From 301abac0c1ca55e591b5afc53bf332cda294da19 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Sun, 4 Dec 2016 20:13:37 +0100 Subject: [PATCH 1/6] LogInit: initialize out_fd properly to avoid closing stdin --- src/LogInit.cxx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/LogInit.cxx b/src/LogInit.cxx index 117c6d8dc..3cd5da0a1 100644 --- a/src/LogInit.cxx +++ b/src/LogInit.cxx @@ -51,7 +51,7 @@ static constexpr Domain log_domain("log"); #ifndef ANDROID -static int out_fd; +static int out_fd = -1; static AllocatedPath out_path = AllocatedPath::Null(); static void redirect_logs(int fd) From 31d9aebf0b6bbc33c71420e7d4706233a5887d24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20B?= Date: Tue, 11 Aug 2015 18:58:34 +0200 Subject: [PATCH 2/6] systemd: also disable mpd.socket when disabling mpd.service e.g. when running 'update-rc.d mpd disable' --- systemd/mpd.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/systemd/mpd.service.in b/systemd/mpd.service.in index 0e8eb84ba..545c94159 100644 --- a/systemd/mpd.service.in +++ b/systemd/mpd.service.in @@ -11,3 +11,4 @@ LimitRTTIME=infinity [Install] WantedBy=multi-user.target +Also=mpd.socket From 54d5d9d1ccb5c91ba9521918c5261758e8a294fb Mon Sep 17 00:00:00 2001 From: Florian Schlichting Date: Tue, 11 Aug 2015 19:00:21 +0200 Subject: [PATCH 3/6] systemd: protect /usr when running under systemd --- systemd/mpd.service.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/systemd/mpd.service.in b/systemd/mpd.service.in index 545c94159..c02f55e8d 100644 --- a/systemd/mpd.service.in +++ b/systemd/mpd.service.in @@ -9,6 +9,9 @@ ExecStart=@prefix@/bin/mpd --no-daemon LimitRTPRIO=50 LimitRTTIME=infinity +# disallow writing to /usr, /bin, /sbin, ... +ProtectSystem=yes + [Install] WantedBy=multi-user.target Also=mpd.socket From e3237f057dac679a5f2dd4fe6d020e98a5dfab44 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 9 Dec 2016 10:36:02 +0100 Subject: [PATCH 4/6] systemd: more paranoid security settings --- NEWS | 1 + systemd/mpd.service.in | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/NEWS b/NEWS index f426c29cb..28ba89c4d 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,7 @@ ver 0.19.20 (not yet released) * output - winmm: fix 8 bit playback * fix gcc 7.0 -Wimplicit-fallthrough +* systemd: paranoid security settings ver 0.19.19 (2016/08/23) * decoder diff --git a/systemd/mpd.service.in b/systemd/mpd.service.in index c02f55e8d..250ab521c 100644 --- a/systemd/mpd.service.in +++ b/systemd/mpd.service.in @@ -12,6 +12,15 @@ LimitRTTIME=infinity # disallow writing to /usr, /bin, /sbin, ... ProtectSystem=yes +# more paranoid security settings +NoNewPrivileges=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +# AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh* +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK +RestrictNamespaces=yes + [Install] WantedBy=multi-user.target Also=mpd.socket From e7353ec7e7d15848ef021b0975b74034e7ed62e9 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 9 Dec 2016 13:02:26 +0100 Subject: [PATCH 5/6] Queue: "setprio" re-enqueues old song if priority has been raised This commit changes a minor queue priority design to something which makes a little bit more sense. Previously, a song that had already been played would only be re-enqueued if its priority had just been raised above the current song's. This means that if it was already above, it was not re-enqueued. That is a surprising behavior, because users expect a song to be played when its priority is raised. Now the song is always re-enqueued if its priority is raised (and above the current song's - no matter if it has already been above before). https://bugs.musicpd.org/view.php?id=4592 --- NEWS | 2 ++ src/queue/Queue.cxx | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 28ba89c4d..4fcedd287 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,6 @@ ver 0.19.20 (not yet released) +* protocol + - "setprio" re-enqueues old song if priority has been raised * decoder - ffmpeg: ignore empty packets - pcm: fix corruption bug with partial frames (after short read) diff --git a/src/queue/Queue.cxx b/src/queue/Queue.cxx index 99b545ab1..2011b2c13 100644 --- a/src/queue/Queue.cxx +++ b/src/queue/Queue.cxx @@ -426,14 +426,15 @@ Queue::SetPriority(unsigned position, uint8_t priority, int after_order) if (_order < (unsigned)after_order) { /* the specified song has been played already - - enqueue it only if its priority has just - become bigger than the current one's */ + - enqueue it only if its priority has been + increased and is now bigger than the + current one's */ const unsigned after_position = OrderToPosition(after_order); const Item *after_item = &items[after_position]; - if (old_priority > after_item->priority || + if (priority <= old_priority || priority <= after_item->priority) /* priority hasn't become bigger */ return true; From fef45d469c104934635ee7791ce7dced454e8f52 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 9 Dec 2016 20:02:07 +0100 Subject: [PATCH 6/6] release v0.19.20 --- NEWS | 2 +- configure.ac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 4fcedd287..6285a3312 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -ver 0.19.20 (not yet released) +ver 0.19.20 (2016/12/09) * protocol - "setprio" re-enqueues old song if priority has been raised * decoder diff --git a/configure.ac b/configure.ac index 8adaa4c23..67e4fd502 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ AC_PREREQ(2.60) -AC_INIT(mpd, 0.19.19, musicpd-dev-team@lists.sourceforge.net) +AC_INIT(mpd, 0.19.20, musicpd-dev-team@lists.sourceforge.net) VERSION_MAJOR=0 VERSION_MINOR=19