Hello community, here is the log from the commit of package alsa-utils for openSUSE:Factory checked in at 2014-12-09 09:17:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/alsa-utils (Old) and /work/SRC/openSUSE:Factory/.alsa-utils.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "alsa-utils" Changes: -------- --- /work/SRC/openSUSE:Factory/alsa-utils/alsa-utils.changes 2014-10-25 08:32:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.alsa-utils.new/alsa-utils.changes 2014-12-09 09:16:49.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Dec 5 16:54:03 CET 2014 - [email protected] + +- Backport upstream fixes: rubustify dB value handling in amixer + 0014-amixer-Make-dB-case-insensitive-in-set-commands.patch + 0015-amixer-Parse-the-value-more-strictly.patch + +------------------------------------------------------------------- New: ---- 0014-amixer-Make-dB-case-insensitive-in-set-commands.patch 0015-amixer-Parse-the-value-more-strictly.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ alsa-utils.spec ++++++ --- /var/tmp/diff_new_pack.zoxcPM/_old 2014-12-09 09:16:50.000000000 +0100 +++ /var/tmp/diff_new_pack.zoxcPM/_new 2014-12-09 09:16:50.000000000 +0100 @@ -58,6 +58,8 @@ Patch11: 0011-monitor-fix-clang-warning-Declared-variable-length-a.patch Patch12: 0012-alsactl-coverity-missing_va_end-va_end-was-not-calle.patch Patch13: 0013-Revert-aplay-fix-pcm_read-return-value.patch +Patch14: 0014-amixer-Make-dB-case-insensitive-in-set-commands.patch +Patch15: 0015-amixer-Parse-the-value-more-strictly.patch # Patch99: alsa-utils-gettext-version-removal.diff BuildRequires: alsa-devel @@ -98,6 +100,8 @@ %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 +%patch15 -p1 # %if 0%{?suse_version} < 1020 %patch99 -p1 ++++++ 0014-amixer-Make-dB-case-insensitive-in-set-commands.patch ++++++ >From 45a334e71ca9b4402fb731a934f7455cec5b0121 Mon Sep 17 00:00:00 2001 From: Takashi Iwai <[email protected]> Date: Sun, 23 Nov 2014 09:40:07 +0100 Subject: [PATCH 14/15] amixer: Make "dB" case-insensitive in set commands We don't have to be necessarily too strict about case-sensitivity of "dB" suffix used in set commands. Signed-off-by: Takashi Iwai <[email protected]> --- amixer/amixer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/amixer/amixer.c b/amixer/amixer.c index cf82892bfa2f..6a2fdb96c62f 100644 --- a/amixer/amixer.c +++ b/amixer/amixer.c @@ -346,7 +346,7 @@ static int set_volume_simple(snd_mixer_elem_t *elem, if (*p == '%') { percent = 1; p++; - } else if (p[0] == 'd' && p[1] == 'B') { + } else if (toupper(p[0]) == 'D' && toupper(p[1]) == 'B') { vol_type = VOL_DB; p += 2; scale = 100; -- 2.2.0 ++++++ 0015-amixer-Parse-the-value-more-strictly.patch ++++++ >From 088593c03980209c44a9e9cde19723361d341c0a Mon Sep 17 00:00:00 2001 From: Takashi Iwai <[email protected]> Date: Sun, 23 Nov 2014 10:04:24 +0100 Subject: [PATCH 15/15] amixer: Parse the value more strictly So far amixer allows some unexpected suffix and assumes as a raw absolute value without returning an error. This is rather dangerous, e.g. user might not notice that a completely wrong value was set when the command line included a typo. This patch makes the parser a bit more strict: it doesn't allow any longer invalid suffixes, instead either returns an error or skips the invalid value, depending on the operation mode. Signed-off-by: Takashi Iwai <[email protected]> --- amixer/amixer.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/amixer/amixer.c b/amixer/amixer.c index 6a2fdb96c62f..ed60e7c3a960 100644 --- a/amixer/amixer.c +++ b/amixer/amixer.c @@ -325,7 +325,7 @@ static int set_volume_simple(snd_mixer_elem_t *elem, long val, orig, pmin, pmax; char *p = *ptr, *s; int invalid = 0, percent = 0, err = 0; - int vol_type = std_vol_type; + int vol_type; double scale = 1.0; int correct = 0; @@ -344,14 +344,19 @@ static int set_volume_simple(snd_mixer_elem_t *elem, strtol(p, &p, 10); } if (*p == '%') { + vol_type = std_vol_type; percent = 1; p++; } else if (toupper(p[0]) == 'D' && toupper(p[1]) == 'B') { vol_type = VOL_DB; p += 2; scale = 100; - } else + } else { vol_type = VOL_RAW; + } + + if (*p && !strchr(",:+-", *p)) + invalid = 1; val = (long)(strtod(s, NULL) * scale); if (vol_ops[dir].v[vol_type].get_range(elem, &pmin, &pmax) < 0) @@ -372,6 +377,10 @@ static int set_volume_simple(snd_mixer_elem_t *elem, } p++; } + + if (*p && !strchr(",:", *p)) + invalid = 1; + if (! invalid) { val = check_range(val, pmin, pmax); err = vol_ops[dir].v[vol_type].set(elem, chn, val, correct); -- 2.2.0 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
