vdr/vdr/debian changelog config-loader.sh vdr.postinst vdr.postrm

Sun, 16 Jan 2005 22:02:59 +0000

Update of /cvsroot/pkg-vdr-dvb/vdr/vdr/debian
In directory haydn:/tmp/cvs-serv16831/vdr/vdr/debian

Modified Files:
	changelog config-loader.sh vdr.postinst vdr.postrm 
Log Message:
* added fix for CAN-2005-0071 (do not overwrite files with the GRAB-Command anymore)
* improved adduser-code in postinst

Index: changelog
===================================================================
RCS file: /cvsroot/pkg-vdr-dvb/vdr/vdr/debian/changelog,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -d -r1.80 -r1.81

--- changelog	16 Jan 2005 19:41:59 -0000	1.80
+++ changelog	16 Jan 2005 22:02:57 -0000	1.81
@@ -2,7 +2,7 @@
 
   !!! unreleased - remove this line, when releasing this revision !!!
   
-  * Urgency high because it fixes CAN-2005-0071
+  * Urgency high because it includes a fix for CAN-2005-0071
   
   * Thomas Günther <tom@toms-cafe.de>
     - new (optional) plugin check (with "vdr -V -P plugin")
@@ -28,9 +28,12 @@
   * Thomas Schmidt <thomas.schmidt@in.stud.tu-ilmenau.de>
     - Do not run as user root anymore, the user vdr will be created
       and the video-directory and config-files will be changed, so the
-      owner/group is vdr:vdr (closes: #287899) (CAN-2005-0071)
+      owner/group is vdr:vdr (closes: #287899)
     - Added 07_not_as_root.dpatch - vdr exists when it should run as
-      user root (adapted from Darren Salt's patch for vdr 1.3.x)
+      user or with group-id root (adapted from Darren Salt's patch 
+      for vdr 1.3.x)
+    - Added 08_security_CAN-2005-0071.dpatch - do not overwrite 
+      existing files with the GRAB-Command anymore (CAN-2005-0071)
     - Set default port for SVDRP to 0, users who run vdr from the 
       commandline will have to enable it by using the --port option
       (in the init-script SVDRP will still be enabled and on the default 

Index: vdr.postrm
===================================================================
RCS file: /cvsroot/pkg-vdr-dvb/vdr/vdr/debian/vdr.postrm,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- vdr.postrm	16 Jan 2005 00:11:10 -0000	1.3
+++ vdr.postrm	16 Jan 2005 22:02:57 -0000	1.4
@@ -20,14 +20,14 @@
 
 case "$1" in
     purge)
-    	rm -f /var/cache/vdr/commands.conf > /dev/null || true
-    	rm -f /var/cache/vdr/reccmds.conf > /dev/null || true
-	rm -f /var/cache/vdr/epg.data > /dev/null || true
-	rm -f /var/cache/vdr/vdr.jpg > /dev/null || true
-	rm -f /var/lib/vdr/channels.conf > /dev/null || true
-	rm -f /var/lib/vdr/remote.conf > /dev/null || true
-	rm -f /var/lib/vdr/setup.conf > /dev/null || true
-	rm -f /var/lib/vdr/timers.conf > /dev/null || true
+    	rm -f /var/cache/vdr/commands.conf > /dev/null 2>&1 || true
+    	rm -f /var/cache/vdr/reccmds.conf > /dev/null 2>&1 || true
+	rm -f /var/cache/vdr/epg.data > /dev/null 2>&1 || true
+	rm -f /var/cache/vdr/vdr.jpg > /dev/null 2>&1 || true
+	rm -f /var/lib/vdr/channels.conf > /dev/null 2>&1 || true
+	rm -f /var/lib/vdr/remote.conf > /dev/null 2>&1 || true
+	rm -f /var/lib/vdr/setup.conf > /dev/null 2>&1 || true
+	rm -f /var/lib/vdr/timers.conf > /dev/null 2>&1 || true
     ;;
     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
     ;;

Index: config-loader.sh
===================================================================
RCS file: /cvsroot/pkg-vdr-dvb/vdr/vdr/debian/config-loader.sh,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- config-loader.sh	16 Jan 2005 19:44:20 -0000	1.7
+++ config-loader.sh	16 Jan 2005 22:02:57 -0000	1.8
@@ -36,7 +36,9 @@
 # root or with "-u root")
 USER=vdr
 
-# Groupname under which vdr will run
+# Groupname under which vdr will run (Note: the group root is not 
+# allowed to run vdr, vdr will abort when you try to start it with
+# group root or with "-g root")
 GROUP=vdr
 
 # Default port for SVDRP

Index: vdr.postinst
===================================================================
RCS file: /cvsroot/pkg-vdr-dvb/vdr/vdr/debian/vdr.postinst,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- vdr.postinst	15 Jan 2005 20:45:09 -0000	1.18
+++ vdr.postinst	16 Jan 2005 22:02:57 -0000	1.19
@@ -96,22 +96,36 @@
 	fi
 
 	# ensure that user and group 'vdr' exist
-	adduser --system --home /var/lib/video --shell /bin/false --no-create-home \
-		--disabled-login --group vdr > /dev/null || true
-
+	USER=vdr
+	GROUP=vdr
+	if ! getent group | grep -q "^$GROUP:" ; then
+		echo -n "Adding group $GROUP.."
+          	addgroup --quiet --system $GROUP
+          	echo "..done"
+        fi
+	if ! getent passwd | grep -q "^$USER:"; then
+		echo -n "Adding user $USER.."
+          	adduser --system --home /var/lib/vdr --shell /bin/false \
+			--gecos "VDR user" --no-create-home \
+                  	--disabled-login --disabled-password \
+                  	--ingroup $GROUP \
+                  	$USER
+          	echo "...done"
+	fi
+	
 	# put vdr in group video so that it can access the DVB device nodes
 	adduser vdr video > /dev/null || true
 
 	# ensure that vdr's config and recording files are correctly owned
-	[ ! -e /var/lib/video ] || chown -R vdr:vdr /var/lib/video/
-	[ ! -e /var/lib/vdr ] || chown vdr:vdr /var/lib/vdr
-	chown vdr:vdr /var/lib/vdr/* > /dev/null 2>&1 || true
-	[ ! -e /var/cache/vdr ] || chown vdr:vdr /var/cache/vdr
-	chown vdr:vdr /var/cache/vdr/* > /dev/null 2>&1|| true
+	[ ! -e /var/lib/video ] || chown -R $USER:$GROUP /var/lib/video/
+	[ ! -e /var/lib/vdr ] || chown $USER:$GROUP /var/lib/vdr
+	chown $USER:$GROUP /var/lib/vdr/* > /dev/null 2>&1 || true
+	[ ! -e /var/cache/vdr ] || chown $USER:$GROUP /var/cache/vdr
+	chown $USER:$GROUP /var/cache/vdr/* > /dev/null 2>&1|| true
 
 	# make /usr/lib/vdr/vdr-shutdown.wrapper setuid/setgid (owner root:vdr, mode 6750)
 	[ ! -e /usr/lib/vdr/vdr-shutdown.wrapper ] || \
-	chown root:vdr /usr/lib/vdr/vdr-shutdown.wrapper && \
+	chown root:$GROUP /usr/lib/vdr/vdr-shutdown.wrapper && \
 	chmod 6750 /usr/lib/vdr/vdr-shutdown.wrapper
     ;;
 



