diff --git a/0001-memblock-rate-limit-Pool-full-message.patch b/0001-memblock-rate-limit-Pool-full-message.patch new file mode 100644 index 0000000..09d42e1 --- /dev/null +++ b/0001-memblock-rate-limit-Pool-full-message.patch @@ -0,0 +1,26 @@ +From 05f239a74a18fbda2406e2fc306a0f6c1b764d8a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 12 Aug 2009 21:40:38 +0200 +Subject: [PATCH 1/5] memblock: rate limit 'Pool full' message + +--- + src/pulsecore/memblock.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/src/pulsecore/memblock.c b/src/pulsecore/memblock.c +index 6cc0ff3..cb70f27 100644 +--- a/src/pulsecore/memblock.c ++++ b/src/pulsecore/memblock.c +@@ -255,7 +255,8 @@ static struct mempool_slot* mempool_allocate_slot(pa_mempool *p) { + slot = (struct mempool_slot*) ((uint8_t*) p->memory.ptr + (p->block_size * (size_t) idx)); + + if (!slot) { +- pa_log_info("Pool full"); ++ if (pa_log_ratelimit()) ++ pa_log_debug("Pool full"); + pa_atomic_inc(&p->stat.n_pool_full); + return NULL; + } +-- +1.6.4.2 + diff --git a/0002-pacmd-handle-multi-word-commands-in-argv-properly.patch b/0002-pacmd-handle-multi-word-commands-in-argv-properly.patch new file mode 100644 index 0000000..ccc11c9 --- /dev/null +++ b/0002-pacmd-handle-multi-word-commands-in-argv-properly.patch @@ -0,0 +1,25 @@ +From 81eeb0667edddf587981f99631370dbcd00be3f2 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 14 Aug 2009 04:12:36 +0200 +Subject: [PATCH 2/5] pacmd: handle multi word commands in argv[] properly + +--- + src/utils/pacmd.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/utils/pacmd.c b/src/utils/pacmd.c +index d94f266..46c44c2 100644 +--- a/src/utils/pacmd.c ++++ b/src/utils/pacmd.c +@@ -106,7 +106,7 @@ int main(int argc, char*argv[]) { + size_t k; + + k = PA_MIN(sizeof(ibuf) - ibuf_length, strlen(argv[i])); +- memcpy(ibuf + ibuf_length, argv[1], k); ++ memcpy(ibuf + ibuf_length, argv[i], k); + ibuf_length += k; + + if (ibuf_length < sizeof(ibuf)) { +-- +1.6.4.2 + diff --git a/0003-protocol-native-compare-uint64_t-variable-with-uint6.patch b/0003-protocol-native-compare-uint64_t-variable-with-uint6.patch new file mode 100644 index 0000000..ea04e42 --- /dev/null +++ b/0003-protocol-native-compare-uint64_t-variable-with-uint6.patch @@ -0,0 +1,26 @@ +From 35ccb319e6a1e8e7ada88d85ede16612c140fefe Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 27 Aug 2009 00:04:33 +0200 +Subject: [PATCH 3/5] protocol-native: compare uint64_t variable with (uint64_t) -1 instead of (size_t) -1 for compat with 32bit archs + +--- + src/pulsecore/protocol-native.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c +index aecaf71..1ac26c0 100644 +--- a/src/pulsecore/protocol-native.c ++++ b/src/pulsecore/protocol-native.c +@@ -1283,7 +1283,8 @@ static void handle_seek(playback_stream *s, int64_t indexw) { + + pa_log_debug("Requesting rewind due to end of underrun."); + pa_sink_input_request_rewind(s->sink_input, +- (size_t) (s->sink_input->thread_info.underrun_for == (size_t) -1 ? 0 : s->sink_input->thread_info.underrun_for), ++ (size_t) (s->sink_input->thread_info.underrun_for == (uint64_t) -1 ? 0 : ++ s->sink_input->thread_info.underrun_for), + FALSE, TRUE, FALSE); + } + +-- +1.6.4.2 + diff --git a/0004-proplist-allow-setting-of-zero-length-data-propertie.patch b/0004-proplist-allow-setting-of-zero-length-data-propertie.patch new file mode 100644 index 0000000..310b984 --- /dev/null +++ b/0004-proplist-allow-setting-of-zero-length-data-propertie.patch @@ -0,0 +1,35 @@ +From b10bddf99bdda3a776d5f92bcb7c07a2b16b91e0 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 27 Aug 2009 05:33:45 +0200 +Subject: [PATCH 4/5] proplist: allow setting of zero-length data properties + +--- + src/pulse/proplist.c | 5 +++-- + 1 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/pulse/proplist.c b/src/pulse/proplist.c +index db4c934..274f708 100644 +--- a/src/pulse/proplist.c ++++ b/src/pulse/proplist.c +@@ -236,7 +236,7 @@ int pa_proplist_set(pa_proplist *p, const char *key, const void *data, size_t nb + + pa_assert(p); + pa_assert(key); +- pa_assert(data); ++ pa_assert(data || nbytes == 0); + + if (!property_name_valid(key)) + return -1; +@@ -249,7 +249,8 @@ int pa_proplist_set(pa_proplist *p, const char *key, const void *data, size_t nb + pa_xfree(prop->value); + + prop->value = pa_xmalloc(nbytes+1); +- memcpy(prop->value, data, nbytes); ++ if (nbytes > 0) ++ memcpy(prop->value, data, nbytes); + ((char*) prop->value)[nbytes] = 0; + prop->nbytes = nbytes; + +-- +1.6.4.2 + diff --git a/0005-native-make-sure-clients-cannot-trigger-an-assert-by.patch b/0005-native-make-sure-clients-cannot-trigger-an-assert-by.patch new file mode 100644 index 0000000..c52f042 --- /dev/null +++ b/0005-native-make-sure-clients-cannot-trigger-an-assert-by.patch @@ -0,0 +1,47 @@ +From 9333e89f66231e64aac539c1cc0e5f8398a25a12 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Sat, 29 Aug 2009 06:11:02 +0200 +Subject: [PATCH 5/5] native: make sure clients cannot trigger an assert by sending us invalid volume info + +--- + src/pulsecore/protocol-native.c | 14 ++++++++++---- + 1 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c +index 1ac26c0..d52b872 100644 +--- a/src/pulsecore/protocol-native.c ++++ b/src/pulsecore/protocol-native.c +@@ -3322,12 +3322,19 @@ static void command_set_volume( + + CHECK_VALIDITY(c->pstream, si || sink || source, tag, PA_ERR_NOENTITY); + +- if (sink) ++ if (sink) { ++ CHECK_VALIDITY(c->pstream, pa_cvolume_compatible(&volume, &sink->sample_spec), tag, PA_ERR_INVALID); ++ + pa_sink_set_volume(sink, &volume, TRUE, TRUE, TRUE); +- else if (source) ++ } else if (source) { ++ CHECK_VALIDITY(c->pstream, pa_cvolume_compatible(&volume, &source->sample_spec), tag, PA_ERR_INVALID); ++ + pa_source_set_volume(source, &volume); +- else if (si) ++ } else if (si) { ++ CHECK_VALIDITY(c->pstream, pa_cvolume_compatible(&volume, &si->sample_spec), tag, PA_ERR_INVALID); ++ + pa_sink_input_set_volume(si, &volume, TRUE, TRUE); ++ } + + pa_pstream_send_simple_ack(c->pstream, tag); + } +@@ -3368,7 +3375,6 @@ static void command_set_mute( + switch (command) { + + case PA_COMMAND_SET_SINK_MUTE: +- + if (idx != PA_INVALID_INDEX) + sink = pa_idxset_get_by_index(c->protocol->core->sinks, idx); + else +-- +1.6.4.2 + diff --git a/pulseaudio.spec b/pulseaudio.spec index 04b1a2c..4fa2e4d 100644 --- a/pulseaudio.spec +++ b/pulseaudio.spec @@ -3,7 +3,7 @@ Name: pulseaudio Summary: Improved Linux sound server Version: 0.9.15 -Release: 16%{?dist} +Release: 17%{?dist} License: GPLv2+ Group: System Environment/Daemons Source0: http://0pointer.de/lennart/projects/pulseaudio/pulseaudio-%{version}.tar.gz @@ -37,6 +37,11 @@ Patch26: 0001-sample-fix-build-on-BE-archs.patch Patch27: 0001-alsa-properly-convert-return-values-of-snd_strerror.patch Patch28: 0001-alsa-remove-debug-code.patch Patch29: 0001-Remove-exploitable-LD_BIND_NOW-hack-CVE-2009-1894.patch +Patch30: 0001-memblock-rate-limit-Pool-full-message.patch +Patch31: 0002-pacmd-handle-multi-word-commands-in-argv-properly.patch +Patch32: 0003-protocol-native-compare-uint64_t-variable-with-uint6.patch +Patch33: 0004-proplist-allow-setting-of-zero-length-data-propertie.patch +Patch34: 0005-native-make-sure-clients-cannot-trigger-an-assert-by.patch URL: http://pulseaudio.org BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: m4 @@ -246,6 +251,11 @@ This package contains command line utilities for the PulseAudio sound server. %patch27 -p1 %patch28 -p1 %patch29 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 %build CFLAGS="-ggdb" %configure --disable-static --disable-rpath --with-system-user=pulse --with-system-group=pulse --with-realtime-group=pulse-rt --with-access-group=pulse-access @@ -466,6 +476,10 @@ groupadd -r pulse-access &>/dev/null || : %{_mandir}/man1/pax11publish.1.gz %changelog +* Fri Sep 4 2009 Lennart Poettering 0.9.15-17 +- Backport 5 patches +- Closes #520586 + * Tue Jul 28 2009 Lennart Poettering 0.9.15-16 - Fix up patch