[pkgsrc/trunk]: pkgsrc/audio/audacity patch around SA33356: Audacity "String_...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/17934b4fbe04
branches:  trunk
changeset: 553033:17934b4fbe04
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Tue Jan 13 12:38:49 2009 +0000

description:
patch around SA33356: Audacity "String_parse::get_nonspace_quoted()"
 Buffer Overflow
(homegrown patch, might be sufficient or not)
bump PKGREVISION

diffstat:

 audio/audacity/Makefile         |   4 ++--
 audio/audacity/distinfo         |   5 ++++-
 audio/audacity/patches/patch-ba |  24 ++++++++++++++++++++++++
 audio/audacity/patches/patch-bb |  13 +++++++++++++
 audio/audacity/patches/patch-bc |  30 ++++++++++++++++++++++++++++++
 5 files changed, 73 insertions(+), 3 deletions(-)

diffs (108 lines):

diff -r 30617adadf19 -r 17934b4fbe04 audio/audacity/Makefile
--- a/audio/audacity/Makefile   Tue Jan 13 12:13:45 2009 +0000
+++ b/audio/audacity/Makefile   Tue Jan 13 12:38:49 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.58 2008/06/12 02:14:13 joerg Exp $
+# $NetBSD: Makefile,v 1.59 2009/01/13 12:38:49 drochner Exp $
 
 DISTNAME=              audacity-src-1.2.6
-PKGREVISION=           1
+PKGREVISION=           2
 PKGNAME=               ${DISTNAME:S/-src-/-/}
 CATEGORIES=            audio
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=audacity/}
diff -r 30617adadf19 -r 17934b4fbe04 audio/audacity/distinfo
--- a/audio/audacity/distinfo   Tue Jan 13 12:13:45 2009 +0000
+++ b/audio/audacity/distinfo   Tue Jan 13 12:38:49 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2008/03/20 15:58:47 drochner Exp $
+$NetBSD: distinfo,v 1.18 2009/01/13 12:38:49 drochner Exp $
 
 SHA1 (audacity-src-1.2.6.tar.gz) = 1bfdd119fdc09d1aa334aee21d4831ef6e939fce
 RMD160 (audacity-src-1.2.6.tar.gz) = f59ca075ae430a518b77ce2ed08441abe2b67a0c
@@ -16,3 +16,6 @@
 SHA1 (patch-ak) = 5f012eb47c832a8f11bcfbdcaf0ab2e876abd04e
 SHA1 (patch-al) = 224437cc76e1f25d600e859d278ad73bbf261efa
 SHA1 (patch-am) = 3210d8632ee9f5361008277e2c887f24d87205a1
+SHA1 (patch-ba) = c27676c7110bf6ef2fcd448d68402b7bfd21b631
+SHA1 (patch-bb) = 050c6edc0a174e2496ef0b572002eca185bd38de
+SHA1 (patch-bc) = 8a08526c37e025a89a747fa2c7a48668fe797572
diff -r 30617adadf19 -r 17934b4fbe04 audio/audacity/patches/patch-ba
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/audacity/patches/patch-ba   Tue Jan 13 12:38:49 2009 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-ba,v 1.1 2009/01/13 12:38:49 drochner Exp $
+
+--- lib-src/allegro/strparse.cpp.orig  2006-11-15 05:12:11.000000000 +0100
++++ lib-src/allegro/strparse.cpp
+@@ -16,8 +16,9 @@ char String_parse::peek()
+ }
+ 
+ 
+-void String_parse::get_nonspace_quoted(char *field)
++void String_parse::get_nonspace_quoted(char *field, int flen)
+ {
++    char *ofield = field;
+     skip_space();
+     bool quoted = false;
+     if (string[pos] == '"') {
+@@ -25,7 +26,7 @@ void String_parse::get_nonspace_quoted(c
+         *field++ = '"';
+         pos = pos + 1;
+     }
+-    while (string[pos] && (quoted || !isspace(string[pos]))) {
++    while (string[pos] && (quoted || !isspace(string[pos])) && (field - ofield) < (flen - 2)) {
+         if (string[pos] == '"') {
+             if (quoted) {
+                 *field++ = '"';
diff -r 30617adadf19 -r 17934b4fbe04 audio/audacity/patches/patch-bb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/audacity/patches/patch-bb   Tue Jan 13 12:38:49 2009 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-bb,v 1.1 2009/01/13 12:38:49 drochner Exp $
+
+--- lib-src/allegro/strparse.h.orig    2006-11-15 05:12:11.000000000 +0100
++++ lib-src/allegro/strparse.h
+@@ -10,7 +10,7 @@ public:
+     }
+     void skip_space();
+     char peek();
+-    void get_nonspace_quoted(char *field);
++    void get_nonspace_quoted(char *field, int flen);
+ };
+ 
+ void string_escape(char *result, char *str, char *quote);
diff -r 30617adadf19 -r 17934b4fbe04 audio/audacity/patches/patch-bc
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/audacity/patches/patch-bc   Tue Jan 13 12:38:49 2009 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-bc,v 1.1 2009/01/13 12:38:49 drochner Exp $
+
+--- ./lib-src/allegro/allegrord.cpp.orig       2006-11-15 05:12:11.000000000 +0100
++++ ./lib-src/allegro/allegrord.cpp
+@@ -109,10 +109,10 @@ bool Allegro_reader::parse()
+         bool new_note_flag = false;  // "A"-"G" syntax
+         int new_note = 0;
+         Parameters_ptr attributes = NULL;
+-        line_parser.get_nonspace_quoted(field);
++        line_parser.get_nonspace_quoted(field, field_max);
+         char pk = line_parser.peek();
+         if (pk && !isspace(pk)) {
+-            line_parser.get_nonspace_quoted(field + strlen(field));
++            line_parser.get_nonspace_quoted(field + strlen(field), field_max - strlen(field));
+         }
+         while (field[0]) {
+             // print "field", "|";field;"|", "|";line_parser.string;"|", line_parser.pos
+@@ -203,10 +203,10 @@ bool Allegro_reader::parse()
+             if (error_flag) {
+                 field[0] = 0; // exit the loop
+             } else {
+-                line_parser.get_nonspace_quoted(field);
++                line_parser.get_nonspace_quoted(field, field_max);
+                 pk = line_parser.peek();
+                 if (pk && !isspace(pk)) {
+-                    line_parser.get_nonspace_quoted(field + strlen(field));
++                    line_parser.get_nonspace_quoted(field + strlen(field), field_max - strlen(field));
+                 }
+             }
+         }