diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-03-14 16:29:56 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-03-15 12:12:42 +0100 |
commit | 5a74d239bf45dfebbbb8363b309b56eec66e324f (patch) | |
tree | 5872d37e2418d3af021d01f8f8399dbcd9a1c515 /gnu/packages/patches | |
parent | 060e365a73bf6cc3d715def99cde57250149eeb9 (diff) | |
download | guix-5a74d239bf45dfebbbb8363b309b56eec66e324f.tar.gz |
pulseaudio: Update to 6.0; add dependency on eudev.
* gnu/packages/pulseaudio.scm (pulseaudio)[source]: Update to 6.0. [arguments]: Pass --with-udev-rules-dir. [inputs]: Add eudev.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/pulseaudio-CVE-2014-3970.patch | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/gnu/packages/patches/pulseaudio-CVE-2014-3970.patch b/gnu/packages/patches/pulseaudio-CVE-2014-3970.patch deleted file mode 100644 index 073e663112..0000000000 --- a/gnu/packages/patches/pulseaudio-CVE-2014-3970.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 26b9d22dd24c17eb118d0205bf7b02b75d435e3c Mon Sep 17 00:00:00 2001 -From: "Alexander E. Patrakov" <patrakov@gmail.com> -Date: Thu, 5 Jun 2014 22:29:25 +0600 -Subject: [PATCH] rtp-recv: fix crash on empty UDP packets (CVE-2014-3970) - -On FIONREAD returning 0 bytes, we cannot return success, as the caller -(rtpoll_work_cb in module-rtp-recv.c) would then try to -pa_memblock_unref(chunk.memblock) and, because memblock is NULL, trigger -an assertion. - -Also we have to read out the possible empty packet from the socket, so -that the kernel doesn't tell us again and again about it. - -Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com> ---- - src/modules/rtp/rtp.c | 25 +++++++++++++++++++++++-- - 1 file changed, 23 insertions(+), 2 deletions(-) - -diff --git a/src/modules/rtp/rtp.c b/src/modules/rtp/rtp.c -index 570737e..7b75e0e 100644 ---- a/src/modules/rtp/rtp.c -+++ b/src/modules/rtp/rtp.c -@@ -182,8 +182,29 @@ int pa_rtp_recv(pa_rtp_context *c, pa_memchunk *chunk, pa_mempool *pool, struct - goto fail; - } - -- if (size <= 0) -- return 0; -+ if (size <= 0) { -+ /* size can be 0 due to any of the following reasons: -+ * -+ * 1. Somebody sent us a perfectly valid zero-length UDP packet. -+ * 2. Somebody sent us a UDP packet with a bad CRC. -+ * -+ * It is unknown whether size can actually be less than zero. -+ * -+ * In the first case, the packet has to be read out, otherwise the -+ * kernel will tell us again and again about it, thus preventing -+ * reception of any further packets. So let's just read it out -+ * now and discard it later, when comparing the number of bytes -+ * received (0) with the number of bytes wanted (1, see below). -+ * -+ * In the second case, recvmsg() will fail, thus allowing us to -+ * return the error. -+ * -+ * Just to avoid passing zero-sized memchunks and NULL pointers to -+ * recvmsg(), let's force allocation of at least one byte by setting -+ * size to 1. -+ */ -+ size = 1; -+ } - - if (c->memchunk.length < (unsigned) size) { - size_t l; --- -2.0.0 - |