197 works of the document must themselves be free in the same sense.
1198 It complements the GNU General Public License, which is a copyleft
1199 license designed for free software.
1201 We have designed this License in order to use it for manuals for
1202 free software, because free software needs free documentation: a
1203 free program should come with manuals providing the same freedoms
1204 that the software does. But this License is not limited to
1205 software manuals; it can be used for any textual work, regardless
1206 of subject matter or whether it is published as a printed book.
1207 We recommend this License principally for works whose purpose is
1208 instruction or reference.
1210 1. APPLICABILITY AND DEFINITIONS
1212 This License applies to any manual or other work, in any medium,
1213 that contains a notice placed by the copyright holder saying it
1214 can be distributed under the terms of this License. Such a notice
1215 grants a world-wide, royalty-free license, unlimited in duration,
1216 to use that work under the conditions stated herein. The
1217 "Document", below, refers to any such manual or work. Any member
1218 of the public is a licensee, and is addressed as "you". You
1219 accept the license if you copy, modify or distribute the work in a
1220 way requiring permission under copyright law.
1222 A "Modified Version" of the Document means any work containing the
1223 Document or a portion of it, either copied verbatim, or with
1224 modifications and/or translated into another language.
1226 A "Secondary Section" is a named appendix or a front-matter section
1227 of the Document that deals exclusively with the relationship of the
1228 publishers or authors of the Document to the Document's overall
1229 subject (or to related matters) and contains nothing that could
1230 fall directly within that overall subject. (Thus, if the Document
1231 is in part a textbook of mathematics, a Secondary Section may not
1232 explain any mathematics.) The relationship could be a matter of
1233 historical connection with the subject or with related matters, or
1234 of legal, commercial, philosophical, ethical or political position
1237 The "Invariant Sections" are certain Secondary Sections whose
1238 titles are designated, as being those of Invariant Sections, in
1239 the notice that says that the Document is released under this
1240 License. If a section does not fit the above definition of
1241 Secondary then it is not allowed to be designated as Invariant.
1242 The Document may contain zero Invariant Sections. If the Document
1243 does not identify any Invariant Sections then there are none.
1245 The "Cover Texts" are certain short passages of text that are
1246 listed, as Front-Cover Texts or Back-Cover Texts, in the notice
1247 that says that the Document is released under this License. A
1248 Front-Cover Text may be at most 5 words, and a Back-Cover Text may
1249 be at most 25 words.
1251 A "Transparent" copy of the Document means a machine-readable copy,
1252 represented in a format whose specification is available to the
1253 general public, that is suitable for revising the document
1254 straightforwardly with generic text editors or (for images
1255 composed of pixels) generic paint programs or (for drawings) some
1256 widely available drawing editor, and that is suitable for input to
1257 text formatters or for automatic translation to a variety of
1258 formats suitable for input to text formatters. A copy made in an
1259 otherwise Transparent file format whose markup, or absence of
1260 markup, has been arranged to thwart or discourage subsequent
1261 modification by readers is not Transparent. An image format is
1262 not Transparent if used for any substantial amount of text. A
1263 copy that is not "Transparent" is called "Opaque".
1265 Examples of suitable formats for Transparent copies include plain
1266 ASCII without markup, Texinfo input format, LaTeX input format,
1267 SGML or XML using a publicly available DTD, and
1268 standard-conforming simple HTML, PostScript or PDF designed for
1269 human modification. Examples of transparent image formats include
1270 PNG, XCF and JPG. Opaque formats include proprietary formats that
1271 can be read and edited only by proprietary word processors, SGML or
1272 XML for which the DTD and/or processing tools are not generally
1273 available, and the machine-generated HTML, PostScript or PDF
1274 produced by some word processors for output purposes only.
1276 The "Title Page" means, for a printed book, the title page itself,
1277 plus such following pages as are needed to hold, legibly, the
1278 material this License requires to appear in the title page. For
1279 works in formats which do not have any title page as such, "Title
1280 Page" means the text near the most prominent appearance of the
1281 work's title, preceding the beginning of the body of the text.
1283 The "publisher" means any person or entity that distributes copies
1284 of the Document to the public.
1286 A section "Entitled XYZ" means a named subunit of the Document
1287 whose title either is precisely XYZ or contains XYZ in parentheses
1288 following text that translates XYZ in another language. (Here XYZ
1289 stands for a specific section name mentioned below, such as
1290 "Acknowledgements", "Dedications", "Endorsements", or "History".)
1291 To "Preserve the Title" of such a section when you modify the
1292 Document means that it remains a section "Entitled XYZ" according
1295 The Document may include Warranty Disclaimers next to the notice
1296 which states that this License applies to the Document. These
1297 Warranty Disclaimers are considered to be included by reference in
1298 this License, but only as regards disclaiming warranties: any other
1299 implication that these Warranty Disclaimers may have is void and
1300 has no effect on the meaning of this License.
1304 You may copy and distribute the Document in any medium, either
1305 commercially or noncommercially, provided that this License, the
1306 copyright notices, and the license notice saying this License
1307 applies to the Document are reproduced in all copies, and that you
1308 add no other conditions whatsoever to those of this License. You
1309 may not use technical measures to obstruct or control the reading
1310 or further copying of the copies you make or distribute. However,
1311 you may accept compensation in exchange for copies. If you
1312 distribute a large enough number of copies you must also follow
1313 the conditions in section 3.
1315 You may also lend copies, under the same conditions stated above,
1316 and you may publicly display copies.
1318 3. COPYING IN QUANTITY
1320 If you publish printed copies (or copies in media that commonly
1321 have printed covers) of the Document, numbering more than 100, and
1322 the Document's license notice requires Cover Texts, you must
1323 enclose the copies in covers that carry, clearly and legibly, all
1324 these Cover Texts: Front-Cover Texts on the front cover, and
1325 Back-Cover Texts on the back cover. Both covers must also clearly
1326 and legibly identify you as the publisher of these copies. The
1327 front cover must present the full title with all words of the
1328 title equally prominent and visible. You may add other material
1329 on the covers in addition. Copying with changes limited to the
1330 covers, as long as they preserve the title of the Document and
1331 satisfy these conditions, can be treated as verbatim copying in
1334 If the required texts for either cover are too voluminous to fit
1335 legibly, you should put the first ones listed (as many as fit
1336 reasonably) on the actual cover, and continue the rest onto
1339 If you publish or distribute Opaque copies of the Document
1340 numbering more than 100, you must either include a
1341 machine-readable Transparent copy along with each Opaque copy, or
1342 state in or with each Opaque copy a computer-network location from
1343 which the general network-using public has access to download
1344 using public-standard network protocols a complete Transparent
1345 copy of the Document, free of added material. If you use the
1346 latter option, you must take reasonably prudent steps, when you
1347 begin distribution of Opaque copies in quantity, to ensure that
1348 this Transparent copy will remain thus accessible at the stated
1349 location until at least one year after the last time you
1350 distribute an Opaque copy (directly or through your agents or
1351 retailers) of that edition to the public.
1353 It is requested, but not required, that you contact the authors of
1354 the Document well before redistributing any large number of
1355 copies, to give them a chance to provide you with an updated
1356 version of the Document.
1360 You may copy and distribute a Modified Version of the Document
1361 under the conditions of sections 2 and 3 above, provided that you
1362 release the Modified Version under precisely this License, with
1363 the Modified Version filling the role of the Document, thus
1364 licensing distribution and modification of the Modified Version to
1365 whoever possesses a copy of it. In addition, you must do these
1366 things in the Modified Version:
1368 A. Use in the Title Page (and on the covers, if any) a title
1369 distinct from that of the Document, and from those of
1370 previous versions (which should, if there were any, be listed
1371 in the History section of the Document). You may use the
1372 same title as a previous version if the original publisher of
1373 that version gives permission.
1375 B. List on the Title Page, as authors, one or more persons or
1376 entities responsible for authorship of the modifications in
1377 the Modified Version, together with at least five of the
1378 principal authors of the Document (all of its principal
1379 authors, if it has fewer than five), unless they release you
1380 from this requirement.
1382 C. State on the Title page the name of the publisher of the
1383 Modified Version, as the publisher.
1385 D. Preserve all the copyright notices of the Document.
1387 E. Add an appropriate copyright notice for your modifications
1388 adjacent to the other copyright notices.
1390 F. Include, immediately after the copyright notices, a license
1391 notice giving the public permission to use the Modified
1392 Version under the terms of this License, in the form shown in
1395 G. Preserve in that license notice the full lists of Invariant
1396 Sections and required Cover Texts given in the Document's
1399 H. Include an unaltered copy of this License.
1401 I. Preserve the section Entitled "History", Preserve its Title,
1402 and add to it an item stating at least the title, year, new
1403 authors, and publisher of the Modified Version as given on
1404 the Title Page. If there is no section Entitled "History" in
1405 the Document, create one stating the title, year, authors,
1406 and publisher of the Document as given on its Title Page,
1407 then add an item describing the Modified Version as stated in
1408 the previous sentence.
1410 J. Preserve the network location, if any, given in the Document
1411 for public access to a Transparent copy of the Document, and
1412 likewise the network locations given in the Document for
1413 previous versions it was based on. These may be placed in
1414 the "History" section. You may omit a network location for a
1415 work that was published at least four years before the
1416 Document itself, or if the original publisher of the version
1417 it refers to gives permission.
1419 K. For any section Entitled "Acknowledgements" or "Dedications",
1420 Preserve the Title of the section, and preserve in the
1421 section all the substance and tone of each of the contributor
1422 acknowledgements and/or dedications given therein.
1424 L. Preserve all the Invariant Sections of the Document,
1425 unaltered in their text and in their titles. Section numbers
1426 or the equivalent are not considered part of the section
1429 M. Delete any section Entitled "Endorsements". Such a section
1430 may not be included in the Modified Version.
1432 N. Do not retitle any existing section to be Entitled
1433 "Endorsements" or to conflict in title with any Invariant
1436 O. Preserve any Warranty Disclaimers.
1438 If the Modified Version includes new front-matter sections or
1439 appendices that qualify as Secondary Sections and contain no
1440 material copied from the Document, you may at your option
1441 designate some or all of these sections as invariant. To do this,
1442 add their titles to the list of Invariant Sections in the Modified
1443 Version's license notice. These titles must be distinct from any
1444 other section titles.
1446 You may add a section Entitled "Endorsements", provided it contains
1447 nothing but endorsements of your Modified Version by various
1448 parties--for example, statements of peer review or that the text
1449 has been approved by an organization as the authoritative
1450 definition of a standard.
1452 You may add a passage of up to five words as a Front-Cover Text,
1453 and a passage of up to 25 words as a Back-Cover Text, to the end
1454 of the list of Cover Texts in the Modified Version. Only one
1455 passage of Front-Cover Text and one of Back-Cover Text may be
1456 added by (or through arrangements made by) any one entity. If the
1457 Document already includes a cover text for the same cover,
1458 previously added by you or by arrangement made by the same entity
1459 you are acting on behalf of, you may not add another; but you may
1460 replace the old one, on explicit permission from the previous
1461 publisher that added the old one.
1463 The author(s) and publisher(s) of the Document do not by this
1464 License give permission to use their names for publicity for or to
1465 assert or imply endorsement of any Modified Version.
1467 5. COMBINING DOCUMENTS
1469 You may combine the Document with other documents released under
1470 this License, under the terms defined in section 4 above for
1471 modified versions, provided that you include in the combination
1472 all of the Invariant Sections of all of the original documents,
1473 unmodified, and list them all as Invariant Sections of your
1474 combined work in its license notice, and that you preserve all
1475 their Warranty Disclaimers.
1477 The combined work need only contain one copy of this License, and
1478 multiple identical Invariant Sections may be replaced with a single
1479 copy. If there are multiple Invariant Sections with the same name
1480 but different contents, make the title of each such section unique
1481 by adding at the end of it, in parentheses, the name of the
1482 original author or publisher of that section if known, or else a
1483 unique number. Make the same adjustment to the section titles in
1484 the list of Invariant Sections in the license notice of the
1487 In the combination, you must combine any sections Entitled
1488 "History" in the various original documents, forming one section
1489 Entitled "History"; likewise combine any sections Entitled
1490 "Acknowledgements", and any sections Entitled "Dedications". You
1491 must delete all sections Entitled "Endorsements."
1493 6. COLLECTIONS OF DOCUMENTS
1495 You may make a collection consisting of the Document and other
1496 documents released under this License, and replace the individual
1497 copies of this License in the various documents with a single copy
1498 that is included in the collection, provided that you follow the
1499 rules of this License for verbatim copying of each of the
1500 documents in all other respects.
1502 You may extract a single document from such a collection, and
1503 distribute it individually under this License, provided you insert
1504 a copy of this License into the extracted document, and follow
1505 this License in all other respects regarding verbatim copying of
1508 7. AGGREGATION WITH INDEPENDENT WORKS
1510 A compilation of the Document or its derivatives with other
1511 separate and independent documents or works, in or on a volume of
1512 a storage or distribution medium, is called an "aggregate" if the
1513 copyright resulting from the compilation is not used to limit the
1514 legal rights of the compilation's users beyond what the individual
1515 works permit. When the Document is included in an aggregate, this
1516 License does not apply to the other works in the aggregate which
1517 are not themselves derivative works of the Document.
1519 If the Cover Text requirement of section 3 is applicable to these
1520 copies of the Document, then if the Document is less than one half
1521 of the entire aggregate, the Document's Cover Texts may be placed
1522 on covers that bracket the Document within the aggregate, or the
1523 electronic equivalent of covers if the Document is in electronic
1524 form. Otherwise they must appear on printed covers that bracket
1525 the whole aggregate.
1529 Translation is considered a kind of modification, so you may
1530 distribute translations of the Document under the terms of section
1531 4. Replacing Invariant Sections with translations requires special
1532 permission from their copyright holders, but you may include
1533 translations of some or all Invariant Sections in addition to the
1534 original versions of these Invariant Sections. You may include a
1535 translation of this License, and all the license notices in the
1536 Document, and any Warranty Disclaimers, provided that you also
1537 include the original English version of this License and the
1538 original versions of those notices and disclaimers. In case of a
1539 disagreement between the translation and the original version of
1540 this License or a notice or disclaimer, the original version will
1543 If a section in the Document is Entitled "Acknowledgements",
1544 "Dedications", or "History", the requirement (section 4) to
1545 Preserve its Title (section 1) will typically require changing the
1550 You may not copy, modify, sublicense, or distribute the Document
1551 except as expressly provided under this License. Any attempt
1552 otherwise to copy, modify, sublicense, or distribute it is void,
1553 and will automatically terminate your rights under this License.
1555 However, if you cease all violation of this License, then your
1556 license from a particular copyright holder is reinstated (a)
1557 provisionally, unless and until the copyright holder explicitly
1558 and finally terminates your license, and (b) permanently, if the
1559 copyright holder fails to notify you of the violation by some
1560 reasonable means prior to 60 days after the cessation.
1562 Moreover, your license from a particular copyright holder is
1563 reinstated permanently if the copyright holder notifies you of the
1564 violation by some reasonable means, this is the first time you have
1565 received notice of violation of this License (for any work) from
1566 that copyright holder, and you cure the violation prior to 30 days
1567 after your receipt of the notice.
1569 Termination of your rights under this section does not terminate
1570 the licenses of parties who have received copies or rights from
1571 you under this License. If your rights have been terminated and
1572 not permanently reinstated, receipt of a copy of some or all of
1573 the same material does not give you any rights to use it.
1575 10. FUTURE REVISIONS OF THIS LICENSE
1577 The Free Software Foundation may publish new, revised versions of
1578 the GNU Free Documentation License from time to time. Such new
1579 versions will be similar in spirit to the present version, but may
1580 differ in detail to address new problems or concerns. See
1581 `http://www.gnu.org/copyleft/'.
1583 Each version of the License is given a distinguishing version
1584 number. If the Document specifies that a particular numbered
1585 version of this License "or any later version" applies to it, you
1586 have the option of following the terms and conditions either of
1587 that specified version or of any later version that has been
1588 published (not as a draft) by the Free Software Foundation. If
1589 the Document does not specify a version number of this License,
1590 you may choose any version ever published (not as a draft) by the
1591 Free Software Foundation. If the Document specifies that a proxy
1592 can decide which future versions of this License can be used, that
1593 proxy's public statement of acceptance of a version permanently
1594 authorizes you to choose that version for the Document.
1598 "Massive Multiauthor Collaboration Site" (or "MMC Site") means any
1599 World Wide Web server that publishes copyrightable works and also
1600 provides prominent facilities for anybody to edit those works. A
1601 public wiki that anybody can edit is an example of such a server.
1602 A "Massive Multiauthor Collaboration" (or "MMC") contained in the
1603 site means any set of copyrightable works thus published on the MMC
1606 "CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0
1607 license published by Creative Commons Corporation, a not-for-profit
1608 corporation with a principal place of business in San Francisco,
1609 California, as well as future copyleft versions of that license
1610 published by that same organization.
1612 "Incorporate" means to publish or republish a Document, in whole or
1613 in part, as part of another Document.
1615 An MMC is "eligible for relicensing" if it is licensed under this
1616 License, and if all works that were first published under this
1617 License somewhere other than this MMC, and subsequently
1618 incorporated in whole or in part into the MMC, (1) had no cover
1619 texts or invariant sections, and (2) were thus incorporated prior
1620 to November 1, 2008.
1622 The operator of an MMC Site may republish an MMC contained in the
1623 site under CC-BY-SA on the same site at any time before August 1,
1624 2009, provided the MMC is eligible for relicensing.
1627 ADDENDUM: How to use this License for your documents
1628 ====================================================
1630 To use this License in a document you have written, include a copy of
1631 the License in the document and put the following copyright and license
1632 notices just after the title page:
1634 Copyright (C) YEAR YOUR NAME.
1635 Permission is granted to copy, distribute and/or modify this document
1636 under the terms of the GNU Free Documentation License, Version 1.3
1637 or any later version published by the Free Software Foundation;
1638 with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
1639 Texts. A copy of the license is included in the section entitled ``GNU
1640 Free Documentation License''.
1642 If you have Invariant Sections, Front-Cover Texts and Back-Cover
1643 Texts, replace the "with...Texts." line with this:
1645 with the Invariant Sections being LIST THEIR TITLES, with
1646 the Front-Cover Texts being LIST, and with the Back-Cover Texts
1649 If you have Invariant Sections without Cover Texts, or some other
1650 combination of the three, merge those two alternatives to suit the
1653 If your document contains nontrivial examples of program code, we
1654 recommend releasing these examples in parallel under your choice of
1655 free software license, such as the GNU General Public License, to
1656 permit their use in free software.
1662 Node: Introduction
\7f2014
1663 Node: Maintaining GNU Programs
\7f2763
1664 Node: Design Issues
\7f3565
1665 Node: Coding Conventions
\7f7516
1666 Node: Make the Compiler Find the Bugs
\7f9483
1667 Node: Factor Out Repeated Code
\7f13031
1668 Node: Debugging is For Users Too
\7f15104
1669 Node: Don't Trust the File System Contents
\7f15802
1670 Node: The File System Is Being Modified
\7f17085
1672 Node: Using the GNU Portability Library
\7f19716
1673 Node: Documentation
\7f26897
1674 Node: Testing
\7f29615
1676 Node: Distributions
\7f31700
1677 Node: Internationalisation
\7f32735
1678 Node: Security
\7f33204
1679 Node: Making Releases
\7f44568
1680 Node: GNU Free Documentation License
\7f46693