Add patch from the MPlayer SVN repository to fix an overflow in the

CDDB code reported in CVE-2007-2948. Bump package revision.

1 files changed, 31 insertions, 0 deletions

diff --git a/multimedia/mplayer-share/patches/patch-ae b/multimedia/mplayer-share/patches/patch-ae
new file mode 100644
index 00000000000..0416ef39e00
--- /dev/null
+++ b/multimedia/mplayer-share/patches/patch-ae
@@ -0,0 +1,31 @@
+$NetBSD: patch-ae,v 1.7 2007/06/07 13:19:54 tron Exp $
+
+--- stream/stream_cddb.c.orig	2006-10-22 23:32:25.000000000 +0100
++++ stream/stream_cddb.c	2007-06-07 13:57:35.000000000 +0100
+@@ -435,7 +435,7 @@
+ 
+ 	switch(status) {
+ 		case 210:
+-			ret = sscanf( http_hdr->body, "%d %s %08lx", &status, category, &disc_id);
++			ret = sscanf( http_hdr->body, "%d %99s %08lx", &status, category, &disc_id);
+ 			if( ret!=3 ) {
+ 				mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+ 				return -1;
+@@ -496,7 +496,7 @@
+ 	ptr++;
+ 	// We have a list of exact/inexact matches, so which one do we use?
+ 	// So let's take the first one.
+-	ret = sscanf(ptr, "%s %08lx %s", cddb_data->category, &(cddb_data->disc_id), album_title);
++	ret = sscanf(ptr, "%99s %08lx %99s", cddb_data->category, &(cddb_data->disc_id), album_title);
+ 	if( ret!=3 ) {
+ 		mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+ 		return -1;
+@@ -533,7 +533,7 @@
+ 	switch(status) {
+ 		case 200:
+ 			// Found exact match
+-			ret = sscanf(http_hdr->body, "%d %s %08lx %s", &status, cddb_data->category, &(cddb_data->disc_id), album_title);
++			ret = sscanf(http_hdr->body, "%d %99s %08lx %99s", &status, cddb_data->category, &(cddb_data->disc_id), album_title);
+ 			if( ret!=4 ) {
+ 				mp_msg(MSGT_DEMUX, MSGL_ERR, MSGTR_ParseError);
+ 				return -1;