[nas] NAS 1.9 (stable) is available

Jon Trulson jon at radscan.com
Sat Apr 7 17:49:36 MDT 2007


at the usual places: http://radscan.com/nas.html
                      svn://radscan.com/nas/tags/nas-1.9


    The only changes in this release compared to the last devel release
    (1.8b) is the change of the release number of course, and new html
    versions of the man pages that reflect current reality.

    Thanks to all those who contributed to this release!

    Here is the HISTORY for v1.9:


Version 1.9 (stable) 04/07/2007

     - stable 1.9 release.  No code changes (other than RELEASE) since
       1.8b devel release.

     - In short: Fixes to several DOS attacks that could be carried out
       aginst a nasd server, ANSI'fication of most of the server and
       client code, and significant rework of input and output mixer
       handling in the voxware (OSS) server.

       Read below for more detail on the changes since the last stable
       release (1.8).


     Version 1.8b (devel) 03/25/2007

     - 1.8b devel release.  Final 1.9 in about 2 weeks, barring any
       catastrophes.

     - fix a variety of problems that could result in a denial of
       service by crashing the nasd server.  These attacks were
       researched by Luigi Auriemma, who also provided a description of
       the attacks and an exploit program, 'nasbugs'.

       I have added his emailed report and the test attack code to the
       nas repository in contrib/nasbugs if you are interested.  Thanks
       to Luigi for finding these problems.  It sucked fixing them :)

       Here is a list of the bugs tested as output by the nasbugs
       program:

       1 = accept_att_local buffer overflow through USL connection
       2 = server termination through unexistent ID in AddResource
       3 = bcopy crash caused by integer overflow in ProcAuWriteElement
       4 = invalid memory pointer caused by big num_actions in ProcAuSetElements
       5 = another invalid memory pointer caused by big num_actions in
           ProcAuSetElements
       6 = invalid memory pointer in compileInputs
       7 = exploits bug 3 in read mode (requires something playing on
           the server)
       8 = NULL pointer caused by too much connections

       Note on bug #2, X11 display servers should be vulnerable to a
       DOS of this type as well (causing fatal 'client not in use'
       errors in AddResource()).

       Note on bug #8, the nasd server will not be able to accept
       further client connections when the client table is full, until
       the rejected clients disconnect their end of the socket and the
       neccessary fd's are freed up.  It's better than coring though.

     - set the default open modes for the output audio device to
       write-only, and for the input device, use read-only (already the
       default).

       These can still be changed in the nasd.conf file, if needed.

       Previously, the default was to open the output device
       read-write, causing various issues with different
       hardware/driver configurations.  There is no need to open this
       device read-write anyway.

     - apply patch from Paul Fox, correcting a typo in auvoxware.c

     - apply patch from Erik Auerswald

       "With the attached patch the output and input device can be
       disabled by specifying an empty string as device name. Yes, when
       using an empty string for both devices there will be a NAS
       server that can neither play nor record anything."


     Version 1.8a (devel) 11/27/2006

     - Updated the Amd.h (machine definition file) with modern X11
       (X11R6.8) contents so it can build with Qt and other X11
       software that makes use of X11's Xmd.h header file.  Problem
       reported by Bernard Leak.

     - ANSI'fication of DeleteTypes (dia/resource.c) and NoopDDA.
       Add proper header #includes where needed.

     - patch from Petr Salinge (via Steve McIntyre) adding GNU/kFreeBSD
       support.

     - Patches from Paul Fox:

       - allow the specification of a scaling factor to apply to the
         output gain

       - add a proper return value in auvoxware.c:initMixer()

       - mondo indentification of server/*

     - Applied patches from Stefan Huehner:

       - marks some read-only string and function parameters as 'const
         char*' instead of 'char *'. In addition an unused buffer
         'errfile' from aulog.c was removed.  As the two release.h
         files are generated the NetAudio.tmpl was modified to emit the
         'const char *' declaration.

       - part two of the _.*Const removal patch. Some more defines of
         _.*Const were removed which have been missed by the last patch
         and the interval usage of _.*Const has been simplified to just
         use const.

       - removes more unused defines and functions in server/ .
         Additionally a k&r style function was convertd to ansi c in
         swaprep.c

       - converts more function declarations and their prototypes
         without parameters from () to the (void) form

       - attached patch changes all of the conditional i.e. _AuConst
         definitions to only list const in the externally visible
         header files. This is to preserve compatibility if someone
         uses these definitions while using the libaudio library.

         [JET] The use of AuConst is deprecated (and is probably not
               being used by anyone anyway).

       - removes the defined VENDOR_STRING and VENDOR_RELEASE from
         server/include/site.h as they aren't used in the 3 files
         including site.h.  Additionally the inclusions of site.h was
         removed from server/dia/main.c as none of its defines is used
         in main.c

       - removes the 2 unused functions:

         - server/dia/dispatch.c: void UpdateCurrentTime()
         - server/dia/dixutils.c: TimeStamp ClientTimeToServerTime

           and it changes one more occurence of () to (void).

       - corrects some function declarations by changing () to (void)

       - removes some unsued variables in lib/audio/nameaddr.c and
         and unused function in server/os/utils.c

       - removed some old (and stupid) debug code for AIX: in
         server/os/utils.c there is some code to redirect error logging
         from stderr to and file in tmp on AIXV3. As OpenDebug isn't
         called anywhere this is broken when AIXV3 is
         defined. Additionally this logfile is fixed in /tmp which
         permissions 00777

       - removed the declaration of FreeResource from the opaque.h
         header file. All files which include opaque.h don't use this
         function and this declaration is copied from resource.h

       - corrects several prototypes in resource.[ch] to match the
         actual function definitions inside resource.c

       - patch that modifies the two users of ostruct.h to directly
         include os.h (which includes misc.h) and removes the
         osstruct.h line in config/filelist. If an additional "svn
         remove server/include/osstruct.h" is used we can get rid of
         osstruct.h completely.

       - removes servermd.h. removes the inclusion of servermd.h in 3
         files and its reference in 'config/filelist'.

       - clean up several of the client programs. Mostly adding const
         to parameter/variable declarations. Additionally an unsused
         variable was removed and some prototype in audemo.c were
         fixed.

       - remove some unused variables

       - remove server/include/miscstruct.h

       - various include file cleanups - removing unused
         variables/structures, etc left over from X11.

       - removing old 'const' determination, correcting some proper
         uses of const.  'const' is expected to be supported by your
         compiler.

       - ANSIfication of various NAS components.

       - remove unused portion of X11 server components (fonts, GC's,
         etc).

     - applied patches from Erik Auerswald:

       - Add patch adding a proper 'reset' action to contrib/rc/nasd.

       - a patch that:

         Adds support for a different mixer for the input device to the
         voxware server. Without this patch the mixer device specified
         in the input section of the config file is not used.

         To use the same mixer for input and output just specify the
         same device in the input- and output-section of the config
         file. The empty string "" can be used to specify no mixer
         device for the input- or output-section.  This is documented
         in the nasd.conf man page.

         The outputsection keyword is added to the nasd.conf man page.

         fixed a bug in the support of two devices: If two devices are
         used, and the sample rate of the input device can be changed,
         the wrong sample size would be set by openDevice().

         remove the unused "stereodevs" variable.

         NOTE: Prior to this patch, the mixer device parameter for the
               input section was completely ignored.  The default value
               for this ignored parameter was "/dev/mixer1".

               With this patch, this parameter is honored.  If your
               configuration depends on the input mixer being the same
               as the output mixer, you will need to edit your
               /etc/nas/nasd.conf and set the mixer parameter in the
               inputsection to '/dev/mixer', or to whatever mixer
               device your outputsection is using.

               If your system contains a /dev/mixer1 device (the
               default input mixer device), nasd will now use it.  This
               is a good thing. :)

       - preserve configuration of input device in the voxware server
         when ReleaseDevice is on, and no flow is active.

       - document nasd '-V' option in the man page

       - opening the mixer device should be allowed to fail according
         to http://radscan.com/nas/nas-ml/msg01121.html. But right now
         it may only fail on startup, not when re-opening the audio
         device. The attached patch corrects this issue.

       - adding an option to aupanel to specify the initially
         controlled device.

       - keeping gain and input mode changes consistent between voxware
         server and mixer if possible.

       - changing recording level controls of the voxware server to use
         IGain or RecLev when available and select only the specified
         recording source.

       - fixing MixerInit option of the voxware server.

       - Adding a KeepMixer option (on by default) that causes NAS to
         always keep the mixer device open so it can track external
         changes to mixer settings.

       - patch adding ReInitMixer option that init's the mixer to
         defaults every time nasd re-opens the audio device.

       - patches ANSI'fying the nas clients

       - extending the gainScale functionality to apply to the input
         gain as well.

-- 
Jon Trulson
mailto:jon at radscan.com 
#include <std/disclaimer.h>
"No Kill I" -Horta




More information about the Nas mailing list