Ubuntu
tvtime package

[SRU] package installation creates /root/.tvtime

Bug #92752 reported by erusan
86
This bug affects 11 people
Affects Status Importance Assigned to Milestone
tvtime (Debian)
Fix Released
Unknown
tvtime (Fedora)
Fix Released
Medium
tvtime (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Medium
Unassigned
Quantal
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: tvtime

Since Dapper, tvtime is installed with root as the owner. This makes it so the user can't save channel data, picture settings, etc.

ProblemType: Bug
Architecture: i386
Date: Fri Mar 16 01:12:08 2007
DistroRelease: Ubuntu 7.04
Uname: Linux godzilla 2.6.20-11-generic #2 SMP Thu Mar 15 08:03:07 UTC 2007 i686 GNU/Linux

SRU JUSTIFICATION:

[Impact] + [Test Case]

From Debian bug (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694892):

"Hi,

during a test with piuparts I noticed that your package creates files in
/root. From the attached log
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=tvtime_1.0.2-9.log.gz;att=1;bug=694892 (scroll to the bottom):

0m34.1s ERROR: FAIL: Package purging left files on system:
  /root/.tvtime/ not owned

Creating stuff in /root is a FHS and policy violation. (And of course
these files should not be deleted by maintainer scripts.)
But it is also an indication that the package operation may depend on
root's .tvtime configuration (and package installation might even fail if
that configuration is broken). That would be a case for "configuration
files not in /etc"."

This might also be the cause for "this bug" where a users ~/.tvtime/ is
owned by root:root - probably depending on how the user switched to root.

[Regression Potential]

"This is due to tvtime-configure being called in the postinst script.
tvtime-configure uses config_new() which in turn contains this code:

    /* Make the ~/.tvtime directory every time on startup, to be safe. */
    if( asprintf( &temp_dirname, "%s/.tvtime", getenv( "HOME" ) ) < 0 ) {
        /* FIXME: Clean up ?? */
        return 0;
    }
    mkdir_and_force_owner( temp_dirname, ct->uid, getgid() );
    free( temp_dirname );

Therefore, tvtime-configure creates $HOME/.tvtime everytime you
run it, even when the invocation is something like
tvtime-configure -F /etc/tvtime/tvtime.xml

I have attached a patch which will fix the bug (that is, not create
$HOME/.tvtime on every run) but will still work correctly by creating
dirname(config_filename) before saving. I tested it by changing the
deinterlacing setting."

See original description
Revision history for this message
In , David (david-redhat-bugs) wrote :

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0

Description of problem:
The tvtime binary is installed setuid root. Is that wise ?

AFAIK it is because it needs access to /dev/rtc

Can that not be solved in some other way ?

The last thing we need is a remote break-in over TV signals ;-)

Is there really no other way for precise timing but /dev/rtc ?

Version-Release number of selected component (if applicable):
tvtime-0.9.13-1

Revision history for this message
In , Ngo (ngo-redhat-bugs) wrote :

yes, it's needed to set the max-user-freq on /dev/rtc. But I don't see
it's critical because it will be dropped to a user after doing that.

Revision history for this message
In , Ngo (ngo-redhat-bugs) wrote :

in my opinion it's safe by removing setuid root. I will remove it in
next rebuild. Perhaps adding "dev.rtc.max-user-freq = 1024" in
/etc/sysctl.conf.

Revision history for this message
flaccid (chris-xhost) wrote :

Yes, this does seem like a logical error.

Here is the output (for eg.):

Running tvtime 1.0.2.
Reading configuration from /etc/tvtime/tvtime.xml
flaccid@boust:~$ I/O warning : failed to load external entity "/home/flaccid/.tvtime/tvtime.xml"
I/O error : Permission denied
I/O error : Permission denied
Cannot change owner of /home/flaccid/.tvtime/tvtime.xml: Permission denied.

Can we please fix this bug asap?
tvtime is good out of the box and works with a lot of people's hardware, pity it doesn't actually work out of the box at all atm because of this :(

Revision history for this message
Daniel T Chen (crimsun) wrote :

Is this symptom still reproducible in 8.10 alpha?

Changed in tvtime:
status: New → Incomplete
Revision history for this message
celticmonkey (jamesboston) wrote :

This is still a bug in Ubuntu 8.10.

After installing tvtime, the ~/.tvtime dir is root:root, so settings won't save.

Revision history for this message
Samuel Schluep (schluep) wrote :

I confirm that this bug has not been fixed in Ubuntu 8.10.

Revision history for this message
David C. Curtis (dccurtis) wrote :

Still occurs in Jaunty.

Changed in tvtime:
assignee: nobody → motumedia
status: Incomplete → Confirmed
Revision history for this message
Burt P. (pburt0) wrote :

Still exists in Ubuntu 9.04.

Revision history for this message
Rafael Gattringer (rafael.gattringer) wrote :

This bug also still exists in Ubuntu 10.04 LTS and Ubuntu 10.10 Alpha 2. (AMD64)

Revision history for this message
Rafael Gattringer (rafael.gattringer) wrote :

Who can fix this long confirmed and easy to fix (?) bug? The assigned maintainers the "MOTU Media Team" are no longer active. What now?

Benjamin Drung (bdrung)
Changed in tvtime (Ubuntu):
assignee: MOTU Media Team (motumedia) → nobody
Revision history for this message
Rafael Gattringer (rafael.gattringer) wrote :

Here is a quick workaround for the command line:

sudo chown -Rv $USERNAME:$USERNAME /home/$USERNAME/.tvtime

This was tested on Ubuntu 10.10 Alpha 2, but should be the same in all distributions.

Revision history for this message
ianos attila (ianosattila) wrote :

After 5 years, this bug still here.

Revision history for this message
Laszlo Danciu (rajopoeg) wrote :

It looks like it is installing the binary setuid root, so the bug probably lies with the application itself. (The problem ought to be fixable by simple groups + udev rules)

Revision history for this message
Pojar Geo (geoubuntu) wrote :

This is serious bug because package installation creates /root/.tvtime. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694892

Bug Watch Updater (bug-watch-updater)
Changed in tvtime (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in tvtime (Debian):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tvtime - 1.0.2-10ubuntu1

---------------
tvtime (1.0.2-10ubuntu1) raring; urgency=low

  * Merge from Debian unstable (LP: #92752). Remaining Ubuntu changes:
    - Retain patches:
      tvtime-1.0.1-savematte.patch, desktop_file.patch, tvtime-1.0.2-alsa.patch,
      tvtime-1.0.2-alsamixer.patch, pal_audio_mode_persistence.patch,
      tvtime-1.0.2-screensaver.patch, tvtime-1.0.2-videoinput.patch,
      tvtime-1.0.2-osd.patch, tvtime-1.0.2-usage.patch,
      tvtime-1.0.2-command.patch, tvtime-1.0.2-build.patch,
      tvtime-1.0.2-libtool.patch, tvtime-1.0.2-cursor.patch,
      tvtime-1.0.2-metacity.patch, tvtime-1.0.2-x_size_hint.patch,
      tvtime-1.0.2-menu.patch, tvtime-1.0.2-focus_mouse.patch,
      tvtime-1.0.2-icon.patch, tvtime-1.0.2-tvtimeosd.patch,
      tvtime-1.0.2-cpuid.patch, tvtime-1.0.2-xmltv.patch,
      tvtime-1.0.2-vbidata.patch, tvtime-1.0.2-verbose.patch,
      tvtime-1.0.2-vbiscreen.patch, tvtime-1.0.2-closed_caption.patch,
      tvtime-1.0.2-key_event.patch, tvtime-1.0.2-vbi.patch,
      tvtime-1.0.2-xinerama.patch, tvtime-1.0.2-volume.patch,
      tvtime-1.0.2-output_volume.patch, tvtime-1.0.2-autoconf.patch,
      tvtime-1.0.2-xcommon.patch.
    - debian/control: Build-Depends on autoconf, automake, libasound2-dev,
      libtool and libxss instead of libxtst.
    - debian/rules: Call autoreconf to re-generate the configure script.
    - added debian/source/format file.
  * Droped Debian changes:
    - debian/control: Suggests: oss-compat.
    - debian/control: Build-Depends chrpath.
    - debian/rules: Fixed binary-or-shlib-defines-rpath.
 -- POJAR GEORGE <email address hidden> Sun, 09 Dec 2012 18:02:59 +0000

Changed in tvtime (Ubuntu):
status: Confirmed → Fix Released
Pojar Geo (geoubuntu)
summary: - tvtime package defaults to root ownership
+ [SRU] package installation creates /root/.tvtime
Revision history for this message
Pojar Geo (geoubuntu) wrote :

Please nominate for precise

description: updated
Revision history for this message
Pojar Geo (geoubuntu) wrote :

Please nominate for quantal

description: updated
Pojar Geo (geoubuntu)
description: updated
description: updated
description: updated
Triniton Adam (trinitonadam)
Changed in tvtime (Ubuntu Precise):
status: New → Confirmed
Changed in tvtime (Ubuntu Quantal):
status: New → Confirmed
Brian Murray (brian-murray)
Changed in tvtime (Ubuntu Precise):
importance: Undecided → Medium
Changed in tvtime (Ubuntu Quantal):
importance: Undecided → Medium
Changed in tvtime (Ubuntu Precise):
status: Confirmed → Triaged
Changed in tvtime (Ubuntu Quantal):
status: Confirmed → Triaged
Revision history for this message
Brian Murray (brian-murray) wrote :

I've uploaded this to the Quantal -proposed queue.

Revision history for this message
Brian Murray (brian-murray) wrote :

And to the Precise -proposed queue.

Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello erusan, or anyone else affected,

Accepted tvtime into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/tvtime/1.0.2-9ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in tvtime (Ubuntu Quantal):
status: Triaged → Fix Committed
tags: added: verification-needed
Changed in tvtime (Ubuntu Precise):
status: Triaged → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello erusan, or anyone else affected,

Accepted tvtime into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/tvtime/1.0.2-7ubuntu9.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Triniton Adam (trinitonadam) wrote :

Hello, I instaled tvtime from proposed and now this problem seem to be solved.
Thanks

tags: added: verification-done
removed: verification-needed
Revision history for this message
Zicu Radu (zradu1100) wrote :

Also, I verified for precise and quantal, all is fine now.

Revision history for this message
Colin Watson (cjwatson) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tvtime - 1.0.2-7ubuntu9.1

---------------
tvtime (1.0.2-7ubuntu9.1) precise-proposed; urgency=low

  * debian/patches/tvtime-1.0.2-saveconfig.patch: Prevents needless creation of
    $HOME/.tvtime by tvtime-configure. (LP: #92752)
 -- POJAR GEORGE <email address hidden> Wed, 12 Dec 2012 15:47:13 -0800

Changed in tvtime (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tvtime - 1.0.2-9ubuntu1.1

---------------
tvtime (1.0.2-9ubuntu1.1) quantal-proposed; urgency=low

  * debian/patches/tvtime-1.0.2-saveconfig.patch: Prevents needless creation of
    $HOME/.tvtime by tvtime-configure. (LP: #92752)
 -- POJAR GEORGE <email address hidden> Wed, 12 Dec 2012 15:36:00 -0800

Changed in tvtime (Ubuntu Quantal):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in tvtime (Fedora):
importance: Unknown → Medium
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.