Package: minidlna
Version: 1.3.0+dfsg-2.2
Severity: wishlist
Tags: patch security
Hi,
Bug #786929 is about minidlna being unable to bind to network interfaces
and has been unfixed for a long time. Unfortunately, no satisfactory
solution has evolved since. Let me give a try.
Instead of messing with internals of minissdp, I propose outsourcing the
problem to systemd. It provides this feature called "socket activation".
Rather than having minidlna create and bind sockets, have systemd do
this. This is easily done using libsystemd and once we defer this task
to systemd, we can use all the means of customization that systemd
provides (including binding an interface). Doing so also allows binding
a privileged port if desired. I've implemented it in a way that the
feature remains optional. What do you think?
So yeah, this doesn't fix #786929, but it provides a really easy
workaround for any system running systemd without having to set up a
firewall.
Helmut
diff --minimal -Nru minidlna-1.3.0+dfsg/debian/changelog
minidlna-1.3.0+dfsg/debian/changelog
--- minidlna-1.3.0+dfsg/debian/changelog 2022-03-30 22:03:02.000000000
+0200
+++ minidlna-1.3.0+dfsg/debian/changelog 2023-03-29 09:01:04.000000000
+0200
@@ -1,3 +1,10 @@
+minidlna (1.3.0+dfsg-2.3) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Support systemd socket activation.
+
+ -- Helmut Grohne <hel...@subdivi.de> Wed, 29 Mar 2023 09:01:04 +0200
+
minidlna (1.3.0+dfsg-2.2) unstable; urgency=medium
* Non-maintainer upload.
diff --minimal -Nru minidlna-1.3.0+dfsg/debian/control
minidlna-1.3.0+dfsg/debian/control
--- minidlna-1.3.0+dfsg/debian/control 2021-01-07 18:20:27.000000000 +0100
+++ minidlna-1.3.0+dfsg/debian/control 2023-03-29 09:01:04.000000000 +0200
@@ -13,7 +13,9 @@
libjpeg-dev,
libogg-dev,
libsqlite3-dev,
- libvorbis-dev
+ libsystemd-dev,
+ libvorbis-dev,
+ pkg-config,
Standards-Version: 4.5.0
Homepage: https://sourceforge.net/projects/minidlna/
Vcs-Git: https://salsa.debian.org/debian/minidlna.git
diff --minimal -Nru minidlna-1.3.0+dfsg/debian/minidlna.service
minidlna-1.3.0+dfsg/debian/minidlna.service
--- minidlna-1.3.0+dfsg/debian/minidlna.service 2022-02-13 10:58:08.000000000
+0100
+++ minidlna-1.3.0+dfsg/debian/minidlna.service 2023-03-29 09:01:04.000000000
+0200
@@ -19,3 +19,4 @@
[Install]
WantedBy=multi-user.target
+Also=minidlna.socket
diff --minimal -Nru minidlna-1.3.0+dfsg/debian/minidlna.socket
minidlna-1.3.0+dfsg/debian/minidlna.socket
--- minidlna-1.3.0+dfsg/debian/minidlna.socket 1970-01-01 01:00:00.000000000
+0100
+++ minidlna-1.3.0+dfsg/debian/minidlna.socket 2023-03-29 09:01:04.000000000
+0200
@@ -0,0 +1,10 @@
+[Unit]
+Description=MiniDLNA lightweight DLNA/UPnp-AV sockets
+
+[Socket]
+ListenStream=8200
+ListenDatagram=239.255.255.250:1900
+
+[Install]
+WantedBy=sockets.target
+Also=minidlna.service
diff --minimal -Nru minidlna-1.3.0+dfsg/debian/patches/series
minidlna-1.3.0+dfsg/debian/patches/series
--- minidlna-1.3.0+dfsg/debian/patches/series 2022-03-25 00:02:29.000000000
+0100
+++ minidlna-1.3.0+dfsg/debian/patches/series 2023-03-29 08:48:33.000000000
+0200
@@ -8,3 +8,4 @@
fix_FTBFS_configure_error.patch
CVE-2022-26505.patch
+systemd.patch
diff --minimal -Nru minidlna-1.3.0+dfsg/debian/patches/systemd.patch
minidlna-1.3.0+dfsg/debian/patches/systemd.patch
--- minidlna-1.3.0+dfsg/debian/patches/systemd.patch 1970-01-01
01:00:00.000000000 +0100
+++ minidlna-1.3.0+dfsg/debian/patches/systemd.patch 2023-03-29
09:01:04.000000000 +0200
@@ -0,0 +1,99 @@
+--- minidlna-1.3.0+dfsg.orig/configure.ac
++++ minidlna-1.3.0+dfsg/configure.ac
+@@ -514,6 +514,8 @@
+
+ AC_CHECK_FUNCS(kqueue, AM_CONDITIONAL(HAVE_KQUEUE, true),
AM_CONDITIONAL(HAVE_KQUEUE, false))
+
++PKG_CHECK_MODULES([LIBSYSTEMD],[libsystemd],[AC_DEFINE(HAVE_LIBSYSTEMD,1,[Whether
libsystemd is available])],[ ])
++
+
################################################################################################################
+ ### Build Options
+
+--- minidlna-1.3.0+dfsg.orig/minidlna.c
++++ minidlna-1.3.0+dfsg/minidlna.c
+@@ -77,6 +77,10 @@
+ #include <libintl.h>
+ #endif
+
++#ifdef HAVE_LIBSYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ #include "event.h"
+ #include "upnpglobalvars.h"
+ #include "sql.h"
+@@ -112,9 +116,16 @@
+ OpenAndConfHTTPSocket(unsigned short port)
+ {
+ int s;
+- int i = 1;
++ int i;
+ struct sockaddr_in listenname;
+
++#ifdef HAVE_LIBSYSTEMD
++ s = sd_listen_fds(0);
++ for (i = 0; i < s; ++i)
++ if (sd_is_socket_inet(SD_LISTEN_FDS_START + i, 0, SOCK_STREAM,
1, 0) > 0)
++ return SD_LISTEN_FDS_START + i;
++#endif
++
+ /* Initialize client type cache */
+ memset(&clients, 0, sizeof(struct client_cache_s));
+
+@@ -125,6 +136,7 @@
+ return -1;
+ }
+
++ i = 1;
+ if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i)) < 0)
+ DPRINTF(E_WARN, L_GENERAL, "setsockopt(http, SO_REUSEADDR):
%s\n", strerror(errno));
+
+--- minidlna-1.3.0+dfsg.orig/minissdp.c
++++ minidlna-1.3.0+dfsg/minissdp.c
+@@ -42,6 +42,10 @@
+ #include <arpa/inet.h>
+ #include <errno.h>
+
++#ifdef HAVE_LIBSYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ #include "event.h"
+ #include "minidlnapath.h"
+ #include "upnphttp.h"
+@@ -95,9 +99,16 @@
+ OpenAndConfSSDPReceiveSocket(void)
+ {
+ int s;
+- int i = 1;
++ int i;
+ struct sockaddr_in sockname;
+
++#ifdef HAVE_LIBSYSTEMD
++ s = sd_listen_fds(0);
++ for (i = 0; i < s; ++i)
++ if (sd_is_socket_inet(SD_LISTEN_FDS_START + i, 0, SOCK_DGRAM,
-1, 0) > 0)
++ return SD_LISTEN_FDS_START + i;
++#endif
++
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+ if (s < 0)
+ {
+@@ -105,6 +116,7 @@
+ return -1;
+ }
+
++ i = 1;
+ if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i)) < 0)
+ DPRINTF(E_WARN, L_SSDP, "setsockopt(udp, SO_REUSEADDR): %s\n",
strerror(errno));
+ #ifdef __linux__
+--- minidlna-1.3.0+dfsg.orig/Makefile.am
++++ minidlna-1.3.0+dfsg/Makefile.am
+@@ -58,6 +58,7 @@
+ @LIBEXIF_LIBS@ \
+ @LIBINTL@ \
+ @LIBICONV@ \
++ @LIBSYSTEMD_LIBS@ \
+ -lFLAC $(flacogglibs) $(vorbislibs) $(avahilibs)
+
+ testupnpdescgen_SOURCES = testupnpdescgen.c upnpdescgen.c
