xine-ui: fix two buffer overflows found by SSP

From Anon.

Bump PKGREVISION.

4 files changed, 33 insertions, 6 deletions

diff --git a/multimedia/xine-ui/Makefile b/multimedia/xine-ui/Makefile
index 4cdae396e54..40bcf2a0118 100644
--- a/multimedia/xine-ui/Makefile
+++ b/multimedia/xine-ui/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.81 2018/01/01 21:18:46 adam Exp $
+# $NetBSD: Makefile,v 1.82 2018/01/21 18:44:58 wiz Exp $
 
 DISTNAME=		xine-ui-0.99.8
-PKGREVISION=		14
+PKGREVISION=		15
 CATEGORIES=		multimedia
 MASTER_SITES=		${MASTER_SITE_SOURCEFORGE:=xine/}
 EXTRACT_SUFX=		.tar.xz
diff --git a/multimedia/xine-ui/distinfo b/multimedia/xine-ui/distinfo
index 6695271eca7..73d58500582 100644
--- a/multimedia/xine-ui/distinfo
+++ b/multimedia/xine-ui/distinfo
@@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.26 2015/11/03 23:54:34 agc Exp $
+$NetBSD: distinfo,v 1.27 2018/01/21 18:44:58 wiz Exp $
 
 SHA1 (xine-ui-0.99.8.tar.xz) = ffe8e6507a95f92f1e29aa4e3751f4b505e8da1a
 RMD160 (xine-ui-0.99.8.tar.xz) = 5f876d2dd24ab2bec8f1027dee071b8f3f3e76f9
 SHA512 (xine-ui-0.99.8.tar.xz) = a2d11b0c512b9d485e0bbe418b36fb5fd52fe1a9c68cdb865771fc580b30bff513825f3e24ef85a902669c2c1ea8947512dd9abe4c12fdef94b8852cc8588da3
 Size (xine-ui-0.99.8.tar.xz) = 1758372 bytes
 SHA1 (patch-ab) = 93cd824f2b85affb8847d84dd8562ef4bb12f6eb
-SHA1 (patch-aj) = 8030659d18f9a28c0d56a0a95748f070b912f95e
+SHA1 (patch-aj) = faa52c1a42d6053fc03b722286b2021d5508c8ac
 SHA1 (patch-ba) = 58cb4076d7034b252015c51de9260452bf63f37d
 SHA1 (patch-bb) = 2dcc5d1df7d46226f4f2c2a53ff6772bc513bf51
+SHA1 (patch-src_xitk_session__common.c) = 7040122ba6351989226584adb2c16a0d9fee31e6
 SHA1 (patch-zz) = d97dfaf773f5e69c18f6163e7262fdfbd330e5ed
diff --git a/multimedia/xine-ui/patches/patch-aj b/multimedia/xine-ui/patches/patch-aj
index 86dc29ad29a..8e1c8e6c4fd 100644
--- a/multimedia/xine-ui/patches/patch-aj
+++ b/multimedia/xine-ui/patches/patch-aj
@@ -1,9 +1,11 @@
-$NetBSD: patch-aj,v 1.6 2014/05/07 18:44:28 wiz Exp $
+$NetBSD: patch-aj,v 1.7 2018/01/21 18:44:59 wiz Exp $
 
 Support NetBSD and DragonFlyBSD.
 https://bugs.xine-project.org/show_bug.cgi?id=515
 
---- src/xitk/session.c.orig	2010-03-11 09:40:12.000000000 +0000
+Fix buffer overflow
+
+--- src/xitk/session.c.orig	2014-02-25 16:52:58.000000000 +0000
 +++ src/xitk/session.c
 @@ -21,7 +21,7 @@
  /* Largely inspired of xmms control socket stuff */
@@ -14,3 +16,12 @@ https://bugs.xine-project.org/show_bug.cgi?id=515
  #define _XOPEN_SOURCE 500
  #endif
  
+@@ -453,7 +453,7 @@ int init_session(void) {
+     for(i = 0;; i++)	{
+       saddr.un.sun_family = AF_UNIX;
+       
+-      snprintf(saddr.un.sun_path, 108, "%s%s%d", (xine_get_homedir()), "/.xine/session.", i);
++      snprintf(saddr.un.sun_path, sizeof(saddr.un.sun_path), "%s%s%d", (xine_get_homedir()), "/.xine/session.", i);
+       if(!is_remote_running(i)) {
+ 	if((unlink(saddr.un.sun_path) == -1) && errno != ENOENT) {
+ 	  fprintf(stderr, "setup_ctrlsocket(): Failed to unlink %s (Error: %s)", 
diff --git a/multimedia/xine-ui/patches/patch-src_xitk_session__common.c b/multimedia/xine-ui/patches/patch-src_xitk_session__common.c
new file mode 100644
index 00000000000..53c7068dbbf
--- /dev/null
+++ b/multimedia/xine-ui/patches/patch-src_xitk_session__common.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_xitk_session__common.c,v 1.1 2018/01/21 18:44:59 wiz Exp $
+
+Fix buffer overflow
+
+--- src/xitk/session_common.c.orig	2014-02-25 16:52:58.000000000 +0000
++++ src/xitk/session_common.c
+@@ -61,7 +61,7 @@ int connect_to_session(int session) {
+     euid             = geteuid();
+     setuid(euid);
+ 
+-    snprintf(saddr.un.sun_path, 108, "%s%s%d", (xine_get_homedir()), "/.xine/session.", session);
++    snprintf(saddr.un.sun_path, sizeof(saddr.un.sun_path), "%s%s%d", (xine_get_homedir()), "/.xine/session.", session);
+     setreuid(stored_uid, euid);
+ 
+     if((connect(fd,&saddr.sa, sizeof(saddr.un))) != -1) {