commit pulseaudio

29 May 2007

Hello community,

here is the log from the commit of package pulseaudio
checked in at Wed May 30 01:16:46 CEST 2007.

--------

--- pulseaudio/pulseaudio.changes	2007-04-24 12:04:54.000000000 +0200
+++ /mounts/work_src_done/STABLE/pulseaudio/pulseaudio.changes	2007-05-29 19:24:46.000000000 +0200
@@ -1,0 +2,9 @@
+Tue May 29 19:22:56 CEST 2007 - tiwai@suse.de
+
+- fix possible remote DoS (#260326)
+- fix wrong endian conversion of float data
+- add a workaround for firefox with LD_PRELOAD wrapper
+- add the missing support of ioctls for JavaSound
+- increase ESD max samplesize
+
+-------------------------------------------------------------------

New:
----
  pulseaudio-0.9.5-dos-vulns-fix.diff
  pulseaudio-0.9.5-esd-max-samplesize.diff
  pulseaudio-0.9.5-firefox-workaround.diff
  pulseaudio-0.9.5-javasound-support.diff
  pulseaudio-0.9.5-wrong-endian-convert.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ pulseaudio.spec ++++++
--- /var/tmp/diff_new_pack.R14132/_old	2007-05-30 01:16:21.000000000 +0200
+++ /var/tmp/diff_new_pack.R14132/_new	2007-05-30 01:16:21.000000000 +0200
@@ -14,7 +14,7 @@
 BuildRequires:  alsa-devel doxygen jack-devel liboil-devel libsamplerate-devel libsndfile-devel
 Summary:        A Networked Sound Server
 Version:        0.9.5
-Release:        38
+Release:        53
 License:        GNU General Public License (GPL), GNU Library General Public License v. 2.0 and 2.1 (LGPL)
 Group:          System/Sound Daemons
 Source:         %{name}-%{version}.tar.bz2
@@ -22,6 +22,11 @@
 Patch:          pulseaudio-0.9.5-framesize.patch
 Patch1:         pulseaudio-0.9.5-suspend.patch
 Patch2:         pulseaudio-0.9.5-userconf.patch
+Patch3:         pulseaudio-0.9.5-dos-vulns-fix.diff
+Patch4:         pulseaudio-0.9.5-wrong-endian-convert.diff
+Patch5:         pulseaudio-0.9.5-firefox-workaround.diff
+Patch6:         pulseaudio-0.9.5-javasound-support.diff
+Patch7:         pulseaudio-0.9.5-esd-max-samplesize.diff
 URL:            http://pulseaudio.org
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -69,10 +74,15 @@
     Pierre Ossman
 
 %prep
-%setup
+%setup -q
 %patch
 %patch1
 %patch2 -p2
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
 cp /usr/share/gettext/config.rpath .
 %{?suse_update_config:%{suse_update_config -f}}
 autoreconf --force --install
@@ -122,6 +132,12 @@
 %{_includedir}/pulse*
 
 %changelog
+* Tue May 29 2007 - tiwai@suse.de
+- fix possible remote DoS (#260326)
+- fix wrong endian conversion of float data
+- add a workaround for firefox with LD_PRELOAD wrapper
+- add the missing support of ioctls for JavaSound
+- increase ESD max samplesize
 * Tue Apr 24 2007 - tiwai@suse.de
 - disable static library, don't use ltdl install
 - fix requires of devel package


++++++ pulseaudio-0.9.5-dos-vulns-fix.diff ++++++
Fix from Ubuntu:

Include fixes for potential DoS vuln from
http://pulseaudio.org/ticket/67

diff -urNad pulseaudio-0.9.5-7ubuntu1~/src/modules/module-volume-restore.c pulseaudio-0.9.5-7ubuntu1/src/modules/module-volume-restore.c
--- pulseaudio-0.9.5-7ubuntu1~/src/modules/module-volume-restore.c	2007-05-08 06:39:31.000000000 -0400
+++ pulseaudio-0.9.5-7ubuntu1/src/modules/module-volume-restore.c	2007-05-25 01:22:16.000000000 -0400
@@ -435,6 +435,7 @@
     u->modified = 0;
     
     m->userdata = u;
+    u->sink_input_hook_slot = u->source_output_hook_slot = NULL;
     
     if (load_rules(u) < 0)
         goto fail;
diff -urNad pulseaudio-0.9.5-7ubuntu1~/src/modules/rtp/sap.c pulseaudio-0.9.5-7ubuntu1/src/modules/rtp/sap.c
--- pulseaudio-0.9.5-7ubuntu1~/src/modules/rtp/sap.c	2007-05-08 06:39:32.000000000 -0400
+++ pulseaudio-0.9.5-7ubuntu1/src/modules/rtp/sap.c	2007-05-25 01:22:29.000000000 -0400
@@ -142,9 +142,6 @@
         goto fail;
     }
 
-    if (!size)
-        return 0;
-
     buf = pa_xnew(char, size+1);
     buf[size] = 0;
     
diff -urNad pulseaudio-0.9.5-7ubuntu1~/src/pulsecore/protocol-native.c pulseaudio-0.9.5-7ubuntu1/src/pulsecore/protocol-native.c
--- pulseaudio-0.9.5-7ubuntu1~/src/pulsecore/protocol-native.c	2007-05-08 06:39:33.000000000 -0400
+++ pulseaudio-0.9.5-7ubuntu1/src/pulsecore/protocol-native.c	2007-05-25 01:19:40.000000000 -0400
@@ -760,7 +760,8 @@
     CHECK_VALIDITY(c->pstream, pa_cvolume_valid(&volume), tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, map.channels == ss.channels && volume.channels == ss.channels, tag, PA_ERR_INVALID);
     CHECK_VALIDITY(c->pstream, maxlength > 0 && maxlength <= MAX_MEMBLOCKQ_LENGTH, tag, PA_ERR_INVALID);
-
+    CHECK_VALIDITY(c->pstream, maxlength >= pa_frame_size(&ss), tag, PA_ERR_INVALID);
+    
     if (sink_index != PA_INVALID_INDEX) {
         sink = pa_idxset_get_by_index(c->protocol->core->sinks, sink_index);
         CHECK_VALIDITY(c->pstream, sink, tag, PA_ERR_NOENTITY);
diff -urNad pulseaudio-0.9.5-7ubuntu1~/src/pulsecore/pstream.c pulseaudio-0.9.5-7ubuntu1/src/pulsecore/pstream.c
--- pulseaudio-0.9.5-7ubuntu1~/src/pulsecore/pstream.c	2007-05-08 06:39:33.000000000 -0400
+++ pulseaudio-0.9.5-7ubuntu1/src/pulsecore/pstream.c	2007-05-25 01:18:45.000000000 -0400
@@ -585,7 +585,7 @@
 
         flags = ntohl(p->read.descriptor[PA_PSTREAM_DESCRIPTOR_FLAGS]);
 
-        if (!p->import && (flags & PA_FLAG_SHMMASK) != 0) {
+        if (!p->use_shm && (flags & PA_FLAG_SHMMASK) != 0) {
             pa_log_warn("Recieved SHM frame on a socket where SHM is disabled.");
             return -1;
         }
@@ -615,7 +615,7 @@
 
         length = ntohl(p->read.descriptor[PA_PSTREAM_DESCRIPTOR_LENGTH]);
         
-        if (length > FRAME_SIZE_MAX_ALLOW) {
+        if (length > FRAME_SIZE_MAX_ALLOW || length <= 0) {
             pa_log_warn("Recieved invalid frame size : %lu", (unsigned long) length);
             return -1;
         }
diff -urNad pulseaudio-0.9.5-7ubuntu1~/src/pulsecore/sample-util.c pulseaudio-0.9.5-7ubuntu1/src/pulsecore/sample-util.c
--- pulseaudio-0.9.5-7ubuntu1~/src/pulsecore/sample-util.c	2007-05-25 01:15:11.000000000 -0400
+++ pulseaudio-0.9.5-7ubuntu1/src/pulsecore/sample-util.c	2007-05-25 01:20:30.000000000 -0400
@@ -35,13 +35,25 @@
 #include "sample-util.h"
 #include "endianmacros.h"
 
+#define PA_SILENCE_MAX (1024*1024*1)
+
 pa_memblock *pa_silence_memblock_new(pa_mempool *pool, const pa_sample_spec *spec, size_t length) {
+    size_t fs;
     assert(pool);
     assert(spec);
 
     if (length == 0)
         length = pa_bytes_per_second(spec)/20; /* 50 ms */
 
+    if (length > PA_SILENCE_MAX)
+        length = PA_SILENCE_MAX;
+
+    fs = pa_frame_size(spec);
+    length = ((PA_SILENCE_MAX+fs-1) / fs) * fs;
+
+    if (length <= 0)
+        length = fs;
+    
     return pa_silence_memblock(pa_memblock_new(pool, length), spec);
 }
 
++++++ pulseaudio-0.9.5-esd-max-samplesize.diff ++++++
Increase cache size of esd

diff -urNad pulseaudio-0.9.5~/src/pulsecore/protocol-esound.c pulseaudio-0.9.5/src/pulsecore/protocol-esound.c
--- pulseaudio-0.9.5~/src/pulsecore/protocol-esound.c	2006-08-20 01:06:45.000000000 +0200
+++ pulseaudio-0.9.5/src/pulsecore/protocol-esound.c	2007-03-06 14:13:17.000000000 +0100
@@ -68,7 +68,7 @@
 #define RECORD_BUFFER_SECONDS (5)
 #define RECORD_BUFFER_FRAGMENTS (100)
 
-#define MAX_CACHE_SAMPLE_SIZE (1024000)
+#define MAX_CACHE_SAMPLE_SIZE (2048000)
 
 #define SCACHE_PREFIX "esound."
 
++++++ pulseaudio-0.9.5-firefox-workaround.diff ++++++
work around bug in firefox which apparently misuses access() as NULL
pointer test.

diff -urNad pulseaudio~/src/utils/padsp.c pulseaudio/src/utils/padsp.c
--- pulseaudio~/src/utils/padsp.c	2006-08-18 23:29:26.000000000 +0200
+++ pulseaudio/src/utils/padsp.c	2006-10-19 00:13:47.082198231 +0200
@@ -2121,6 +2121,13 @@
 }
 
 int access(const char *pathname, int mode) {
+
+    if (!pathname) {
+        /* Firefox needs this. See #27 */
+        errno = EFAULT;
+        return -1;
+    }
+    
     debug(DEBUG_LEVEL_VERBOSE, __FILE__": access(%s)\n", pathname);
 
     if (strcmp(pathname, "/dev/dsp") != 0 &&
++++++ pulseaudio-0.9.5-javasound-support.diff ++++++
implement a few more ioctl()s, including a subset of
SNDCTL_DSP_GETOPTR.  Just enough to make JavaSound work.

@DPATCH@
diff -urNad pulseaudio~/src/utils/padsp.c pulseaudio/src/utils/padsp.c
--- pulseaudio~/src/utils/padsp.c	2006-10-19 00:16:53.841869981 +0200
+++ pulseaudio/src/utils/padsp.c	2006-10-19 00:17:03.458470981 +0200
@@ -88,6 +88,8 @@
     pa_cvolume sink_volume, source_volume;
     uint32_t sink_index, source_index;
     int volume_modify_count;
+
+    int optr_n_blocks;
     
     PA_LLIST_FIELDS(fd_info);
 };
@@ -574,6 +576,7 @@
     i->volume_modify_count = 0;
     i->sink_index = (uint32_t) -1;
     i->source_index = (uint32_t) -1;
+    i->optr_n_blocks = 0;
     PA_LLIST_INIT(fd_info, i);
 
     reset_params(i);
@@ -1947,6 +1950,8 @@
             free_streams(i);
             dsp_flush_socket(i);
             reset_params(i);
+
+            i->optr_n_blocks = 0;
             
             pa_threaded_mainloop_unlock(i->mainloop);
             break;
@@ -2035,14 +2040,76 @@
             break;
         }
 
+        case SOUND_PCM_READ_RATE:
+            debug(DEBUG_LEVEL_NORMAL, __FILE__": SOUND_PCM_READ_RATE\n");
+            
+            pa_threaded_mainloop_lock(i->mainloop);
+            *(int*) argp = i->sample_spec.rate;
+            pa_threaded_mainloop_unlock(i->mainloop);
+            break; 
+
+        case SOUND_PCM_READ_CHANNELS:
+            debug(DEBUG_LEVEL_NORMAL, __FILE__": SOUND_PCM_READ_CHANNELS\n");
+            
+            pa_threaded_mainloop_lock(i->mainloop);
+            *(int*) argp = i->sample_spec.channels;
+            pa_threaded_mainloop_unlock(i->mainloop);
+            break; 
+
+        case SOUND_PCM_READ_BITS:
+            debug(DEBUG_LEVEL_NORMAL, __FILE__": SOUND_PCM_READ_BITS\n");
+            
+            pa_threaded_mainloop_lock(i->mainloop);
+            *(int*) argp = pa_sample_size(&i->sample_spec)*8;
+            pa_threaded_mainloop_unlock(i->mainloop);
+            break; 
+            
+        case SNDCTL_DSP_GETOPTR: {
+            count_info *info;
+            
+            debug(DEBUG_LEVEL_NORMAL, __FILE__": SNDCTL_DSP_GETODELAY\n");
+
+            info = (count_info*) argp;
+            memset(info, 0, sizeof(*info));
+            
+            pa_threaded_mainloop_lock(i->mainloop);
+
+            for (;;) {
+                pa_usec_t usec;
+
+                PLAYBACK_STREAM_CHECK_DEAD_GOTO(i, exit_loop);
+
+                if (pa_stream_get_time(i->play_stream, &usec) >= 0) {
+                    size_t k = pa_usec_to_bytes(usec, &i->sample_spec);
+                    int m;
+                    
+                    info->bytes = (int) k;
+                    m = k / i->fragment_size;
+                    info->blocks = m - i->optr_n_blocks;
+                    i->optr_n_blocks = m;
+
+                    break;
+                }
+
+                if (pa_context_errno(i->context) != PA_ERR_NODATA) {
+                    debug(DEBUG_LEVEL_NORMAL, __FILE__": pa_stream_get_latency(): %s\n", pa_strerror(pa_context_errno(i->context)));
+                    break;
+                }
+
+                pa_threaded_mainloop_wait(i->mainloop);
+            }
+            
+            pa_threaded_mainloop_unlock(i->mainloop);
+
+            debug(DEBUG_LEVEL_NORMAL, __FILE__": GETOPTR bytes=%i, blocks=%i, ptr=%i\n", info->bytes, info->blocks, info->ptr);
+
+            break;
+        }
+
         case SNDCTL_DSP_GETIPTR:
             debug(DEBUG_LEVEL_NORMAL, __FILE__": invalid ioctl SNDCTL_DSP_GETIPTR\n");
             goto inval;
-
-        case SNDCTL_DSP_GETOPTR:
-            debug(DEBUG_LEVEL_NORMAL, __FILE__": invalid ioctl SNDCTL_DSP_GETOPTR\n");
-            goto inval;
-
+            
         default:
             debug(DEBUG_LEVEL_NORMAL, __FILE__": unknown ioctl 0x%08lx\n", request);
 
++++++ pulseaudio-0.9.5-wrong-endian-convert.diff ++++++
Fix float32le <-> float32ne <-> float32be sample converters

diff -urNad pulseaudio~/src/pulsecore/sample-util.c pulseaudio/src/pulsecore/sample-util.c
--- pulseaudio~/src/pulsecore/sample-util.c	2006-08-18 23:38:49.000000000 +0200
+++ pulseaudio/src/pulsecore/sample-util.c	2006-10-19 00:19:56.233268731 +0200
@@ -68,6 +68,7 @@
         case PA_SAMPLE_S16LE:
         case PA_SAMPLE_S16BE:
         case PA_SAMPLE_FLOAT32:
+        case PA_SAMPLE_FLOAT32RE:
             c = 0;
             break;
         case PA_SAMPLE_ALAW:
diff -urNad pulseaudio~/src/pulsecore/sconv.c pulseaudio/src/pulsecore/sconv.c
--- pulseaudio~/src/pulsecore/sconv.c	2006-08-18 23:29:25.000000000 +0200
+++ pulseaudio/src/pulsecore/sconv.c	2006-10-19 00:19:56.229268481 +0200
@@ -72,6 +72,22 @@
     oil_memcpy(b, a, sizeof(float) * n);
 }
 
+static void float32re_to_float32ne(unsigned n, const void *a, float *b) {
+    assert(a);
+    assert(b);
+
+    while (n-- > 0)
+	((uint32_t *)b)[n] = UINT32_SWAP (((uint32_t *)a)[n]);
+}
+
+static void float32re_from_float32ne(unsigned n, const float *a, void *b) {
+    assert(a);
+    assert(b);
+
+    while (n-- > 0)
+	((uint32_t *)b)[n] = UINT32_SWAP (((uint32_t *)a)[n]);
+}
+
 static void ulaw_to_float32ne(unsigned n, const void *a, float *b) {
     const uint8_t *ca = a;
 
@@ -140,6 +156,8 @@
             return pa_sconv_s16be_to_float32ne;
         case PA_SAMPLE_FLOAT32NE:
             return float32ne_to_float32ne;
+	case PA_SAMPLE_FLOAT32RE:
+	    return float32re_to_float32ne;
         case PA_SAMPLE_ALAW:
             return alaw_to_float32ne;
         case PA_SAMPLE_ULAW:
@@ -159,6 +177,8 @@
             return pa_sconv_s16be_from_float32ne;
         case PA_SAMPLE_FLOAT32NE:
             return float32ne_from_float32ne;
+        case PA_SAMPLE_FLOAT32RE:
+            return float32re_from_float32ne;
         case PA_SAMPLE_ALAW:
             return alaw_from_float32ne;
         case PA_SAMPLE_ULAW:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

root＠Hilbert.suse.de

tags

participants (1)