Andre Noll [Sun, 28 Aug 2016 13:35:53 +0000 (15:35 +0200)]
openssl: Use EVP API for AES.
opensssl-1.1 no longer exports AES_set_encrypt_key() and
AES_ctr128_encrypt(). Applications are supposed to use the high-level
EVP interface instead.
Fortunately, the EVP library functions necessary for our use of
the AES_ctr128 stream cipher are available in openssl version 1.0.1
and above, so switching to the EVP API makes the code work with all
versions >= 1.0.1.
Andre Noll [Sat, 11 Jun 2016 18:44:01 +0000 (20:44 +0200)]
afs: Fix error handling of the select command.
com_select() returns success even if the mood or playlist could not
be activated. This commit changes the function to return the error
code from activate_mood_or_playlist() instead.
The function had another minor issue: If the current mood is the
dummy mood, and we failed to switch to the given mood or playlist,
and also failed to switch back to the dummy mood, we try a second
time to activate the dummy mood. This should not happen, but let's
fix it anyway.
Andre Noll [Sun, 10 Jul 2016 19:33:18 +0000 (21:33 +0200)]
gcrypt: Check file permissions of private keys.
Before opening a private key, crypt.c checks that the permissions
are restrictive enough. However, the gcrypt implementation contains
no such check. This commit adds it.
Andre Noll [Sun, 10 Jul 2016 18:59:34 +0000 (20:59 +0200)]
gcrypt: Always initialize result pointer.
If the call to mmap_full_file() at the beginning of decode_key() fails,
we return without initializing the result pointer to NULL. This does not
matter now, because the only caller of decode_key() does not look at the
pointer value in the error case. Let's be defensive here and initialize
the pointer anyway.
Andre Noll [Tue, 21 Jun 2016 07:19:57 +0000 (09:19 +0200)]
daemon: Make daemon_init_colors_or_die() independent of gengetopt.
The function receives the values given to the --log-color option as
a char * array, which is the type that gengetopt provides for the
arguments to string options which may be given multiple times.
This patch gets get rid of this implementation detail. The function no
longer takes the arguments to --log-color at all and applications now
must call daemon_set_log_color_or_die() themselves to set user-defined
per-loglevel colors.
To make this work, we let daemon_init_colors_or_die() return a
boolean which indicates whether color mode should be enabled, and
daemon_set_log_color_or_die() is made public. The two users of this
API, para_server and para_audiod, are adjusted accordingly.
Andre Noll [Mon, 20 Jun 2016 21:20:59 +0000 (23:20 +0200)]
audiod: Move UID check from audiod_command.c to audiod.c.
check_perms() is the only reason for the gengetopt config pointer
being public and for passing the whitelist pointer to handle_connect()
in audiod_command.c. The code get less convoluted by moving the
permission check to audiod.c where both the conf pointer and the
uid_whitelist are defined.
This introduces the new public function uid_is_whitelisted() in
audiod.c which replaces check_perms(). This allows to
* pass only the UID to the check function,
* drop the whitelist pointer argument from handle_connect(),
* make the conf pointer in audiod.c static.
The patch also reorders the function declarations in audiod.h a bit
to separate the functions defined in audiod.c from those defined
in audiod_command.c.
Andre Noll [Sun, 26 Jun 2016 17:11:05 +0000 (19:11 +0200)]
Set copyright year in Makefile.real.
Hopefully this helps to update the copyright year more timely in the
future. It also allows to pass this information to other commands in
the receipts of the Makefile should this become necessary.
Andre Noll [Mon, 4 Apr 2016 22:44:42 +0000 (00:44 +0200)]
mood.c: Improve log output for current mood.
When a new mood is loaded, we print some information about the score
table, like the number of admissible files, the average last_played
and num_played values, and the empiric standard deviation of these
quantities. However, since last_played is measured in seconds after
the epoch, the reported numbers are rather large.
This commit changes log_statistics() of mood.c to report the mean
value and the standard deviation in number of days.
Since loading a new mood happens not very frequently, let's increase
the severity of these log messages from INFO to NOTICE. If the new
mood has no admissible files we now log the message as a warning
rather than with severity NOTICE.
Andre Noll [Sun, 8 May 2016 09:56:23 +0000 (11:56 +0200)]
afh: Improve error diagnostics.
If compute_afhi() can not figure out the type of an audio file, it
prints a rather incomprehensive error message for each audiod format
which was tried to no avail. This commit improves the readability of
these error messages by including the path and the name of the audio
format that caused the error.
Before:
$ para_afh /etc/resolv.conf
mp3_read_info: could not read mp3 info
compute_afhi: could not read mp3 info
compute_afhi: ogg sync page-out error (no ogg file?)
compute_afhi: mp4v2 library error
compute_afhi: asf/wma format not recognized
compute_afhi: ogg sync page-out error (no ogg file?)
compute_afhi: could not read meta chain
compute_afhi: ogg sync page-out error (no ogg file?)
main: audio format not recognized
After:
$ para_afh /etc/resolv.conf
get_file_info: /etc/resolv.conf: mp3 format not detected: could not read mp3 info
get_file_info: /etc/resolv.conf: ogg format not detected: ogg sync page-out error (no ogg file?)
get_file_info: /etc/resolv.conf: aac format not detected: did not find esds atom
get_file_info: /etc/resolv.conf: wma format not detected: asf/wma format not recognized
get_file_info: /etc/resolv.conf: spx format not detected: ogg sync page-out error (no ogg file?)
get_file_info: /etc/resolv.conf: flac format not detected: could not read meta chain
get_file_info: /etc/resolv.conf: opus format not detected: ogg sync page-out error (no ogg file?)
main: audio format not recognized
The patch also removes a call to PARA_ERROR_LOG() in the mp3 audio
format handler which is unnecessary because we return the error code
and print the message in the caller anyway.
A new helper, get_file_info(), is introduced to print the diagnostic
messages. Since audio_format_name() is called from this helper,
that function needed to be moved up to avoid a forward declaration.
Andre Noll [Tue, 19 Jul 2016 17:03:15 +0000 (19:03 +0200)]
Make local sockets world-readable.
We already have S_IWOTH, so it's kind of pointless to not permit read
access to the socket special. This patch changes afs.c and audiod.c
to create sockets with mode 666 which was probably intended anyway.
The patch should not cause any compatibility issues since on Linux we
check credentials with SCM_CREDENTIALS while *BSD ignores permissions
for UNIX domain sockets. According to unix(7), portable programs
should not rely on them.
Andre Noll [Sat, 18 Jun 2016 18:25:28 +0000 (20:25 +0200)]
build: Add -Wdeclaration-after-statement.
No code in the tree has declarations after statements, so this
change produces no new warnings. It makes sure, however, that we do
not introduce such declarations in the future. The option was not
enabled only because old gcc versions do not support it. Since we
require gcc-4.2.x or newer these days, we can count on the option
and enable it unconditionally.
Andre Noll [Sun, 26 Jun 2016 13:13:30 +0000 (15:13 +0200)]
test suite: Fail test if para_server could not be started.
In t0004-server.sh, we start the server in daemon mode without checking
the exit code. If it fails to start, there is no point in trying to
run the tests of this file.
Andre Noll [Sun, 3 Jul 2016 08:20:35 +0000 (10:20 +0200)]
Merge branch 'refs/heads/t/i9e'
Started on 2016-03-08, cooking for three months.
* refs/heads/t/i9e:
i9e: Replace assertion with warning.
i9e: Fix compilation on Ubuntu-12.04.
i9e: print warning if keyseq can not be mapped.
i9e: Zero out private pointer on open.
Andre Noll [Sun, 12 Jun 2016 13:36:00 +0000 (15:36 +0200)]
user-list.h: Improve documentation of permission flags.
The documentation of the server_command_permissions enum is a bit
sparse, and doxygen complains about it because the members of the
enumeration are not documented.
The new documentation of the permission flags avoids to talk about
commands because the flags are not only about commands but also about
the per-user permission settings.
Andre Noll [Sun, 12 Jun 2016 10:30:39 +0000 (12:30 +0200)]
write: Improve help text of --writer.
The stated default value applies only to Linux, and is only correct if
alsa is supported. This patch removes the default line for this option
and explains in the help text how the default writer is determined.
Andre Noll [Sun, 27 Mar 2016 02:22:40 +0000 (02:22 +0000)]
Remove explicit uses of _GNU_SOURCE.
The best way to add these flags is to use the autoconf helper
AC_USE_SYSTEM_EXTENSIONS. This macro adds defines to config.h, so we
must include config.h (via para.h) before anything else. The two files
for which this matters are fixed by moving the include directive for
para.h to the top.
The AC_USE_SYSTEM_EXTENSIONS macro was introduced in Autoconf 2.60,
which was released ten years ago. The existing AC_PREREQ([2.61])
check in configure.ac makes sure the macro is defined.
Andre Noll [Sat, 4 Jun 2016 17:39:01 +0000 (19:39 +0200)]
Merge branch 'refs/heads/t/audiod-time-string'
Was cooking for several months.
* refs/heads/t/audiod-time-string:
audiod: Improve get_time_string().
audiod: Force status dump on slot changes.
audiod: Avoid to report 100% time at startup.
audiod: Simplify get_time_string()
Andre Noll [Sun, 27 Mar 2016 03:39:47 +0000 (03:39 +0000)]
play: Print hex representation of key sequence in help.
Some predefined keys of para_play, for example the four cursor keys,
are mapped to key sequences which should not be printed verbatim to
the console in com_help().
This patch introduces get_key_map_seq_safe(), an alternative to
get_key_map_seq() which returns the hexadecimal representation of the
bytes in the sequence of the given key. Single character sequences,
however, are printed verbatim if the character is printable. com_help()
is changed to call get_key_map_seq_safe() instead of get_key_map_seq().
Andre Noll [Wed, 1 Jun 2016 16:59:09 +0000 (18:59 +0200)]
server: Fix --autoplay-delay.
init_vss_task() is called before the scheduler has initialized the
timeval available everywhere through the global now pointer. Hence,
in this function ->now is {0, 0}, and the computed autoplay barrier
will be in the past, effectively making --autoplay-delay a no-op.
Fix this by calling clock_get_realtime() to get the current time.
Andre Noll [Sat, 19 Mar 2016 22:18:50 +0000 (22:18 +0000)]
Remove support for compile-time loglevel.
Setting the compile-time loglevel to a non-default value (i.e.,
greater than zero) results in many compile time warnings due to
unused variables. These are not easy to fix, and the feature isn't
very important anyway. Remove it.
Andre Noll [Sun, 15 May 2016 13:30:20 +0000 (15:30 +0200)]
Merge branch 'refs/heads/t/gui-improvements'
Improved wide-character support and fixes related to signal
handling. This topic branch was cooking in next for two months.
* refs/heads/t/gui-improvements:
gui.c: Constify argument to find_cmd_byname().
gui.c: Improve description of signal task.
gui.c: Remove pointless return statement.
gui.c: Remove silly warning on SIGINT.
gui: Kill process group *before* shutting down curses.
gui.c: Reset terminal on shutdown in external mode.
gui: Avoid bad terminal state with xterm.
gui.c: Constify local variables of add_spaces().
Introduce sanitize_str().
string.c: Simplify and rename wide character helpers.
Andre Noll [Thu, 12 May 2016 18:55:26 +0000 (20:55 +0200)]
build: Insist on m4 being installed.
Unlike stated in the manual, m4 is not an optional package that is
only needed on developer machines to build the html version of the
manual. Rather, the m4 macro processor is an essential requirement
because the gengetopt input files are generated with m4 from their
templates in m4/gengetopt.
This patch moves the documentation item on m4 from the development
section of the manual to the list of required packages for building
the paraslash package. It also adds a check for the m4 executable
to configure.ac to let the generated configure script fail the build
early on systems where m4 is not installed.
Andre Noll [Thu, 28 Apr 2016 19:57:13 +0000 (21:57 +0200)]
wmadec: Fix left shift of negative value.
gcc-6.1 complains about this:
wmadec_filter.c:819:33: warning: left shift of negative value [-Wshift-negative-value]
mult1 = mult * exponents[((-1 << bsize)) >> esize];
The new code still looks wrong because we now shift a negative value
to the right. Moreover, it is not clear that the resulting value
is within array bounds. On the other hand, ffmpeg has the same fix
(commit a48b24e5 in the ffmpeg repository), so..
Andre Noll [Mon, 21 Mar 2016 22:17:22 +0000 (22:17 +0000)]
Constify argument of playlist_open() and change_current_mood().
The only reason these arguments are not const is that we create an
osl object out of it, which contains a non-constant data pointer.
The osl library functions we call here will not touch this memory,
so it's safe to let both functions take a const pointer and cast it at
initialization of the non-constant ->data pointer of struct osl object.
The single caller of each function is activate_mood_or_playlist()
whose argument can now also me made to point to constant memory.
Finally, the arg pointer of com_select_callback() is passed to
activate_mood_or_playlist(), so the variable can be of type const
char * as well.
Andre Noll [Sun, 28 Jun 2015 14:21:23 +0000 (16:21 +0200)]
play.c: Check whether filter ->close() is NULL.
While audiod.c and filter.c test whether ->close is NULL
before they attempt to call the function, play.c calls ->close()
unconditionally. This does not matter because all filters provide the
close method. But it is documented in filter.h that ->close may be
NULL. To avoid future surprises and to be consistent with para_audiod
and para_filter, let's change play.c to check for NULL as well.
Andre Noll [Sat, 26 Mar 2016 22:28:27 +0000 (22:28 +0000)]
blob_get_name_by_id(): Treat id of dummy row as invalid.
If the given id equals the id of the dummy row, the function currently
returns an empty object. This is unfortunate, since blob table users
should not know about the dummy row implementation detail. This patch
makes the function return -E_DUMMY_ROW instead.
In error.h, the E_DUMMY_ROW error code was defined in the section
for mood.c because this file contains the only user of the error
code. With another user in blob.c it seems appropriate to move it to
the blob section instead.
Andre Noll [Sun, 17 Apr 2016 12:32:53 +0000 (14:32 +0200)]
Merge branch 'refs/heads/t/markdown'
The topich branch was started on 2015-12-13, and has been cooking
in next since 2016-01-30. The merge resulted in conflicts for both
files which were easy to resolve.
* refs/heads/t/markdown:
Convert manual and NEWS from grutatxt to markdown.
Andre Noll [Sun, 6 Mar 2016 18:21:19 +0000 (19:21 +0100)]
doc: Remove systemlinux links from documentation.
The systemlinux.org server is still up, but the paraslash web page
just redirects to people.tuebingen.mpg.de, so only mention the latter
in the documentation.
Andre Noll [Sun, 6 Mar 2016 15:43:05 +0000 (16:43 +0100)]
manual: Bump required gcc version to 4.1.
gcc-3 is not good enough any more since it has no support for weak
references, which were introduced half a year ago in commit 9bf6dc2e
(error.h: Never call (para_)strerror() on osl errors).
gcc-3.3 was released in 2003, gcc-4.2 in 2007. It should be OK to
require gcc-4.2 from now on.
Andre Noll [Mon, 4 Apr 2016 22:23:30 +0000 (00:23 +0200)]
Make dates in ls output align nicely again.
Commit 3c978d34 "fixed" a whitespace issue by replacing two consecutive
space characters in a format string by a single space. However,
the duplicated space character actually had a purpose. This commit
re-adds the additional space character and explains through a comment
why it is needed.
Andre Noll [Sat, 2 Apr 2016 15:22:00 +0000 (17:22 +0200)]
afs: Remove incorrect log message.
This was introduced in f8ed713d (com_select() callback: Return negative
on errors.) last year. It is incorrect for two reasons. First, arg
may well be NULL, and second, we might be about to open a mood rather
than a playlist.
Andre Noll [Sun, 10 Apr 2016 21:46:02 +0000 (23:46 +0200)]
Merge branch 'refs/heads/t/attribute_fix'
com_setatt() was broken if more than 32 attributes are defined. The
branch merged in this commit contains a fix for this bug, and a new
test that exercises the code related to attributes.
Was cooking in next for six weeks.
* refs/heads/t/attribute_fix:
manual: Add realpath to list of packages.
Add test that exercises attribute code.
test-lib: Canonicalize test_dir.
attribute: Avoid shifting 32 bit integers.
Andre Noll [Fri, 1 Apr 2016 23:12:08 +0000 (01:12 +0200)]
audiod: Improve get_time_string().
If the stream start time announced by para_server is newer than the
time para_audiod started the receiver, we assume that para_audiod
was started in the middle of an audio stream and adjust the play
time accordingly.
However, the server stream time can also be newer due to clock
differences or network hiccups. This patch changes audiod to apply
the adjustment only if the time difference is large.
Andre Noll [Tue, 22 Dec 2015 23:52:18 +0000 (23:52 +0000)]
udp_send.c: Send EOF packet only once.
Currently this can be sent many times, which is pointless and might
confuse clients. This patch adds a bool member to struct udp_target
to keep track whether the EOF packet has been sent.
Andre Noll [Sat, 2 Apr 2016 00:18:36 +0000 (02:18 +0200)]
NEWS: Re-add download link for current master.
This link on the main page got lost when paraslash-0.5.5 was
released. As explained on the download page, the master branch is
the version people should use, so we should really put back the link.
Andre Noll [Fri, 18 Mar 2016 22:44:15 +0000 (23:44 +0100)]
i9e: Replace assertion with warning.
The assertion in dispatch_key() can easily be triggered with keys
that map to multi-byte sequences. This patch prevents para_play from
aborting when such a key is pressed. It now issues a warning message,
but no longer aborts.
Andre Noll [Tue, 8 Mar 2016 23:25:12 +0000 (00:25 +0100)]
i9e: Fix compilation on Ubuntu-12.04.
Commit c0162946 (i9e: Avoid key binding macros) from half a year
ago broke compilation for readline-6.2, which ships at least with
Ubuntu-12.04. The problem is that c0162946 changed dispatch_key()
to use rl_executing_keyseq, a readline variable that was introduced
in readline-6.3. Compilation fails on systems with readline-6.2 or
older because the variable does not exist.
This patch modifies interactive.c to provide an equivalent of
rl_executing_keyseq and changes dispatch_key() to use this version
instead.
Andre Noll [Tue, 8 Mar 2016 23:23:17 +0000 (00:23 +0100)]
i9e: print warning if keyseq can not be mapped.
In i9e_open() we currently ignore errors from rl_generic_bind(), which
is OK, but we should at least let the user know that the binding
won't work. While at it, call rl_bind_keyseq_in_map() instead of
rl_generic_bind() as the former function provides all we need and
is simpler.
Andre Noll [Tue, 8 Mar 2016 23:21:15 +0000 (00:21 +0100)]
i9e: Zero out private pointer on open.
This should not matter at the moment since i9e_open() is only called
once and the i9e_private structure is static, so it's already zeroed
out by the first time the function is called. But since the ie9 API
is supposed to work across multiple open/close cycles, it seems wise
to be conservative here.
Andre Noll [Fri, 1 Apr 2016 23:33:47 +0000 (01:33 +0200)]
Merge branch 'maint'
A couple of overflow bugs and a aslignment issue, all detected by ubsan. Plus
two unrelated old bugs.
* maint:
client: Fix lsatt completer.
playlist: Do not update score if no playlist is open.
Avoid member access within misaligned address for ancillary data buffer.
mood.c: Avoid overflow in update_quadratic_deviation().
mood.c: Avoid integer underflow.
mood.c: Avoid integer overflow.
Andre Noll [Mon, 7 Mar 2016 15:10:05 +0000 (16:10 +0100)]
mp3_afh: Always create id3v2 tags.
When para_afh is asked to modify the tags of an mp3 file, it looks
at both version 1 and version 2 id3 tags. Currently, if the file
contains only id3v1 tags, para_afh will replace the tag contents but
will not create a version 2 tag. This is unfortunate if the length of
a given tag value exceeds the fixed-size byte limit of id3v1 because
it results in a truncated value and there is no way to specify that
an id3v2 tag should be created (which could store tags of any size).
This commit makes para_afh always write id3v2 tags. This actually
simplifies the code a bit because with this change the v2_tag variable
can never be NULL, allowing to get rid of a conditional.
Andre Noll [Mon, 14 Mar 2016 08:00:28 +0000 (09:00 +0100)]
opus: Make opus_common.[ch] independent of ogg.h.
The only reason opus_common.c includes ogg.h is that struct opus_header
contains a variable of type ogg_uint32_t. By using plain uint32_t
instead we may get rid of the include.
Andre Noll [Mon, 21 Mar 2016 19:51:08 +0000 (19:51 +0000)]
playlist: Do not update score if no playlist is open.
This bug caused the score of the current audio file to be updated
twice in mood mode since both the mood event handler and playlist
event handler honor afs events and update the score.
We fix the bug by moving the check whether a playlist is open to the
top of the playlist event handler, similar to the check in the mood
event handler of mood.c. If no playlist is open, we now return early
from the playlist event handler, ignoring all afs events.
In recv_cred_buffer(), pass_afd() and dispose_fds() the on-stack
ancillary data buffer is not necessarily aligned. The pointer is
cast to struct cmsghdr *, then dereferenced, resulting in undefined
behaviour due to the lack of alignment.
This patch asks the compiler to align the ancillary data buffers.
Andre Noll [Wed, 16 Mar 2016 21:48:54 +0000 (22:48 +0100)]
mood.c: Avoid overflow in update_quadratic_deviation().
The last multiplication of the expression returned can overflow. This
patch replaces the expression by an equivalent one which avoids to
multiply large numbers.
Andre Noll [Tue, 22 Dec 2015 22:28:46 +0000 (22:28 +0000)]
audiod: Avoid to report 100% time at startup.
This teaches get_time_string() to handle the case of zero values for
sss and wstime. These happen to be zero for a short time period when
para_server is changing its audio file.
Andre Noll [Fri, 18 Mar 2016 21:46:02 +0000 (22:46 +0100)]
gui.c: Improve description of signal task.
The comment to the main() function of para_gui contains a short
description of all tasks which are created on startup. The description
of the signal task was somewhat outdated because it referred to
SIGWINCH, which is not responsible for the handling of terminal size
changes any more.
This patch removes the outdated part from the comment and adds an
explanation of the action on SIGUSR1.
Andre Noll [Fri, 18 Mar 2016 21:40:12 +0000 (22:40 +0100)]
gui.c: Remove silly warning on SIGINT.
Sending SIGINT to para_gui has no effect, yet we print a strange
"reset" warning in this case. This patch removes the warning and the
outdated comment which referred to do_select(), a function which was
removed long ago.
Note that (a) we still catch SIGINT, and (b) hitting CTRL+C still
causes the status task to respawn the stat process because CTRL+C
sends SIGINT to the foreground process group, which includes the
stat process.
Andre Noll [Thu, 9 Apr 2015 13:27:16 +0000 (13:27 +0000)]
build: Let man pages depend on git-version.h.
This is necessary to always include the correct version number in
the man pages. For example, if the work tree becomes dirty because
an unrelated file has been modified, the version string changes and
we need to regenerate the man pages.
Andre Noll [Sat, 5 Mar 2016 21:10:32 +0000 (22:10 +0100)]
gui: Kill process group *before* shutting down curses.
Currently we perform shutdown on exit the other way round. Hence the
running external command may interfere with the shutdown of the curses
system. This patch changes die() to first signal the child processes,
then wait for them to terminate. This avoids the race.
Andre Noll [Tue, 15 Mar 2016 19:48:12 +0000 (20:48 +0100)]
mood.c: Avoid integer underflow.
The three variables x, s, n are all of unsigned type, and the
subtraction x - s / n may underflow, resulting in a very large positive
value. This should not matter since we square the difference, but on
the other hand, the underflow can easily be avoided. This patch uses
a temporary variable to do so.
Andre Noll [Tue, 15 Mar 2016 19:41:37 +0000 (20:41 +0100)]
mood.c: Avoid integer overflow.
The quadratic deviation qd can be very large, causing the
multiplication n * qd to overflow. The new code avoids the
multiplication at the cost of two calls to int_sqrt() instead of one.