[pkgsrc/pkgsrc-2003Q4]: pkgsrc/audio/mpg123/patches Pullup security fix to th...

[agc <agc%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ba73f4a5adef
branches:  pkgsrc-2003Q4
changeset: 463739:ba73f4a5adef
user:      agc <agc%pkgsrc.org@localhost>
date:      Tue Feb 10 17:26:34 2004 +0000

description:
Pullup security fix to the pkgsrc-2003Q4 branch, requested by Matthias
Scheler.

        Module Name:    pkgsrc
        Committed By:   tron
        Date:           Tue Feb 10 09:32:47 UTC 2004

        Modified Files:
                pkgsrc/audio/mpg123: Makefile distinfo
                pkgsrc/audio/mpg123-esound: Makefile
                pkgsrc/audio/mpg123-nas: Makefile
        Added Files:
                pkgsrc/audio/mpg123/patches: patch-aq

        Log Message:
        Fix security vulnerability reported in CAN-2003-0865. Bump package revision
        because of this fix.

diffstat:

 audio/mpg123/patches/patch-aq |  25 +++++++++++++++++++++++++
 1 files changed, 25 insertions(+), 0 deletions(-)

diffs (29 lines):

diff -r 3a26aa8800ad -r ba73f4a5adef audio/mpg123/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/mpg123/patches/patch-aq     Tue Feb 10 17:26:34 2004 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-aq,v 1.1.2.2 2004/02/10 17:26:34 agc Exp $
+
+--- httpget.c.orig     Tue Feb 10 10:14:29 2004
++++ httpget.c  Tue Feb 10 10:18:07 2004
+@@ -55,11 +55,10 @@
+ #endif
+       int pos = 0;
+ 
+-      while(1) {
++      while(pos < (maxlen - 1)) {
+               if( read(fileno(f),string+pos,1) == 1) {
+                       pos++;
+                       if(string[pos-1] == '\n') {
+-                              string[pos] = 0;
+                               break;
+                       }
+               }
+@@ -78,6 +77,7 @@
+       }
+ #endif
+ 
++      string[pos] = '\0';
+ }
+ 
+ void encode64 (char *source,char *destination)