pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/audio/streamripper add a patch from upstream to fix bu...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a23cd3d0e8b5
branches:  trunk
changeset: 552653:a23cd3d0e8b5
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Wed Jan 07 18:45:54 2009 +0000

description:
add a patch from upstream to fix buffer overflows in the HTML parser
(CVE-2008-4829), bump PKGREVISION

diffstat:

 audio/streamripper/Makefile         |   4 +-
 audio/streamripper/distinfo         |   4 +-
 audio/streamripper/patches/patch-ab |  77 ++++++++++++++++++++++++++++++++++--
 3 files changed, 76 insertions(+), 9 deletions(-)

diffs (138 lines):

diff -r 689eb704bce7 -r a23cd3d0e8b5 audio/streamripper/Makefile
--- a/audio/streamripper/Makefile       Wed Jan 07 16:39:20 2009 +0000
+++ b/audio/streamripper/Makefile       Wed Jan 07 18:45:54 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.6 2008/06/20 01:09:07 joerg Exp $
+# $NetBSD: Makefile,v 1.7 2009/01/07 18:45:54 drochner Exp $
 #
 
 DISTNAME=      streamripper-1.61.27
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    audio
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=streamripper/}
 
diff -r 689eb704bce7 -r a23cd3d0e8b5 audio/streamripper/distinfo
--- a/audio/streamripper/distinfo       Wed Jan 07 16:39:20 2009 +0000
+++ b/audio/streamripper/distinfo       Wed Jan 07 18:45:54 2009 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.3 2007/08/14 21:41:06 drochner Exp $
+$NetBSD: distinfo,v 1.4 2009/01/07 18:45:54 drochner Exp $
 
 SHA1 (streamripper-1.61.27.tar.gz) = bdbf0e301c3c783e1f13c2977508afd5076328ad
 RMD160 (streamripper-1.61.27.tar.gz) = 14b55b91e3b995515d6978383f9fc618fe92bbcb
 Size (streamripper-1.61.27.tar.gz) = 1227559 bytes
 SHA1 (patch-aa) = 1150430aa345f78c58d7a207433947a4241ecf29
-SHA1 (patch-ab) = d1fc536498e0216eec469da7f89d4b1712082e0f
+SHA1 (patch-ab) = dbcdf5e2c03f4c2b2b63f23026347d15bb452c5c
diff -r 689eb704bce7 -r a23cd3d0e8b5 audio/streamripper/patches/patch-ab
--- a/audio/streamripper/patches/patch-ab       Wed Jan 07 16:39:20 2009 +0000
+++ b/audio/streamripper/patches/patch-ab       Wed Jan 07 18:45:54 2009 +0000
@@ -1,7 +1,32 @@
-$NetBSD: patch-ab,v 1.1 2007/08/14 21:41:06 drochner Exp $
+$NetBSD: patch-ab,v 1.2 2009/01/07 18:45:54 drochner Exp $
 
---- lib/http.c.orig    2006-08-25 04:01:49.000000000 +0200
+--- lib/http.c.orig    2009-01-07 18:27:06.000000000 +0100
 +++ lib/http.c
+@@ -115,7 +115,7 @@ httplib_parse_url(const char *url, URLIN
+ 
+     /* search for a login '@' token */
+     if (strchr(url, '@') != NULL) {
+-      ret = sscanf(url, "%[^:]:%[^@]", urlinfo->username, urlinfo->password);
++      ret = sscanf(url, "%1023[^:]:%1023[^@]", urlinfo->username, urlinfo->password);
+ #if defined (commentout)
+       if (ret < 2) return SR_ERROR_PARSE_FAILURE;
+ #endif
+@@ -132,13 +132,13 @@ httplib_parse_url(const char *url, URLIN
+ 
+     /* search for a port seperator */
+     if (strchr(url, ':') != NULL) {
+-      ret = sscanf(url, "%[^:]:%hu/%s", urlinfo->host, 
++      ret = sscanf(url, "%511[^:]:%hu/%252s", urlinfo->host, 
+                    (short unsigned int*)&urlinfo->port, urlinfo->path+1);
+       if (urlinfo->port < 1) return SR_ERROR_PARSE_FAILURE;
+       ret -= 1;
+     } else {
+       urlinfo->port = 80;
+-      ret = sscanf(url, "%[^/]/%s", urlinfo->host, urlinfo->path+1);
++      ret = sscanf(url, "%511[^/]/%252s", urlinfo->host, urlinfo->path+1);
+     }
+     if (ret < 1) return SR_ERROR_INVALID_URL;
+ 
 @@ -258,11 +258,11 @@ httplib_construct_page_request (const ch
  
  /* Return 1 if a match was found, 0 if not found */
@@ -57,7 +82,15 @@
      }
      if (rc == 0) {
        info->content_type = CONTENT_TYPE_UNKNOWN;
-@@ -418,11 +426,15 @@ httplib_parse_sc_header (const char *url
+@@ -407,6 +415,7 @@ httplib_parse_sc_header (const char *url
+           info->content_type = content_type_by_url;
+       }
+     }
++
+     // Check for Icecast 1
+     else if ((start = (char *)strstr(header, "icecast")) != NULL) {
+       if (!info->server[0]) {
+@@ -418,19 +427,19 @@ httplib_parse_sc_header (const char *url
        }
  
        // icecast 1.x headers.
@@ -77,7 +110,15 @@
        if (rc) {
            info->icy_bitrate = atoi(stempbr);
        }
-@@ -626,7 +638,8 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_
+     }
+-    // WTF is Zwitterion?
+-    else if ((start = (char *)strstr(header, "Zwitterion v")) != NULL) {
+-      sscanf(start, "%[^<]<", info->server);
+-    }
+ 
+     /* Last chance to deduce content type */
+     if (info->content_type == CONTENT_TYPE_UNKNOWN) {
+@@ -626,16 +635,17 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_
        int best_open = 0;
  
        sprintf (buf1, "File%d=", s);
@@ -87,7 +128,9 @@
            break;
        }
        if (s == 1) {
-@@ -635,7 +648,7 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_
+-          strcpy (info->http_location, location_buf);
++          sr_strncpy (info->http_location, location_buf, MAX_HOST_LEN);
+           rc = SR_SUCCESS;
        }
        
        sprintf (buf1, "Title%d=", s);
@@ -96,3 +139,27 @@
            break;
        }
        num_scanned = sscanf (title_buf, "(#%*[0-9] - %d/%d",&used,&total);
+@@ -644,12 +654,12 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_
+       }
+       open = total - used;
+       if (open > best_open) {
+-          strcpy (info->http_location, location_buf);
++          sr_strncpy (info->http_location, location_buf, MAX_HOST_LEN);
+           best_open = open;
+       }
+     }
+ 
+-    strcpy (info->http_location, location_buf);
++    sr_strncpy (info->http_location, location_buf, MAX_HOST_LEN);
+ 
+     return rc;
+ }
+@@ -689,7 +699,7 @@ httplib_get_m3u (HSOCKET *sock, SR_HTTP_
+       if (len > 4 && !strcmp (&p[len-4], ".mp3")) {
+           continue;
+       }
+-      strcpy (info->http_location, p);
++      sr_strncpy (info->http_location, p, MAX_HOST_LEN);
+       debug_printf ("Redirecting from M3U to: %s\n", p);
+       return SR_SUCCESS;
+     }



Home | Main Index | Thread Index | Old Index