diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c289abc --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +cambozola-0.68.tar.gz +jscalendar-1.0.zip +mootools-1.2.3-core-yc.js +ZoneMinder-1.24.2.tar.gz +/ZoneMinder-1.24.3.tar.gz +/zoneminder-20110324svn.tar.xz +/ZoneMinder-1.24.4.tar.gz +/ZoneMinder-1.25.0.tar.gz +/v1.28.1.tar.gz +*.rpm +ZoneMinder-*/ diff --git a/README.Fedora b/README.Fedora new file mode 100644 index 0000000..961aadd --- /dev/null +++ b/README.Fedora @@ -0,0 +1,82 @@ +New installs +============ + +1. Unless you are already using the MySQL server or you are running it + remotely you will need to ensure that the server is installed and secured: + + yum install mysql-server + systemctl enable mysqld + systemctl start mysqld + mysql_secure_installation + +2. You will need to create the ZoneMinder database. These commands should do + the trick, assuming your database server is local: + + mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql + mysqladmin reload + +3. The database needs a user. One is not created by default because this would + introduce an obvious security issue. The following should set this up: + + mysql -u root -p + grant select,insert,update,delete on zm.* to 'zmuser'@localhost identified by 'zmpass'; + + Obviously, change at least zmpass to an actual, secure password or + passphrase. You can change zmuser as well if you like. + +4. Edit /etc/zm.conf and, at the bottom, change ZM_DB_PASS and perhaps + ZM_DB_USER to match. + +5. Edit /etc/php.ini, uncomment the date.timezone line, and add your local + timezone. For whatever reason, PHP will complain loudly if this is not set, + or if it is set incorrectly, and these complaints will show up in the + zoneminder logging system as errors. + + If you are not sure of the proper timezone specification to use, run + timedatectl. + +6. This package probably does not work with SELinux enabled at the moment. It + may be necessary to disable SELinux for httpd, or even completely for + ZoneMinder to function. The policy is being worked on and the issues will be + addressed in a later release. Run + + setenforce 0 + + for testing, and edit /etc/sysconfig/selinux to disable it at boot time. + +7. Enable and start the zoneminder service: + + systemctl enable zoneminder + systemctl start zoneminder + +8. The ZoneMinder web interface is disabled by default (which makes it rather + useless but also secure by default), you will need to edit + /etc/httpd/conf.d/zoneminder.conf to enable it. Afterwards, you can start + the web server: + + systemctl enable httpd.service + systemctl start httpd.service + +9. You should immediately visit http://localhost/zm and secure the system if + it is network facing. To do this: + + a) click Options, then System. + b) check OPT_USE_AUTH. + c) set AUTH_HASH_SECRET to a random string. + d) click Save and refresh the main browser window. + e) You should be prompted to log in; the default username/password is admin/admin. + f) Open Options again, choose the newly visible Users tab. + g) click the admin user and set a password. + + +Upgrades +======== + +1. Update /etc/zm.conf. Check for any new settings and update the version + information. Comparing /etc/zm.conf and /etc/zm.conf.rpmnew should help to + do this. + +2. You will need to upgrade the ZoneMinder database as described in the + manual. This command should be sufficient when run as root: + + zmupdate.pl --version= diff --git a/dead.package b/dead.package deleted file mode 100644 index d82fb65..0000000 --- a/dead.package +++ /dev/null @@ -1 +0,0 @@ -Moving to rpmfusion repo diff --git a/redalert.wav b/redalert.wav new file mode 100644 index 0000000..41e23e0 Binary files /dev/null and b/redalert.wav differ diff --git a/sources b/sources new file mode 100644 index 0000000..9ca0223 --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +10f2160fe68294013efcd1473cd36f72 jscalendar-1.0.zip +e8b27b818e074e5739b2bad8c57671a1 v1.28.1.tar.gz diff --git a/zoneminder-1.28.1-cve-2017-5595.patch b/zoneminder-1.28.1-cve-2017-5595.patch new file mode 100644 index 0000000..ea9ce46 --- /dev/null +++ b/zoneminder-1.28.1-cve-2017-5595.patch @@ -0,0 +1,116 @@ +diff -uNr ZoneMinder-1.28.1.orig/web/views/file.php ZoneMinder-1.28.1/web/views/file.php +--- ZoneMinder-1.28.1.orig/web/views/file.php 2015-02-04 21:52:37.000000000 -0500 ++++ ZoneMinder-1.28.1/web/views/file.php 1969-12-31 19:00:00.000000000 -0500 +@@ -1,56 +0,0 @@ +- +diff -uNr ZoneMinder-1.28.1.orig/web/views/image.php ZoneMinder-1.28.1/web/views/image.php +--- ZoneMinder-1.28.1.orig/web/views/image.php 2015-02-04 21:52:37.000000000 -0500 ++++ ZoneMinder-1.28.1/web/views/image.php 2017-02-07 21:12:51.315376682 -0500 +@@ -30,24 +30,26 @@ + if ( empty($_REQUEST['path']) ) + { + $errorText = "No image path"; +-} +-else +-{ +- $path = $_REQUEST['path']; +- if ( !empty($user['MonitorIds']) ) +- { +- $imageOk = false; +- $pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) ); +- foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId ) +- { +- if ( $pathMonId == $monId ) +- { +- $imageOk = true; +- break; ++} else { ++ $dir_events = realpath(ZM_DIR_EVENTS); ++ $path = realpath($dir_events . '/' . $_REQUEST['path']); ++ $pos = strpos($path, $dir_events); ++ ++ if($pos == 0 && $pos !== false) { ++ if ( !empty($user['MonitorIds']) ) { ++ $imageOk = false; ++ $pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) ); ++ foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId ) { ++ if ( $pathMonId == $monId ) { ++ $imageOk = true; ++ break; ++ } + } ++ if ( !$imageOk ) ++ $errorText = "No image permissions"; + } +- if ( !$imageOk ) +- $errorText = "No image permissions"; ++ } else { ++ $errorText = "Invalid image path"; + } + } + +diff -uNr ZoneMinder-1.28.1.orig/web/views/Makefile.am ZoneMinder-1.28.1/web/views/Makefile.am +--- ZoneMinder-1.28.1.orig/web/views/Makefile.am 2015-02-04 21:52:37.000000000 -0500 ++++ ZoneMinder-1.28.1/web/views/Makefile.am 2017-02-07 21:03:29.653105953 -0500 +@@ -2,5 +2,4 @@ + + webdir = @WEB_PREFIX@/views + +-dist_web_DATA = file.php \ +- image.php ++dist_web_DATA = image.php diff --git a/zoneminder-1.28.1-gcc47.patch b/zoneminder-1.28.1-gcc47.patch new file mode 100644 index 0000000..c1e2dd5 --- /dev/null +++ b/zoneminder-1.28.1-gcc47.patch @@ -0,0 +1,23 @@ +diff -up ZoneMinder-1.28.1/src/zm_local_camera.cpp.gcc47 ZoneMinder-1.28.1/src/zm_local_camera.cpp +--- ZoneMinder-1.28.1/src/zm_local_camera.cpp.gcc47 2015-02-04 21:52:37.000000000 -0500 ++++ ZoneMinder-1.28.1/src/zm_local_camera.cpp 2015-06-12 11:07:38.295420171 -0400 +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + #include + #include +diff -up ZoneMinder-1.28.1/src/zm_logger.cpp.gcc47 ZoneMinder-1.28.1/src/zm_logger.cpp +--- ZoneMinder-1.28.1/src/zm_logger.cpp.gcc47 2015-02-04 21:52:37.000000000 -0500 ++++ ZoneMinder-1.28.1/src/zm_logger.cpp 2015-06-12 11:07:38.296420176 -0400 +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + bool Logger::smInitialised = false; + Logger *Logger::smInstance = 0; +diff -up ZoneMinder-1.28.1/src/zm_thread.h.gcc47 ZoneMinder-1.28.1/src/zm_thread.h diff --git a/zoneminder-1.28.1-gcrypt.patch b/zoneminder-1.28.1-gcrypt.patch new file mode 100644 index 0000000..0f18ae6 --- /dev/null +++ b/zoneminder-1.28.1-gcrypt.patch @@ -0,0 +1,103 @@ +diff -up ZoneMinder-1.28.1/configure.ac.gcrypt ZoneMinder-1.28.1/configure.ac +--- ZoneMinder-1.28.1/configure.ac.gcrypt 2015-06-12 11:10:08.256091967 -0400 ++++ ZoneMinder-1.28.1/configure.ac 2015-06-12 11:19:51.190736931 -0400 +@@ -40,7 +40,7 @@ AC_ARG_VAR(ZM_DB_HOST,[Hostname where Zo + AC_ARG_VAR(ZM_DB_NAME,[Name of ZoneMinder database, default zm]) + AC_ARG_VAR(ZM_DB_USER,[Name of ZoneMinder database user, default zmuser]) + AC_ARG_VAR(ZM_DB_PASS,[Password of ZoneMinder database user, default zmpass]) +-AC_ARG_VAR(ZM_SSL_LIB,[Library to use for ssl functions, default gnutls]) ++AC_ARG_VAR(ZM_SSL_LIB,[Library to use for MD5 function, default libgcrypt]) + AC_ARG_VAR(ZM_MYSQL_ENGINE,[MySQL engine to use with database, default InnoDB]) + AC_ARG_VAR(ZM_RUNDIR,[Location of transient process files, default /var/run/zm]) + AC_ARG_VAR(ZM_SOCKDIR,[Location of Unix domain socket files, default /var/run/zm]) +@@ -64,7 +64,7 @@ if test "$ZM_DB_PASS" == ""; then + AC_SUBST(ZM_DB_PASS,[zmpass]) + fi + if test "$ZM_SSL_LIB" == ""; then +- AC_SUBST(ZM_SSL_LIB,gnutls) ++ AC_SUBST(ZM_SSL_LIB,libgcrypt) + fi + if test "$ZM_MYSQL_ENGINE" == ""; then + AC_SUBST(ZM_MYSQL_ENGINE,InnoDB) +@@ -314,19 +314,10 @@ AC_CHECK_LIB(pthread,pthread_create,,AC_ + AC_CHECK_LIB(dl,dlsym,,AC_MSG_ERROR(zm requires libdl.a)) + if test "$ZM_SSL_LIB" == "openssl"; then + AC_CHECK_HEADERS(openssl/md5.h,,AC_MSG_WARN(zm requires openssl/md5.h header to be installed for openssl),) +-AC_CHECK_LIB(crypto,MD5,,AC_MSG_WARN([libcrypto.a is required for authenticated streaming - use ZM_SSL_LIB option to select gnutls instead])) ++AC_CHECK_LIB(crypto,MD5,,AC_MSG_WARN([libcrypto.a is required for authenticated streaming - use ZM_SSL_LIB option to select libgcrypt instead])) + else +-AC_CHECK_HEADERS(gnutls/openssl.h,AC_SUBST(ZM_HAS_GNUTLS_OPENSSL,1),AC_SUBST(ZM_HAS_GNUTLS_OPENSSL,0),) +-AC_CHECK_HEADERS(gnutls/gnutls.h,AC_SUBST(ZM_HAS_GNUTLS,1),AC_SUBST(ZM_HAS_GNUTLS,0),) +-if test "$ZM_HAS_GNUTLS_OPENSSL" == "0" && test "$ZM_HAS_GNUTLS" == "0"; then +-AC_MSG_WARN(gnutls is required for authenticated streaming - use ZM_SSL_LIB option to select openssl instead) +-fi +-AC_CHECK_HEADERS(gcrypt.h,,AC_MSG_WARN(zm requires libgcrypt headers to be installed for gnutls),) ++AC_CHECK_HEADERS(gcrypt.h,,AC_MSG_WARN(zm requires libgcrypt headers to be installed),) + AC_CHECK_LIB(gcrypt,gcry_check_version,,AC_MSG_WARN([libgcrypt.a is required for authenticated streaming - use ZM_SSL_LIB option to select openssl instead])) +-AC_CHECK_LIB(gnutls,gnutls_fingerprint,,AC_MSG_WARN([libgnutls.a is required for authenticated streaming - use ZM_SSL_LIB option to select openssl instead])) +-if test "$ZM_HAS_GNUTLS_OPENSSL" == "1"; then +-AC_CHECK_LIB(gnutls-openssl,MD5,,AC_MSG_WARN([libgnutls.a is required for authenticated streaming - use ZM_SSL_LIB option to select openssl instead])) +-fi + fi + AC_CHECK_LIB(pcre,pcre_compile,,AC_MSG_WARN(libpcre.a may be required for remote/network camera support)) + AC_CHECK_LIB(z,zlibVersion) +@@ -386,14 +377,6 @@ AC_CHECK_HEADERS(curl/curl.h,,,) + if test "$ZM_SSL_LIB" == "openssl"; then + AC_CHECK_DECLS(MD5,,AC_MSG_ERROR([zm requires openssl/md5.h - use ZM_SSL_LIB option to select gnutls instead]),[#include + #include ]) +-else +-if test "$ZM_HAS_GNUTLS_OPENSSL" == "1"; then +-AC_CHECK_DECLS(MD5,,AC_MSG_ERROR([zm requires gnutls/openssl.h - use ZM_SSL_LIB option to select openssl instead]),[#include +-#include ]) +-else +-AC_CHECK_DECLS(gnutls_fingerprint,,AC_MSG_ERROR([zm requires gnutls/gnutls.h - use ZM_SSL_LIB option to select openssl instead]),[#include +-#include ]) +-fi + fi + AC_CHECK_DECLS(backtrace,,,[#include ]) + AC_CHECK_DECLS(backtrace_symbols,,,[#include ]) +diff -up ZoneMinder-1.28.1/src/zm_user.cpp.gcrypt ZoneMinder-1.28.1/src/zm_user.cpp +--- ZoneMinder-1.28.1/src/zm_user.cpp.gcrypt 2015-02-04 21:52:37.000000000 -0500 ++++ ZoneMinder-1.28.1/src/zm_user.cpp 2015-06-12 11:10:08.256091967 -0400 +@@ -144,6 +144,18 @@ User *zmLoadUser( const char *username, + return( user ); + } + ++#ifdef HAVE_GCRYPT_H ++#define HAVE_DECL_MD5 1 ++#define MD5_DIGEST_LENGTH 16 ++static unsigned char *MD5(const unsigned char *data, unsigned long len, ++ unsigned char *md) ++{ ++ gcry_md_hash_buffer(GCRY_MD_MD5, md, data, len); ++ ++ return md; ++} ++#endif ++ + // Function to validate an authentication string + User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) + { +diff -up ZoneMinder-1.28.1/src/zm_user.h.gcrypt ZoneMinder-1.28.1/src/zm_user.h +--- ZoneMinder-1.28.1/src/zm_user.h.gcrypt 2015-06-12 11:10:08.257091972 -0400 ++++ ZoneMinder-1.28.1/src/zm_user.h 2015-06-12 11:22:11.503378854 -0400 +@@ -23,18 +23,11 @@ + #ifndef ZM_USER_H + #define ZM_USER_H + +-#if HAVE_GNUTLS_OPENSSL_H +-#include +-#endif +-#if HAVE_GNUTLS_GNUTLS_H +-#include +-#endif +- + #if HAVE_GCRYPT_H + #include + #elif HAVE_LIBCRYPTO + #include +-#endif // HAVE_L || HAVE_LIBCRYPTO ++#endif // HAVE_GCRYPT_H || HAVE_LIBCRYPTO + + class User + { diff --git a/zoneminder-1.28.1-noffmpeg.patch b/zoneminder-1.28.1-noffmpeg.patch new file mode 100644 index 0000000..fab1a30 --- /dev/null +++ b/zoneminder-1.28.1-noffmpeg.patch @@ -0,0 +1,27 @@ +diff -up ZoneMinder-1.28.1/configure.ac.noffmpeg ZoneMinder-1.28.1/configure.ac +--- ZoneMinder-1.28.1/configure.ac.noffmpeg 2015-06-12 11:01:37.147798556 -0400 ++++ ZoneMinder-1.28.1/configure.ac 2015-06-12 11:04:39.315618375 -0400 +@@ -331,16 +331,16 @@ fi + AC_CHECK_LIB(pcre,pcre_compile,,AC_MSG_WARN(libpcre.a may be required for remote/network camera support)) + AC_CHECK_LIB(z,zlibVersion) + AC_CHECK_LIB(x264,x264_predict_16x16_init) +-AC_CHECK_LIB(avutil,av_malloc,,AC_MSG_WARN(libavutil.a may be required for MPEG streaming)) ++dnl AC_CHECK_LIB(avutil,av_malloc,,AC_MSG_WARN(libavutil.a may be required for MPEG streaming)) + # Don't bother to warn about this one +-AC_CHECK_LIB(avcore,av_image_copy,,) +-AC_CHECK_LIB(avcodec,avcodec_version,,AC_MSG_WARN(libavcodec.a is required for MPEG streaming)) +-AC_CHECK_LIB(avformat,avformat_version,,AC_MSG_WARN(libavformat.a is required for MPEG streaming)) ++dnl AC_CHECK_LIB(avcore,av_image_copy,,) ++dnl AC_CHECK_LIB(avcodec,avcodec_version,,AC_MSG_WARN(libavcodec.a is required for MPEG streaming)) ++dnl AC_CHECK_LIB(avformat,avformat_version,,AC_MSG_WARN(libavformat.a is required for MPEG streaming)) + #AC_CHECK_LIB(avcodec,avcodec_open,,AC_MSG_WARN(libavcodec.a is required for MPEG streaming)) + #AC_CHECK_LIB(avformat,av_new_stream,,AC_MSG_WARN(libavformat.a is required for MPEG streaming)) +-AC_CHECK_LIB(avdevice,avdevice_register_all,,AC_MSG_WARN(libavdevice.a may be required for MPEG streaming)) +-AC_CHECK_LIB(swscale,sws_scale,,,-lswscale) +-AC_CHECK_LIB(vlc,libvlc_new,,AC_MSG_WARN(libvlc.a may be required for streaming)) ++dnl AC_CHECK_LIB(avdevice,avdevice_register_all,,AC_MSG_WARN(libavdevice.a may be required for MPEG streaming)) ++dnl AC_CHECK_LIB(swscale,sws_scale,,,-lswscale) ++dnl AC_CHECK_LIB(vlc,libvlc_new,,AC_MSG_WARN(libvlc.a may be required for streaming)) + AC_CHECK_LIB(bz2,BZ2_bzCompress,,AC_MSG_WARN(zm requires libbz2.a for recent versions of ffmpeg)) + AC_CHECK_LIB(z,compress,,) + AC_CHECK_LIB(curl,curl_global_init,,) diff --git a/zoneminder-1.28.1-runlevel.patch b/zoneminder-1.28.1-runlevel.patch new file mode 100644 index 0000000..427cf34 --- /dev/null +++ b/zoneminder-1.28.1-runlevel.patch @@ -0,0 +1,11 @@ +diff -up ZoneMinder-1.28.1/scripts/zm.in.runlevel ZoneMinder-1.28.1/scripts/zm.in +--- ZoneMinder-1.28.1/scripts/zm.in.runlevel 2015-06-12 10:58:22.477921885 -0400 ++++ ZoneMinder-1.28.1/scripts/zm.in 2015-06-12 10:59:53.869333454 -0400 +@@ -1,6 +1,6 @@ + #!/bin/sh + # description: ZoneMinder is the top Linux video camera security and surveillance solution. ZoneMinder is intended for use in single or multi-camera video security applications.Copyright: Philip Coombes, Corey DeLasaux 2003-2008 +-# chkconfig: 2345 99 00 ++# chkconfig: - 99 00 + # processname: zmpkg.pl + + # This script is intended for use with legacy SysV init environments ONLY diff --git a/zoneminder-svn-checkout.sh b/zoneminder-svn-checkout.sh new file mode 100755 index 0000000..e30ff4a --- /dev/null +++ b/zoneminder-svn-checkout.sh @@ -0,0 +1,10 @@ +#!/bin/bash +DATE=$(date +%Y%m%d) + +set -x + +rm -rf zm +svn export http://svn.zoneminder.com/svn/zm/trunk zm +tar cJf zoneminder-${DATE}svn.tar.xz zm + +rm -rf zm diff --git a/zoneminder.conf b/zoneminder.conf new file mode 100644 index 0000000..597ea2b --- /dev/null +++ b/zoneminder.conf @@ -0,0 +1,45 @@ +# The Zoneminder web interface has been disabled by default due to a small +# security issue in the default install. +# +# When using Zoneminder's own authentication, recorded CCTV images are +# accessible from the web directly without passing the authentication. This +# means any attacker could see your CCTV images without a password. In order +# to avoid this you can disable Zoneminder's authentication and configure +# standard Apache authentication (see the Apache documentation for details on +# this). +# +# If you still wish to use Zoneminder's own authentication, or have an +# internal site which needs no authentication, you need to delete the line +# marked below and restart Apache. + +Alias /zm "/usr/share/zoneminder/www" + + Options -Indexes +MultiViews +FollowSymLinks + AllowOverride All + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order deny,allow + Allow from all + + # The code unfortunately uses short tags in many places + php_value short_open_tag 1 + + +ScriptAlias /cgi-bin/zm "/usr/libexec/zoneminder/cgi-bin" + + AllowOverride All + Options ExecCGI + + # Apache 2.4 + Require all granted + + + # Apache 2.2 + Order deny,allow + Allow from all + + diff --git a/zoneminder.logrotate b/zoneminder.logrotate new file mode 100644 index 0000000..7bd1d18 --- /dev/null +++ b/zoneminder.logrotate @@ -0,0 +1,8 @@ +/var/log/zoneminder/*.log { + missingok + notifempty + sharedscripts + postrotate + /usr/bin/zmpkg.pl logrot 2> /dev/null > /dev/null || : + endscript +} diff --git a/zoneminder.service b/zoneminder.service new file mode 100644 index 0000000..d59fc67 --- /dev/null +++ b/zoneminder.service @@ -0,0 +1,12 @@ +[Unit] +Description=Video security and surveillance system + +[Service] +Type=forking +ExecStart=/usr/bin/zmpkg.pl start +ExecReload=/usr/bin/zmpkg.pl reload +PIDFile=/run/zoneminder/zm.pid + +[Install] +WantedBy=multi-user.target + diff --git a/zoneminder.spec b/zoneminder.spec new file mode 100644 index 0000000..5d2d507 --- /dev/null +++ b/zoneminder.spec @@ -0,0 +1,494 @@ +%define zmuid $(id -un) +%define zmgid $(id -gn) +%define zmuid_final apache +%define zmgid_final apache + +Name: zoneminder +Version: 1.28.1 +Release: 8%{?dist} +Summary: A camera monitoring and analysis tool +Group: System Environment/Daemons +# jscalendar is LGPL (any version): http://www.dynarch.com/projects/calendar/ +# Mootools is inder the MIT license: http://mootools.net/ +License: GPLv2+ and LGPLv2+ and MIT +URL: http://www.zoneminder.com/ + +Source: https://github.com/ZoneMinder/ZoneMinder/archive/v%{version}.tar.gz +Source2: zoneminder.conf +Source3: redalert.wav +Source4: README.Fedora +Source5: http://downloads.sourceforge.net/jscalendar/jscalendar-1.0.zip +Source6: zoneminder.service +Source7: zoneminder.logrotate +# Need to unravel the proper mootools files to grab from upstream, since the +# number of them keeps multiplying. In the meantime, rely on the ones bundled +# with zoneminder. As these are javascript, there is no guideline violation +# here. +#Source8: http://mootools.net/download/get/mootools-1.2.3-core-yc.js +Patch1: zoneminder-1.28.1-cve-2017-5595.patch +Patch2: zoneminder-1.28.1-runlevel.patch +Patch3: zoneminder-1.28.1-noffmpeg.patch +Patch11: zoneminder-1.28.1-gcc47.patch +Patch12: zoneminder-1.28.1-gcrypt.patch + +BuildRequires: automake gnutls-devel systemd-units +BuildRequires: mysql-devel pcre-devel libjpeg-devel +BuildRequires: polkit-devel +BuildRequires: perl-generators +BuildRequires: perl(Archive::Tar) +BuildRequires: perl(Archive::Zip) +BuildRequires: perl(Date::Manip) +BuildRequires: perl(DBD::mysql) +BuildRequires: perl(DBI) +BuildRequires: perl(ExtUtils::MakeMaker) +BuildRequires: perl(Getopt::Long) +BuildRequires: perl(LWP::UserAgent) +BuildRequires: perl(MIME::Entity) +BuildRequires: perl(MIME::Lite) +BuildRequires: perl(PHP::Serialization) +BuildRequires: perl(Sys::Mmap) +BuildRequires: perl(Sys::Syslog) +BuildRequires: perl(Time::HiRes) + +Requires: httpd +Requires: php +Requires: php-mysqli +Requires: cambozola +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Requires: perl(DBD::mysql) perl(Archive::Tar) perl(Archive::Zip) +Requires: perl(MIME::Entity) perl(MIME::Lite) perl(Net::SMTP) perl(Net::FTP) + +Requires(post): systemd-units systemd-sysv +Requires(preun): systemd-units +Requires(postun): systemd-units + + +%description +ZoneMinder is a set of applications which is intended to provide a complete +solution allowing you to capture, analyse, record and monitor any cameras you +have attached to a Linux based machine. It is designed to run on kernels which +support the Video For Linux (V4L) interface and has been tested with cameras +attached to BTTV cards, various USB cameras and IP network cameras. It is +designed to support as many cameras as you can attach to your computer without +too much degradation of performance. + + +%prep +%setup -q -n ZoneMinder-%{version} + +# Unpack jscalendar and move some files around +%setup -q -D -T -a 5 -n ZoneMinder-%{version} +mkdir jscalendar-doc +pushd jscalendar-1.0 +mv *html *php doc/* README ../jscalendar-doc +rmdir doc +popd + +%patch1 -p1 -b .cve-2017-5595 +%patch2 -p1 -b .runlevel +%patch3 -p1 -b .noffmpeg +%patch11 -p1 -b .gcc47 +%patch12 -p1 -b .gcrypt +cp %{SOURCE4} README.Fedora +chmod -x src/zm_event.cpp src/zm_user.h + + +%build +autoreconf --install + +OPTS="" +%ifnarch %{ix86} x86_64 + OPTS="$OPTS --disable-crashtrace" +%endif + +export ZM_RUNDIR=/var/run/zoneminder +export ZM_TMPDIR=/var/lib/zoneminder/temp +%configure \ + --with-libarch=%{_lib} \ + --with-mysql=%{_prefix} \ + --with-webdir=%{_datadir}/%{name}/www \ + --with-cgidir=%{_libexecdir}/%{name}/cgi-bin \ + --with-webuser=%{zmuid} \ + --with-webgroup=%{zmgid} \ + --enable-mmap=yes \ + --disable-debug \ + $OPTS + +# Have to do this now because the configure script wipes out modifications made to this file +cat <> db/zm_create.sql +# Fedora change: +# Alter some default paths to match the default URL and selinux expectations +update Config set Value = '/cgi-bin/zm/nph-zms' where Name = 'ZM_PATH_ZMS'; +update Config set Value = '/var/log/zoneminder' where Name = 'ZM_PATH_LOGS'; +update Config set Value = '/var/log/zoneminder/zm_debug_log+' where Name = 'ZM_EXTRA_DEBUG_LOG'; +update Config set Value = '/var/log/zoneminder/zm_xml.log' where Name = 'ZM_EYEZM_LOG_FILE'; +update Config set Value = '/var/lib/zoneminder/sock' where Name = 'ZM_PATH_SOCKS'; +update Config set Value = '/var/lib/zoneminder/swap' where Name = 'ZM_PATH_SWAP'; +update Config set Value = '/var/spool/zoneminder-upload' where Name = 'ZM_UPLOAD_FTP_LOC_DIR'; +EOF + +make %{?_smp_mflags} +%{__perl} -pi -e 's/(ZM_WEB_USER=).*$/${1}%{zmuid_final}/;' \ + -e 's/(ZM_WEB_GROUP=).*$/${1}%{zmgid_final}/;' zm.conf + + +%install +install -d %{buildroot}/%{_localstatedir}/run +make install DESTDIR=%{buildroot} \ + INSTALLDIRS=vendor +rm -rf %{buildroot}/%{perl_vendorarch} %{buildroot}/%{perl_archlib} +rm -f %{buildroot}/%{_bindir}/zmx10.pl + +install -m 755 -d %{buildroot}/var/log/zoneminder +for dir in events images temp +do + install -m 755 -d %{buildroot}/var/lib/zoneminder/$dir + rmdir %{buildroot}/%{_datadir}/zoneminder/www/$dir + ln -sf ../../../../var/lib/zoneminder/$dir %{buildroot}/%{_datadir}/zoneminder/www/$dir +done +install -m 755 -d %{buildroot}/var/lib/zoneminder/sock +install -m 755 -d %{buildroot}/var/lib/zoneminder/swap +install -m 755 -d %{buildroot}/var/spool/zoneminder-upload + +install -D -m 644 %{SOURCE2} %{buildroot}/etc/httpd/conf.d/zoneminder.conf +install -D -m 755 %{SOURCE3} %{buildroot}/%{_datadir}/zoneminder/www/sounds/redalert.wav +install -D -m 644 %{SOURCE6} %{buildroot}/%{_unitdir}/zoneminder.service +install -D -m 644 %{SOURCE7} %{buildroot}/etc/logrotate.d/zoneminder + +# Install jscalendar - this really should be in its own package +install -d -m 755 %{buildroot}/%{_datadir}/%{name}/www/jscalendar +cp -rp jscalendar-1.0/* %{buildroot}/%{_datadir}/zoneminder/www/jscalendar + +# Set up cambozola +pushd %{buildroot}/%{_datadir}/zoneminder/www +ln -s ../../java/cambozola.jar +popd + +install -d -m 755 %{buildroot}/etc/tmpfiles.d +cat > %{buildroot}/etc/tmpfiles.d/zoneminder.conf </dev/null 2>&1 || : +fi + +%preun +if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable zoneminder.service > /dev/null 2>&1 || : + /bin/systemctl stop zoneminder.service > /dev/null 2>&1 || : +fi + +%postun +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ] ; then + # Package upgrade, not uninstall + /bin/systemctl try-restart zoneminder.service >/dev/null 2>&1 || : +fi + +%triggerun -- zoneminder < 1.25.0-4 +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply zoneminder +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save zoneminder >/dev/null 2>&1 ||: + +# Run these because the SysV package being removed won't do them +/sbin/chkconfig --del zoneminder >/dev/null 2>&1 || : +/bin/systemctl try-restart zoneminder.service >/dev/null 2>&1 || : + + +%files +%defattr(-,root,root,-) +%doc AUTHORS COPYING README.md README.Fedora jscalendar-doc +%config(noreplace) %attr(640,root,%{zmgid_final}) /etc/zm.conf +%config(noreplace) %attr(644,root,root) /etc/httpd/conf.d/zoneminder.conf +%config(noreplace) /etc/tmpfiles.d/zoneminder.conf +%config(noreplace) /etc/logrotate.d/zoneminder + +%{_unitdir}/zoneminder.service +%{_datadir}/polkit-1/actions/com.zoneminder.systemctl.policy +%{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules + +%{_bindir}/zma +%{_bindir}/zmaudit.pl +%{_bindir}/zmc +%{_bindir}/zmcamtool.pl +%{_bindir}/zmcontrol.pl +%{_bindir}/zmdc.pl +%{_bindir}/zmf +%{_bindir}/zmfilter.pl +%{_bindir}/zmpkg.pl +%{_bindir}/zmstreamer +%{_bindir}/zmsystemctl.pl +%{_bindir}/zmtrack.pl +%{_bindir}/zmtrigger.pl +%{_bindir}/zmu +%{_bindir}/zmupdate.pl +%{_bindir}/zmvideo.pl +%{_bindir}/zmwatch.pl + +%{perl_vendorlib}/ZoneMinder* +%{_mandir}/man*/* +%dir %{_libexecdir}/zoneminder +%{_libexecdir}/zoneminder/cgi-bin +%dir %{_datadir}/zoneminder +%{_datadir}/zoneminder/db +%{_datadir}/zoneminder/www + +%dir %attr(755,%{zmuid_final},%{zmgid_final}) /var/lib/zoneminder +%dir %attr(755,%{zmuid_final},%{zmgid_final}) /var/lib/zoneminder/events +%dir %attr(755,%{zmuid_final},%{zmgid_final}) /var/lib/zoneminder/images +%dir %attr(755,%{zmuid_final},%{zmgid_final}) /var/lib/zoneminder/sock +%dir %attr(755,%{zmuid_final},%{zmgid_final}) /var/lib/zoneminder/swap +%dir %attr(755,%{zmuid_final},%{zmgid_final}) /var/lib/zoneminder/temp +%dir %attr(755,%{zmuid_final},%{zmgid_final}) /var/log/zoneminder +%dir %attr(755,%{zmuid_final},%{zmgid_final}) /var/spool/zoneminder-upload +%dir %attr(755,%{zmuid_final},%{zmgid_final}) /run/zoneminder + + +%changelog +* Tue Feb 7 2017 Charles R. Anderson - 1.28.1-8 +- CVE-2017-5595 (rhbz#1419509) + +* Fri Jan 6 2017 Charles R. Anderson - 1.28.1-7 +- Change Requires php-mysql --> php-mysqli + +* Mon May 16 2016 Jitka Plesnikova - 1.28.1-6 +- Perl 5.24 rebuild + +* Fri Feb 05 2016 Fedora Release Engineering - 1.28.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 1.28.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Jun 12 2015 Charles R. Anderson - 1.28.1-3 +- Update patches to apply against 1.28.1 +- Remove unneeded patches +- zmfix no longer provided +- zmcamtool.pl and zmsystemctl.pl added + +* Sat Jun 06 2015 Jitka Plesnikova - 1.28.1-2 +- Perl 5.22 rebuild + +* Mon Sep 01 2014 Jitka Plesnikova - 1.25.0-20 +- Perl 5.20 rebuild + +* Thu Aug 21 2014 Kevin Fenzi - 1.25.0-19 +- Rebuild for rpm bug 1131960 + +* Mon Aug 18 2014 Fedora Release Engineering - 1.25.0-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Jun 12 2014 Petr Pisar - 1.25.0-17 +- Allow autotools to install missing files (bug #1059131) +- Fix a format-security warning + +* Sat Jun 07 2014 Fedora Release Engineering - 1.25.0-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun Aug 04 2013 Fedora Release Engineering - 1.25.0-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 29 2013 Petr Pisar - 1.25.0-14 +- Perl 5.18 rebuild +- Specify mandatory perl dependencies + +* Fri Feb 15 2013 Fedora Release Engineering - 1.25.0-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Jan 21 2013 Adam Tkac - 1.25.0-12 +- rebuild due to "jpeg8-ABI" feature drop + +* Mon Jan 7 2013 Remi Collet - 1.25.0-11 +- fix configuration file for httpd 2.4, #871502 + +* Fri Dec 21 2012 Adam Tkac - 1.25.0-10 +- rebuild against new libjpeg + +* Thu Aug 09 2012 Jason L Tibbitts III - 1.25.0-9 +- Add patch to work around v4l2 api breakage in 3.5 kernel. + +* Sun Jul 22 2012 Fedora Release Engineering - 1.25.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jun 23 2012 Petr Pisar - 1.25.0-7 +- Perl 5.16 rebuild + +* Wed Mar 21 2012 Jason L Tibbitts III - 1.25.0-6 +- Fix stupid thinko in sql modifications. + +* Sat Feb 25 2012 Jason L Tibbitts III - 1.25.0-5 +- Clean up macro usage. + +* Sat Feb 25 2012 Jason L Tibbitts III - 1.25.0-4 +- Convert to systemd. +- Add tmpfiles.d configuration since the initscript isn't around to create + /run/zoneminder. +- Remove some pointless executable permissions. +- Add logrotate file. + +* Wed Feb 22 2012 Jason L Tibbitts III - 1.25.0-3 +- Update README.Fedora to reference systemctl and mention timezone info in + php.ini. +- Add proper default for EYEZM_LOG_TO_FILE. + + +* Thu Feb 09 2012 Jason L Tibbitts III - 1.25.0-2 +- Rebuild for new pcre. + +* Thu Jan 19 2012 Jason L Tibbitts III - 1.25.0-1 +- Update to 1.25.0 +- Fix gcc4.7 build problems. +- Drop gcc4.4 build fixes; for whatever reason they now break the build. +- Clean up old patches. +- Force setting of ZM_TMPDIR and ZM_RUNDIR. + +* Sat Jan 14 2012 Fedora Release Engineering - 1.24.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Sep 15 2011 Jason L Tibbitts III - 1.24.4-3 +- Re-add the dist-tag that somehow got lost. + +* Thu Sep 15 2011 Jason L Tibbitts III - 1.24.4-2 +- Add patch for bug 711780 - fix syntax issue in Mapped.pm. +- Undo that patch, and undo another which was the cause of the whole mess. +- Fix up other patches so ZM_PATH_BUILD is both defined and useful. +- Make sure database creation mods actually take. +- Update Fedora-specific docs with some additional info. +- Use bundled mootools (javascript, so no guideline violation). +- Update download location. +- Update the gcrypt patch to actually work. +- Upstream changed the tarball without changing the version to patch a + vulnerability, so redownload. + +* Sun Aug 14 2011 Jason L Tibbitts III - 1.24.4-1 +- Initial attempt to upgrade to 1.24.4. +- Add patch from BZ 460310 to build against libgcrypt instead of requiring the + gnutls openssl libs. + +* Thu Jul 21 2011 Petr Sabata - 1.24.3-7.20110324svn3310 +- Perl mass rebuild + +* Wed Jul 20 2011 Petr Sabata - 1.24.3-6.20110324svn3310 +- Perl mass rebuild + +* Mon May 09 2011 Jason L Tibbitts III - 1.24.3-5.20110324svn3310 +- Bump for gnutls update. + +* Thu Mar 24 2011 Jason L Tibbitts III - 1.24.3-4.20110324svn3310 +- Update to latest 1.24.3 subversion. Turns out that what upstream was calling + 1.24.3 is really just an occasionally updated devel snapshot. +- Rebase various patches. + +* Wed Mar 23 2011 Dan Horák - 1.24.3-3 +- rebuilt for mysql 5.5.10 (soname bump in libmysqlclient) + +* Tue Feb 08 2011 Fedora Release Engineering - 1.24.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jan 25 2011 Jason L Tibbitts III - 1.24.3-1 +- Update to latest upstream version. +- Rebase patches. +- Initial incomplete attempt to disable v4l1 support. + +* Fri Jan 21 2011 Jason L Tibbitts III - 1.24.2-6 +- Unbundle cambozola; instead link to the separately pacakged copy. +- Remove BuildRoot:, %%clean and buildroot cleaning in %%install. +- Git rid of mixed space/tab usage by removing all tabs. +- Remove unnecessary Conflicts: line. +- Attempt to force short_open_tag on for the code directories. +- Move default location of sockets, swaps, logfiles and some temporary files to + make more sense and allow things to work better with a future selinux policy. +- Fix errors in README.Fedora. + +* Wed Jun 02 2010 Marcela Maslanova - 1.24.2-5 +- Mass rebuild with perl-5.12.0 + +* Fri Dec 4 2009 Stepan Kasal - 1.24.2-4 +- rebuild against perl 5.10.1 +- use Perl vendorarch and archlib variables correctly + +* Mon Jul 27 2009 Fedora Release Engineering - 1.24.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 22 2009 Jason L Tibbitts III - 1.24.2-2 +- Bump release since 1.24.2-1 was mistakenly tagged a few months ago. + +* Wed Jul 22 2009 Jason L Tibbitts III - 1.24.2-1 +- Initial update to 1.24.2. +- Rebase patches. +- Update mootools download location. +- Update to mootools 1.2.3. +- Add additional dependencies for some optional features. + +* Sat Apr 11 2009 Martin Ebourne - 1.24.1-3 +- Remove unused Sys::Mmap perl dependency RPM is finding + +* Sat Apr 11 2009 Martin Ebourne - 1.24.1-2 +- Update gcc44 patch to disable -frepo, seems to be broken with gcc44 +- Added noffmpeg patch to make building outside mock easier + +* Sat Mar 21 2009 Martin Ebourne - 1.24.1-1 +- Patch for gcc 4.4 compilation errors +- Upgrade to 1.24.1 + +* Wed Feb 25 2009 Fedora Release Engineering - 1.23.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Jan 24 2009 Caolán McNamara - 1.23.3-3 +- rebuild for dependencies + +* Mon Dec 15 2008 Martin Ebourne - 1.23.3-2 +- Fix permissions on zm.conf + +* Fri Jul 11 2008 Jason L Tibbitts III - 1.23.3-1 +- Initial attempt at packaging 1.23. + +* Tue Jul 1 2008 Martin Ebourne - 1.22.3-15 +- Add perl module compat dependency, bz #453590 + +* Tue May 6 2008 Martin Ebourne - 1.22.3-14 +- Remove default runlevel, bz #441315 + +* Mon Apr 28 2008 Jason L Tibbitts III - 1.22.3-13 +- Backport patch for CVE-2008-1381 from 1.23.3 to 1.22.3. + +* Tue Feb 19 2008 Fedora Release Engineering - 1.22.3-12 +- Autorebuild for GCC 4.3 + +* Thu Jan 3 2008 Martin Ebourne - 1.22.3-11 +- Fix compilation on gcc 4.3 + +* Thu Dec 6 2007 Martin Ebourne - 1.22.3-10 +- Rebuild for new openssl + +* Thu Aug 2 2007 Martin Ebourne - 1.22.3-8 +- Fix licence tag + +* Thu Jul 12 2007 Martin Ebourne - 1.22.3-7 +- Fixes from testing by Jitz including missing dependencies and database creation + +* Sat Jun 30 2007 Martin Ebourne - 1.22.3-6 +- Disable crashtrace on ppc + +* Sat Jun 30 2007 Martin Ebourne - 1.22.3-5 +- Fix uid for directories in /var/lib/zoneminder + +* Tue Jun 26 2007 Martin Ebourne - 1.22.3-4 +- Added perl Archive::Tar dependency +- Disabled web interface due to lack of access control on the event images + +* Sun Jun 10 2007 Martin Ebourne - 1.22.3-3 +- Changes recommended in review by Jason Tibbitts + +* Mon Apr 2 2007 Martin Ebourne - 1.22.3-2 +- Standardised on package name of zoneminder + +* Thu Dec 28 2006 Martin Ebourne - 1.22.3-1 +- First version. Uses some parts from zm-1.20.1 by Corey DeLasaux and Serg Oskin