Your message dated Tue, 02 Nov 2010 18:17:36 +0000 with message-id <e1pdlqo-0005lc...@franck.debian.org> and subject line Bug#563192: fixed in portaudio19 19+svn20071022-3.1 has caused the Debian Bug report #563192, regarding libportaudio.so.2 overrides the libasound2 error handler to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 563192: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563192 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libportaudio2 Version: 19+svn20071022-3 Severity: grave Upon initialization. libportaudio2 (function PaAlsa_Initialize()) sets a new global libasound2 error handler by invoking snd_lib_error_set_handler(). It is bad style for a library to do this, because this may overwrite the application's custom error handler. Now the real critical problem: when loaded with OpenAL (libopenal1 1:1.10.622-1 in this case), libportaudio2 sets the error handler, but gets unloaded later, rendering the memory address of AlsaErrorHandler() invalid. This results in a crash of the application on the next ALSA error. (I have submitted this bug for libportaudio2 instead of libopenal1, because I think libportaudio2 is really doing the wrong thing by overwriting another library's global variable; you could argue that unloading the library is wrong in the first place) Practical example: the Music Player Daemon, which has plugins for OpenAL as well as for native ALSA. Here is a crash backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffe2ab6910 (LWP 31128)] 0x00007ffff7e73d08 in ?? () (gdb) bt #0 0x00007ffff7e73d08 in ?? () #1 0x00007ffff23fb9a6 in snd_pcm_hw_open (pcmp=0x513178, name=0x5130d0 "hw:0", card=0, device=0, subdevice=-1, stream=SND_PCM_STREAM_PLAYBACK, mode=327681, mmap_emulation=0, sync_ptr_ioctl=0) at pcm_hw.c:1325 #2 0x00007ffff23fc05e in _snd_pcm_hw_open (pcmp=0x513178, name=0x5130d0 "hw:0", root=0x538960, conf=0x55e290, stream=SND_PCM_STREAM_PLAYBACK, mode=327680) at pcm_hw.c:1505 #3 0x00007ffff23ea527 in snd_pcm_open_conf (pcmp=0x513178, name=0x5130d0 "hw:0", pcm_root=0x538960, pcm_conf=0x55e290, stream=SND_PCM_STREAM_PLAYBACK, mode=327680) at pcm.c:2181 #4 0x00007ffff23ea6aa in snd_pcm_open_noupdate (pcmp=0x513178, root=0x538960, name=0x5130d0 "hw:0", stream=SND_PCM_STREAM_PLAYBACK, mode=327680, hop=0) at pcm.c:2219 #5 0x00007ffff23ea740 in snd_pcm_open (pcmp=0x513178, name=0x5130d0 "hw:0", stream=SND_PCM_STREAM_PLAYBACK, mode=327680) at pcm.c:2241 #6 0x000000000042b34a in alsa_open (data=0x513160, audio_format=0x512d20, error=0x7fffe2ab6008) at /home/max/git/mpd/src/output/alsa_plugin.c:471 #7 0x0000000000428153 in ao_plugin_open (plugin=0x4678c0, data=0x513160, audio_format=0x512d20, error=0x7fffe2ab6008) at /home/max/git/mpd/src/output_plugin.h:196 [...] Severity "grave" because this allows an attacker to make MPD crash remotely. It might also be possible to inject and execute code this way, if the address happens to be memory mapped later.
--- End Message ---
--- Begin Message ---Source: portaudio19 Source-Version: 19+svn20071022-3.1 We believe that the bug you reported is fixed in the latest version of portaudio19, which is due to be installed in the Debian FTP archive: libportaudio2_19+svn20071022-3.1_i386.deb to main/p/portaudio19/libportaudio2_19+svn20071022-3.1_i386.deb libportaudiocpp0_19+svn20071022-3.1_i386.deb to main/p/portaudio19/libportaudiocpp0_19+svn20071022-3.1_i386.deb portaudio19-dev_19+svn20071022-3.1_i386.deb to main/p/portaudio19/portaudio19-dev_19+svn20071022-3.1_i386.deb portaudio19-doc_19+svn20071022-3.1_all.deb to main/p/portaudio19/portaudio19-doc_19+svn20071022-3.1_all.deb portaudio19_19+svn20071022-3.1.diff.gz to main/p/portaudio19/portaudio19_19+svn20071022-3.1.diff.gz portaudio19_19+svn20071022-3.1.dsc to main/p/portaudio19/portaudio19_19+svn20071022-3.1.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 563...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jari Aalto <jari.aa...@cante.net> (supplier of updated portaudio19 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 28 Oct 2010 14:52:22 +0300 Source: portaudio19 Binary: libportaudio2 portaudio19-dev portaudio19-doc libportaudiocpp0 Architecture: source all i386 Version: 19+svn20071022-3.1 Distribution: unstable Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Jari Aalto <jari.aa...@cante.net> Description: libportaudio2 - Portable audio I/O - shared library libportaudiocpp0 - Portable audio I/O C++ bindings - shared library portaudio19-dev - Portable audio I/O - development files portaudio19-doc - Portable audio I/O - documentation Closes: 563192 Changes: portaudio19 (19+svn20071022-3.1) unstable; urgency=medium . * Non-maintainer upload. * debian/patches - (series): Add *.dpatch suffix to 01. - (20): New. Do not define error handler because ALSA's default error handler prints errors to stderr. Patch tanks to Marcelo E. Magallon <mmaga...@debian.org>. (grave; Closes: #563192). Checksums-Sha1: ee7b5b2552564d22c3ad4a2dd4d3dd94d2aabd19 2242 portaudio19_19+svn20071022-3.1.dsc bead92b21895ee60ca00d8a1fcb2e5988b3cc942 6742 portaudio19_19+svn20071022-3.1.diff.gz 3093c55e957c173a0dec8da571a175d8a823af0e 687818 portaudio19-doc_19+svn20071022-3.1_all.deb 146c613314ef0391c5d55260416996a56e330544 63732 libportaudio2_19+svn20071022-3.1_i386.deb 6db635d0a10a5de3dbdd85445820d9bfb97968a2 116338 portaudio19-dev_19+svn20071022-3.1_i386.deb 3ee60c9edbacda05b0b69488b44cca6b3c31777f 23990 libportaudiocpp0_19+svn20071022-3.1_i386.deb Checksums-Sha256: 9529fadceb5c757c11da2269439299b37a73f883d3f2c98f45e8cd4507655d5a 2242 portaudio19_19+svn20071022-3.1.dsc 584853066add75b3ff7d9f012d2879083d08aaf1009160e40500b981de6b5a6e 6742 portaudio19_19+svn20071022-3.1.diff.gz 5a3c792e2a3d00017e1a2f6a36c49bd3c6596927c23fa4d525f9b4554cf7caee 687818 portaudio19-doc_19+svn20071022-3.1_all.deb a5c781b9c639f94bd0268fb939083935040644a6baf2428cb8de4ab4b68a050b 63732 libportaudio2_19+svn20071022-3.1_i386.deb 6df37eca7d389508f381274db5f1b88a689a0b8162f4f463085cdaf33697d9c8 116338 portaudio19-dev_19+svn20071022-3.1_i386.deb 4f78b41d90b778b07ac8b579d861e1d7ab9e214b1c574934c730982bb5a418dd 23990 libportaudiocpp0_19+svn20071022-3.1_i386.deb Files: 214214101bcb75170168ef22f5466249 2242 sound optional portaudio19_19+svn20071022-3.1.dsc accf2c11400d2655dc60347d660fd103 6742 sound optional portaudio19_19+svn20071022-3.1.diff.gz 111db6ff8d79ca138ef118f53c0317c2 687818 doc optional portaudio19-doc_19+svn20071022-3.1_all.deb b3cb6a1e7dfad6b1a4d62bb8dcefff7b 63732 libs optional libportaudio2_19+svn20071022-3.1_i386.deb d4a262e9f401ffb8b728665273f9de4e 116338 devel optional portaudio19-dev_19+svn20071022-3.1_i386.deb 648b2c2ff1be97616ef91da44b99c5d1 23990 libs optional libportaudiocpp0_19+svn20071022-3.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJMzEruAAoJECHSBYmXSz6Wjn8QAK+UubGWPTkfv2DI56at/h35 si0jcj3VDy6J4izd44rVSfKgBkrMTwB3Eh6KM3gVjnIPKqFNu6vzVMLvjrML05Ok TDiNJAJfi+QfYwkD7OKM/AtMMexw7zpYaF94USfSzZ/t4dzCCy8osBjpNGrKgO1q ptjuyO93c2JqQaXkvE7dq42hUA2ATYGxAYYAxs43/162SWszywFr7r2XgH5trW5N J2CIRBf7SB10pudrGtgULMCvIRqjl890f5XwoQgdbVBDlpawqj45esGTA3+NINAa 3bgyTuOOT/bn4EVzmjHEkc/HNogYAGgkAN8HUSfPoyv3vgXYSk+EfK9TZGraJi5v 2/Y0mkNye2uZxHwwxsa9FEYfYb1BuqJnPR1NtC5EiQTkl0+wcXZwIWPK/9CkThZh v4ODosumH70juDS87Evj1zvnIfDbyBdVc4ZtDVID0jfaMBOkaTykjUF0pXs0tyvC qECPGntbS6SYMmKuOCnJYWYWphNUA2mU/+JG4GxawBiVZMLyjr/bYhxwzL2Qi28P KSxqO5iTpP6HLubO9gWsdt31yuTAUFvORe0BGciTrMjpjUBUmXOu6Th0yFG3WXUn EFzGEuOny10VkYm3H4Tf08NyuVhz6FeOwF/OWG/co8SWBBAD8RbSW+Zp0b6iP9rD dhMGNAvUwIdgRzef1d2r =uGu0 -----END PGP SIGNATURE-----
--- End Message ---
