r1688 - in vdr/vdr/trunk/debian: . patches
Thomas Schmidt
tschmidt at costa.debian.org
Sun Jan 8 19:55:27 UTC 2006
Author: tschmidt
Date: 2006-01-08 19:55:26 +0000 (Sun, 08 Jan 2006)
New Revision: 1688
Removed:
vdr/vdr/trunk/debian/patches/05_set_system_time_as_user.dpatch
vdr/vdr/trunk/debian/patches/07_not_as_root.dpatch
vdr/vdr/trunk/debian/patches/08_security_CAN-2005-0071.dpatch
Modified:
vdr/vdr/trunk/debian/changelog
vdr/vdr/trunk/debian/config-loader.sh
vdr/vdr/trunk/debian/patches/00list
vdr/vdr/trunk/debian/patches/06_default_svdrp_port_0.dpatch
vdr/vdr/trunk/debian/vdr.init
vdr/vdr/trunk/debian/vdr.install
Log:
vdr: New upstream release 1.3.38 (untested)
Modified: vdr/vdr/trunk/debian/changelog
===================================================================
--- vdr/vdr/trunk/debian/changelog 2006-01-08 17:30:45 UTC (rev 1687)
+++ vdr/vdr/trunk/debian/changelog 2006-01-08 19:55:26 UTC (rev 1688)
@@ -1,3 +1,19 @@
+vdr (1.3.38-1) unstable; urgency=low
+
+ * NOT RELEASED YET
+
+ * Thomas Schmidt <tschmidt at debian.org>
+ - New upstream release
+ + Removed 05_set_system_time_as_user.dpatch
+ + Updated 06_default_svdrp_port_0.dpatch
+ + Removed 07_not_as_root.dpatch
+ + Removed 08_security_CAN-2005-0071.dpatch
+ - Do not try to install ca.conf, because it is not needed anmore
+ - Removed option to set group under which vdr should run from the
+ init-script
+
+ -- Debian VDR Team <pkg-vdr-dvb-devel at lists.alioth.debian.org> Sun, 8 Jan 2006 20:13:57 +0100
+
vdr (1.3.37-1) unstable; urgency=low
* Thomas Schmidt <tschmidt at debian.org>
Modified: vdr/vdr/trunk/debian/config-loader.sh
===================================================================
--- vdr/vdr/trunk/debian/config-loader.sh 2006-01-08 17:30:45 UTC (rev 1687)
+++ vdr/vdr/trunk/debian/config-loader.sh 2006-01-08 19:55:26 UTC (rev 1688)
@@ -36,11 +36,6 @@
# root or with "-u root")
USER=vdr
-# Groupname under which vdr will run (Note: the group root is not
-# allowed to run vdr, vdr will abort when you try to start it with
-# group root or with "-g root")
-GROUP=vdr
-
# Default port for SVDRP
SVDRP_PORT=2001
Modified: vdr/vdr/trunk/debian/patches/00list
===================================================================
--- vdr/vdr/trunk/debian/patches/00list 2006-01-08 17:30:45 UTC (rev 1687)
+++ vdr/vdr/trunk/debian/patches/00list 2006-01-08 19:55:26 UTC (rev 1688)
@@ -1,10 +1,7 @@
02_Makefile-CFGDIR
03_cmdsubmenu
04_newplugin
-05_set_system_time_as_user
06_default_svdrp_port_0
-07_not_as_root
-08_security_CAN-2005-0071
09_sort_options
10_dd-record-option
11_sortrecordings
Deleted: vdr/vdr/trunk/debian/patches/05_set_system_time_as_user.dpatch
===================================================================
--- vdr/vdr/trunk/debian/patches/05_set_system_time_as_user.dpatch 2006-01-08 17:30:45 UTC (rev 1687)
+++ vdr/vdr/trunk/debian/patches/05_set_system_time_as_user.dpatch 2006-01-08 19:55:26 UTC (rev 1688)
@@ -1,198 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-
-## 05_set_system_time_as_user.dpatch by Ludwig Nussel <ludwig.nussel at gmx.de>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Allow vdr to be run as a normal user, but keep the capability
-## DP: to set the system-time by vdr.
-
- at DPATCH@
-diff -urNad vdr-1.3.25/Makefile /tmp/dpep.6f25Et/vdr-1.3.25/Makefile
---- vdr-1.3.25/Makefile 2005-05-31 14:09:22.490646536 +0200
-+++ /tmp/dpep.6f25Et/vdr-1.3.25/Makefile 2005-05-31 14:11:43.003285368 +0200
-@@ -18,7 +18,7 @@
- LSIDIR = ./libsi
- MANDIR = /usr/local/man
- BINDIR = /usr/local/bin
--LIBS = -ljpeg -lpthread -ldl
-+LIBS = -ljpeg -lpthread -ldl -lcap
- INCLUDES =
-
- PLUGINDIR= ./PLUGINS
-diff -urNad vdr-1.3.25/vdr.c /tmp/dpep.6f25Et/vdr-1.3.25/vdr.c
---- vdr-1.3.25/vdr.c 2005-05-31 14:09:22.479648208 +0200
-+++ /tmp/dpep.6f25Et/vdr-1.3.25/vdr.c 2005-05-31 14:09:22.795600176 +0200
-@@ -31,6 +31,10 @@
- #include <stdlib.h>
- #include <termios.h>
- #include <unistd.h>
-+#include <pwd.h>
-+#include <grp.h>
-+#include <sys/capability.h>
-+#include <sys/prctl.h>
- #include "audio.h"
- #include "channels.h"
- #include "config.h"
-@@ -85,6 +89,96 @@
- exit(1);
- }
-
-+// switch user and group uid
-+// taken from startproc by Werner Fink
-+static int su(const char* username, const char* groupname)
-+{
-+ gid_t ngid = 0;
-+ struct group* grp = NULL;
-+ struct passwd *user = NULL;
-+
-+ if(!username) return 0;
-+
-+ user = getpwnam(username);
-+ endpwent();
-+ if(!user)
-+ {
-+ fprintf(stderr,"invalid user %s: %s\n",username,strerror(errno));
-+ return 1;
-+ }
-+ if(groupname)
-+ {
-+ grp = getgrnam(groupname);
-+ endgrent();
-+ if(!grp)
-+ {
-+ fprintf(stderr,"invalid group %s: %s\n",groupname,strerror(errno));
-+ return 1;
-+ }
-+ }
-+
-+ ngid = user->pw_gid;
-+ if (grp)
-+ ngid = grp->gr_gid;
-+
-+ if (setgid(ngid) < 0)
-+ {
-+ fprintf(stderr,"cannot set group id %u: %s\n", (unsigned int)ngid, strerror(errno));
-+ return 1;
-+ }
-+ if (!getuid())
-+ {
-+ if (initgroups(user->pw_name, ngid) < 0)
-+ {
-+ fprintf(stderr,"cannot set supplemental group ids for user %s: %s\n",
-+ user->pw_name, strerror(errno));
-+ return 1;
-+ }
-+ }
-+ if (setuid(user->pw_uid) < 0)
-+ {
-+ fprintf(stderr,"cannot set user id %u: %s\n",
-+ (unsigned int)user->pw_uid, strerror(errno));
-+ return 1;
-+ }
-+ return 0;
-+}
-+
-+// drop all capabilities except cap_sys_time
-+static int set_cap_sys_time(void)
-+{
-+ cap_t caps;
-+
-+ caps = cap_from_text("= cap_sys_time=ep");
-+ if(!caps)
-+ {
-+ perror("cap_from_text");
-+ return -1;
-+ }
-+
-+ if( cap_set_proc(caps) == -1 )
-+ {
-+ perror("cap_set_proc");
-+ cap_free(caps);
-+ return -1;
-+ }
-+
-+ cap_free(caps);
-+
-+ return 0;
-+}
-+
-+// keep capabilities during setuid()
-+static inline int set_keepcaps(void)
-+{
-+ return prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-+}
-+
-+static inline int set_nokeepcaps(void)
-+{
-+ return prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0);
-+}
-+
- int main(int argc, char *argv[])
- {
- // Save terminal settings:
-@@ -116,6 +210,8 @@
- const char *Terminal = NULL;
- const char *Shutdown = NULL;
- cPluginManager PluginManager(DEFAULTPLUGINDIR);
-+ const char* username = NULL;
-+ const char* groupname = NULL;
- int ExitCode = 0;
-
- static struct option long_options[] = {
-@@ -136,11 +232,13 @@
- { "version", no_argument, NULL, 'V' },
- { "video", required_argument, NULL, 'v' },
- { "watchdog", required_argument, NULL, 'w' },
-+ { "user", required_argument, NULL, 'u' },
-+ { "group", required_argument, NULL, 'g' },
- { NULL }
- };
-
- int c;
-- while ((c = getopt_long(argc, argv, "a:c:dD:E:hl:L:mp:P:r:s:t:v:Vw:", long_options, NULL)) != -1) {
-+ while ((c = getopt_long(argc, argv, "a:c:dD:E:hl:L:mp:P:r:s:t:v:Vw:u:g:", long_options, NULL)) != -1) {
- switch (c) {
- case 'a': AudioCommand = optarg;
- break;
-@@ -230,6 +328,10 @@
- fprintf(stderr, "vdr: invalid watchdog timeout: %s\n", optarg);
- return 2;
- break;
-+ case 'u': username = optarg;
-+ break;
-+ case 'g': groupname = optarg;
-+ break;
- default: return 2;
- }
- }
-@@ -272,6 +374,8 @@
- " -V, --version print version information and exit\n"
- " -w SEC, --watchdog=SEC activate the watchdog timer with a timeout of SEC\n"
- " seconds (default: %d); '0' disables the watchdog\n"
-+ " -u USER, --user=USER run as user USER instead of root\n"
-+ " -g GROUP, --group=GROUP use group GROUP instead of primary group of user\n"
- "\n",
- DEFAULTEPGDATAFILENAME,
- DEFAULTPLUGINDIR,
-@@ -321,6 +425,21 @@
- return 2;
- }
-
-+ // Only try to change capabilities/user when vdr is called by
-+ // root
-+ if (!getuid () || !getgid () || !geteuid () || !getegid ()) {
-+ if(username && set_keepcaps() != 0)
-+ return 2;
-+
-+ if (su(username, groupname) != 0)
-+ return 2;
-+
-+ if(username && set_nokeepcaps() != 0)
-+ return 2;
-+
-+ set_cap_sys_time();
-+ }
-+
- // Log file:
-
- if (SysLogLevel > 0)
Modified: vdr/vdr/trunk/debian/patches/06_default_svdrp_port_0.dpatch
===================================================================
--- vdr/vdr/trunk/debian/patches/06_default_svdrp_port_0.dpatch 2006-01-08 17:30:45 UTC (rev 1687)
+++ vdr/vdr/trunk/debian/patches/06_default_svdrp_port_0.dpatch 2006-01-08 19:55:26 UTC (rev 1688)
@@ -8,13 +8,13 @@
## DP: another port with the --port option when starting vdr
@DPATCH@
-diff -urNad vdr-1.3.23/vdr.c /tmp/dpep.VfmeKc/vdr-1.3.23/vdr.c
---- vdr-1.3.23/vdr.c 2005-04-09 21:28:57.170560288 +0200
-+++ /tmp/dpep.VfmeKc/vdr-1.3.23/vdr.c 2005-04-09 21:28:57.354532320 +0200
-@@ -211,7 +211,7 @@
-
+diff -urNad vdr-1.3.38/vdr.c /tmp/dpep.gHaEyx/vdr-1.3.38/vdr.c
+--- vdr-1.3.38/vdr.c 2006-01-08 20:17:04.526755250 +0100
++++ /tmp/dpep.gHaEyx/vdr-1.3.38/vdr.c 2006-01-08 20:17:22.595884500 +0100
+@@ -158,7 +158,7 @@
// Command line options:
+ #define DEFAULTVDRUSER "vdr"
-#define DEFAULTSVDRPPORT 2001
+#define DEFAULTSVDRPPORT 0
#define DEFAULTWATCHDOG 0 // seconds
Deleted: vdr/vdr/trunk/debian/patches/07_not_as_root.dpatch
===================================================================
--- vdr/vdr/trunk/debian/patches/07_not_as_root.dpatch 2006-01-08 17:30:45 UTC (rev 1687)
+++ vdr/vdr/trunk/debian/patches/07_not_as_root.dpatch 2006-01-08 19:55:26 UTC (rev 1688)
@@ -1,103 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-
-## 07_not_as_root.dpatch by Thomas Schmidt <tschmidt at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Refuse to run vdr as user root, except when using the
-## DP: --allow-root option
-
- at DPATCH@
-diff -urNad vdr-1.3.23/vdr.c /tmp/dpep.ML49nd/vdr-1.3.23/vdr.c
---- vdr-1.3.23/vdr.c 2005-04-10 18:44:25.000000000 +0200
-+++ /tmp/dpep.ML49nd/vdr-1.3.23/vdr.c 2005-04-10 18:45:27.000000000 +0200
-@@ -35,6 +35,7 @@
- #include <grp.h>
- #include <sys/capability.h>
- #include <sys/prctl.h>
-+#include <sys/types.h>
- #include "audio.h"
- #include "channels.h"
- #include "config.h"
-@@ -231,9 +232,11 @@
- cPluginManager PluginManager(DEFAULTPLUGINDIR);
- const char* username = NULL;
- const char* groupname = NULL;
-+ bool IsAllowRootAnyway = false;
- int ExitCode = 0;
-
- static struct option long_options[] = {
-+ { "allow-root",no_argument, NULL, '!' },
- { "audio", required_argument, NULL, 'a' },
- { "config", required_argument, NULL, 'c' },
- { "daemon", no_argument, NULL, 'd' },
-@@ -351,16 +354,36 @@
- break;
- case 'g': groupname = optarg;
- break;
-+ case '!': IsAllowRootAnyway = true;
-+ break;
- default: return 2;
- }
- }
-
-+ // Check if the program should run as root
-+ bool IsRoot=0;
-+
-+ if (username == NULL && groupname == NULL)
-+ IsRoot = !getuid () || !getgid () || !geteuid () || !getegid ();
-+ else {
-+ if (username != NULL) {
-+ if (strcmp(username,"root") == 0)
-+ IsRoot = 1;
-+ }
-+ if (groupname != NULL) {
-+ if (strcmp(groupname,"root") == 0)
-+ IsRoot = 1;
-+ }
-+ }
-+
- // Help and version info:
-
- if (DisplayHelp || DisplayVersion) {
-- if (!PluginManager.HasPlugins())
-- PluginManager.AddPlugin("*"); // adds all available plugins
-- PluginManager.LoadPlugins();
-+ if (!IsRoot || IsAllowRootAnyway) {
-+ if (!PluginManager.HasPlugins())
-+ PluginManager.AddPlugin("*"); // adds all available plugins
-+ PluginManager.LoadPlugins();
-+ }
- if (DisplayHelp) {
- printf("Usage: vdr [OPTIONS]\n\n" // for easier orientation, this is column 80|
- " -a CMD, --audio=CMD send Dolby Digital audio to stdin of command CMD\n"
-@@ -405,7 +428,7 @@
- }
- if (DisplayVersion)
- printf("vdr (%s) - The Video Disk Recorder\n", VDRVERSION);
-- if (PluginManager.HasPlugins()) {
-+ if ((!IsRoot || IsAllowRootAnyway) && PluginManager.HasPlugins()) {
- if (DisplayHelp)
- printf("Plugins: vdr -P\"name [OPTIONS]\"\n\n");
- for (int i = 0; ; i++) {
-@@ -425,9 +448,20 @@
- return 0;
- }
-
-+ if (IsRoot) {
-+ if (IsAllowRootAnyway) {
-+ char* rootWarning="Warning! VDR started with root privileges";
-+ isyslog(rootWarning);
-+ fprintf(stderr, "%s\n", rootWarning);
-+ } else {
-+ fprintf (stderr, "%s: sorry, I refuse to run with root privileges\n", argv[0]);
-+ return 0;
-+ }
-+ }
-+
- // Only try to change capabilities/user when vdr is called by
- // root
-- if (!getuid () || !getgid () || !geteuid () || !getegid ()) {
-+ if (!IsAllowRootAnyway && (!getuid () || !getgid () || !geteuid () || !getegid ())) {
- if(username && set_keepcaps() != 0)
- return 2;
-
Deleted: vdr/vdr/trunk/debian/patches/08_security_CAN-2005-0071.dpatch
===================================================================
--- vdr/vdr/trunk/debian/patches/08_security_CAN-2005-0071.dpatch 2006-01-08 17:30:45 UTC (rev 1687)
+++ vdr/vdr/trunk/debian/patches/08_security_CAN-2005-0071.dpatch 2006-01-08 19:55:26 UTC (rev 1688)
@@ -1,35 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-
-## 08_security_CAN-2005-0071.dpatch by Thomas Schmidt <tschmidt at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Fixes CAN-2005-0071 (It is not possible to overwrite files with
-## DP: the GRAB-Command anymore)
-
- at DPATCH@
-diff -urNad vdr-1.2.6/dvbdevice.c /tmp/dpep.80S4AN/vdr-1.2.6/dvbdevice.c
---- vdr-1.2.6/dvbdevice.c 2004-04-22 12:48:31.000000000 +0200
-+++ /tmp/dpep.80S4AN/vdr-1.2.6/dvbdevice.c 2005-01-16 21:51:24.000000000 +0100
-@@ -505,8 +505,10 @@
- Quality = 255; //XXX is this 'best'???
-
- isyslog("grabbing to %s (%s %d %d %d)", FileName, Jpeg ? "JPEG" : "PNM", Quality, vm.width, vm.height);
-- FILE *f = fopen(FileName, "wb");
-- if (f) {
-+ int fd = open(FileName, O_CREAT | O_EXCL | O_TRUNC | O_RDWR, 00640);
-+ if (fd > -1) {
-+ FILE *f = fdopen(fd, "wb");
-+ if (f) {
- if (Jpeg) {
- // write JPEG file:
- struct jpeg_compress_struct cinfo;
-@@ -540,7 +542,8 @@
- }
- }
- fclose(f);
-- }
-+ }
-+ }
- else {
- LOG_ERROR_STR(FileName);
- result |= 1;
Modified: vdr/vdr/trunk/debian/vdr.init
===================================================================
--- vdr/vdr/trunk/debian/vdr.init 2006-01-08 17:30:45 UTC (rev 1687)
+++ vdr/vdr/trunk/debian/vdr.init 2006-01-08 19:55:26 UTC (rev 1688)
@@ -29,7 +29,7 @@
mergecommands "reccmds"
start-stop-daemon --start --quiet --background \
--exec /usr/sbin/runvdr -- -v $VIDEO_DIR -c $CFG_DIR -r $REC_CMD \
- -s $VDRSHUTDOWN -E $EPG_FILE -u $USER -g $GROUP --port $SVDRP_PORT \
+ -s $VDRSHUTDOWN -E $EPG_FILE -u $USER --port $SVDRP_PORT \
$OPTIONS $PLUGINS
else
echo -n " - seems to be running already"
Modified: vdr/vdr/trunk/debian/vdr.install
===================================================================
--- vdr/vdr/trunk/debian/vdr.install 2006-01-08 17:30:45 UTC (rev 1687)
+++ vdr/vdr/trunk/debian/vdr.install 2006-01-08 19:55:26 UTC (rev 1688)
@@ -21,7 +21,6 @@
debian/plugin-loader.sh usr/lib/vdr
debian/commands-loader.sh usr/lib/vdr
-ca.conf etc/vdr/
diseqc.conf etc/vdr/
keymacros.conf etc/vdr/
sources.conf etc/vdr/
More information about the pkg-vdr-dvb-changes
mailing list