summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortron <tron@pkgsrc.org>2004-02-10 09:32:47 +0000
committertron <tron@pkgsrc.org>2004-02-10 09:32:47 +0000
commit436d3eac9a1f7e3a3475dcbbf0db423e8a079c3e (patch)
tree06df136a545df5a02279d20dea4e7e794d8ba50d
parentab1c23c324e5a96043d3b79f8714feb921e88a2e (diff)
downloadpkgsrc-436d3eac9a1f7e3a3475dcbbf0db423e8a079c3e.tar.gz
Fix security vulnerability reported in CAN-2003-0865. Bump package revision
because of this fix.
-rw-r--r--audio/mpg123-esound/Makefile3
-rw-r--r--audio/mpg123-nas/Makefile5
-rw-r--r--audio/mpg123/Makefile4
-rw-r--r--audio/mpg123/distinfo3
-rw-r--r--audio/mpg123/patches/patch-aq25
5 files changed, 33 insertions, 7 deletions
diff --git a/audio/mpg123-esound/Makefile b/audio/mpg123-esound/Makefile
index 076185ee482..c863d69e3d3 100644
--- a/audio/mpg123-esound/Makefile
+++ b/audio/mpg123-esound/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.4 2002/11/28 12:15:49 markd Exp $
+# $NetBSD: Makefile,v 1.5 2004/02/10 09:32:47 tron Exp $
PKGNAME= mpg123-esound-${MPG123_VERSION}
+PKGREVISION= 1
COMMENT= Command-line player for mpeg layer 1, 2 and 3 audio with EsounD
TARGET_SUFFIX= -esd
diff --git a/audio/mpg123-nas/Makefile b/audio/mpg123-nas/Makefile
index 34f0f82e8f6..a5765f2512a 100644
--- a/audio/mpg123-nas/Makefile
+++ b/audio/mpg123-nas/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.6 2004/01/28 12:48:24 xtraeme Exp $
-#
+# $NetBSD: Makefile,v 1.7 2004/02/10 09:32:47 tron Exp $
PKGNAME= mpg123${TARGET_SUFFIX}-${MPG123_VERSION}
-PKGREVISION= 2
+PKGREVISION= 3
COMMENT= Command-line player for mpeg layer 1, 2 and 3 audio with NAS output
TARGET_SUFFIX= -nas
diff --git a/audio/mpg123/Makefile b/audio/mpg123/Makefile
index b92007ff6c7..2f7a9034d09 100644
--- a/audio/mpg123/Makefile
+++ b/audio/mpg123/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2002/06/23 08:45:09 kent Exp $
+# $NetBSD: Makefile,v 1.35 2004/02/10 09:32:47 tron Exp $
PKGNAME= mpg123-${MPG123_VERSION}
-PKGREVISION= 2
+PKGREVISION= 3
COMMENT= Command-line player for mpeg layer 1, 2 and 3 audio
CONFLICTS+= mpg123-nas-[0-9]*
diff --git a/audio/mpg123/distinfo b/audio/mpg123/distinfo
index c82c0eb0c79..ba463379f69 100644
--- a/audio/mpg123/distinfo
+++ b/audio/mpg123/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2003/10/18 11:27:11 grant Exp $
+$NetBSD: distinfo,v 1.16 2004/02/10 09:32:47 tron Exp $
SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493
Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes
@@ -20,3 +20,4 @@ SHA1 (patch-am) = 661c1f95f65145f4e08706eb3f6fe975118a2822
SHA1 (patch-an) = 08917e1825adcfd870bb2c61ae865339da7c45ef
SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304
SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7
+SHA1 (patch-aq) = ea443c1d45d856f360d2ccba3e5e2d058ac65007
diff --git a/audio/mpg123/patches/patch-aq b/audio/mpg123/patches/patch-aq
new file mode 100644
index 00000000000..311269f68b7
--- /dev/null
+++ b/audio/mpg123/patches/patch-aq
@@ -0,0 +1,25 @@
+$NetBSD: patch-aq,v 1.1 2004/02/10 09:32:47 tron Exp $
+
+--- httpget.c.orig Tue Feb 10 10:14:29 2004
++++ httpget.c Tue Feb 10 10:18:07 2004
+@@ -55,11 +55,10 @@
+ #endif
+ int pos = 0;
+
+- while(1) {
++ while(pos < (maxlen - 1)) {
+ if( read(fileno(f),string+pos,1) == 1) {
+ pos++;
+ if(string[pos-1] == '\n') {
+- string[pos] = 0;
+ break;
+ }
+ }
+@@ -78,6 +77,7 @@
+ }
+ #endif
+
++ string[pos] = '\0';
+ }
+
+ void encode64 (char *source,char *destination)