diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2007-05-29 11:17:31 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2007-05-29 11:17:31 +0000 |
| commit | b66fc8a12ecee9a41cf376456128fdcce1aad352 (patch) | |
| tree | fd9caf5da52c7123d6f06684aa15189919825730 /media-sound/pulseaudio/files | |
| parent | alpha/ia64 stable wrt #180100 (diff) | |
| download | historical-b66fc8a12ecee9a41cf376456128fdcce1aad352.tar.gz historical-b66fc8a12ecee9a41cf376456128fdcce1aad352.tar.bz2 historical-b66fc8a12ecee9a41cf376456128fdcce1aad352.zip | |
Revision bump to add a patch for bug #180203 (CVE-2007-1804).
Package-Manager: portage-2.1.2.7
Diffstat (limited to 'media-sound/pulseaudio/files')
| -rw-r--r-- | media-sound/pulseaudio/files/digest-pulseaudio-0.9.5-r5 | 3 | ||||
| -rw-r--r-- | media-sound/pulseaudio/files/pulseaudio-0.9.5-CVE-2007-1804.patch | 83 |
2 files changed, 86 insertions, 0 deletions
diff --git a/media-sound/pulseaudio/files/digest-pulseaudio-0.9.5-r5 b/media-sound/pulseaudio/files/digest-pulseaudio-0.9.5-r5 new file mode 100644 index 000000000000..0d68de7bdc88 --- /dev/null +++ b/media-sound/pulseaudio/files/digest-pulseaudio-0.9.5-r5 @@ -0,0 +1,3 @@ +MD5 99b5d9efd4fce35cabb4ae5d0ebb230d pulseaudio-0.9.5.tar.gz 1145930 +RMD160 67f0cef89588453e347a2af5f641c9f953d4ef4b pulseaudio-0.9.5.tar.gz 1145930 +SHA256 cd82eabcf9fa310a64b58b621730cebe5d3edae7596a9c121155db455b1e58f6 pulseaudio-0.9.5.tar.gz 1145930 diff --git a/media-sound/pulseaudio/files/pulseaudio-0.9.5-CVE-2007-1804.patch b/media-sound/pulseaudio/files/pulseaudio-0.9.5-CVE-2007-1804.patch new file mode 100644 index 000000000000..a7b751a97c25 --- /dev/null +++ b/media-sound/pulseaudio/files/pulseaudio-0.9.5-CVE-2007-1804.patch @@ -0,0 +1,83 @@ +Index: pulseaudio-0.9.5/src/modules/module-volume-restore.c +=================================================================== +--- pulseaudio-0.9.5.orig/src/modules/module-volume-restore.c ++++ pulseaudio-0.9.5/src/modules/module-volume-restore.c +@@ -435,6 +435,7 @@ int pa__init(pa_core *c, pa_module*m) { + u->modified = 0; + + m->userdata = u; ++ u->sink_input_hook_slot = u->source_output_hook_slot = NULL; + + if (load_rules(u) < 0) + goto fail; +Index: pulseaudio-0.9.5/src/modules/rtp/sap.c +=================================================================== +--- pulseaudio-0.9.5.orig/src/modules/rtp/sap.c ++++ pulseaudio-0.9.5/src/modules/rtp/sap.c +@@ -142,9 +142,6 @@ int pa_sap_recv(pa_sap_context *c, int * + goto fail; + } + +- if (!size) +- return 0; +- + buf = pa_xnew(char, size+1); + buf[size] = 0; + +Index: pulseaudio-0.9.5/src/pulsecore/protocol-native.c +=================================================================== +--- pulseaudio-0.9.5.orig/src/pulsecore/protocol-native.c ++++ pulseaudio-0.9.5/src/pulsecore/protocol-native.c +@@ -760,7 +760,8 @@ static void command_create_playback_stre + CHECK_VALIDITY(c->pstream, pa_cvolume_valid(&volume), tag, PA_ERR_INVALID); + CHECK_VALIDITY(c->pstream, map.channels == ss.channels && volume.channels == ss.channels, tag, PA_ERR_INVALID); + CHECK_VALIDITY(c->pstream, maxlength > 0 && maxlength <= MAX_MEMBLOCKQ_LENGTH, tag, PA_ERR_INVALID); +- ++ CHECK_VALIDITY(c->pstream, maxlength >= pa_frame_size(&ss), tag, PA_ERR_INVALID); ++ + if (sink_index != PA_INVALID_INDEX) { + sink = pa_idxset_get_by_index(c->protocol->core->sinks, sink_index); + CHECK_VALIDITY(c->pstream, sink, tag, PA_ERR_NOENTITY); +Index: pulseaudio-0.9.5/src/pulsecore/pstream.c +=================================================================== +--- pulseaudio-0.9.5.orig/src/pulsecore/pstream.c ++++ pulseaudio-0.9.5/src/pulsecore/pstream.c +@@ -585,7 +585,7 @@ static int do_read(pa_pstream *p) { + + flags = ntohl(p->read.descriptor[PA_PSTREAM_DESCRIPTOR_FLAGS]); + +- if (!p->import && (flags & PA_FLAG_SHMMASK) != 0) { ++ if (!p->use_shm && (flags & PA_FLAG_SHMMASK) != 0) { + pa_log_warn("Recieved SHM frame on a socket where SHM is disabled."); + return -1; + } +Index: pulseaudio-0.9.5/src/pulsecore/sample-util.c +=================================================================== +--- pulseaudio-0.9.5.orig/src/pulsecore/sample-util.c ++++ pulseaudio-0.9.5/src/pulsecore/sample-util.c +@@ -35,13 +35,25 @@ + #include "sample-util.h" + #include "endianmacros.h" + ++#define PA_SILENCE_MAX (1024*1024*1) ++ + pa_memblock *pa_silence_memblock_new(pa_mempool *pool, const pa_sample_spec *spec, size_t length) { ++ size_t fs; + assert(pool); + assert(spec); + + if (length == 0) + length = pa_bytes_per_second(spec)/20; /* 50 ms */ + ++ if (length > PA_SILENCE_MAX) ++ length = PA_SILENCE_MAX; ++ ++ fs = pa_frame_size(spec); ++ length = ((PA_SILENCE_MAX+fs-1) / fs) * fs; ++ ++ if (length <= 0) ++ length = fs; ++ + return pa_silence_memblock(pa_memblock_new(pool, length), spec); + } + |