Commit ef4cdc2e authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

main/zoneminder: upgrade to 1.30.0

parent eb8e0230
From caead923a7d539622ba7aa508918e6e5f1e07983 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Tue, 16 Feb 2016 22:30:45 +0200
Subject: [PATCH] security hardening: make static files non-writable by webuser
---
Makefile.am | 2 +-
src/Makefile.am | 2 +-
web/Makefile.am | 4 +---
3 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 62f767e..b7e69e6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -27,7 +27,7 @@ EXTRA_DIST = \
# Yes, you are correct. This is a HACK!
install-data-hook:
- ( cd $(DESTDIR)$(zmconfigdir); chown $(webuser):$(webgroup) $(zmconfig_DATA); chmod 600 $(zmconfig_DATA) )
+ ( cd $(DESTDIR)$(zmconfigdir); chgrp $(webgroup) $(zmconfig_DATA); chmod 640 $(zmconfig_DATA) )
( if ! test -e $(DESTDIR)$(ZM_RUNDIR); then mkdir -p $(DESTDIR)$(ZM_RUNDIR); fi; if test "$(DESTDIR)$(ZM_RUNDIR)" != "/var/run"; then chown $(webuser):$(webgroup) $(DESTDIR)$(ZM_RUNDIR); chmod u+w $(DESTDIR)$(ZM_RUNDIR); fi )
( if ! test -e $(DESTDIR)$(ZM_SOCKDIR); then mkdir -p $(DESTDIR)$(ZM_SOCKDIR); fi; if test "$(DESTDIR)$(ZM_SOCKDIR)" != "/var/run"; then chown $(webuser):$(webgroup) $(DESTDIR)$(ZM_SOCKDIR); chmod u+w $(DESTDIR)$(ZM_SOCKDIR); fi )
( if ! test -e $(DESTDIR)$(ZM_TMPDIR); then mkdir -m 700 -p $(DESTDIR)$(ZM_TMPDIR); fi; if test "$(DESTDIR)$(ZM_TMPDIR)" != "/tmp" && test "$(DESTDIR)$(ZM_TMPDIR)" != "/var/tmp"; then chown $(webuser):$(webgroup) $(DESTDIR)$(ZM_TMPDIR); chmod u+w $(DESTDIR)$(ZM_TMPDIR); fi )
diff --git a/src/Makefile.am b/src/Makefile.am
index 9314daa..26c9934 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -128,7 +128,7 @@ dist-hook:
# Yes, you are correct. This is a HACK!
install-exec-hook:
( cd $(DESTDIR)@bindir@; mkdir -p $(DESTDIR)$(cgidir); mv zms $(DESTDIR)$(cgidir) )
- ( cd $(DESTDIR)$(cgidir); chown $(webuser):$(webgroup) zms; ln -f zms nph-zms )
+ ( cd $(DESTDIR)$(cgidir); ln -f zms nph-zms )
uninstall-hook:
( cd $(DESTDIR)$(cgidir); rm -f zms nph-zms )
diff --git a/web/Makefile.am b/web/Makefile.am
index 077a4ff..3538c67 100644
--- a/web/Makefile.am
+++ b/web/Makefile.am
@@ -22,12 +22,10 @@ dist_web_DATA = \
# Yes, you are correct. This is a HACK!
install-data-hook:
- ( cd $(DESTDIR)$(webdir); chown $(webuser):$(webgroup) $(dist_web_DATA) )
- ( cd $(DESTDIR)$(webdir); chown -R $(webuser):$(webgroup) $(SUBDIRS) )
@-( cd $(DESTDIR)$(webdir); if ! test -e events; then mkdir events; fi; chown $(webuser):$(webgroup) events; chmod u+w events )
@-( cd $(DESTDIR)$(webdir); if ! test -e images; then mkdir images; fi; chown $(webuser):$(webgroup) images; chmod u+w images )
@-( cd $(DESTDIR)$(webdir); if ! test -e sounds; then mkdir sounds; fi; chown $(webuser):$(webgroup) sounds; chmod u+w sounds )
- @-( cd $(DESTDIR)$(webdir); if ! test -e tools; then mkdir tools; fi; chown $(webuser):$(webgroup) tools; chmod u+w tools )
+ @-( cd $(DESTDIR)$(webdir); if ! test -e tools; then mkdir tools; fi )
@-( cd $(DESTDIR)$(webdir); if ! test -e temp; then mkdir temp; fi; chown $(webuser):$(webgroup) temp; chmod u+w temp )
uninstall-hook:
--
2.5.0
From 5b047dc74b4105b39cacc675eabb8ed9f033cee3 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Sat, 20 Feb 2016 23:58:07 +0200
Subject: [PATCH] zm_event: fix overlap in memcpy buffers
---
src/zm_event.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/zm_event.cpp b/src/zm_event.cpp
index 1f1fb0f..a34ce50 100644
--- a/src/zm_event.cpp
+++ b/src/zm_event.cpp
@@ -1121,7 +1121,7 @@ void EventStream::processCommand( const CmdMsg *msg )
DataMsg status_msg;
status_msg.msg_type = MSG_DATA_EVENT;
- memcpy( &status_msg.msg_data, &status_data, sizeof(status_msg.msg_data) );
+ memcpy( &status_msg.msg_data, &status_data, sizeof(status_data) );
if ( sendto( sd, &status_msg, sizeof(status_msg), MSG_DONTWAIT, (sockaddr *)&rem_addr, sizeof(rem_addr) ) < 0 )
{
//if ( errno != EAGAIN )
--
2.5.0
From 6332f28c5364c3f7b8cd6797c335041a9293ec77 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Tue, 16 Feb 2016 11:47:49 +0200
Subject: [PATCH] zm_monitor: fix overlap in memcpy buffers
behavior undefined by POSIX and causes a crash with FORTIFY_SOURCE
---
src/zm_monitor.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp
index 20b8b78..e674879 100644
--- a/src/zm_monitor.cpp
+++ b/src/zm_monitor.cpp
@@ -3981,7 +3981,7 @@ void MonitorStream::processCommand( const CmdMsg *msg )
DataMsg status_msg;
status_msg.msg_type = MSG_DATA_WATCH;
- memcpy( &status_msg.msg_data, &status_data, sizeof(status_msg.msg_data) );
+ memcpy( &status_msg.msg_data, &status_data, sizeof(status_data) );
int nbytes = 0;
if ( (nbytes = sendto( sd, &status_msg, sizeof(status_msg), MSG_DONTWAIT, (sockaddr *)&rem_addr, sizeof(rem_addr) )) < 0 )
{
--
2.5.0
......@@ -2,8 +2,9 @@
# Contributor: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
# Maintainer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
pkgname=zoneminder
pkgver=1.29.0
pkgrel=11
pkgver=1.30.0
pkgrel=0
_crud=c3976f1478c681b0bbc132ec3a3e82c3984eeed5
pkgdesc="Video camera surveillance system"
url="http://www.zoneminder.com/"
arch="x86_64"
......@@ -15,58 +16,58 @@ depends="ffmpeg perl perl-archive-zip perl-date-manip perl-dbd-mysql
perl-mime-tools perl-php-serialization perl-sys-mmap
perl-time-hires $_php ${_php}-pdo_mysql ${_php}-sockets procps sudo
zip"
makedepends="autoconf automake bash bzip2-dev curl-dev ffmpeg-dev gnutls-dev
libgcrypt-dev libjpeg-turbo-dev mariadb-dev pcre-dev perl-dev
${_php}-cli polkit-dev vlc-dev x264-dev"
makedepends="bash bzip2-dev cmake curl-dev ffmpeg-dev gnutls-dev libgcrypt-dev
libjpeg-turbo-dev mariadb-dev pcre-dev perl-dev ${_php}-cli
polkit-dev vlc-dev x264-dev"
install=$pkgname.post-upgrade
subpackages=$pkgname-doc
source="zoneminder-$pkgver.tar.gz::https://github.com/ZoneMinder/ZoneMinder/archive/v${pkgver}.tar.gz
crud-$_crud.tar.gz::https://github.com/FriendsOfCake/crud/archive/$_crud.tar.gz
$pkgname.initd
musl-fix.patch
0001-security-hardening-make-static-files-non-writable-by.patch
0001-zm_event-fix-overlap-in-memcpy-buffers.patch
0001-zm_monitor-fix-overlap-in-memcpy-buffers.patch
gcc6.patch
zm-additional.sql"
musl-fix.patch"
_builddir=$srcdir/ZoneMinder-$pkgver
prepare() {
local i
cd "$_builddir"
i=web/api/app/Plugin/Crud
rmdir $i
ln -s $srcdir/crud-$_crud $i
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
utils/zmeditconfigdata.sh ZM_CHECK_FOR_UPDATES no
utils/zmeditconfigdata.sh ZM_LOG_LEVEL_FILE 0
utils/zmeditconfigdata.sh ZM_LOG_LEVEL_SYSLOG -5
utils/zmeditconfigdata.sh ZM_PATH_ZMS /cgi-bin/zm/nph-zms
}
build() {
cd "$_builddir"
./bootstrap.sh || return 1
utils/zmeditconfigdata.sh ZM_CHECK_FOR_UPDATES no
ZM_LOGDIR=/var/log/zoneminder \
ZM_RUNDIR=/var/run/zoneminder \
ZM_SOCKDIR=/var/run/zoneminder \
ZM_TMPDIR=/var/lib/zoneminder/temp \
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--enable-mmap=yes \
--enable-crashtrace=no \
--enable-debug=no \
--with-webdir=/usr/share/webapps/$pkgname/htdocs \
--with-cgidir=/usr/share/webapps/$pkgname/cgi-bin \
|| return 1
make || return 1
cmake \
-DCMAKE_INSTALL_PREFIX=/usr \
-DZM_CGIDIR=/usr/share/webapps/$pkgname/cgi-bin \
-DZM_LOGDIR=/var/log/zoneminder \
-DZM_RUNDIR=/var/run/zoneminder \
-DZM_SOCKDIR=/var/run/zoneminder \
-DZM_TMPDIR=/var/lib/zoneminder/temp \
-DZM_WEBDIR=/usr/share/webapps/$pkgname/htdocs \
. && make
}
package() {
cd "$_builddir"
local dir
make install DESTDIR=$pkgdir
make install DESTDIR="$pkgdir"
find "$pkgdir" -name perllocal.pod -delete
echo -n $pkgver > "$pkgdir/usr/share/$pkgname/version"
install -D -m 755 "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname"
chmod 640 "$pkgdir/etc/zm.conf"
# move storage to var/lib where it belongs.
for dir in events images sounds temp; do
......@@ -76,6 +77,7 @@ package() {
"$pkgdir"/usr/share/webapps/zoneminder/htdocs/$dir || return 1
done
install -g wheel -m 2750 -d "$pkgdir"/var/log/$pkgname
install -d "$pkgdir"/var/run/$pkgname
# create symlinks from webapps to default http location
mkdir -p "$pkgdir"/var/www/localhost/htdocs \
......@@ -84,33 +86,16 @@ package() {
"$pkgdir"/var/www/localhost/htdocs/zm
ln -sf /usr/share/webapps/zoneminder/cgi-bin \
"$pkgdir"/var/www/localhost/cgi-bin/zm
# update db config with new locations/settings
cat "$srcdir"/zm-additional.sql >> \
"$pkgdir"/usr/share/zoneminder/db/zm_create.sql
}
md5sums="b4de8dd3fd86fc72e929e116e926d901 zoneminder-1.29.0.tar.gz
ab1fe4fb2392b82acf18ca8412fb927f zoneminder.initd
8b56092baa50847b6b6146693aad0df4 musl-fix.patch
c7b793be7b48685197acfb5b79470f2c 0001-security-hardening-make-static-files-non-writable-by.patch
bab4a8253fe46154f506437f8d1f6b01 0001-zm_event-fix-overlap-in-memcpy-buffers.patch
1429766dc44764dc77c735f4320b5a44 0001-zm_monitor-fix-overlap-in-memcpy-buffers.patch
b575dd38e15b8e16261c3a06aafbfdf3 gcc6.patch
24359849eef7c5293f63136e704fdca4 zm-additional.sql"
sha256sums="34e1f0d4b616e320e557f8e3fbe278d3ab70f30f6278cc153b44f2193c85ddbd zoneminder-1.29.0.tar.gz
887174a6d1489bdcfbadf760758b14ef4e184dfcae728e15cb0e697e61e1c42f zoneminder.initd
0b6589e096bd2e2f3fa4518309cf6b549c792883aae7014bb978dbc34cce10e6 musl-fix.patch
7090caf93886b01032a8c4e5585f37e6a3e7ac59cdfdfddfd8150c03dacfd93f 0001-security-hardening-make-static-files-non-writable-by.patch
9daa0ed53e23723cb850b23a329eb207f1bcb34920c92c9edce1dc9ea2af4201 0001-zm_event-fix-overlap-in-memcpy-buffers.patch
a830478a806e36d41016d3c2663d892fafa65b580d3bccccc131fe114c842834 0001-zm_monitor-fix-overlap-in-memcpy-buffers.patch
fed5f7c3fb79c2fee7ba722f7434ab869781b968710499e9bb1fddb51233bf98 gcc6.patch
dea3a1b493bc7d7dbe9c431f565b9e916fb8a8bd29fcd74947b14592ef7f4494 zm-additional.sql"
sha512sums="71a397df83c92de3b977832bb0a11791a3a756e7219e0cf3dc6c5c30fa0dd488ea00a925433669bf4e79873df980a852f2c805d1b7c9c8a06b6c39b9a16a2fda zoneminder-1.29.0.tar.gz
fa993a86c21697467c8f63ce584531f8e2c3da977b65e6557161b4b91807b1c78b14fb64f6f54c50fddcb51b54bae6dff45776f5a69bfcc635a5c2927a292b57 zoneminder.initd
8b49745f787d8a98f093569d44786950658d2adb32bb5d0c6c245c1da6019dc4520d2e05a6610cbea79451d2fb2e3ee054ed221e94d6829bf6278d21a3c11fde musl-fix.patch
a7e58312c804f58ac41ee569fefffa99e65beba29f07eff36fb3cf2aa4fd68e1fc903feb73ab0c1fc6c58442251076042b537ab21156b956d7854a86bde14307 0001-security-hardening-make-static-files-non-writable-by.patch
ecd32fb6af11144efabec69522615f56462bead0960f820b466a3bb00edf28cb3a80ec705b32abb71217e3a280eb7c50cf956d0a167fdfd3692ca63da1980ab7 0001-zm_event-fix-overlap-in-memcpy-buffers.patch
8a35bfc782792ca559d6cf78e3e17f0caa45e19981cea12090b4f0ececa98bd9a121d2918e06e991ae5c06ab876ffddc94cd4f9db640f510314a3d09a6d90b4c 0001-zm_monitor-fix-overlap-in-memcpy-buffers.patch
135025923a17090ce2531f72598395aa729f658729d56cbb007b7685aba7255541a8a80b9fd155dd537fef27dfb38012ede2c8b8e27ea11f6ad9ea25f61ff607 gcc6.patch
0bb99af417441e2c12cb3b8c00ecb8d76bdc343d39092a222841ae0bd684eeba1783a8bccf5630dae56f64992f8a09ec16e0cbc7069665e1ee3b62dd3f96c3a9 zm-additional.sql"
md5sums="3c3db511d5dad71871a103c7716ab671 zoneminder-1.30.0.tar.gz
d15d10ef38c33bc0acd028fe88dbeb09 crud-c3976f1478c681b0bbc132ec3a3e82c3984eeed5.tar.gz
07c4344a37ecba4f2308e5e7dc198a02 zoneminder.initd
ad8a80fdf2223ad07e0512e2cebbcfc2 musl-fix.patch"
sha256sums="e7c964c339305f42a044ca8e34fa4e6a33c452fdaf33642458735daf8b864325 zoneminder-1.30.0.tar.gz
fec32f393eeb129f478cfe0893d4cc0f347ed39525fbac59efa96ca255186c9c crud-c3976f1478c681b0bbc132ec3a3e82c3984eeed5.tar.gz
be4425e40c5c3aa76feff71c224be93d8f6578fb8015307fe655536fc0a5a043 zoneminder.initd
2f9aa6df66ada05d7ef4948d3981c349e584509a563c68e0ebd63a686bedc82f musl-fix.patch"
sha512sums="cbff14447a568648a0475e878be5cd19cb694c65814fe33c20774752410e31f3f4ff9e5695667d4d50634b3193dc50aaca2d950efc151bbb968d3f9609d35db4 zoneminder-1.30.0.tar.gz
f665741a1fbcca5e48ab8eddaa4686b23426aed7b22d68fdfa6c951fb6ce7dbbcfce5f1807e30a18fbc8fd4e3a8028a5687db17a070d05301d93d49f67952e44 crud-c3976f1478c681b0bbc132ec3a3e82c3984eeed5.tar.gz
7b8157514840a861b46cc7d6a98a822d1f372e568c9bb176faa0b68bfe525bffead78fb8b9399e8973803c44c2a41150eb3e02af9ddb504a16627e0a13f1df7e zoneminder.initd
34a18a6db3ebc5bfba0b40894e85112ad50d0caedf4e69f23ec98dedcba03fe223d5f3dc1ad3c76269b9cb48d60464e1674e0571a52d840f95c3adeac42d601f musl-fix.patch"
--- ./src/zm_rtp_ctrl.h.orig
+++ ./src/zm_rtp_ctrl.h
@@ -123,7 +123,7 @@
} sdes;
// BYE
- struct Bye
+ struct
{
uint32_t srcN[]; // list of sources
// can't express trailing text for reason (what does this mean? it's not even english!)
--- ZoneMinder-1.29.0/src/zm_comms.h
+++ ZoneMinder-1.29.0.musl/src/zm_comms.h
--- ZoneMinder-1.30.0/src/zm_comms.h
+++ ZoneMinder-1.30.0.musl/src/zm_comms.h
@@ -26,6 +26,8 @@
#include <unistd.h>
#include <netdb.h>
......@@ -9,8 +9,8 @@
#include <sys/un.h>
#include <set>
--- ZoneMinder-1.29.0/src/zm_logger.cpp
+++ ZoneMinder-1.29.0.musl/src/zm_logger.cpp
--- ZoneMinder-1.30.0/src/zm_logger.cpp
+++ ZoneMinder-1.30.0.musl/src/zm_logger.cpp
@@ -33,8 +33,8 @@
#include <errno.h>
#ifdef __FreeBSD__
......@@ -22,21 +22,21 @@
bool Logger::smInitialised = false;
Logger *Logger::smInstance = 0;
@@ -504,7 +504,8 @@
va_list argPtr;
struct timeval timeVal;
va_list argPtr;
struct timeval timeVal;
- const char * const file = basename(filepath);
+ char *path = strdup(filepath);
+ const char *file = basename(path);
if ( level < PANIC || level > DEBUG9 )
Panic( "Invalid logger level %d", level );
- const char * const file = basename(filepath);
+ char *path = strdup(filepath);
+ const char *file = basename(path);
if ( level < PANIC || level > DEBUG9 )
Panic( "Invalid logger level %d", level );
@@ -617,6 +618,8 @@
//priority |= LOG_DAEMON;
syslog( priority, "%s [%s]", classString, syslogStart );
}
//priority |= LOG_DAEMON;
syslog( priority, "%s [%s]", classString, syslogStart );
}
+
+ free(path);
+ free(path);
if ( level <= FATAL )
{
if ( level <= FATAL )
{
# Update settings to reflect alpine linux default install
update Config set Value = '/cgi-bin/zm/nph-zms' where Name = 'ZM_PATH_ZMS';
update Config set Value = '-5' where Name = 'ZM_LOG_LEVEL_SYSLOG';
update Config set Value = '0' where Name = 'ZM_LOG_LEVEL_FILE';
......@@ -59,7 +59,9 @@ perms() {
ebegin "Setting correct permssion, this could take a while"
RECURSIVE="-R"
fi
chown $RECURSIVE $ZM_WEB_USER:$ZM_WEB_GROUP /var/lib/zoneminder/*
chgrp $ZM_WEB_GROUP /etc/zm.conf
chown $RECURSIVE $ZM_WEB_USER:$ZM_WEB_GROUP \
/var/lib/zoneminder/* /var/run/zoneminder
chown $RECURSIVE $ZM_WEB_USER:wheel /var/log/zoneminder
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment