First I removed the gross system(3) call to rm(1) -rf with unsanitised input, then I added safety belts, now it is working great for me without fallout.
The two patches are on https://github.com/klemensn/minidlna for convenience. When time allows, I want to push some more fixes there. FreeBSD's port already fetches from the maintainer's fork (see SITES comment), so that's what I did as well rather than upstream on Sourceforge, which seems rather inactive. Tests? Feedback? OK? Index: Makefile =================================================================== RCS file: /cvs/ports/multimedia/minidlna/Makefile,v diff -u -p -r1.44 Makefile --- Makefile 14 Apr 2025 20:09:48 -0000 1.44 +++ Makefile 25 Apr 2025 22:03:14 -0000 @@ -1,7 +1,7 @@ COMMENT= lightweight DLNA/UPnP-AV media server (aka ReadyMedia) DISTNAME= minidlna-1.3.3 -REVISION= 0 +REVISION= 1 CATEGORIES= multimedia @@ -10,12 +10,21 @@ HOMEPAGE= https://sourceforge.net/proje # GPLv2 only PERMIT_PACKAGE= Yes +# uses pledge() and unveil() WANTLIB += FLAC avcodec avformat avutil c exif iconv id3tag intl jpeg WANTLIB += ogg pthread sqlite3 vorbis z # sometimes https://github.com/glebius/minidlna has useful things SITES= ${SITE_SOURCEFORGE:=minidlna/} +# kn@ patches considered ready for upstream +SITES.fix= https://github.com/klemensn/minidlna/commit/ +# 'Rewrite dangerous system(3) "rm -rf ..." in standard library code' +PATCHFILES.fix= 9365218e5e0c7bff013be9c298f99297d1386ca0.patch +# 'OpenBSD: use pledge(2) and unveil(2)' +PATCHFILES.fix+= edebefe5725138402e43412c7bb10c3eb54a1b25.patch +PATCH_DIST_STRIP= -p1 + BUILD_DEPENDS= devel/gettext,-tools LIB_DEPENDS= audio/flac \ Index: distinfo =================================================================== RCS file: /cvs/ports/multimedia/minidlna/distinfo,v diff -u -p -r1.14 distinfo --- distinfo 3 Sep 2023 09:33:29 -0000 1.14 +++ distinfo 25 Apr 2025 22:03:17 -0000 @@ -1,2 +1,6 @@ +SHA256 (9365218e5e0c7bff013be9c298f99297d1386ca0.patch) = hKsaIS9pk3QJ6kYMdjf9qoH138pn1cw4Ot11Q1bb1BI= +SHA256 (edebefe5725138402e43412c7bb10c3eb54a1b25.patch) = Pvkj6elEqLa3ZDod+zEzetD4obT8dqPzrrgzDF6OWco= SHA256 (minidlna-1.3.3.tar.gz) = OQJsbUoTm5GAGS0cNyJaozdv308adNfeu9u2k9mWr6Q= +SIZE (9365218e5e0c7bff013be9c298f99297d1386ca0.patch) = 3380 +SIZE (edebefe5725138402e43412c7bb10c3eb54a1b25.patch) = 1657 SIZE (minidlna-1.3.3.tar.gz) = 824527 Index: patches/patch-minidlna_c =================================================================== RCS file: /cvs/ports/multimedia/minidlna/patches/patch-minidlna_c,v diff -u -p -r1.14 patch-minidlna_c --- patches/patch-minidlna_c 3 Mar 2023 07:54:45 -0000 1.14 +++ patches/patch-minidlna_c 20 Apr 2025 14:50:29 -0000 @@ -4,7 +4,7 @@ https://sourceforge.net/p/minidlna/bugs/ Index: minidlna.c --- minidlna.c.orig +++ minidlna.c -@@ -1150,7 +1150,7 @@ main(int argc, char **argv) +@@ -1231,7 +1231,7 @@ main(int argc, char **argv) lastdbtime = _get_dbtime(); #ifdef HAVE_WATCH
