head	1.1;
access;
symbols
	pkgsrc-2026Q1:1.1.0.12
	pkgsrc-2026Q1-base:1.1
	pkgsrc-2025Q4:1.1.0.10
	pkgsrc-2025Q4-base:1.1
	pkgsrc-2025Q3:1.1.0.8
	pkgsrc-2025Q3-base:1.1
	pkgsrc-2025Q2:1.1.0.6
	pkgsrc-2025Q2-base:1.1
	pkgsrc-2025Q1:1.1.0.4
	pkgsrc-2025Q1-base:1.1
	pkgsrc-2024Q4:1.1.0.2
	pkgsrc-2024Q4-base:1.1;
locks; strict;
comment	@// @;


1.1
date	2024.12.01.13.49.48;	author gdt;	state Exp;
branches;
next	;
commitid	ABpMx07E1a05RNzF;


desc
@@


1.1
log
@security/zoneminder: Update to 1.36.33

Note that this update brings some unresolved issues requiring manual
attention, but a) that's just how zoneminder is and b) running 1.36
and dealing with the issues seems better than 1.30 with ancient php
and 1.30's issues.  The old version is in danger of being removed, so
this is better...

Significant packaging changes:

  + 1.36/1.34:

    - Switch to ffmpeg6 from ffmpeg2
    - gc many workarounds that are no longer necessary

  + 1.32:

    - Change config to etc/zm from etc, and provide etc/zm/conf.d, because
      migration from 1.30 writes there.
    - Rototill hard the cmake build options, and try to document what
      must be set as path configuration.
    - Depend on mp4v2.

Upstream NEWS:

  Generally, 1.X.0 is a significant release, and 1.X.Y, Y>0, are
  bugfixes and minor improvements.

  + 1.36 (The Memory Remains):

    Filters

	Moved event email options from global config to per Filter
	Added user to run filter as, so that users without access to certain monitors can't just use a filter to access them.
	Filters now have PreSQL and PostSQL conditions. The first Post SQL condition is ExistsInFileSystem. This can be used to cleanup after a crash instead of using zmaudit.
	warnings on Filter edit page when you create a filter than can delete archived events.
	Added Auto Unarchive function

    UI Updates

	bootstrap updated to version 3
	removed mootools
	events list now uses bootstrap-table to enable a more modern powerful ui
	scaled thumbnail on mouseover on events list
	thumbnails with scaling on console
	frames view updates to include stats information
	many popups turned into modals
	monitor edit is now a full view instead of popup
	Zone edit is now scaled so high res cameras don't take the entire screen or more.
	Added Estimated RAM use to Buffers tab in Monitors.
	Monitor edit no longer form submits/reloads between tabs it just hides/unhides tabs using bootstrap nav.
	Monitors can now have Latitude/Longitude associated and displayed on a map

    General

	New Monitor type VNC for recording desktops
	better use of scaling when streaming to reduce bandwidth/cpu use
	dynamic loading of vlc, curl and other libraries that might not be used. Saves ram
	ONVIF probe can now select a network to scan
	Sessions now stored in database
	Event Summary tables reorganized to improve locking performance
	Clicking on username in header will now list other logged in users if you have SystemView permission.
	ZoneMinder will now try other Storage Areas if it can't create the event in the assigned area.
	New Monitor Setting: Decoding Enabled/Disabled
	/dev/shm mmap use decoupled from image buffering. You should set ImageBufferCount to 3 or larger.
	mp4v2 deprecated and removed.
	zma process has been turned into a thread of zmc.
	Added second ffmpeg input stream for when audio is coming from another source.
	added RTSP re-streaming
	hwaccel encoding support for intel vaapi and nvenc
	Use onmousedown/onmouseup for PTZ start/stop in PTZ controls. Amcrest is the only Protocol that supports it so far.

  + 1.34 (My Friend Of Misery):

    This is largely a fixes & polish release. There are a number of bug fixes and security improvements in here.

    Upgrading from 1.32.3 should be relatively painless although if your Logs table is large it may take some time to update it.

    Security fixes:

	We no longer store passwords using mysql's built-in password encryption.
	We now support a modern JWT access token system
	Replaced a lot of inline javascript.
	There were a number of XSS and SQL injection issues fixed.
	CVE-2019-13072
	CVE-2019-6777

    Other changes:

	When adding a new monitor a random colour will be assigned to it instead of red.
	We now have a handy resolution dropdown to help prevent typos in the width & height fields
	Support for mysql8
	Support for php 7.4
	Can now delete database log entries for the logs popup
	Timezone setting moved from php.ini to Options -> System
	ffmpeg hwaccel support for h264 decoding
	Improved recording to mp4 with audio
	Added ZM_LOG_FFMPEG options which captures ffmpeg debug messages properly which can really help with debugging.
	Added ability to use zms to stream mjpeg when the video is stored as h265. Most browsers can't play h265 so this allows you to use passthrough mode with an h265 camera and still watch the video.
	Filters now have a Copy To action which copies the event files to a second storage area
	We now display additional event information such as that generated by event server object detection

  + 1.32

    - A re-worked web console, compared to the previous 1.30.4 release

    - record to mp4 container

    - record audio

    - support for php 7.x

    - Arbitrary website as a non-recordable, interactive monitor.

    - Updated Montage Review

    - Options-> Paths moved into config files under conf.d folder

    - Multiple storage paths are supported. See Options -> Storage

    - The old method of bind mounting the event folder is no longer needed nor recommended

    - Additional system statistics on the web console

    - Raspberry pi OMX hardware h264 decoder support

    - Event thumbnails play video on mouseover

    - Drag and drop sorting of monitors

    - Scalability improvements

    Upstream upgrade notes (tweaked for pkgsrc):

    - The upgrade scripts will take longer than normal to run,
      especially if you have many events.

    - Your previous settings on the Options -> Paths tab have been
      moved into the file zmcustom.conf which is found under
      ${PKGSYSCONFDIR}/etc/zm/conf.d

    - Consider migrating your events folder from the former bind mount
      method to the new method under Options -> Storage

    - You should no longer have symbolic links in your webroot
      folder. This resolves a long standing security issue.

    - The Apache config file has changed.  Hand merge it and review
      your web setup.
@
text
@$NetBSD$

Only include local sendfile header if there is sendfile support, to
avoid #error for no sendfile implementation.

--- src/zm_eventstream.cpp.orig	2023-02-23 21:44:01.000000000 +0000
+++ src/zm_eventstream.cpp
@@@@ -43,8 +43,8 @@@@ const std::string EventStream::StreamMod
 
 bool EventStream::loadInitialEventData(int monitor_id, time_t event_time) {
   std::string sql = stringtf("SELECT `Id` FROM `Events` WHERE "
-                             "`MonitorId` = %d AND unix_timestamp(`EndDateTime`) > %ld "
-                             "ORDER BY `Id` ASC LIMIT 1", monitor_id, event_time);
+                             "`MonitorId` = %d AND unix_timestamp(`EndDateTime`) > %jd "
+                             "ORDER BY `Id` ASC LIMIT 1", monitor_id, (intmax_t) event_time);
 
   MYSQL_RES *result = zmDbFetch(sql.c_str());
   if (!result)
@