fix stack overflow, see http://www.open-security.org/advisories/6

(patch from xine CVS)
bump PKGREVISION

3 files changed, 62 insertions, 2 deletions

diff --git a/multimedia/xine-lib/Makefile b/multimedia/xine-lib/Makefile
index 77a0537f35b..6cc21f4b5d9 100644
--- a/multimedia/xine-lib/Makefile
+++ b/multimedia/xine-lib/Makefile
@@ -1,8 +1,10 @@
-# $NetBSD: Makefile,v 1.11 2004/06/21 15:55:54 drochner Exp $
+# $NetBSD: Makefile,v 1.12 2004/08/10 11:24:46 drochner Exp $
 #
 
 .include "Makefile.common"
 
+PKGREVISION=	1
+
 .if ${MACHINE_ARCH} == "i386"
 DEPENDS+=       	win32-codecs>=011227:../../multimedia/win32-codecs
 PLIST_SUBST+=		I386=""
diff --git a/multimedia/xine-lib/distinfo b/multimedia/xine-lib/distinfo
index 1e14d696b24..1bedcf44ca1 100644
--- a/multimedia/xine-lib/distinfo
+++ b/multimedia/xine-lib/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.7 2004/08/02 19:09:45 shannonjr Exp $
+$NetBSD: distinfo,v 1.8 2004/08/10 11:24:46 drochner Exp $
 
 SHA1 (xine-lib-1-rc5.tar.gz) = b38aa71ab717ba04f03591d1d003da4ce23ed1cf
 Size (xine-lib-1-rc5.tar.gz) = 7052663 bytes
@@ -21,3 +21,4 @@ SHA1 (patch-at) = b43d07b20f209a31df454620673a21f174550cf9
 SHA1 (patch-au) = 569ac1d00402eb3679bf99f0afe5832f425b3b0e
 SHA1 (patch-av) = 56f462e6091a72e87544ece689557d60fbb749aa
 SHA1 (patch-aw) = 748feea39a7c41f40e56f463dde9186430c2a74f
+SHA1 (patch-ba) = 82b69dd37c287a23efb9b80188e47cb1d97cb359
diff --git a/multimedia/xine-lib/patches/patch-ba b/multimedia/xine-lib/patches/patch-ba
new file mode 100644
index 00000000000..49e22f18e69
--- /dev/null
+++ b/multimedia/xine-lib/patches/patch-ba
@@ -0,0 +1,57 @@
+$NetBSD: patch-ba,v 1.1 2004/08/10 11:24:46 drochner Exp $
+
+--- src/input/vcd/xineplug_inp_vcd.c.orig	2004-06-13 23:28:56.000000000 +0200
++++ src/input/vcd/xineplug_inp_vcd.c
+@@ -48,6 +48,7 @@
+ #define SHORT_PLUGIN_NAME "VCD"
+ #define MRL_PREFIX "vcd://"
+ #define MRL_PREFIX_LEN strlen(MRL_PREFIX)
++#define MRL_MAX_LEN 1024
+ 
+ #define xine_config_entry_t xine_cfg_entry_t
+ 
+@@ -474,7 +475,7 @@ vcd_parse_mrl(/*in*/ const char *default
+     return false;
+   }
+ 
+-  count = sscanf (p, "%[^@]@%1[EePpSsTt]%u", 
++  count = sscanf (p, "%1024[^@]@%1[EePpSsTt]%u", 
+ 		  device_str, type_str, &num);
+   itemid->num = num;
+   
+@@ -498,7 +499,7 @@ vcd_parse_mrl(/*in*/ const char *default
+     {
+       /* No device/file given, so use the default device and try again. */
+       if (NULL == default_vcd_device) return false;
+-      strcpy(device_str, default_vcd_device);
++      strncpy(device_str, default_vcd_device, MRL_MAX_LEN);
+       if (p[0] == '@') p++;
+       count = sscanf (p, "%1[EePpSsTt]%u", type_str, &num);
+       type_str[0] = toupper(type_str[0]);
+@@ -790,7 +791,7 @@ static xine_mrl_t **
+ vcd_class_get_dir (input_class_t *this_gen, const char *filename, 
+                     int *num_files) {
+ 
+-  char             intended_vcd_device[1024]="";
++  char             intended_vcd_device[MRL_MAX_LEN+1]="";
+   vcdinfo_itemid_t itemid;
+ 
+   vcd_input_class_t *class = (vcd_input_class_t *) this_gen;
+@@ -922,7 +923,7 @@ vcd_class_get_description (input_class_t
+ static char *
+ vcd_class_get_identifier (input_class_t *this_gen) {
+   dbg_print((INPUT_DBG_CALL|INPUT_DBG_EXT), "called\n");
+-  return SHORT_PLUGIN_NAME;
++  return strdup(SHORT_PLUGIN_NAME);
+ }
+ 
+ /* 
+@@ -1452,7 +1453,7 @@ vcd_class_get_instance (input_class_t *c
+ {
+   vcd_input_class_t  *class = (vcd_input_class_t *) class_gen;
+ 
+-  char intended_vcd_device[1024]="";
++  char intended_vcd_device[MRL_MAX_LEN+1]="";
+   vcdinfo_itemid_t itemid;
+   char *check_mrl=NULL;
+   bool used_default;