[Pkg-pulseaudio-devel] r125 - in /pulseaudio/trunk/debian: changelog patches/r1449-dont-allow-excessively-high-sample-rates.patch patches/r1451-add-a-missing-initialization.patch patches/series
neurocyte-guest at users.alioth.debian.org
neurocyte-guest at users.alioth.debian.org
Sat May 26 22:04:07 UTC 2007
Author: neurocyte-guest
Date: Sat May 26 22:04:07 2007
New Revision: 125
URL: http://svn.debian.org/wsvn/pkg-pulseaudio/?sc=1&rev=125
Log:
Add two more DOS fix patches and mention CVE number in changelog
Added:
pulseaudio/trunk/debian/patches/r1449-dont-allow-excessively-high-sample-rates.patch
pulseaudio/trunk/debian/patches/r1451-add-a-missing-initialization.patch
Modified:
pulseaudio/trunk/debian/changelog
pulseaudio/trunk/debian/patches/series
Modified: pulseaudio/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-pulseaudio/pulseaudio/trunk/debian/changelog?rev=125&op=diff
==============================================================================
--- pulseaudio/trunk/debian/changelog (original)
+++ pulseaudio/trunk/debian/changelog Sat May 26 22:04:07 2007
@@ -23,11 +23,12 @@
* debian/patch: r1434-dont-fail-if-hal-doesn-t-contain-any-devices
+ Added. Don't unload module-hal-detect if HAL doesn't report any devices.
(Closes: #395893)
- * debian/patches: Backport DOS attack fixes r1445-1450.
+ * debian/patches: Backport fixes for remote DOS vulnerabilities. Upstream
+ svn commits r1445-1452. This fixes CVE-2007-1804.
* debian/rules: Port to CDBS.
* debian/control: Generate -dbg packages for detached symbols.
- -- CJ van den Berg <cj at vdbonline.com> Wed, 23 May 2007 10:08:50 +0200
+ -- CJ van den Berg <cj at vdbonline.com> Sat, 26 May 2007 23:37:07 +0200
pulseaudio (0.9.5-7) unstable; urgency=low
Added: pulseaudio/trunk/debian/patches/r1449-dont-allow-excessively-high-sample-rates.patch
URL: http://svn.debian.org/wsvn/pkg-pulseaudio/pulseaudio/trunk/debian/patches/r1449-dont-allow-excessively-high-sample-rates.patch?rev=125&op=file
==============================================================================
--- pulseaudio/trunk/debian/patches/r1449-dont-allow-excessively-high-sample-rates.patch (added)
+++ pulseaudio/trunk/debian/patches/r1449-dont-allow-excessively-high-sample-rates.patch Sat May 26 22:04:07 2007
@@ -1,0 +1,37 @@
+don't allow excessively high sample rates
+
+From: lennart <lennart at fefdeb5f-60dc-0310-8127-8f9354f1896f>
+
+git-svn-id: svn://svn.0pointer.net/pulseaudio/trunk@1449 fefdeb5f-60dc-0310-8127-8f9354f1896f
+---
+
+ src/pulse/sample.c | 1 +
+ src/pulse/sample.h | 3 +++
+ 2 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/src/pulse/sample.c b/src/pulse/sample.c
+index 7ca418e..b259cca 100644
+--- a/src/pulse/sample.c
++++ b/src/pulse/sample.c
+@@ -77,6 +77,7 @@ int pa_sample_spec_valid(const pa_sample_spec *spec) {
+ assert(spec);
+
+ if (spec->rate <= 0 ||
++ spec->rate > PA_RATE_MAX ||
+ spec->channels <= 0 ||
+ spec->channels > PA_CHANNELS_MAX ||
+ spec->format >= PA_SAMPLE_MAX ||
+diff --git a/src/pulse/sample.h b/src/pulse/sample.h
+index da32fdf..4b92873 100644
+--- a/src/pulse/sample.h
++++ b/src/pulse/sample.h
+@@ -102,6 +102,9 @@ PA_C_DECL_BEGIN
+ /** Maximum number of allowed channels */
+ #define PA_CHANNELS_MAX 32
+
++/** Maximum allowed sample rate */
++#define PA_RATE_MAX (48000*4)
++
+ /** Sample format */
+ typedef enum pa_sample_format {
+ PA_SAMPLE_U8, /**< Unsigned 8 Bit PCM */
Added: pulseaudio/trunk/debian/patches/r1451-add-a-missing-initialization.patch
URL: http://svn.debian.org/wsvn/pkg-pulseaudio/pulseaudio/trunk/debian/patches/r1451-add-a-missing-initialization.patch?rev=125&op=file
==============================================================================
--- pulseaudio/trunk/debian/patches/r1451-add-a-missing-initialization.patch (added)
+++ pulseaudio/trunk/debian/patches/r1451-add-a-missing-initialization.patch Sat May 26 22:04:07 2007
@@ -1,0 +1,24 @@
+add a missing initialization that causes a crash when parsing invalid volume restoration tables (Problem identified by Luigi Auriemma, re #67)
+
+From: lennart <lennart at fefdeb5f-60dc-0310-8127-8f9354f1896f>
+
+git-svn-id: svn://svn.0pointer.net/pulseaudio/trunk@1451 fefdeb5f-60dc-0310-8127-8f9354f1896f
+---
+
+ src/modules/module-volume-restore.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/modules/module-volume-restore.c b/src/modules/module-volume-restore.c
+index efa59f4..97d0d5e 100644
+--- a/src/modules/module-volume-restore.c
++++ b/src/modules/module-volume-restore.c
+@@ -433,7 +433,8 @@ int pa__init(pa_core *c, pa_module*m) {
+ u->subscription = NULL;
+ u->table_file = pa_xstrdup(pa_modargs_get_value(ma, "table", NULL));
+ u->modified = 0;
+-
++ u->sink_input_hook_slot = u->source_output_hook_slot = NULL;
++
+ m->userdata = u;
+
+ if (load_rules(u) < 0)
Modified: pulseaudio/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-pulseaudio/pulseaudio/trunk/debian/patches/series?rev=125&op=diff
==============================================================================
--- pulseaudio/trunk/debian/patches/series (original)
+++ pulseaudio/trunk/debian/patches/series Sat May 26 22:04:07 2007
@@ -21,5 +21,7 @@
r1445-fix-a-dos-vulnerability.patch
r1446-fix-another-dos-vulnerability.patch
r1448-fix-yet-another-dos-vulnerability.patch
+r1449-dont-allow-excessively-high-sample-rates.patch
r1450-fix-a-dos-with-allocating-overly-large-silence-buffers.patch
+r1451-add-a-missing-initialization.patch
r1452-fix-another-dos-vulnerability.patch
More information about the Pkg-pulseaudio-devel
mailing list