summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPacho Ramos <pacho@gentoo.org>2014-06-12 17:42:47 +0000
committerPacho Ramos <pacho@gentoo.org>2014-06-12 17:42:47 +0000
commit2636798c064cfe8b1f3512a8c0cc5f9415e2104b (patch)
tree154ace54a11abfba259aa0ac6d44e7d0740de060
parentamd64/ppc64/ppc/x86 stable wrt bug #513040 (diff)
downloadgentoo-2-2636798c064cfe8b1f3512a8c0cc5f9415e2104b.tar.gz
gentoo-2-2636798c064cfe8b1f3512a8c0cc5f9415e2104b.tar.bz2
gentoo-2-2636798c064cfe8b1f3512a8c0cc5f9415e2104b.zip
Fix CVE-2014-3970 (#512516), bash-completion dir (#509486 by poncho) and apply a patch from upstream used in Fedora to fix the profiles switching.
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key A188FBD4)
-rw-r--r--media-sound/pulseaudio/ChangeLog10
-rw-r--r--media-sound/pulseaudio/files/pulseaudio-5.0-crash-udp.patch53
-rw-r--r--media-sound/pulseaudio/files/pulseaudio-5.0-module-switch.patch35
-rw-r--r--media-sound/pulseaudio/pulseaudio-5.0-r2.ebuild347
4 files changed, 444 insertions, 1 deletions
diff --git a/media-sound/pulseaudio/ChangeLog b/media-sound/pulseaudio/ChangeLog
index 2f8f670e0eb3..b9f4b9b36948 100644
--- a/media-sound/pulseaudio/ChangeLog
+++ b/media-sound/pulseaudio/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for media-sound/pulseaudio
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-sound/pulseaudio/ChangeLog,v 1.341 2014/05/17 15:31:46 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-sound/pulseaudio/ChangeLog,v 1.342 2014/06/12 17:42:47 pacho Exp $
+
+*pulseaudio-5.0-r2 (12 Jun 2014)
+
+ 12 Jun 2014; Pacho Ramos <pacho@gentoo.org>
+ +files/pulseaudio-5.0-crash-udp.patch,
+ +files/pulseaudio-5.0-module-switch.patch, +pulseaudio-5.0-r2.ebuild:
+ Fix CVE-2014-3970 (#512516), bash-completion dir (#509486 by poncho) and apply
+ a patch from upstream used in Fedora to fix the profiles switching.
17 May 2014; Agostino Sarubbo <ago@gentoo.org> pulseaudio-5.0-r1.ebuild:
Stable for alpha, wrt bug #508862
diff --git a/media-sound/pulseaudio/files/pulseaudio-5.0-crash-udp.patch b/media-sound/pulseaudio/files/pulseaudio-5.0-crash-udp.patch
new file mode 100644
index 000000000000..d14da07459ff
--- /dev/null
+++ b/media-sound/pulseaudio/files/pulseaudio-5.0-crash-udp.patch
@@ -0,0 +1,53 @@
+From 26b9d22dd24c17eb118d0205bf7b02b75d435e3c Mon Sep 17 00:00:00 2001
+From: Alexander E. Patrakov <patrakov@gmail.com>
+Date: Thu, 05 Jun 2014 16:29:25 +0000
+Subject: rtp-recv: fix crash on empty UDP packets (CVE-2014-3970)
+
+On FIONREAD returning 0 bytes, we cannot return success, as the caller
+(rtpoll_work_cb in module-rtp-recv.c) would then try to
+pa_memblock_unref(chunk.memblock) and, because memblock is NULL, trigger
+an assertion.
+
+Also we have to read out the possible empty packet from the socket, so
+that the kernel doesn't tell us again and again about it.
+
+Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>
+---
+diff --git a/src/modules/rtp/rtp.c b/src/modules/rtp/rtp.c
+index 570737e..7b75e0e 100644
+--- a/src/modules/rtp/rtp.c
++++ b/src/modules/rtp/rtp.c
+@@ -182,8 +182,29 @@ int pa_rtp_recv(pa_rtp_context *c, pa_memchunk *chunk, pa_mempool *pool, struct
+ goto fail;
+ }
+
+- if (size <= 0)
+- return 0;
++ if (size <= 0) {
++ /* size can be 0 due to any of the following reasons:
++ *
++ * 1. Somebody sent us a perfectly valid zero-length UDP packet.
++ * 2. Somebody sent us a UDP packet with a bad CRC.
++ *
++ * It is unknown whether size can actually be less than zero.
++ *
++ * In the first case, the packet has to be read out, otherwise the
++ * kernel will tell us again and again about it, thus preventing
++ * reception of any further packets. So let's just read it out
++ * now and discard it later, when comparing the number of bytes
++ * received (0) with the number of bytes wanted (1, see below).
++ *
++ * In the second case, recvmsg() will fail, thus allowing us to
++ * return the error.
++ *
++ * Just to avoid passing zero-sized memchunks and NULL pointers to
++ * recvmsg(), let's force allocation of at least one byte by setting
++ * size to 1.
++ */
++ size = 1;
++ }
+
+ if (c->memchunk.length < (unsigned) size) {
+ size_t l;
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/media-sound/pulseaudio/files/pulseaudio-5.0-module-switch.patch b/media-sound/pulseaudio/files/pulseaudio-5.0-module-switch.patch
new file mode 100644
index 000000000000..e8ff6e051ae4
--- /dev/null
+++ b/media-sound/pulseaudio/files/pulseaudio-5.0-module-switch.patch
@@ -0,0 +1,35 @@
+From ef4a41e8b0ef81a53769d853dbc7679b25252327 Mon Sep 17 00:00:00 2001
+From: David Henningsson <david.henningsson@canonical.com>
+Date: Fri, 28 Mar 2014 11:59:09 +0100
+Subject: [PATCH 36/38] module-switch-on-port-available: Don't switch profiles
+ on uninitialized cards
+
+This could cause the HDMI port to become the default on some systems
+where analog output was available.
+
+BugLink: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1256511
+BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=73375
+Signed-off-by: David Henningsson <david.henningsson@canonical.com>
+---
+ src/modules/module-switch-on-port-available.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/modules/module-switch-on-port-available.c b/src/modules/module-switch-on-port-available.c
+index 2c7ad17..c560306 100644
+--- a/src/modules/module-switch-on-port-available.c
++++ b/src/modules/module-switch-on-port-available.c
+@@ -173,6 +173,11 @@ static pa_hook_result_t port_available_hook_callback(pa_core *c, pa_device_port
+ return PA_HOOK_OK;
+ }
+
++ if (pa_idxset_size(card->sinks) == 0 && pa_idxset_size(card->sources) == 0)
++ /* This card is not initialized yet. We'll handle it in
++ sink_new / source_new callbacks later. */
++ return PA_HOOK_OK;
++
+ find_sink_and_source(card, port, &sink, &source);
+
+ is_active_profile = card->active_profile == pa_hashmap_get(port->profiles, card->active_profile->name);
+--
+1.9.0
+
diff --git a/media-sound/pulseaudio/pulseaudio-5.0-r2.ebuild b/media-sound/pulseaudio/pulseaudio-5.0-r2.ebuild
new file mode 100644
index 000000000000..40753e96815f
--- /dev/null
+++ b/media-sound/pulseaudio/pulseaudio-5.0-r2.ebuild
@@ -0,0 +1,347 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-sound/pulseaudio/pulseaudio-5.0-r2.ebuild,v 1.1 2014/06/12 17:42:47 pacho Exp $
+
+EAPI="5"
+inherit autotools bash-completion-r1 eutils flag-o-matic linux-info readme.gentoo systemd user versionator udev multilib-minimal
+
+DESCRIPTION="A networked sound server with an advanced plugin system"
+HOMEPAGE="http://www.pulseaudio.org/"
+SRC_URI="http://freedesktop.org/software/pulseaudio/releases/${P}.tar.xz"
+
+# libpulse-simple and libpulse link to libpulse-core; this is daemon's
+# library and can link to gdbm and other GPL-only libraries. In this
+# cases, we have a fully GPL-2 package. Leaving the rest of the
+# GPL-forcing USE flags for those who use them.
+LICENSE="!gdbm? ( LGPL-2.1 ) gdbm? ( GPL-2 )"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+
+IUSE="+alsa +asyncns avahi bluetooth +caps dbus doc equalizer +gdbm +glib gnome
+gtk ipv6 jack libsamplerate lirc neon +orc oss qt4 realtime ssl systemd
+system-wide tcpd test +udev +webrtc-aec +X xen"
+
+# See "*** BLUEZ support not found (requires D-Bus)" in configure.ac
+REQUIRED_USE="bluetooth? ( dbus )"
+
+# libpcre needed in some cases, bug #472228
+RDEPEND="
+ || (
+ elibc_glibc? ( virtual/libc )
+ elibc_uclibc? ( virtual/libc )
+ dev-libs/libpcre
+ )
+ >=media-libs/libsndfile-1.0.20[${MULTILIB_USEDEP}]
+ X? (
+ >=x11-libs/libX11-1.4.0[${MULTILIB_USEDEP}]
+ >=x11-libs/libxcb-1.6[${MULTILIB_USEDEP}]
+ x11-libs/libSM[${MULTILIB_USEDEP}]
+ x11-libs/libICE[${MULTILIB_USEDEP}]
+ x11-libs/libXtst[${MULTILIB_USEDEP}]
+ )
+ caps? ( sys-libs/libcap[${MULTILIB_USEDEP}] )
+ libsamplerate? ( >=media-libs/libsamplerate-0.1.1-r1 )
+ alsa? ( >=media-libs/alsa-lib-1.0.19 )
+ glib? ( >=dev-libs/glib-2.4.0[${MULTILIB_USEDEP}] )
+ avahi? ( >=net-dns/avahi-0.6.12[dbus] )
+ jack? ( >=media-sound/jack-audio-connection-kit-0.117 )
+ tcpd? ( sys-apps/tcp-wrappers[${MULTILIB_USEDEP}] )
+ lirc? ( app-misc/lirc )
+ dbus? ( >=sys-apps/dbus-1.0.0[${MULTILIB_USEDEP}] )
+ gtk? ( x11-libs/gtk+:3 )
+ gnome? ( >=gnome-base/gconf-2.4.0 )
+ bluetooth? (
+ net-wireless/bluez:=
+ >=sys-apps/dbus-1.0.0
+ media-libs/sbc
+ )
+ asyncns? ( net-libs/libasyncns[${MULTILIB_USEDEP}] )
+ udev? ( >=virtual/udev-143[hwdb(+)] )
+ realtime? ( sys-auth/rtkit )
+ equalizer? ( sci-libs/fftw:3.0 )
+ orc? ( >=dev-lang/orc-0.4.9 )
+ ssl? ( dev-libs/openssl )
+ >=media-libs/speex-1.2_rc1
+ gdbm? ( sys-libs/gdbm )
+ webrtc-aec? ( media-libs/webrtc-audio-processing )
+ xen? ( app-emulation/xen-tools )
+ systemd? ( sys-apps/systemd:0=[${MULTILIB_USEDEP}] )
+ dev-libs/json-c[${MULTILIB_USEDEP}]
+ abi_x86_32? ( !<=app-emulation/emul-linux-x86-soundlibs-20131008-r1
+ !app-emulation/emul-linux-x86-soundlibs[-abi_x86_32(-)] )
+ >=sys-devel/libtool-2.4.2
+"
+# it's a valid RDEPEND, libltdl.so is used
+
+DEPEND="${RDEPEND}
+ sys-devel/m4
+ doc? ( app-doc/doxygen )
+ test? ( dev-libs/check )
+ X? (
+ x11-proto/xproto[${MULTILIB_USEDEP}]
+ >=x11-libs/libXtst-1.0.99.2[${MULTILIB_USEDEP}]
+ )
+ dev-libs/libatomic_ops
+ virtual/pkgconfig
+ system-wide? ( || ( dev-util/unifdef sys-freebsd/freebsd-ubin ) )
+ dev-util/intltool
+ >=sys-devel/gettext-0.18.1
+"
+# This is a PDEPEND to avoid a circular dep
+PDEPEND="alsa? ( >=media-plugins/alsa-plugins-1.0.27-r1[pulseaudio] )"
+
+# alsa-utils dep is for the alsasound init.d script (see bug #155707)
+# bluez dep is for the bluetooth init.d script
+# PyQt4 dep is for the qpaeq script
+RDEPEND="${RDEPEND}
+ equalizer? ( qt4? ( dev-python/PyQt4[dbus] ) )
+ system-wide? (
+ alsa? ( media-sound/alsa-utils )
+ bluetooth? ( net-wireless/bluez:= )
+ )
+"
+
+pkg_pretend() {
+ CONFIG_CHECK="~HIGH_RES_TIMERS"
+ WARNING_HIGH_RES_TIMERS="CONFIG_HIGH_RES_TIMERS:\tis not set (required for enabling timer-based scheduling in pulseaudio)\n"
+ check_extra_config
+
+ if linux_config_exists; then
+ local snd_hda_prealloc_size=$(linux_chkconfig_string SND_HDA_PREALLOC_SIZE)
+ if [ -n "${snd_hda_prealloc_size}" ] && [ "${snd_hda_prealloc_size}" -lt 2048 ]; then
+ ewarn "A preallocated buffer-size of 2048 (kB) or higher is recommended for the HD-audio driver!"
+ ewarn "CONFIG_SND_HDA_PREALLOC_SIZE=${snd_hda_prealloc_size}"
+ fi
+ fi
+}
+
+pkg_setup() {
+ linux-info_pkg_setup
+
+ enewgroup audio 18 # Just make sure it exists
+
+ if use system-wide; then
+ enewgroup pulse-access
+ enewgroup pulse
+ enewuser pulse -1 -1 /var/run/pulse pulse,audio
+ fi
+}
+
+src_prepare() {
+ # Skip test that cannot work with sandbox, bug #501846
+ sed -i -e '/lock-autospawn-test/d' src/Makefile.am || die
+
+ # Fix CVE-2014-3970, bug #512516
+ epatch "${FILESDIR}/${P}-crash-udp.patch"
+
+ # module-switch-on-port-available: Don't switch profiles on uninitialized cards (from 'master')
+ epatch "${FILESDIR}/${P}-module-switch.patch"
+
+ epatch_user
+ eautoreconf
+}
+
+multilib_src_configure() {
+ local myconf=()
+
+ if use gdbm; then
+ myconf+=( --with-database=gdbm )
+ #elif use tdb; then
+ # myconf+=( --with-database=tdb )
+ else
+ myconf+=( --with-database=simple )
+ fi
+
+ if use bluetooth; then
+ if has_version '<net-wireless/bluez-5'; then
+ myconf+=( --disable-bluez5 --enable-bluez4 )
+ else
+ myconf+=( --enable-bluez5 --disable-bluez4 )
+ fi
+ else
+ myconf+=( --disable-bluez5 --disable-bluez4 )
+ fi
+
+ myconf+=(
+ --enable-largefile
+ $(use_enable glib glib2)
+ --disable-solaris
+ $(use_enable asyncns)
+ $(use_enable oss oss-output)
+ $(use_enable alsa)
+ $(use_enable lirc)
+ $(use_enable neon neon-opt)
+ $(use_enable tcpd tcpwrap)
+ $(use_enable jack)
+ $(use_enable avahi)
+ $(use_enable dbus)
+ $(use_enable gnome gconf)
+ $(use_enable gtk gtk3)
+ $(use_enable libsamplerate samplerate)
+ $(use_enable orc)
+ $(use_enable X x11)
+ $(use_enable test default-build-tests)
+ $(use_enable udev)
+ $(use_enable systemd)
+ $(use_enable systemd systemd-journal)
+ $(use_enable ipv6)
+ $(use_enable ssl openssl)
+ $(use_enable webrtc-aec)
+ $(use_enable xen)
+ $(use_with caps)
+ $(use_with equalizer fftw)
+ --disable-adrian-aec
+ --disable-esound
+ --localstatedir="${EPREFIX}"/var
+ --with-udev-rules-dir="${EPREFIX}/$(udev_get_udevdir)"/rules.d
+ )
+
+ if ! multilib_is_native_abi; then
+ # disable all the modules and stuff
+ myconf+=(
+ --disable-oss-output
+ --disable-alsa
+ --disable-lirc
+ --disable-jack
+ --disable-avahi
+ --disable-gconf
+ --disable-gtk3
+ --disable-samplerate
+ --disable-bluez4
+ --disable-bluez5
+ --disable-udev
+ --disable-systemd
+ --disable-openssl
+ --disable-orc
+ --disable-webrtc-aec
+ --disable-xen
+ --without-fftw
+
+ # tests involve random modules, so just do them for the native
+ --disable-default-build-tests
+
+ # hack around unnecessary checks
+ # (results don't matter, we're not building anything using it)
+ ac_cv_lib_ltdl_lt_dladvise_init=yes
+ --with-database=simple
+ LIBSPEEX_CFLAGS=' '
+ LIBSPEEX_LIBS=' '
+ )
+ fi
+
+ ECONF_SOURCE=${S} \
+ econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ emake
+ else
+ emake -C src libpulse{,-simple,-mainloop-glib}.la
+ fi
+}
+
+src_compile() {
+ multilib-minimal_src_compile
+
+ if use doc; then
+ pushd doxygen
+ doxygen doxygen.conf
+ popd
+ fi
+}
+
+multilib_src_test() {
+ # We avoid running the toplevel check target because that will run
+ # po/'s tests too, and they are broken. Officially, it should work
+ # with intltool 0.41, but that doesn't look like a stable release.
+ if multilib_is_native_abi; then
+ emake -C src check
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake -j1 DESTDIR="${D}" bashcompletiondir="$(get_bashcompdir)" install
+ else
+ emake DESTDIR="${D}" install-pkgconfigDATA
+ emake DESTDIR="${D}" -C src \
+ install-libLTLIBRARIES \
+ lib_LTLIBRARIES="libpulse.la libpulse-simple.la libpulse-mainloop-glib.la" \
+ install-pulseincludeHEADERS
+ fi
+}
+
+multilib_src_install_all() {
+ # Drop the script entirely if X is disabled
+ use X || rm "${ED}"/usr/bin/start-pulseaudio-x11
+
+ if use system-wide; then
+ newconfd "${FILESDIR}/pulseaudio.conf.d" pulseaudio
+
+ use_define() {
+ local define=${2:-$(echo $1 | tr '[:lower:]' '[:upper:]')}
+
+ use "$1" && echo "-D$define" || echo "-U$define"
+ }
+
+ unifdef $(use_define avahi) \
+ $(use_define alsa) \
+ $(use_define bluetooth) \
+ $(use_define udev) \
+ "${FILESDIR}/pulseaudio.init.d-5" \
+ > "${T}/pulseaudio"
+
+ doinitd "${T}/pulseaudio"
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+ fi
+
+ use avahi && sed -i -e '/module-zeroconf-publish/s:^#::' "${ED}/etc/pulse/default.pa"
+
+ dodoc NEWS README todo
+
+ if use doc; then
+ pushd doxygen/html
+ dohtml *
+ popd
+ fi
+
+ # Create the state directory
+ use prefix || diropts -o pulse -g pulse -m0755
+
+ # We need /var/run/pulse, bug #442852
+ use system-wide && systemd_newtmpfilesd "${FILESDIR}/${PN}.tmpfiles" "${PN}.conf"
+
+ # Prevent warnings when system-wide is not used, bug #447694
+ use system-wide || rm "${ED}"/etc/dbus-1/system.d/pulseaudio-system.conf
+
+ prune_libtool_files --all
+}
+
+pkg_postinst() {
+ if use system-wide; then
+ elog "PulseAudio in Gentoo can use a system-wide pulseaudio daemon."
+ elog "This support is enabled by starting the pulseaudio init.d ."
+ elog "To be able to access that you need to be in the group pulse-access."
+ elog "If you choose to use this feature, please make sure that you"
+ elog "really want to run PulseAudio this way:"
+ elog " http://pulseaudio.org/wiki/WhatIsWrongWithSystemMode"
+ elog "For more information about system-wide support, please refer to:"
+ elog " http://pulseaudio.org/wiki/SystemWideInstance"
+ if use gnome ; then
+ elog
+ elog "By enabling gnome USE flag, you enabled gconf support. Please note"
+ elog "that you might need to remove the gnome USE flag or disable the"
+ elog "gconf module on /etc/pulse/system.pa to be able to use PulseAudio"
+ elog "with a system-wide instance."
+ fi
+ fi
+
+ if use equalizer && ! use qt4; then
+ elog "You've enabled the 'equalizer' USE-flag but not the 'qt4' USE-flag."
+ elog "This will build the equalizer module, but the 'qpaeq' tool"
+ elog "which is required to set equalizer levels will not work."
+ fi
+}