Commit graph

8 commits

Author SHA1 Message Date
Doug Torrance bfc1c00d8e wmtv: Start without user config file.
Patch by Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>.  From [1]:

   From: Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>
   Subject: wmtv: does not start without user's ~/.wmtvrc
   Date: Sun, 18 Nov 2001 00:17:26 +0100

   Hi !

   The current version of wmtv does not start if the user does not have a
   ~/.wmtvrc configuration file, while one could expect it to work with the
   system wide configuration file /etc/wmtvrc.

   This patch allows wmtv to start with the system wide configuration file
   alone.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=120024
2016-02-01 15:26:00 +05:30
Doug Torrance 74bc5a7660 wmtv: Fix security hole.
Patch by Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>.  From [1]:

   From: Nicolas Boullis <Boullis.Nicolas@libertysurf.fr>
   To: Debian Bug Tracking System <submit@bugs.debian.org>
   Subject: wmtv: dangerous suid root
   Date: Thu, 08 Nov 2001 20:07:52 +0100

   Hi !
   I think there is a huge security hole with wmtv and, when wmtv is installed,
   anyone can easily get a root account. Here is what I have in my terminal:
   (everytime I launch wmtv, I double-clicked in the tv subwindow to call the
   external program)

   ----------------------------------------------------------------------
   Tintin:~> wmtv -e whoami
   root
   Tintin:~> cat > crack_root.sh
   #!/bin/sh
   cp /bin/sh /tmp
   chmod u+s /tmp/sh
   Tintin:~> chmod +x crack_root.sh
   Tintin:~> wmtv -e ~/crack_root.sh
   Tintin:~> ll /tmp/sh
   -rwsr-xr-x    1 root     users      407356 Nov  8 19:25 /tmp/sh*
   ----------------------------------------------------------------------

   I tried to make wmtv non-suid root, and... sometimes it works (despite an
   error message), sometimes it does not...

   ----------------------------------------------------------------------
   Tintin:~> ll /usr/bin/X11/wmtv
   -rwxr-xr-x    1 root     root        62588 Jul 31 01:55 /usr/bin/X11/wmtv*
   Tintin:~> wmtv
   ioctl VIDIOCSFBUF: Operation not permitted

   Tintin:~> wmtv
   ioctl VIDIOCSFBUF: Operation not permitted
   wmtv: no physical frame buffer access
   ----------------------------------------------------------------------

   Hence, I guess you should either correct wmtv so that it always work without
   being suid root, or make wmtv lose its privileges before it runs an external
   program.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=118778
2016-02-01 15:26:00 +05:30
Doug Torrance 199e0065fe wmtv: Fix calculation of bytes per line.
Patch by Yann Vernier <yann@donkey.dyndns.org>.  From [1]:

   From: Malcolm Parsons <malcolm@ivywell.screaming.net>
   Subject: wmtv: incorrectly calculates bytes per line
   Date: Mon, 09 Apr 2001 21:15:52 +0100

   wmtv does not put the tv display in its window on my second head.
   According to bttv, wmtv is telling bttv that the display is:

   Display at ea800000 is 800 by 600, bytedepth 2, bpl 1600

   If I use xawtv, it correctly sets the bpl value:

   Display at ea800000 is 800 by 600, bytedepth 2, bpl 1664

   wmtv is probably incorrectly assuming width * bytedepth = bpl.

   From: Yann Vernier <yann@donkey.dyndns.org>
   Subject: wmtv: incorrectly calculates bytes per line
   Date: Sun, 15 Jul 2001 14:21:56 +0200

   Found the problem, at least this fixes it for me at 1600x1200.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=93439
2016-02-01 15:26:00 +05:30
Doug Torrance 61e2c5f228 wmtv: Config file handling.
Patch by Yann Vernier <yann@algonet.se>.  From [1]:

   wmtv failed to read my .wmtvrc (hand written) correctly, I tracked it
   down to incorrect memory management (sizeof() instead of strlen()).
   The code was so bad that I chose to rewrite it to a simpler version,
   patch below.

   Other bugs fixed include some of the memory leaks (which are quite
   numerous) and truncating the .wmtvrc when writing to it.

   Cosmetic changes include keeping comments in .wmtvrc, C++-style
   comments changed to C style, and numbering channels from 1.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=105325
2016-02-01 15:26:00 +05:30
Rodolfo García Peñas (kix) 3d161ac5a2 wmtv uses libdockapp
wmtv uses now the new library libdockapp that includes the old
wmgeneral library.

Signed-off-by: Rodolfo García Peñas (kix) <kix@kix.es>
2015-08-16 09:41:07 +01:00
Doug Torrance 612921ae43 Remove trailing whitespace. 2014-10-05 19:18:49 +01:00
Alexey I. Froloff 792a5d290a Mass update FSF address
Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
2012-06-05 20:50:13 +01:00
Carlos R. Mafra 21625f40b5 Initial dockapps git repo
I tried to get the latest versions from dockapps.org, but I haven't
tested any of them.

More dockapps will be added as time permits.
2011-03-25 19:45:13 +01:00