Andre Noll [Mon, 19 Aug 2024 19:41:23 +0000 (21:41 +0200)]
gui: Kill also child processes of external commands.
When a command is executed as a display command from para_gui, and
the command is interrupted from within para_gui by pressing any key,
para_gui only kills the spawned process but leaves alone its child
processes.
Address this problem by putting the spawned process into a separate
process group so that we can easily kill all processes of the group
by passing the negated PID of the child to kill(2).
In theory, the change in exec.c also affects para_mixer, which executes
para_client and para_audioc. However, para_mixer never kills any of
its child processes.
Andre Noll [Mon, 25 Nov 2024 23:28:53 +0000 (00:28 +0100)]
Fix memory leak in playlist.c.
If the result pointer is NULL. we currently leak one playlist instance
structure (12 bytes on 32 bit, 20 bytes on 64 bit) each time a playlist
is loaded.
Andre Noll [Sun, 1 Dec 2024 16:56:25 +0000 (17:56 +0100)]
Remove the documentation of the maint branch.
paraslash-0.6.5 was the last maintenance release. As of today,
the "maint" branch no longer exists in the git repo, so adjust the
documentation at two places: the user manual and the download page.
Streamline the text a bit, while at it.
Andre Noll [Tue, 17 Sep 2024 15:52:07 +0000 (17:52 +0200)]
Merge topic branch t/openssl-3 into master
The series starts with a few cleanups and crypto-backend tweaks to
beat the openssl specific code into shape for the main objective:
the switch of the RSA encryption and decryption routines to the
high-level EVP API. This has become necessary because the old RSA
API functions have been deprecated in openssl-3.
This merge conflicted against commit a18458cff51c (No longer check
for CRYPTO_cleanup_all_ex_data()). The resolution is to remove the
checks which that commit removed and to add the checks which commit 0485079436ad (openssl: Use the EVP library for RSA public encryption)
of this series introduced.
Cooking for four months.
* refs/heads/t/openssl-3:
openssl: Reactivate openssl warnings.
openssl: Use the EVP library for RSA private decryption.
openssl: Use the EVP library for RSA public encryption.
apc_priv_decrypt: Let the callee allocate the buffer.
apc_pub_encrypt: Let the callee allocate the buffer.
openssl: Assume that openssl allocation functions functions succeed.
openssl: Introduce openssl_perror().
openssl: Don't pass pointers to RSA structures around.
openssl: Kill rsa coefficient computations.
client: Check buffer size returned by apc_priv_decrypt().
Andre Noll [Sat, 8 Sep 2018 10:11:33 +0000 (12:11 +0200)]
New audio formats: 32 bit float (little and big endian).
At least the little endian version seems to be popular these days. It
is only supported by ALSA, however. To check whether a given wave
file employs one of the two SF_FLOAT formats (aka IEEE float) we have
to consult the format code, a 16 bit integer stored at offset 20 of
the wave header which describes the waveform data according to the
table below.
Additional checks are added to check_wav_post_select() which make
sure that the format code is either 1 or 3, and that the number is
compatible with the bits per sample value.
Andre Noll [Sun, 15 Sep 2024 16:23:24 +0000 (18:23 +0200)]
Merge topic branch t/ls-l into master
A single commit which deprecates the chunk table and mbox listing
modes. The chunk table can still be listed with para_afh(1), and the
mbox format was never really useful to begin with. The idea is to
remove support after 0.8.0 has been released.
Cooking for three months.
* refs/heads/t/ls-l:
server: Deprecate -l=c and -l=m of com_ls().
Andre Noll [Fri, 9 Aug 2024 20:53:00 +0000 (22:53 +0200)]
gui: Fix formatting of amp value.
It was observed on a 178 column wide xterm window that for the colorful
blackness theme the amp value shown in the top window of para_gui
wrapped into the subsequent line under some circumstances. Adjust
the corresponding value in gui_theme.c to fix this.
Also add the missing space character to the prefix and fix a whitespace
issue while at it.
Andre Noll [Tue, 10 Sep 2024 13:41:49 +0000 (15:41 +0200)]
Merge topic branch t/btr into master
Some helpers such as btr_get_input_queue_size() are very expensive
if the buffer tree contains many buffers, which is the case for mp3
and aac streams. This is noticeable in particular with para_play,
which spends more time in the btr subsystem than in the mp3 decoder
if the file is large enough. This branch contains a few patches to
improve that.
Cooking for four months.
* refs/heads/t/btr:
btr: Streamline the documentation of buffer_tree.h.
Constify buffer tree API.
btr: Merge buffers on insertion.
btr: Speed up btr_node_status().
Speed up mp3dec filter.
Andre Noll [Wed, 4 Sep 2024 13:49:50 +0000 (15:49 +0200)]
Merge topic branch t/play into master
This small series contains a few minor tweaks for para_play. The most
obvious change is that para_play is no longer built on systems which
lack libreadline.
The merge conflicted badly in configure.ac due to the changes
introduced by the earlier merge of the "built" topic branch. The
resolution needs to modify the non-conflicting Makefile.real to exclude
para_play from the list of executables if libreadline is not present
while the corresponding commit of the "play" topic branch implemented
the logic in configure.ac.
Cooking for a month.
* refs/heads/t/play:
play: Shut down alsa on input EOF.
play: Simplify and improve get_key_map_seq().
play: Remove pointless goto in play_post_monitor().
Return from filter_setup() so callers can reset the terminal.
Let para_play depend on libreadline.
Andre Noll [Thu, 6 Oct 2022 14:11:55 +0000 (16:11 +0200)]
play: Shut down alsa on input EOF.
para_play leaks a lot of memory on exit because we didn't bother
to shut down the alsa subsystem. While this is harmless from the
correctness point of view, it does make it harder to spot real
memory leaks.
Rework the error handling to always shut down alsa via kill_stream().
Combine play_post_monitor() and session_post_monitor() because they
are small enough and the latter was badly named anyway.
Andre Noll [Sun, 25 Jun 2023 12:29:07 +0000 (14:29 +0200)]
play: Simplify and improve get_key_map_seq().
Combine it with get_user_key_map_seq() and replace the NULL check
with an assertion since the condition can never be true here. This
makes gcc's static analyzer happy, which complained about a possible
NULL pointer dereference.
Andre Noll [Wed, 14 Jun 2023 21:15:18 +0000 (23:15 +0200)]
i9e: Clear history on close.
This frees each history entry and the history itself, reducing the
amount of memory leaked by readline applications on exit. Normally,
this should not be used since it leaks the memory associated with the
user defined history data pointer of each entry. However, that's OK
here because the i9e subsystem ignores this feature of the history
library.
Andre Noll [Tue, 20 Aug 2024 20:57:10 +0000 (22:57 +0200)]
Merge topic branch t/build into master
This series simplifies the build system quite a bit. The bulk of the
series consists of the commits which move the logic to construct
the object list of the paraslash executables from configure.ac to
Makefile.real.
Started on 2023-06-21, was cooking for five months.
* refs/heads/t/build:
build: Rename all_objs -> dep_objs.
build: No longer check for CRYPTO_cleanup_all_ex_data().
build: Construct list of executables in Makefile.
build: Construct audioc object list in Makefile.
build: Construct write object list in Makefile.
build: Construct play object list in Makefile.
build: Construct afh object list in Makefile.
build: Construct filter object list in Makefile.
build: Construct recv object list in Makefile.
build: Construct gui object list in Makefile.
build: Construct mixer object list in Makefile.
build: Construct audiod and client object list in Makefile.
build: Construct server and upgrade_db object list in Makefile.
build: Simplify condition for building para_server.
build: Simplify ogg helpers of configure.ac.
build: Remove AUDIOD_AUDIO_FORMATS_ENUM.
build: Remove _errlist in shell variables of configure.ac.
build: yy_src_dir and yy_build_dir can be simply expanded.
build: Remove info about ucred from configure output.
Andre Noll [Wed, 23 Nov 2022 18:21:25 +0000 (19:21 +0100)]
Return from filter_setup() so callers can reset the terminal.
This function of filter_common.c calls exit(3) on errors. This is OK
for para_filter and para_audiod, but not for para_play because there
the function is called after readline has initialized the terminal for
its own use. If the function calls exit(3), the terminal settings are
not reset as they should have been. This can be observed for example
on the attempt to open an mp3 file with an para_play executable that
lacks mp3 support.
This commit changes the function to return an error code instead and
deals with the fallout in the three callers. Although play.c already
had error checking for calls to filter_setup(), it still needs a minor
tweak because we now have to deal with the fact that the filter and
writer node don't exist in eof_cleanup().
Andre Noll [Wed, 5 Oct 2022 18:22:17 +0000 (20:22 +0200)]
Let para_play depend on libreadline.
While para_client and para_audioc are suitable for non-interactive
use, e.g. in scripts, para_play can only be used interactively,
and its non-readline version is barely usable.
Rather than building a crippled version, teach the build and test
systems to skip para_play if the readline library is not installed.
Andre Noll [Mon, 13 May 2024 21:32:52 +0000 (23:32 +0200)]
play.c: Replace NULL check by assertion.
If p is NULL, kma contains no colon, and we should not be here in the
first place. Instead, we should have errored out much earlier in the
command line parser.
Andre Noll [Mon, 13 May 2024 21:25:08 +0000 (23:25 +0200)]
filter_common: Annotate possible NULL pointer confusion.
We know at this point that filter_num is good, so filter_get()
returns non-NULL. But gcc-13's static analyzer does not see this and
warns. The added assertion makes the warning go away and tells the
reader that f == NULL is impossible here.
Andre Noll [Fri, 19 Apr 2024 18:35:02 +0000 (20:35 +0200)]
play: Fix some integer overflows().
If one factor of a product is a chunk number, we need to be careful
with respect to integer overflows. This patch adds casts which force
64 bit arithmetics to avoid that.
The overflows were observed while navigating a ~4 hour mp3 file.
Andre Noll [Wed, 3 May 2023 22:42:06 +0000 (00:42 +0200)]
openssl: Reactivate openssl warnings.
Now that we use the EVP API for RSA if openssl-3 was detected, the
openssl code no longer calls deprecated functions, so turn back on
the warnings for uses of openssl library functions which are marked
as deprecated.
Andre Noll [Mon, 15 May 2023 16:35:30 +0000 (18:35 +0200)]
openssl: Use the EVP library for RSA private decryption.
This is the counterpart of the previous commit which converted the
public RSA encryption. We employ the HAVE_OSSL_PARAM macro again to
distinguish between the openssl-1 and openssl-3 cases.
Andre Noll [Sun, 7 May 2023 15:49:58 +0000 (17:49 +0200)]
openssl: Use the EVP library for RSA public encryption.
Many functions related to RSA have been deprecated in openssl-3. Users
of the deprecated API are expected to switch to the high-level
cryptographic functions of the EVP library which ships together
with openssl.
Since openssl-1.0 is still supported and even openssl-1.1 lacks some
of the features we need for EVP, for example OSSL_PARAM_construct_BN(),
we check for this symbol at configure time and use #ifdefs in openssl.c
to compile the code conditionally depending on the value of the new
HAVE_OSSL_PARAM preprocessor macro. The code should work with both
old and new openssl versions.
apc_get_pubkey() used to call RSA_size() to obtain the key size in
bytes for the return value, but RSA_size() is one of the functions
that got deprecated in openssl-3. So modify read_public_key() to
return the number of bits of the modulus (rather than the constant
one), and use 1/8 of this number as the return value.
Andre Noll [Sun, 7 May 2023 16:01:43 +0000 (18:01 +0200)]
apc_priv_decrypt: Let the callee allocate the buffer.
This complements the previous commit which made the analogous
change for public encryption. Passing char ** instead of char * to
apc_priv_decrypt() allows us to get rid of the magic 1024 constant
in client_common.c.
Andre Noll [Tue, 2 May 2023 21:56:26 +0000 (23:56 +0200)]
apc_pub_encrypt: Let the callee allocate the buffer.
Change the encryption routine of the apc API to allocate a suitably
sized buffer itself. Currently, the caller has to guess the size of the
buffer to pass to the function and we reuse our 4k handshake buffer for
that. While 4k is is plenty at the moment, that may change, and it's
always better to use the exact size if it is readily available. This
is the case here because the required buffer size is just the number
of bits of the modulus of the key.
Andre Noll [Tue, 2 May 2023 19:52:50 +0000 (21:52 +0200)]
openssl: Assume that openssl allocation functions functions succeed.
We do the same thing with malloc() and friends, so replace error
checking by assertions whenever OOM is the only possible error reason.
Also add assertions for EVP_MD_CTX_new(), whose return value was not
checked at all.
Andre Noll [Tue, 2 May 2023 19:16:29 +0000 (21:16 +0200)]
openssl: Introduce openssl_perror().
Openssl has a decent error reporting framework, but we only employ
it if get_random_bytes_or_die() fails. This patch abstracts out a
new helper which prints the error string of the earliest error code
from the thread's error queue. We make the helper return -E_OPENSSL
unconditionally as this simplifies callers a bit.
Only get_random_bytes_or_die() calls the new helper for now but
additional callers will be added in subsequent commits.
Andre Noll [Mon, 1 May 2023 19:43:18 +0000 (21:43 +0200)]
openssl: Don't pass pointers to RSA structures around.
The RSA structure has been made opaque in openssl-3. As a preparation
for not using this structure any more, pass pointers to the containing
asymmetric key structure instead.
Andre Noll [Sun, 7 May 2023 14:40:26 +0000 (16:40 +0200)]
client: Check buffer size returned by apc_priv_decrypt().
The decoded challenge buffer contains the challenge and the two session
keys but nothing else. So we know its size up-front and should fail
the handshake if the size of the rsa-decrypted buffer differs.
Andre Noll [Sun, 28 Apr 2024 22:52:21 +0000 (00:52 +0200)]
Change color of signature and tar icons.
These icons are currently black, which looks nice on the white
background of the releases page. However, all other pages use a black
background, and it would be nice to extend this to the releases page
page as well (by teaching it to honor our para.css file). As a first
step, switch to grey icon colors as these look nice on both a black
and a white background.
Andre Noll [Sun, 28 Apr 2024 21:09:35 +0000 (23:09 +0200)]
manual: Avoid duplicate section headings.
There exist two "Examples" and two "Troubleshooting"
sections. Unfortunately the discount markdown converter is
unable to create a working table of contents section in this
situation: both links of the table of contents jump to the first
Examples/Troubleshooting section.
Andre Noll [Mon, 2 Jan 2023 13:43:42 +0000 (14:43 +0100)]
Constify buffer tree API.
A lot of functions of the buffer tree API don't modify the memory
referenced by the pointers passed. This patch marks these pointer
arguments as constant.
Andre Noll [Fri, 30 Dec 2022 13:09:51 +0000 (14:09 +0100)]
btr: Merge buffers on insertion.
Currently add_btrb_to_children() simply adds the given buffer
reference to the input queue of all children of the given node even
if the newly added buffer reference points memory adjacent to the
previously added buffer.
Since several helpers iterate over all buffer references, performance
suffers, given enough buffer references. So merge buffers when
possible.
Andre Noll [Fri, 30 Dec 2022 13:09:06 +0000 (14:09 +0100)]
btr: Speed up btr_node_status().
Currently we sum up the sizes of all buffers in the input queue just to
determine if the total size exceeds a small threshold. That's silly
and expensive if there are many buffers. Fix that by introducing
a helper which breaks out of the loop as soon as know the answer
because the threshold is exceeded.
Andre Noll [Sun, 28 Apr 2024 19:34:27 +0000 (21:34 +0200)]
manual: Fix local links.
All local links broke after an upgrade of the discount markdown
converter, because this changed the way the anchors of section headings
are encoded. This commit should fix all broken URI fragments.
Andre Noll [Sat, 24 Jun 2023 21:10:09 +0000 (23:10 +0200)]
build: Rename all_objs -> dep_objs.
The old name is misleading since there are additional objects which
correspond to the C files generated by lopsub. Those use different
dependency tracking.
Simplify the code a bit by creating the list in one step.
Andre Noll [Sat, 24 Jun 2023 20:53:32 +0000 (22:53 +0200)]
build: No longer check for CRYPTO_cleanup_all_ex_data().
Recent openssl versions no longer declare this unless the openssl API
compatibility version is set explicitly, in which case it gets defined
as a macro which does nothing. Either way, the check in configure.ac
and the call in openssl.c can go away.
Andre Noll [Sat, 24 Jun 2023 19:36:17 +0000 (21:36 +0200)]
build: Construct list of executables in Makefile.
This is actually easier and removes some duplication as we currently
have two copies of the logic which decides whether or not to build
each executable. We lose the summary output at the end of the configure
output, but that was incomplete anyway.
Andre Noll [Sat, 24 Jun 2023 16:56:05 +0000 (18:56 +0200)]
build: Construct server and upgrade_db object list in Makefile.
Currently configure.ac defines variables for the list of objects of
each executable and exports these via AC_SUBST to Makefile.in. The
lists are then extended and munged further in Makefile.real.
It it easier to construct the lists only in the makefile. So, as
a first step, stop to export the object list of para_server and
para_upgrade_db. Instead, export the variables needed to construct
the list in the makefile.
Andre Noll [Wed, 21 Jun 2023 21:06:09 +0000 (23:06 +0200)]
build: Remove AUDIOD_AUDIO_FORMATS_ENUM.
No code actually refers to the AUDIO_FORMAT_$FOO values of this
enumeration. Its only purpose is to define the number of supported
audio formats (as the last constant of the enum). We may as well
employ ARRAY_SIZE() for that, so kill the enum and remove the loop
from configure.ac which generates it.
The related audio_formats array, which contains the names of the
supported audio formats, is only used in audiod.c, so we can remove
the declaration from audiod.h and make it static.
Andre Noll [Tue, 30 May 2023 22:11:14 +0000 (00:11 +0200)]
Compile with -Wsuggest-attribute=malloc.
We already employ this attribute extensively to help the compiler
improve optimization. However, a few malloc-like functions were not
yet marked with __malloc. Fix that and enable the warning to make
sure that new malloc-like functions get marked.
Since not all supported compilers know about this warning option, we
need to check at compile time whether the option is supported. Thanks
to the existing cc-option make(1) function, this is a simple one-liner
for Makefile.real.
Andre Noll [Tue, 9 May 2023 18:02:09 +0000 (20:02 +0200)]
server: No longer accept "sideband" and "aes_ctr128" features.
Both features are used unconditionally since commit d44413588dd7
(v0.6.3-27) from three years ago when the client stopped to request
the feature. We don't need to support clients older than that any more,
so fail the request if these features are still requested.
Clarify the comment about the sha256 feature while at it.
Andre Noll [Sun, 24 Dec 2023 15:43:04 +0000 (16:43 +0100)]
Merge topic branch t/crypt-cleanups into master
This bunch of mostry trivial changes can be merged early, before the
openssl code is converted to use the EVP API. The topic was cooking
in next for six months.
* refs/heads/t/crypt-cleanups:
openssl: Assign bignums in canonical order.
openssl: Unify naming of public key structures.
openssl: Rename read_private_rsa_params() -> read_openssh_private_key().
openssl: Rename read_rsa_bignums() -> read_public_key().
openssl: Dedox crypt_init().
server: Improve "loading pubkey" log message.
gcrypt: Remove pointless state variable.
client: Reduce line length.
Andre Noll [Sun, 15 Oct 2023 15:54:41 +0000 (17:54 +0200)]
Merge topic branch t/afs-ls-a into master
A new feature for the ls command. Unfortunately, several bugs were
found after the topic graduated to next, so the series contains a few
fixup commits on top of the single patch which implements the feature.
* refs/heads/t/afs-ls-a:
afs: Really fix memory leak in mood_load().
afs: Fix memory leak in mood_load().
playlist: Fix error handling of playlist_load().
server: Fix NULL pointer dereference in com_ls().
Implement ls --admissible=m/foo.
Andre Noll [Mon, 12 Jun 2023 23:14:07 +0000 (01:14 +0200)]
playlist: Fix error handling of playlist_load().
We open a fresh score table if the result pointer is not NULL,
indicating that we are called from com_ls() (with -a=p/foo) rather
than from com_select(). However, if an error occurs afterwards, we
call score_close() unconditionally. This is wrong in the result ==
NULL case (com_select()) because it closes the global score table
which is expected to stay open.
The result is a UAF, which is diagnosed by valgrind as follows:
==4767== Invalid read of size 4
==4767== at 0x408C51E: osl_add_and_get_row (osl.c:1216)
==4767== by 0x408CA99: osl_add_row (osl.c:1348)
==4767== by 0x8060648: score_add (score.c:116)
==4767== by 0x805F08C: add_to_score_table (mood.c:451)
==4767== by 0x805FA3E: mood_load (mood.c:650)
==4767== by 0x8057ECF: activate_mood_or_playlist (afs.c:447)
==4767== by 0x8059637: com_select_callback (afs.c:1005)
Andre Noll [Mon, 12 Jun 2023 16:06:10 +0000 (18:06 +0200)]
server: Fix NULL pointer dereference in com_ls().
The previous commit which extended the -a option of the ls command
to accept an optional argument introduced the following flaw: If the
argument of -a corresponds to the name of a mood for which no files
are admissible, the server crashes due to a NULL pointer dereference
because mood_load() leaves the mood instance pointer uninitialized
although it returns zero, indicating success.
This behaviour of mood_load() contradicts the promises made in
its documentation. Fix mood_load() by not special-casing the "zero
admissible files" case, which even simplifies the code a bit. If all
goes well but no files turn out to be admissible, we now open the
score table anyway and set the mood pointer to the allocated mood as
usual. Since get_statistics() may now be called with zero admissible
files, we have to add a check there before dividing by the number of
admissible files,