diff options
| author | spz <spz> | 2014-08-07 07:43:48 +0000 |
|---|---|---|
| committer | spz <spz> | 2014-08-07 07:43:48 +0000 |
| commit | 88a55e2a82a4761c6bd31b2009127dabf64b7c43 (patch) | |
| tree | 196f740649b0ede1c2840f4960da6988beab189e /audio | |
| parent | 1997c9c1c69b001d8f4af7f46bb3f7623aecc941 (diff) | |
| download | pkgsrc-88a55e2a82a4761c6bd31b2009127dabf64b7c43.tar.gz | |
fix for CVE-2014-3970 taken from pulseaudio git
mkpatches refresh of the previously existing patches
Diffstat (limited to 'audio')
| -rw-r--r-- | audio/pulseaudio/Makefile | 4 | ||||
| -rw-r--r-- | audio/pulseaudio/distinfo | 5 | ||||
| -rw-r--r-- | audio/pulseaudio/patches/patch-src_Makefile.in | 8 | ||||
| -rw-r--r-- | audio/pulseaudio/patches/patch-src_modules_rtp_rtp.c | 38 |
4 files changed, 47 insertions, 8 deletions
diff --git a/audio/pulseaudio/Makefile b/audio/pulseaudio/Makefile index 6a148fe9b25..a805c3fbb8e 100644 --- a/audio/pulseaudio/Makefile +++ b/audio/pulseaudio/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.91 2014/06/25 15:26:40 ryoon Exp $ +# $NetBSD: Makefile,v 1.92 2014/08/07 07:43:48 spz Exp $ DISTNAME= pulseaudio-5.0 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= audio MASTER_SITES= http://freedesktop.org/software/pulseaudio/releases/ EXTRACT_SUFX= .tar.xz diff --git a/audio/pulseaudio/distinfo b/audio/pulseaudio/distinfo index 1c982e4ddde..1f7cd4fa64c 100644 --- a/audio/pulseaudio/distinfo +++ b/audio/pulseaudio/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.45 2014/06/30 11:08:54 jperkin Exp $ +$NetBSD: distinfo,v 1.46 2014/08/07 07:43:48 spz Exp $ SHA1 (pulseaudio-5.0.tar.xz) = e420931a0b9cf37331cd06e30ba415046317ab85 RMD160 (pulseaudio-5.0.tar.xz) = 4ba13e92c58f8ada4542d521131094a55e3b6991 @@ -6,11 +6,12 @@ Size (pulseaudio-5.0.tar.xz) = 1455428 bytes SHA1 (patch-aa) = 4e8a38810453d0efad287528b7f18c056a5cdd8b SHA1 (patch-configure.ac) = f7c54eca4613c6f14732683f2f24ca81f723320d SHA1 (patch-src_Makefile.am) = debe40be5d1155f6cb0d5ae90119dece4e090b02 -SHA1 (patch-src_Makefile.in) = 21daf6069ae067dd235de6d43a013e4e70bbca78 +SHA1 (patch-src_Makefile.in) = acbd3abee7225a7b3f1c422e30d9efe2adb1253c SHA1 (patch-src_daemon_caps.c) = e819c26cd3d91d93ae5877725ed6a1b59183d89a SHA1 (patch-src_daemon_main.c) = e87f764d18345056210427bea52bf27f3f2999b6 SHA1 (patch-src_modules_module-detect.c) = 25c803ee2d5addf9dbf522d81bd422dc201d4550 SHA1 (patch-src_modules_oss_module-oss.c) = 399ac178ae832619253ce8dd985edbed23db86e7 +SHA1 (patch-src_modules_rtp_rtp.c) = e6c5675c97c28d3c0166c6a2c4ce714334de25e2 SHA1 (patch-src_pulsecore_sample-util.h) = b6bd83cfdc1c337453d9a728f07205a2cf0af831 SHA1 (patch-src_pulsecore_svolume__mmx.c) = 57935e4f44f65f062a3669e8ab2749c08c3c4d84 SHA1 (patch-src_pulsecore_svolume__sse.c) = 1cf7c9cdf1c97d4b6d50b4a5118cc21ce236edc8 diff --git a/audio/pulseaudio/patches/patch-src_Makefile.in b/audio/pulseaudio/patches/patch-src_Makefile.in index 2c13196f9d1..055b696985e 100644 --- a/audio/pulseaudio/patches/patch-src_Makefile.in +++ b/audio/pulseaudio/patches/patch-src_Makefile.in @@ -1,10 +1,10 @@ -$NetBSD: patch-src_Makefile.in,v 1.3 2013/05/06 20:44:18 markd Exp $ +$NetBSD: patch-src_Makefile.in,v 1.4 2014/08/07 07:43:48 spz Exp $ Use pkgsrc infrastructure for config files. ---- src/Makefile.in.orig 2012-07-19 11:30:13.000000000 +0000 +--- src/Makefile.in.orig 2014-03-03 14:37:00.000000000 +0000 +++ src/Makefile.in -@@ -2927,7 +2927,7 @@ pdfdir = @pdfdir@ +@@ -3342,7 +3342,7 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -13,7 +13,7 @@ Use pkgsrc infrastructure for config files. sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ -@@ -2940,10 +2940,10 @@ udevrulesdir = @udevrulesdir@ +@@ -3355,10 +3355,10 @@ udevrulesdir = @udevrulesdir@ pulseincludedir = $(includedir)/pulse pulsecoreincludedir = $(includedir)/pulsecore pulselibexecdir = $(libexecdir)/pulse diff --git a/audio/pulseaudio/patches/patch-src_modules_rtp_rtp.c b/audio/pulseaudio/patches/patch-src_modules_rtp_rtp.c new file mode 100644 index 00000000000..9b89b2b16f2 --- /dev/null +++ b/audio/pulseaudio/patches/patch-src_modules_rtp_rtp.c @@ -0,0 +1,38 @@ +$NetBSD: patch-src_modules_rtp_rtp.c,v 1.3 2014/08/07 07:43:48 spz Exp $ + +fix for CVE-2014-3970 taken from pulseaudio git + +--- src/modules/rtp/rtp.c.orig 2014-01-23 18:57:55.000000000 +0000 ++++ src/modules/rtp/rtp.c +@@ -182,8 +182,29 @@ int pa_rtp_recv(pa_rtp_context *c, pa_me + goto fail; + } + +- if (size <= 0) +- return 0; ++ if (size <= 0) { ++ /* size can be 0 due to any of the following reasons: ++ * ++ * 1. Somebody sent us a perfectly valid zero-length UDP packet. ++ * 2. Somebody sent us a UDP packet with a bad CRC. ++ * ++ * It is unknown whether size can actually be less than zero. ++ * ++ * In the first case, the packet has to be read out, otherwise the ++ * kernel will tell us again and again about it, thus preventing ++ * reception of any further packets. So let's just read it out ++ * now and discard it later, when comparing the number of bytes ++ * received (0) with the number of bytes wanted (1, see below). ++ * ++ * In the second case, recvmsg() will fail, thus allowing us to ++ * return the error. ++ * ++ * Just to avoid passing zero-sized memchunks and NULL pointers to ++ * recvmsg(), let's force allocation of at least one byte by setting ++ * size to 1. ++ */ ++ size = 1; ++ } + + if (c->memchunk.length < (unsigned) size) { + size_t l; |