Fix CVE-2014-3970 (#512516), bash-completion dir (#509486 by poncho) and apply a patch from upstream used in Fedora to fix the profiles switching.

(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key A188FBD4)

4 files changed, 444 insertions, 1 deletions

diff --git a/media-sound/pulseaudio/ChangeLog b/media-sound/pulseaudio/ChangeLog
index 2f8f670e0eb3..b9f4b9b36948 100644
--- a/media-sound/pulseaudio/ChangeLog
+++ b/media-sound/pulseaudio/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for media-sound/pulseaudio
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-sound/pulseaudio/ChangeLog,v 1.341 2014/05/17 15:31:46 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-sound/pulseaudio/ChangeLog,v 1.342 2014/06/12 17:42:47 pacho Exp $
+
+*pulseaudio-5.0-r2 (12 Jun 2014)
+
+  12 Jun 2014; Pacho Ramos <pacho@gentoo.org>
+  +files/pulseaudio-5.0-crash-udp.patch,
+  +files/pulseaudio-5.0-module-switch.patch, +pulseaudio-5.0-r2.ebuild:
+  Fix CVE-2014-3970 (#512516), bash-completion dir (#509486 by poncho) and apply
+  a patch from upstream used in Fedora to fix the profiles switching.
 
   17 May 2014; Agostino Sarubbo <ago@gentoo.org> pulseaudio-5.0-r1.ebuild:
   Stable for alpha, wrt bug #508862
diff --git a/media-sound/pulseaudio/files/pulseaudio-5.0-crash-udp.patch b/media-sound/pulseaudio/files/pulseaudio-5.0-crash-udp.patch
new file mode 100644
index 000000000000..d14da07459ff
--- /dev/null
+++ b/media-sound/pulseaudio/files/pulseaudio-5.0-crash-udp.patch
@@ -0,0 +1,53 @@
+From 26b9d22dd24c17eb118d0205bf7b02b75d435e3c Mon Sep 17 00:00:00 2001
+From: Alexander E. Patrakov <patrakov@gmail.com>
+Date: Thu, 05 Jun 2014 16:29:25 +0000
+Subject: rtp-recv: fix crash on empty UDP packets (CVE-2014-3970)
+
+On FIONREAD returning 0 bytes, we cannot return success, as the caller
+(rtpoll_work_cb in module-rtp-recv.c) would then try to
+pa_memblock_unref(chunk.memblock) and, because memblock is NULL, trigger
+an assertion.
+
+Also we have to read out the possible empty packet from the socket, so
+that the kernel doesn't tell us again and again about it.
+
+Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>
+---
+diff --git a/src/modules/rtp/rtp.c b/src/modules/rtp/rtp.c
+index 570737e..7b75e0e 100644
+--- a/src/modules/rtp/rtp.c
++++ b/src/modules/rtp/rtp.c
+@@ -182,8 +182,29 @@ int pa_rtp_recv(pa_rtp_context *c, pa_memchunk *chunk, pa_mempool *pool, struct
+         goto fail;
+     }
+ 
+-    if (size <= 0)
+-        return 0;
++    if (size <= 0) {
++        /* size can be 0 due to any of the following reasons:
++         *
++         * 1. Somebody sent us a perfectly valid zero-length UDP packet.
++         * 2. Somebody sent us a UDP packet with a bad CRC.
++         *
++         * It is unknown whether size can actually be less than zero.
++         *
++         * In the first case, the packet has to be read out, otherwise the
++         * kernel will tell us again and again about it, thus preventing
++         * reception of any further packets. So let's just read it out
++         * now and discard it later, when comparing the number of bytes
++         * received (0) with the number of bytes wanted (1, see below).
++         *
++         * In the second case, recvmsg() will fail, thus allowing us to
++         * return the error.
++         *
++         * Just to avoid passing zero-sized memchunks and NULL pointers to
++         * recvmsg(), let's force allocation of at least one byte by setting
++         * size to 1.
++         */
++        size = 1;
++    }
+ 
+     if (c->memchunk.length < (unsigned) size) {
+         size_t l;
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/media-sound/pulseaudio/files/pulseaudio-5.0-module-switch.patch b/media-sound/pulseaudio/files/pulseaudio-5.0-module-switch.patch
new file mode 100644
index 000000000000..e8ff6e051ae4
--- /dev/null
+++ b/media-sound/pulseaudio/files/pulseaudio-5.0-module-switch.patch
@@ -0,0 +1,35 @@
+From ef4a41e8b0ef81a53769d853dbc7679b25252327 Mon Sep 17 00:00:00 2001
+From: David Henningsson <david.henningsson@canonical.com>
+Date: Fri, 28 Mar 2014 11:59:09 +0100
+Subject: [PATCH 36/38] module-switch-on-port-available: Don't switch profiles
+ on uninitialized cards
+
+This could cause the HDMI port to become the default on some systems
+where analog output was available.
+
+BugLink: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1256511
+BugLink: https://bugs.freedesktop.org/show_bug.cgi?id=73375
+Signed-off-by: David Henningsson <david.henningsson@canonical.com>
+---
+ src/modules/module-switch-on-port-available.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/modules/module-switch-on-port-available.c b/src/modules/module-switch-on-port-available.c
+index 2c7ad17..c560306 100644
+--- a/src/modules/module-switch-on-port-available.c
++++ b/src/modules/module-switch-on-port-available.c
+@@ -173,6 +173,11 @@ static pa_hook_result_t port_available_hook_callback(pa_core *c, pa_device_port
+         return PA_HOOK_OK;
+     }
+ 
++    if (pa_idxset_size(card->sinks) == 0 && pa_idxset_size(card->sources) == 0)
++        /* This card is not initialized yet. We'll handle it in
++           sink_new / source_new callbacks later. */
++        return PA_HOOK_OK;
++
+     find_sink_and_source(card, port, &sink, &source);
+ 
+     is_active_profile = card->active_profile == pa_hashmap_get(port->profiles, card->active_profile->name);
+-- 
+1.9.0
+
diff --git a/media-sound/pulseaudio/pulseaudio-5.0-r2.ebuild b/media-sound/pulseaudio/pulseaudio-5.0-r2.ebuild
new file mode 100644
index 000000000000..40753e96815f
--- /dev/null
+++ b/media-sound/pulseaudio/pulseaudio-5.0-r2.ebuild
@@ -0,0 +1,347 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-sound/pulseaudio/pulseaudio-5.0-r2.ebuild,v 1.1 2014/06/12 17:42:47 pacho Exp $
+
+EAPI="5"
+inherit autotools bash-completion-r1 eutils flag-o-matic linux-info readme.gentoo systemd user versionator udev multilib-minimal
+
+DESCRIPTION="A networked sound server with an advanced plugin system"
+HOMEPAGE="http://www.pulseaudio.org/"
+SRC_URI="http://freedesktop.org/software/pulseaudio/releases/${P}.tar.xz"
+
+# libpulse-simple and libpulse link to libpulse-core; this is daemon's
+# library and can link to gdbm and other GPL-only libraries. In this
+# cases, we have a fully GPL-2 package. Leaving the rest of the
+# GPL-forcing USE flags for those who use them.
+LICENSE="!gdbm? ( LGPL-2.1 ) gdbm? ( GPL-2 )"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+
+IUSE="+alsa +asyncns avahi bluetooth +caps dbus doc equalizer +gdbm +glib gnome
+gtk ipv6 jack libsamplerate lirc neon +orc oss qt4 realtime ssl systemd
+system-wide tcpd test +udev +webrtc-aec +X xen"
+
+# See "*** BLUEZ support not found (requires D-Bus)" in configure.ac
+REQUIRED_USE="bluetooth? ( dbus )"
+
+# libpcre needed in some cases, bug #472228
+RDEPEND="
+	|| (
+		elibc_glibc? ( virtual/libc )
+		elibc_uclibc? ( virtual/libc )
+		dev-libs/libpcre
+	)
+	>=media-libs/libsndfile-1.0.20[${MULTILIB_USEDEP}]
+	X? (
+		>=x11-libs/libX11-1.4.0[${MULTILIB_USEDEP}]
+		>=x11-libs/libxcb-1.6[${MULTILIB_USEDEP}]
+		x11-libs/libSM[${MULTILIB_USEDEP}]
+		x11-libs/libICE[${MULTILIB_USEDEP}]
+		x11-libs/libXtst[${MULTILIB_USEDEP}]
+	)
+	caps? ( sys-libs/libcap[${MULTILIB_USEDEP}] )
+	libsamplerate? ( >=media-libs/libsamplerate-0.1.1-r1 )
+	alsa? ( >=media-libs/alsa-lib-1.0.19 )
+	glib? ( >=dev-libs/glib-2.4.0[${MULTILIB_USEDEP}] )
+	avahi? ( >=net-dns/avahi-0.6.12[dbus] )
+	jack? ( >=media-sound/jack-audio-connection-kit-0.117 )
+	tcpd? ( sys-apps/tcp-wrappers[${MULTILIB_USEDEP}] )
+	lirc? ( app-misc/lirc )
+	dbus? ( >=sys-apps/dbus-1.0.0[${MULTILIB_USEDEP}] )
+	gtk? ( x11-libs/gtk+:3 )
+	gnome? ( >=gnome-base/gconf-2.4.0 )
+	bluetooth? (
+		net-wireless/bluez:=
+		>=sys-apps/dbus-1.0.0
+		media-libs/sbc
+	)
+	asyncns? ( net-libs/libasyncns[${MULTILIB_USEDEP}] )
+	udev? ( >=virtual/udev-143[hwdb(+)] )
+	realtime? ( sys-auth/rtkit )
+	equalizer? ( sci-libs/fftw:3.0 )
+	orc? ( >=dev-lang/orc-0.4.9 )
+	ssl? ( dev-libs/openssl )
+	>=media-libs/speex-1.2_rc1
+	gdbm? ( sys-libs/gdbm )
+	webrtc-aec? ( media-libs/webrtc-audio-processing )
+	xen? ( app-emulation/xen-tools )
+	systemd? ( sys-apps/systemd:0=[${MULTILIB_USEDEP}] )
+	dev-libs/json-c[${MULTILIB_USEDEP}]
+	abi_x86_32? ( !<=app-emulation/emul-linux-x86-soundlibs-20131008-r1
+		!app-emulation/emul-linux-x86-soundlibs[-abi_x86_32(-)] )
+	>=sys-devel/libtool-2.4.2
+"
+# it's a valid RDEPEND, libltdl.so is used
+
+DEPEND="${RDEPEND}
+	sys-devel/m4
+	doc? ( app-doc/doxygen )
+	test? ( dev-libs/check )
+	X? (
+		x11-proto/xproto[${MULTILIB_USEDEP}]
+		>=x11-libs/libXtst-1.0.99.2[${MULTILIB_USEDEP}]
+	)
+	dev-libs/libatomic_ops
+	virtual/pkgconfig
+	system-wide? ( || ( dev-util/unifdef sys-freebsd/freebsd-ubin ) )
+	dev-util/intltool
+	>=sys-devel/gettext-0.18.1
+"
+# This is a PDEPEND to avoid a circular dep
+PDEPEND="alsa? ( >=media-plugins/alsa-plugins-1.0.27-r1[pulseaudio] )"
+
+# alsa-utils dep is for the alsasound init.d script (see bug #155707)
+# bluez dep is for the bluetooth init.d script
+# PyQt4 dep is for the qpaeq script
+RDEPEND="${RDEPEND}
+	equalizer? ( qt4? ( dev-python/PyQt4[dbus] ) )
+	system-wide? (
+		alsa? ( media-sound/alsa-utils )
+		bluetooth? ( net-wireless/bluez:= )
+	)
+"
+
+pkg_pretend() {
+	CONFIG_CHECK="~HIGH_RES_TIMERS"
+	WARNING_HIGH_RES_TIMERS="CONFIG_HIGH_RES_TIMERS:\tis not set (required for enabling timer-based scheduling in pulseaudio)\n"
+	check_extra_config
+
+	if linux_config_exists; then
+		local snd_hda_prealloc_size=$(linux_chkconfig_string SND_HDA_PREALLOC_SIZE)
+		if [ -n "${snd_hda_prealloc_size}" ] && [ "${snd_hda_prealloc_size}" -lt 2048 ]; then
+			ewarn "A preallocated buffer-size of 2048 (kB) or higher is recommended for the HD-audio driver!"
+			ewarn "CONFIG_SND_HDA_PREALLOC_SIZE=${snd_hda_prealloc_size}"
+		fi
+	fi
+}
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	enewgroup audio 18 # Just make sure it exists
+
+	if use system-wide; then
+		enewgroup pulse-access
+		enewgroup pulse
+		enewuser pulse -1 -1 /var/run/pulse pulse,audio
+	fi
+}
+
+src_prepare() {
+	# Skip test that cannot work with sandbox, bug #501846
+	sed -i -e '/lock-autospawn-test/d' src/Makefile.am || die
+
+	# Fix CVE-2014-3970, bug #512516
+	epatch "${FILESDIR}/${P}-crash-udp.patch"
+
+	# module-switch-on-port-available: Don't switch profiles on uninitialized cards (from 'master')
+	epatch "${FILESDIR}/${P}-module-switch.patch"
+
+	epatch_user
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local myconf=()
+
+	if use gdbm; then
+		myconf+=( --with-database=gdbm )
+	#elif use tdb; then
+	#	myconf+=( --with-database=tdb )
+	else
+		myconf+=( --with-database=simple )
+	fi
+
+	if use bluetooth; then
+		if has_version '<net-wireless/bluez-5'; then
+			myconf+=( --disable-bluez5 --enable-bluez4 )
+		else
+			 myconf+=( --enable-bluez5 --disable-bluez4 )
+		fi
+	else
+		myconf+=( --disable-bluez5 --disable-bluez4 )
+	fi
+
+	myconf+=(
+		--enable-largefile
+		$(use_enable glib glib2)
+		--disable-solaris
+		$(use_enable asyncns)
+		$(use_enable oss oss-output)
+		$(use_enable alsa)
+		$(use_enable lirc)
+		$(use_enable neon neon-opt)
+		$(use_enable tcpd tcpwrap)
+		$(use_enable jack)
+		$(use_enable avahi)
+		$(use_enable dbus)
+		$(use_enable gnome gconf)
+		$(use_enable gtk gtk3)
+		$(use_enable libsamplerate samplerate)
+		$(use_enable orc)
+		$(use_enable X x11)
+		$(use_enable test default-build-tests)
+		$(use_enable udev)
+		$(use_enable systemd)
+		$(use_enable systemd systemd-journal)
+		$(use_enable ipv6)
+		$(use_enable ssl openssl)
+		$(use_enable webrtc-aec)
+		$(use_enable xen)
+		$(use_with caps)
+		$(use_with equalizer fftw)
+		--disable-adrian-aec
+		--disable-esound
+		--localstatedir="${EPREFIX}"/var
+		--with-udev-rules-dir="${EPREFIX}/$(udev_get_udevdir)"/rules.d
+	)
+
+	if ! multilib_is_native_abi; then
+		# disable all the modules and stuff
+		myconf+=(
+			--disable-oss-output
+			--disable-alsa
+			--disable-lirc
+			--disable-jack
+			--disable-avahi
+			--disable-gconf
+			--disable-gtk3
+			--disable-samplerate
+			--disable-bluez4
+			--disable-bluez5
+			--disable-udev
+			--disable-systemd
+			--disable-openssl
+			--disable-orc
+			--disable-webrtc-aec
+			--disable-xen
+			--without-fftw
+
+			# tests involve random modules, so just do them for the native
+			--disable-default-build-tests
+
+			# hack around unnecessary checks
+			# (results don't matter, we're not building anything using it)
+			ac_cv_lib_ltdl_lt_dladvise_init=yes
+			--with-database=simple
+			LIBSPEEX_CFLAGS=' '
+			LIBSPEEX_LIBS=' '
+		)
+	fi
+
+	ECONF_SOURCE=${S} \
+	econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi; then
+		emake
+	else
+		emake -C src libpulse{,-simple,-mainloop-glib}.la
+	fi
+}
+
+src_compile() {
+	multilib-minimal_src_compile
+
+	if use doc; then
+		pushd doxygen
+		doxygen doxygen.conf
+		popd
+	fi
+}
+
+multilib_src_test() {
+	# We avoid running the toplevel check target because that will run
+	# po/'s tests too, and they are broken. Officially, it should work
+	# with intltool 0.41, but that doesn't look like a stable release.
+	if multilib_is_native_abi; then
+		emake -C src check
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi; then
+		emake -j1 DESTDIR="${D}" bashcompletiondir="$(get_bashcompdir)" install
+	else
+		emake DESTDIR="${D}" install-pkgconfigDATA
+		emake DESTDIR="${D}" -C src \
+			install-libLTLIBRARIES \
+			lib_LTLIBRARIES="libpulse.la libpulse-simple.la libpulse-mainloop-glib.la" \
+			install-pulseincludeHEADERS
+	fi
+}
+
+multilib_src_install_all() {
+	# Drop the script entirely if X is disabled
+	use X || rm "${ED}"/usr/bin/start-pulseaudio-x11
+
+	if use system-wide; then
+		newconfd "${FILESDIR}/pulseaudio.conf.d" pulseaudio
+
+		use_define() {
+			local define=${2:-$(echo $1 | tr '[:lower:]' '[:upper:]')}
+
+			use "$1" && echo "-D$define" || echo "-U$define"
+		}
+
+		unifdef $(use_define avahi) \
+			$(use_define alsa) \
+			$(use_define bluetooth) \
+			$(use_define udev) \
+			"${FILESDIR}/pulseaudio.init.d-5" \
+			> "${T}/pulseaudio"
+
+		doinitd "${T}/pulseaudio"
+
+		systemd_dounit "${FILESDIR}/${PN}.service"
+	fi
+
+	use avahi && sed -i -e '/module-zeroconf-publish/s:^#::' "${ED}/etc/pulse/default.pa"
+
+	dodoc NEWS README todo
+
+	if use doc; then
+		pushd doxygen/html
+		dohtml *
+		popd
+	fi
+
+	# Create the state directory
+	use prefix || diropts -o pulse -g pulse -m0755
+
+	# We need /var/run/pulse, bug #442852
+	use system-wide && systemd_newtmpfilesd "${FILESDIR}/${PN}.tmpfiles" "${PN}.conf"
+
+	# Prevent warnings when system-wide is not used, bug #447694
+	use system-wide || rm "${ED}"/etc/dbus-1/system.d/pulseaudio-system.conf
+
+	prune_libtool_files --all
+}
+
+pkg_postinst() {
+	if use system-wide; then
+		elog "PulseAudio in Gentoo can use a system-wide pulseaudio daemon."
+		elog "This support is enabled by starting the pulseaudio init.d ."
+		elog "To be able to access that you need to be in the group pulse-access."
+		elog "If you choose to use this feature, please make sure that you"
+		elog "really want to run PulseAudio this way:"
+		elog "   http://pulseaudio.org/wiki/WhatIsWrongWithSystemMode"
+		elog "For more information about system-wide support, please refer to:"
+		elog "	 http://pulseaudio.org/wiki/SystemWideInstance"
+		if use gnome ; then
+			elog
+			elog "By enabling gnome USE flag, you enabled gconf support. Please note"
+			elog "that you might need to remove the gnome USE flag or disable the"
+			elog "gconf module on /etc/pulse/system.pa to be able to use PulseAudio"
+			elog "with a system-wide instance."
+		fi
+	fi
+
+	if use equalizer && ! use qt4; then
+		elog "You've enabled the 'equalizer' USE-flag but not the 'qt4' USE-flag."
+		elog "This will build the equalizer module, but the 'qpaeq' tool"
+		elog "which is required to set equalizer levels will not work."
+	fi
+}