summaryrefslogtreecommitdiff
path: root/audio/streamripper
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2007-08-14 21:41:06 +0000
committerdrochner <drochner@pkgsrc.org>2007-08-14 21:41:06 +0000
commit176169c0d10e0c5f3983a7f1a5d14ba6aaa0a822 (patch)
tree41878eb3765a101cbf5757ea43578cdb1f84c215 /audio/streamripper
parent895678fe23e0ad145d8e79e68f58aa4c89184a11 (diff)
downloadpkgsrc-176169c0d10e0c5f3983a7f1a5d14ba6aaa0a822.tar.gz
fix the http header parsing buffer overflow, the same way as done
in 1.62.2, bump PKGREVISION The reason I'm not updating to 1.62.2 yet is that it triggers problems with NetBSD's iconv(3) (WCHAR_T doesn't work), and that it doesn't create id3v1 tags anymore per default which many programs want.
Diffstat (limited to 'audio/streamripper')
-rw-r--r--audio/streamripper/Makefile3
-rw-r--r--audio/streamripper/distinfo3
-rw-r--r--audio/streamripper/patches/patch-ab98
3 files changed, 102 insertions, 2 deletions
diff --git a/audio/streamripper/Makefile b/audio/streamripper/Makefile
index 204012d8fa5..688c3b0bdc1 100644
--- a/audio/streamripper/Makefile
+++ b/audio/streamripper/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.4 2006/12/14 08:09:16 minskim Exp $
+# $NetBSD: Makefile,v 1.5 2007/08/14 21:41:06 drochner Exp $
#
DISTNAME= streamripper-1.61.27
+PKGREVISION= 1
CATEGORIES= audio
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=streamripper/}
diff --git a/audio/streamripper/distinfo b/audio/streamripper/distinfo
index 26b2130eaee..43c036edd7b 100644
--- a/audio/streamripper/distinfo
+++ b/audio/streamripper/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.2 2006/12/12 20:27:15 wiz Exp $
+$NetBSD: distinfo,v 1.3 2007/08/14 21:41:06 drochner Exp $
SHA1 (streamripper-1.61.27.tar.gz) = bdbf0e301c3c783e1f13c2977508afd5076328ad
RMD160 (streamripper-1.61.27.tar.gz) = 14b55b91e3b995515d6978383f9fc618fe92bbcb
Size (streamripper-1.61.27.tar.gz) = 1227559 bytes
SHA1 (patch-aa) = 1150430aa345f78c58d7a207433947a4241ecf29
+SHA1 (patch-ab) = d1fc536498e0216eec469da7f89d4b1712082e0f
diff --git a/audio/streamripper/patches/patch-ab b/audio/streamripper/patches/patch-ab
new file mode 100644
index 00000000000..7ebb04e1878
--- /dev/null
+++ b/audio/streamripper/patches/patch-ab
@@ -0,0 +1,98 @@
+$NetBSD: patch-ab,v 1.1 2007/08/14 21:41:06 drochner Exp $
+
+--- lib/http.c.orig 2006-08-25 04:01:49.000000000 +0200
++++ lib/http.c
+@@ -258,11 +258,11 @@ httplib_construct_page_request (const ch
+
+ /* Return 1 if a match was found, 0 if not found */
+ int
+-extract_header_value (char *header, char *dest, char *match)
++extract_header_value (char *header, char *dest, char *match, int maxlen)
+ {
+ char* start = (char *)strstr(header, match);
+ if (start) {
+- subnstr_until(start+strlen(match), "\n", dest, MAX_ICY_STRING);
++ subnstr_until(start+strlen(match), "\n", dest, maxlen);
+ return 1;
+ } else {
+ return 0;
+@@ -321,24 +321,32 @@ httplib_parse_sc_header (const char *url
+ }
+
+ // read generic headers
+- extract_header_value(header, info->http_location, "Location:");
+- extract_header_value(header, info->server, "Server:");
+- rc = extract_header_value(header, info->icy_name, "icy-name:");
++ extract_header_value(header, info->http_location, "Location:",
++ sizeof(info->http_location));
++ extract_header_value(header, info->server, "Server:",
++ sizeof(info->server));
++ rc = extract_header_value(header, info->icy_name, "icy-name:",
++ sizeof(info->icy_name));
+ if (rc == 0) {
+ /* Icecast 2.0.1 */
+- rc = extract_header_value(header, info->icy_name, "ice-name:");
++ rc = extract_header_value(header, info->icy_name, "ice-name:",
++ sizeof(info->icy_name));
+ }
+ info->have_icy_name = rc;
+- extract_header_value(header, info->icy_url, "icy-url:");
+- rc = extract_header_value(header, stempbr, "icy-br:");
++ extract_header_value(header, info->icy_url, "icy-url:",
++ sizeof(info->icy_url));
++ rc = extract_header_value(header, stempbr,
++ "icy-br:", sizeof(stempbr));
+ if (rc) {
+ info->icy_bitrate = atoi(stempbr);
+ }
+
+ /* interpret the content type from http header */
+- rc = extract_header_value(header, stempbr, "Content-Type:");
++ rc = extract_header_value(header, stempbr,
++ "Content-Type:", sizeof(stempbr));
+ if (rc == 0) {
+- rc = extract_header_value(header, stempbr, "content-type:");
++ rc = extract_header_value(header, stempbr,
++ "content-type:", sizeof(stempbr));
+ }
+ if (rc == 0) {
+ info->content_type = CONTENT_TYPE_UNKNOWN;
+@@ -418,11 +426,15 @@ httplib_parse_sc_header (const char *url
+ }
+
+ // icecast 1.x headers.
+- extract_header_value(header, info->icy_url, "x-audiocast-server-url:");
+- rc = extract_header_value(header, info->icy_name, "x-audiocast-name:");
++ extract_header_value(header, info->icy_url, "x-audiocast-server-url:",
++ sizeof(info->icy_url));
++ rc = extract_header_value(header, info->icy_name, "x-audiocast-name:",
++ sizeof(info->icy_name));
+ info->have_icy_name |= rc;
+- extract_header_value(header, info->icy_genre, "x-audiocast-genre:");
+- rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:");
++ extract_header_value(header, info->icy_genre, "x-audiocast-genre:",
++ sizeof(info->icy_genre));
++ rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:",
++ sizeof(stempbr));
+ if (rc) {
+ info->icy_bitrate = atoi(stempbr);
+ }
+@@ -626,7 +638,8 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_
+ int best_open = 0;
+
+ sprintf (buf1, "File%d=", s);
+- if (!extract_header_value (buf, location_buf, buf1)) {
++ if (!extract_header_value (buf, location_buf, buf1,
++ sizeof(location_buf))) {
+ break;
+ }
+ if (s == 1) {
+@@ -635,7 +648,7 @@ httplib_get_pls (HSOCKET *sock, SR_HTTP_
+ }
+
+ sprintf (buf1, "Title%d=", s);
+- if (!extract_header_value (buf, title_buf, buf1)) {
++ if (!extract_header_value (buf, title_buf, buf1, sizeof(title_buf))) {
+ break;
+ }
+ num_scanned = sscanf (title_buf, "(#%*[0-9] - %d/%d",&used,&total);