I demand that Udo Richter may or may not have written...
C.Y.M wrote:
- setMax(minsize[colorid].y2, yp + len - 1);
- setMax(minsize[colorid].y2, yp);
This looks like a minor performance bug fix, as the written area is a
horizontal line, not a box.
+static bool OsdMatchesArea(cOsd *osd, tArea &area)
This (plus remainings of patch) re-allocates the osd if the new area
doesnt fit into the old osd. This may be a bug, if this actually occurs.
As far as I understand it, the dvbspu.c translates subpictures to osd
bitmaps, though I dont really know who actually uses this. Maybe DVD
plugin?
Not sure, but it's one of Reinhard Nissl's patches.
The second patch is a security patch, described here:
http://www.debian.org/security/2005/dsa-656
int fd = open(FileName, O_CREAT | O_EXCL | O_TRUNC | O_RDWR, 00640);
if (fd > -1) {
FILE *f = fdopen(fd, "wb");
This seems to force creating a new GRAB file with (00640 & ~umask) access
rights, while fopen always uses (00666 & ~umask). Additionally, this
version fails if the GRAB file already exists. (vdradmin-am wont work with
this, as the file is pre-allocated by vdradmin-am. ;) )
I don't agree with this fix,
</AOL>.
because (1) insecure SVDRP access is IMHO a security hole in any case,
True. (Klaus?)
(2) if VDR runs properly as restricted user, there shouldn't be any
critical files with write access,
True, *but* it's still possible to overwrite files which are, quite properly,
owned by vdr.
and (3) though the patched version cannot overwrite existing files, it
still can create new files anywhere, and thats IMHO not much better.
Agreed again. My VDR builds have used a similar patch (attached) which
restricts where these files can be written for some time now; vdradmin
shouldn't have a problem with it.
vdr-xine users will find a commented-out O_EXCL in xineLib.c - you should
uncomment this and replace it with O_NOFOLLOW. (My package already has this
patch; the official Debian package will too.)
(We still need a send-snap-as-base64 version. Both vdr and vdr-xine will
require modification for this; when I last looked at this, I came to the
conclusion that a file _handle_ needs to be passed to the snapshot-creation
code.)
--
| Darren Salt | d youmustbejoking,demon,co,uk | nr. Ashington,
| Debian, | s zap,tartarus,org | Northumberland
| RISC OS | @ | Toon Army
| I don't ask for much, just untold riches...
Wanted: used electrons. Give generously.
begin 644 02_CAN-2005-0071.dpatch,fff
M(R$@+V)I;B]S:"`O=7-R+W-H87)E+V1P871C:"]D<&%T8V@M<G5N"B,C(#`Q
M7T-!3BTR,#`U+3`P-S$N9'!A=&-H(&)Y($1A<G)E;B!386QT"B,C"B,C($%L
M;"!L:6YE<R!B96=I;FYI;F<@=VET:"!@(R,@1%`Z)R!A<F4@82!D97-C<FEP
M=&EO;B!O9B!T:&4@<&%T8V@N"B,C($10.B!&:7AE<R!#04XM,C`P-2TP,#<Q
M+@HC(R!$4#H@270@:7,@;F@;&]N9V5R('!O<W-I8FQE('1O(&]V97)W<FET
M92!F:6QE<R!W:71H('1H92!'4D%"(&-O;6UA;F0N"@I`1%!!5$-(0`ID:69F
M("UU<DYA9"!V9'(M,2XS+C(U+V1V8F1E=FEC92YC("]T;7`O9'!E<"Y'0C8U
M5C8O=F1R+3$N,RXR-2]D=F)D979I8V4N8PHM+2T@=F1R+3$N,RXR-2]D=F)D
M979I8V4N8PDR,#`U+3`U+3,P(#$T.C(W.C4U+C@X-C4W-SDR,"`K,#$P,`HK
M*RL@+W1M<"]D<&5P+D="-C56-B]V9'(M,2XS+C(U+V1V8F1E=FEC92YC"3(P
M,#4M,#4M,S`@,30Z,C<Z-38N-C<P,S<R,#8X("LP,3`P"D!`("TU-#@L."`K
M-30X+#D@0$`*("`@("`@("`@("`@("`@475A;&ET>2`](#$P,#L*(`H@("`@
M("`@("`@("!I<WES;&]G*")G<F%B8FEN9R!T;R`E<R`H)7,@)60@)60@)60I
M(BP@1FEL94YA;64L($IP96<@/R`B2E!%1R(@.B`B4$Y-(BP@475A;&ET>2P@
M=FTN=VED=&@L('9M+FAE:6=H="D["BT@("`@("`@("`@($9)3$4@*F8@/2!F
M;W!E;BA&:6QE3F%M92P@(G=B(BD["BT@("`@("`@("`@(&EF("AF*2!["BL@
M("`@("`@("`@(&EN="!F9"`](&]P96X@*$9I;&5.86UE+"!/7T-214%4('P@
M3U].3T9/3$Q/5R!($]?5%)53D,@?"!/7U)$5U(L(#`V-#0I.PHK("`@("`@
M("`@("!&24Q%("IF.PHK("`@("`@("`@("!I9B`H9F0@(3T@+3$@)B8@*&8@
M/2!F9&]P96XH9F0L(")W8B(I*2D@>PH@("`@("`@("`@("`@("!I9B`H2G!E
M9RD@>PH@("`@("`@("`@("`@("`@("`O+R!W<FET92!*4$5'(&9I;&4Z"B`@
M("`@("`@("`@("`@("`@('-T<G5C="!J<&5G7V-O;7!R97-S7W-T<G5C="!C
M:6YF;SL*0$`@+34X-BPV("LU.#<L."!`0`H@("`@("`@("`@("`@("!]"B`@
M("`@("`@("`@(&5L<V4@>PH@("`@("`@("`@("`@("!,3T=?15)23U)?4U12
M*$9I;&5.86UE*3L**R`@("`@("`@("`@("`@:68@*&9D("$]("TQ("8F(&-L
M;W-E("AF9"DI"BL@("`@("`@("`@("`@("`@($Q/1U]%4E)/4E]35%(H1FEL
M94YA;64I.PH@("`@("`@("`@("`@("!R97-U;'0@?#T@,3L*("`@("`@("`@
M("`@("`@?0H@("`@("`@("`@("!M=6YM87`H;65M+"!M<VEZ92D["F1I9F8@
M+75R3F%D('9D<BTQ+C,N,C4O<W9D<G`N8R`O=&UP+V1P97`N1T(V-58V+W9D
M<BTQ+C,N,C4O<W9D<G`N8PHM+2T@=F1R+3$N,RXR-2]S=F1R<"YC"3(P,#4M
M,#4M,S`@,30Z,C<Z-34N.#@X-3<W,SDU("LP,3`P"BLK*R`O=&UP+V1P97`N
M1T(V-58V+W9D<BTQ+C,N,C4O<W9D<G`N8PDR,#`U+3`U+3,P(#$T.C(W.C4V
M+C8W,3,W,3@P-B`K,#$P,`I`0"`M-C`V+#$P("LV,#8L-34@0$`*("`@("`@
M("`@4F5P;'DH-3`Q+"`B56YE>'!E8W1E9"!P87)A;65T97(@7"(E<UPB(BP@
M<"D["B`@("`@("`@(')E='5R;CL*("`@("`@("`@?0HM("`@("!I9B`H8T1E
M=FEC93HZ4')I;6%R>41E=FEC92@I+3Y'<F%B26UA9V4H1FEL94YA;64L($IP
M96<L(%%U86QI='DL(%-I>F58+"!3:7IE62DI"BL**R`@("`@8VAA<B`J9&ER
M+"`J9G!A=&@@/2!.54Q,.PHK("`@("!A<W!R:6YT9B`H)F1I<BP@(B5S+W-N
M87!S+F1I<B(L(%9I9&5O1&ER96-T;W)Y*3L**R`@("`@:68@*&UK9&ER("AD
M:7(L(#`W-34I("8F(&5R<FYO("$]($5%6$E35"D**R`@("`@('L**PE,3T=?
M15)23U)?4U12*&1I<BD["BL)4F5P;'DH-#4Q+"`B1W)A8B!I;6%G92!F86EL
M960B*3L**PEF<F5E("AD:7(I.PHK"7)E='5R;CL**R`@("`@('T**R`@("`@
M:68@*"I&:6QE3F%M92`A/2`G+R<I"BL)87-P<FEN=&8@*"9F<&%T:"P@(B5S
M+R5S(BP@9&ER+"!&:6QE3F%M92D["BL@("`@("\O(&9P871H(#T@9G5L;"!P
M871H;F%M92`H;F]T(&-A;F]N:6-A;&ES960I(&]R($Y53$P**PHK("`@("!C
M:&%R("IT;7`@/2!S=')R8VAR("AF<&%T:"`_(&9P871H(#H@1FEL94YA;64L
M("<O)RD[("\O('1H97)E(&ES(&]N90HK("`@("`J=&UP(#T@,#L**R`@("`@
M8VAA<B!P871H6U!!5$A?34%873L**R`@("`@:68@*"%R96%L<&%T:"`H9G!A
M=&@@/R!F<&%T:"`Z($9I;&5.86UE+"!P871H*2D@+R@8V%N;VYI8V%L:7-E
M('!A=&AN86UE"BL@("`@("!["BL)4F5P;'DH-3`Q+"`B26YV86QI9"!F:6QE
M;F%M92(I.PHK"69R964@*&9P871H*3L**PEF<F5E("AD:7(I.PHK"7)E='5R
M;CL**R`@("`@('T**R`@("`@+R**R`@("`@87-P<FEN=&8@*"9T;7`L("(E
M<R\E<R(L('!A=&@L('1M<"`K(#$I.PHK("`@("!F<F5E("AF<&%T:"D["BL@
M("`@(&9P871H(#T@=&UP.R`O+R!F=6QL('!A=&AN86UE("AC86YO;FEC86QI
M<V5D*0HK"BL@("`@(')E86QP871H("AD:7(L('!A=&@I.R`O+R!D:7(@;F%M
M92`H8V%N;VYI8V%L:7-E9"D**R`@("`@:68@*"%S=')N8VUP("AF<&%T:"P@
M<&%T:"P@<W1R;&5N("AP871H*2D@)B8@9G!A=&A;<W1R;&5N("AP871H*5T@
M/3T@)R\G*0HK("`@("`@>PHK("`@("`@("`O*B!N;W1H:6YG("HO"BL@("`@
M("!]"BL@("`@(&5L<V4@:68@*'-T<FYC;7`@*&9P871H+"`B+W1M<"\B+"`U
M*2D**R`@("`@('L**PE297!L>2@U,#$L("));G9A;&ED(&9I;&5N86UE(BD[
M"BL)9G)E92`H9G!A=&@I.PHK"69R964@*&1I<BD["BL)<F5T=7)N.PHK("`@
M("`@?0HK("`@("!F<F5E("AD:7(I.PHK"BL@("`@(&EF("AC1&5V:6-E.CI0
M<FEM87)Y1&5V:6-E*"DM/D=R86));6%G92AF<&%T:"P@2G!E9RP@475A;&ET
M>2P@4VEZ95@L(%-I>F59*2D*("`@("`@("`@4F5P;'DH,C4P+"`B1W)A8F)E
M9"!I;6%G92`E<R(L($]P=&EO;BD["B`@("`@(&5L<V4*("`@("`@("`@4F5P
M;'DH-#4Q+"`B1W)A8B!I;6%G92!F86EL960B*3L**PHK("`@("!F<F5E("AF
M<&%T:"D["B`@("`@('T*("`@96QS90H@("`@("!297!L>2@U,#$L(")-:7-S
0:6YG(&9I;&5N86UE(BD["B`@
`
end
