ports/149305: Small security fix and transcoding profile fix to net/mediatomb port
Douglas Carmichael
dcarmich at dcarmichael.net
Thu Aug 5 02:00:19 UTC 2010
>Number: 149305
>Category: ports
>Synopsis: Small security fix and transcoding profile fix to net/mediatomb port
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Aug 05 02:00:18 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Douglas Carmichael
>Release: 8.1-RELEASE
>Organization:
>Environment:
FreeBSD dc-freebsd81.carmichael.lan 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Sat Jul 24 07:36:37 CDT 2010 root at dc-freebsd81.carmichael.lan:/usr/src/sys/amd64/compile/VMWARE81-64 amd64
>Description:
Firstly, I have made a small security fix to the net/mediatomb-0.12.1 installation.
The installation process installed the mediatomb binary as executable by all users, thus creating the risk of multiple daemons running on the same machine.
The changes I've made to the Makefile install the binary as only executable by root, and members of the mediatomb group.
Secondly, since the included vlc transcoding profile gave error messages on vlc 1.1.x (and vlc/ogg123 aren't basic libraries needed for MediaTomb to function), I developed several ffmpeg-based profiles that use ffmpeg for both audio and video transcoding.
(There is also a profile for transcoding music MODule files with audio/xmp, the Extended Module Player, but that profile isn't enabled because xmp is not required for MediaTomb to function.)
Would it be best for the Makefile to determine the path to the ffmpeg binary, and put that in the installed config.xml?
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN mediatomb.orig/Makefile mediatomb/Makefile
--- mediatomb.orig/Makefile 2010-08-04 20:02:43.000000000 -0500
+++ mediatomb/Makefile 2010-08-04 19:48:57.000000000 -0500
@@ -185,6 +185,9 @@
@if [ ! -f ${PREFIX}/etc/mediatomb/config.xml ]; then \
${CP} -p ${PREFIX}/etc/mediatomb/config.xml.dist ${PREFIX}/etc/mediatomb/config.xml ; \
fi
+ @${CHGRP} ${MEDIATOMB_GROUP} ${PREFIX}/bin/mediatomb
+ @${CHMOD} a-x ${PREFIX}/bin/mediatomb
+ @${CHMOD} g+x ${PREFIX}/bin/mediatomb
@${MKDIR} -m ${MEDIATOMB_MASK} -p ${MEDIATOMB_DIR}
@${CHOWN} ${MEDIATOMB_USER}:${MEDIATOMB_GROUP} ${MEDIATOMB_DIR}
diff -ruN mediatomb.orig/files/config.xml.dist.in mediatomb/files/config.xml.dist.in
--- mediatomb.orig/files/config.xml.dist.in 2010-08-04 20:02:43.000000000 -0500
+++ mediatomb/files/config.xml.dist.in 2010-08-04 19:44:49.000000000 -0500
@@ -91,27 +91,46 @@
</import>
<transcoding enabled="no">
<mimetype-profile-mappings>
- <transcode mimetype="video/x-flv" using="vlcmpeg"/>
- <transcode mimetype="application/ogg" using="vlcmpeg"/>
- <transcode mimetype="application/ogg" using="oggflac2raw"/>
- <transcode mimetype="audio/x-flac" using="oggflac2raw"/>
+ <transcode mimetype="video/x-flv" using="video-common"/>
+ <transcode mimetype="application/ogg" using="video-common"/>
+ <transcode mimetype="application/ogg" using="audio-ffmpeg-wav"/>
+ <transcode mimetype="audio/x-flac" using="audio-ffmpeg-wav"/>
</mimetype-profile-mappings>
- <profiles>
- <profile name="oggflac2raw" enabled="no" type="external">
- <mimetype>audio/L16</mimetype>
+ <profiles>
+ <profile name="audio-mod-xmp" enabled="no" type="external">
+ <mimetype>audio/x-wav</mimetype>
<accept-url>no</accept-url>
+ <first-resource>no</first-resource>
+ <hide-original-resource>yes</hide-original-resource>
+ <agent command="/usr/local/bin/xmp" arguments="-d wav -o %out %in"/>
+ <buffer size="1048576" chunk-size="131072" fill-size="262144"/>
+ </profile>
+ <profile name="audio-ffmpeg-wav" enabled="yes" type="external">
+ <mimetype>audio/x-wav</mimetype>
+ <accept-url>no</accept-url>
+ <first-resource>no</first-resource>
+ <hide-original-resource>yes</hide-original-resource>
+ <agent command="/usr/local/bin/ffmpeg" arguments="-i %in -f wav -y %out"/>
+ <buffer size="1048576" chunk-size="131072" fill-size="262144"/>
+ </profile>
+ <profile name="audio-ffmpeg-raw" enabled="no" type="external">
+ <mimetype>audio/L16</mimetype>
<first-resource>yes</first-resource>
- <accept-ogg-theora>no</accept-ogg-theora>
- <agent command="ogg123" arguments="-d raw -f %out %in"/>
+ <accept-url>no</accept-url>
+ <sample-frequency>44100</sample-frequency>
+ <audio-channels>2</audio-channels>
+ <hide-original-resource>yes</hide-original-resource>
+ <agent command="/usr/local/bin/ffmpeg" arguments="-i %in -ac 2 -ar 44100 -y -f s16be %out"/>
<buffer size="1048576" chunk-size="131072" fill-size="262144"/>
</profile>
- <profile name="vlcmpeg" enabled="no" type="external">
+ <profile name="video-common" enabled="yes" type="external">
<mimetype>video/mpeg</mimetype>
- <accept-url>yes</accept-url>
+ <accept-url>no</accept-url>
<first-resource>yes</first-resource>
+ <hide-original-resource>yes</hide-original-resource>
<accept-ogg-theora>yes</accept-ogg-theora>
- <agent command="vlc" arguments="-I dummy %in --sout #transcode{venc=ffmpeg,vcodec=mp2v,vb=4096,fps=25,aenc=ffmpeg,acodec=mpga,ab=192,samplerate=44100,channels=2}:standard{access=file,mux=ps,dst=%out} vlc:quit"/>
- <buffer size="14400000" chunk-size="512000" fill-size="120000"/>
+ <agent command="/usr/local/bin/ffmpeg" arguments="-i %in -f mpegts -sameq -vb 4096k -r 25 -ac 2 -ar 48000 -ab 192k -async 2 -threads 2 -y %out"/>
+ <buffer size="10485760" chunk-size="262144" fill-size="524288"/>
</profile>
</profiles>
</transcoding>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list