Fix security vulnerability reported in CAN-2003-0865. Bump package revision

because of this fix.

3 files changed, 29 insertions, 3 deletions

diff --git a/audio/mpg123/Makefile b/audio/mpg123/Makefile
index b92007ff6c7..2f7a9034d09 100644
--- a/audio/mpg123/Makefile
+++ b/audio/mpg123/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.34 2002/06/23 08:45:09 kent Exp $
+# $NetBSD: Makefile,v 1.35 2004/02/10 09:32:47 tron Exp $
 
 PKGNAME=	mpg123-${MPG123_VERSION}
-PKGREVISION=	2
+PKGREVISION=	3
 COMMENT=	Command-line player for mpeg layer 1, 2 and 3 audio
 
 CONFLICTS+=	mpg123-nas-[0-9]*
diff --git a/audio/mpg123/distinfo b/audio/mpg123/distinfo
index c82c0eb0c79..ba463379f69 100644
--- a/audio/mpg123/distinfo
+++ b/audio/mpg123/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2003/10/18 11:27:11 grant Exp $
+$NetBSD: distinfo,v 1.16 2004/02/10 09:32:47 tron Exp $
 
 SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493
 Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes
@@ -20,3 +20,4 @@ SHA1 (patch-am) = 661c1f95f65145f4e08706eb3f6fe975118a2822
 SHA1 (patch-an) = 08917e1825adcfd870bb2c61ae865339da7c45ef
 SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304
 SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7
+SHA1 (patch-aq) = ea443c1d45d856f360d2ccba3e5e2d058ac65007
diff --git a/audio/mpg123/patches/patch-aq b/audio/mpg123/patches/patch-aq
new file mode 100644
index 00000000000..311269f68b7
--- /dev/null
+++ b/audio/mpg123/patches/patch-aq
@@ -0,0 +1,25 @@
+$NetBSD: patch-aq,v 1.1 2004/02/10 09:32:47 tron Exp $
+
+--- httpget.c.orig	Tue Feb 10 10:14:29 2004
++++ httpget.c	Tue Feb 10 10:18:07 2004
+@@ -55,11 +55,10 @@
+ #endif
+ 	int pos = 0;
+ 
+-	while(1) {
++	while(pos < (maxlen - 1)) {
+ 		if( read(fileno(f),string+pos,1) == 1) {
+ 			pos++;
+ 			if(string[pos-1] == '\n') {
+-				string[pos] = 0;
+ 				break;
+ 			}
+ 		}
+@@ -78,6 +77,7 @@
+ 	}
+ #endif
+ 
++	string[pos] = '\0';
+ }
+ 
+ void encode64 (char *source,char *destination)