[pkgsrc/trunk]: pkgsrc/audio Fix security vulnerability reported in CAN-2003-...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e41a1ef13b79
branches:  trunk
changeset: 468087:e41a1ef13b79
user:      tron <tron%pkgsrc.org@localhost>
date:      Tue Feb 10 09:32:47 2004 +0000

description:
Fix security vulnerability reported in CAN-2003-0865. Bump package revision
because of this fix.

diffstat:

 audio/mpg123-esound/Makefile  |   3 ++-
 audio/mpg123-nas/Makefile     |   5 ++---
 audio/mpg123/Makefile         |   4 ++--
 audio/mpg123/distinfo         |   3 ++-
 audio/mpg123/patches/patch-aq |  25 +++++++++++++++++++++++++
 5 files changed, 33 insertions(+), 7 deletions(-)

diffs (82 lines):

diff -r a0a1f305d222 -r e41a1ef13b79 audio/mpg123-esound/Makefile
--- a/audio/mpg123-esound/Makefile      Tue Feb 10 09:27:15 2004 +0000
+++ b/audio/mpg123-esound/Makefile      Tue Feb 10 09:32:47 2004 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.4 2002/11/28 12:15:49 markd Exp $
+# $NetBSD: Makefile,v 1.5 2004/02/10 09:32:47 tron Exp $
 
 PKGNAME=       mpg123-esound-${MPG123_VERSION}
+PKGREVISION=   1
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio with EsounD
 
 TARGET_SUFFIX= -esd
diff -r a0a1f305d222 -r e41a1ef13b79 audio/mpg123-nas/Makefile
--- a/audio/mpg123-nas/Makefile Tue Feb 10 09:27:15 2004 +0000
+++ b/audio/mpg123-nas/Makefile Tue Feb 10 09:32:47 2004 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.6 2004/01/28 12:48:24 xtraeme Exp $
-#
+# $NetBSD: Makefile,v 1.7 2004/02/10 09:32:47 tron Exp $
 
 PKGNAME=       mpg123${TARGET_SUFFIX}-${MPG123_VERSION}
-PKGREVISION=   2
+PKGREVISION=   3
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio with NAS output
 
 TARGET_SUFFIX= -nas
diff -r a0a1f305d222 -r e41a1ef13b79 audio/mpg123/Makefile
--- a/audio/mpg123/Makefile     Tue Feb 10 09:27:15 2004 +0000
+++ b/audio/mpg123/Makefile     Tue Feb 10 09:32:47 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2002/06/23 08:45:09 kent Exp $
+# $NetBSD: Makefile,v 1.35 2004/02/10 09:32:47 tron Exp $
 
 PKGNAME=       mpg123-${MPG123_VERSION}
-PKGREVISION=   2
+PKGREVISION=   3
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio
 
 CONFLICTS+=    mpg123-nas-[0-9]*
diff -r a0a1f305d222 -r e41a1ef13b79 audio/mpg123/distinfo
--- a/audio/mpg123/distinfo     Tue Feb 10 09:27:15 2004 +0000
+++ b/audio/mpg123/distinfo     Tue Feb 10 09:32:47 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2003/10/18 11:27:11 grant Exp $
+$NetBSD: distinfo,v 1.16 2004/02/10 09:32:47 tron Exp $
 
 SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493
 Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes
@@ -20,3 +20,4 @@
 SHA1 (patch-an) = 08917e1825adcfd870bb2c61ae865339da7c45ef
 SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304
 SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7
+SHA1 (patch-aq) = ea443c1d45d856f360d2ccba3e5e2d058ac65007
diff -r a0a1f305d222 -r e41a1ef13b79 audio/mpg123/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/mpg123/patches/patch-aq     Tue Feb 10 09:32:47 2004 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-aq,v 1.1 2004/02/10 09:32:47 tron Exp $
+
+--- httpget.c.orig     Tue Feb 10 10:14:29 2004
++++ httpget.c  Tue Feb 10 10:18:07 2004
+@@ -55,11 +55,10 @@
+ #endif
+       int pos = 0;
+ 
+-      while(1) {
++      while(pos < (maxlen - 1)) {
+               if( read(fileno(f),string+pos,1) == 1) {
+                       pos++;
+                       if(string[pos-1] == '\n') {
+-                              string[pos] = 0;
+                               break;
+                       }
+               }
+@@ -78,6 +77,7 @@
+       }
+ #endif
+ 
++      string[pos] = '\0';
+ }
+ 
+ void encode64 (char *source,char *destination)