fix a stack-based buffer overflow (CVE-2007-6613), patch from upstream,

bump PKGREVISION

2 files changed, 26 insertions, 0 deletions

diff --git a/misc/libcdio/patches/patch-ba b/misc/libcdio/patches/patch-ba
new file mode 100644
index 00000000000..7440ea9cdf3
--- /dev/null
+++ b/misc/libcdio/patches/patch-ba
@@ -0,0 +1,13 @@
+$NetBSD: patch-ba,v 1.1 2008/04/15 12:35:10 drochner Exp $
+
+--- src/cd-info.c.orig	2005-09-18 22:34:02.000000000 +0200
++++ src/cd-info.c
+@@ -510,7 +510,7 @@ print_iso9660_recurse (CdIo_t *p_cdio, c
+       iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
+       char *psz_iso_name = p_statbuf->filename;
+       char _fullname[4096] = { 0, };
+-      char translated_name[MAX_ISONAME+1];
++      char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
+ 
+       if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
+ 	iso9660_name_translate_ext(psz_iso_name, translated_name, 
diff --git a/misc/libcdio/patches/patch-bb b/misc/libcdio/patches/patch-bb
new file mode 100644
index 00000000000..33bb9ab22a6
--- /dev/null
+++ b/misc/libcdio/patches/patch-bb
@@ -0,0 +1,13 @@
+$NetBSD: patch-bb,v 1.1 2008/04/15 12:35:10 drochner Exp $
+
+--- src/iso-info.c.orig	2005-03-18 13:56:00.000000000 +0100
++++ src/iso-info.c
+@@ -199,7 +199,7 @@ print_iso9660_recurse (iso9660_t *p_iso,
+       iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
+       char *psz_iso_name = p_statbuf->filename;
+       char _fullname[4096] = { 0, };
+-      char translated_name[MAX_ISONAME+1];
++      char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
+ 
+       if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
+ 	iso9660_name_translate_ext(psz_iso_name, translated_name,