Package: minidlna Version: 1.3.0+dfsg-2.2 Severity: wishlist Tags: patch security
Hi, Bug #786929 is about minidlna being unable to bind to network interfaces and has been unfixed for a long time. Unfortunately, no satisfactory solution has evolved since. Let me give a try. Instead of messing with internals of minissdp, I propose outsourcing the problem to systemd. It provides this feature called "socket activation". Rather than having minidlna create and bind sockets, have systemd do this. This is easily done using libsystemd and once we defer this task to systemd, we can use all the means of customization that systemd provides (including binding an interface). Doing so also allows binding a privileged port if desired. I've implemented it in a way that the feature remains optional. What do you think? So yeah, this doesn't fix #786929, but it provides a really easy workaround for any system running systemd without having to set up a firewall. Helmut
diff --minimal -Nru minidlna-1.3.0+dfsg/debian/changelog minidlna-1.3.0+dfsg/debian/changelog --- minidlna-1.3.0+dfsg/debian/changelog 2022-03-30 22:03:02.000000000 +0200 +++ minidlna-1.3.0+dfsg/debian/changelog 2023-03-29 09:01:04.000000000 +0200 @@ -1,3 +1,10 @@ +minidlna (1.3.0+dfsg-2.3) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Support systemd socket activation. + + -- Helmut Grohne <hel...@subdivi.de> Wed, 29 Mar 2023 09:01:04 +0200 + minidlna (1.3.0+dfsg-2.2) unstable; urgency=medium * Non-maintainer upload. diff --minimal -Nru minidlna-1.3.0+dfsg/debian/control minidlna-1.3.0+dfsg/debian/control --- minidlna-1.3.0+dfsg/debian/control 2021-01-07 18:20:27.000000000 +0100 +++ minidlna-1.3.0+dfsg/debian/control 2023-03-29 09:01:04.000000000 +0200 @@ -13,7 +13,9 @@ libjpeg-dev, libogg-dev, libsqlite3-dev, - libvorbis-dev + libsystemd-dev, + libvorbis-dev, + pkg-config, Standards-Version: 4.5.0 Homepage: https://sourceforge.net/projects/minidlna/ Vcs-Git: https://salsa.debian.org/debian/minidlna.git diff --minimal -Nru minidlna-1.3.0+dfsg/debian/minidlna.service minidlna-1.3.0+dfsg/debian/minidlna.service --- minidlna-1.3.0+dfsg/debian/minidlna.service 2022-02-13 10:58:08.000000000 +0100 +++ minidlna-1.3.0+dfsg/debian/minidlna.service 2023-03-29 09:01:04.000000000 +0200 @@ -19,3 +19,4 @@ [Install] WantedBy=multi-user.target +Also=minidlna.socket diff --minimal -Nru minidlna-1.3.0+dfsg/debian/minidlna.socket minidlna-1.3.0+dfsg/debian/minidlna.socket --- minidlna-1.3.0+dfsg/debian/minidlna.socket 1970-01-01 01:00:00.000000000 +0100 +++ minidlna-1.3.0+dfsg/debian/minidlna.socket 2023-03-29 09:01:04.000000000 +0200 @@ -0,0 +1,10 @@ +[Unit] +Description=MiniDLNA lightweight DLNA/UPnp-AV sockets + +[Socket] +ListenStream=8200 +ListenDatagram=239.255.255.250:1900 + +[Install] +WantedBy=sockets.target +Also=minidlna.service diff --minimal -Nru minidlna-1.3.0+dfsg/debian/patches/series minidlna-1.3.0+dfsg/debian/patches/series --- minidlna-1.3.0+dfsg/debian/patches/series 2022-03-25 00:02:29.000000000 +0100 +++ minidlna-1.3.0+dfsg/debian/patches/series 2023-03-29 08:48:33.000000000 +0200 @@ -8,3 +8,4 @@ fix_FTBFS_configure_error.patch CVE-2022-26505.patch +systemd.patch diff --minimal -Nru minidlna-1.3.0+dfsg/debian/patches/systemd.patch minidlna-1.3.0+dfsg/debian/patches/systemd.patch --- minidlna-1.3.0+dfsg/debian/patches/systemd.patch 1970-01-01 01:00:00.000000000 +0100 +++ minidlna-1.3.0+dfsg/debian/patches/systemd.patch 2023-03-29 09:01:04.000000000 +0200 @@ -0,0 +1,99 @@ +--- minidlna-1.3.0+dfsg.orig/configure.ac ++++ minidlna-1.3.0+dfsg/configure.ac +@@ -514,6 +514,8 @@ + + AC_CHECK_FUNCS(kqueue, AM_CONDITIONAL(HAVE_KQUEUE, true), AM_CONDITIONAL(HAVE_KQUEUE, false)) + ++PKG_CHECK_MODULES([LIBSYSTEMD],[libsystemd],[AC_DEFINE(HAVE_LIBSYSTEMD,1,[Whether libsystemd is available])],[ ]) ++ + ################################################################################################################ + ### Build Options + +--- minidlna-1.3.0+dfsg.orig/minidlna.c ++++ minidlna-1.3.0+dfsg/minidlna.c +@@ -77,6 +77,10 @@ + #include <libintl.h> + #endif + ++#ifdef HAVE_LIBSYSTEMD ++#include <systemd/sd-daemon.h> ++#endif ++ + #include "event.h" + #include "upnpglobalvars.h" + #include "sql.h" +@@ -112,9 +116,16 @@ + OpenAndConfHTTPSocket(unsigned short port) + { + int s; +- int i = 1; ++ int i; + struct sockaddr_in listenname; + ++#ifdef HAVE_LIBSYSTEMD ++ s = sd_listen_fds(0); ++ for (i = 0; i < s; ++i) ++ if (sd_is_socket_inet(SD_LISTEN_FDS_START + i, 0, SOCK_STREAM, 1, 0) > 0) ++ return SD_LISTEN_FDS_START + i; ++#endif ++ + /* Initialize client type cache */ + memset(&clients, 0, sizeof(struct client_cache_s)); + +@@ -125,6 +136,7 @@ + return -1; + } + ++ i = 1; + if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i)) < 0) + DPRINTF(E_WARN, L_GENERAL, "setsockopt(http, SO_REUSEADDR): %s\n", strerror(errno)); + +--- minidlna-1.3.0+dfsg.orig/minissdp.c ++++ minidlna-1.3.0+dfsg/minissdp.c +@@ -42,6 +42,10 @@ + #include <arpa/inet.h> + #include <errno.h> + ++#ifdef HAVE_LIBSYSTEMD ++#include <systemd/sd-daemon.h> ++#endif ++ + #include "event.h" + #include "minidlnapath.h" + #include "upnphttp.h" +@@ -95,9 +99,16 @@ + OpenAndConfSSDPReceiveSocket(void) + { + int s; +- int i = 1; ++ int i; + struct sockaddr_in sockname; + ++#ifdef HAVE_LIBSYSTEMD ++ s = sd_listen_fds(0); ++ for (i = 0; i < s; ++i) ++ if (sd_is_socket_inet(SD_LISTEN_FDS_START + i, 0, SOCK_DGRAM, -1, 0) > 0) ++ return SD_LISTEN_FDS_START + i; ++#endif ++ + s = socket(PF_INET, SOCK_DGRAM, 0); + if (s < 0) + { +@@ -105,6 +116,7 @@ + return -1; + } + ++ i = 1; + if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i)) < 0) + DPRINTF(E_WARN, L_SSDP, "setsockopt(udp, SO_REUSEADDR): %s\n", strerror(errno)); + #ifdef __linux__ +--- minidlna-1.3.0+dfsg.orig/Makefile.am ++++ minidlna-1.3.0+dfsg/Makefile.am +@@ -58,6 +58,7 @@ + @LIBEXIF_LIBS@ \ + @LIBINTL@ \ + @LIBICONV@ \ ++ @LIBSYSTEMD_LIBS@ \ + -lFLAC $(flacogglibs) $(vorbislibs) $(avahilibs) + + testupnpdescgen_SOURCES = testupnpdescgen.c upnpdescgen.c