Pullup ticket 448 - requested by Lubomir Sedlacik

security fix for gnome-vfs

Revisions pulled up:
- pkgsrc/sysutils/gnome-vfs/Makefile		1.47
- pkgsrc/sysutils/gnome-vfs/buildlink3.mk	1.8
- pkgsrc/sysutils/gnome-vfs/distinfo		1.16
- pkgsrc/sysutils/gnome-vfs/patches/patch-aa	1.7


    Module Name:    pkgsrc
    Committed By:   rh
    Date:           Fri Apr 15 02:09:27 UTC 2005

    Modified Files:
            pkgsrc/sysutils/gnome-vfs: Makefile buildlink3.mk distinfo
    Added Files:
            pkgsrc/sysutils/gnome-vfs/patches: patch-aa

    Log Message:
    Patch remote code execution security hole pointed out in advisory at
    http://secunia.com/advisories/14877/
    Bump PKGREVISION
    Set BUILDLINK_RECOMMENDED to gnome-vfs>=1.0.5nb8

4 files changed, 20 insertions, 5 deletions

diff --git a/sysutils/gnome-vfs/Makefile b/sysutils/gnome-vfs/Makefile
index d8d2497c62a..3d84af1bae3 100644
--- a/sysutils/gnome-vfs/Makefile
+++ b/sysutils/gnome-vfs/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.45 2004/11/30 18:26:40 wiz Exp $
+# $NetBSD: Makefile,v 1.45.4.1 2005/04/16 19:32:17 snj Exp $
 
 DISTNAME=		gnome-vfs-1.0.5
-PKGREVISION=		7
+PKGREVISION=		8
 CATEGORIES=		sysutils gnome
 MASTER_SITES=		${MASTER_SITE_GNOME:=sources/gnome-vfs/1.0/}
 
diff --git a/sysutils/gnome-vfs/buildlink3.mk b/sysutils/gnome-vfs/buildlink3.mk
index 645416302e4..c8324704d12 100644
--- a/sysutils/gnome-vfs/buildlink3.mk
+++ b/sysutils/gnome-vfs/buildlink3.mk
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.7 2004/11/30 18:26:40 wiz Exp $
+# $NetBSD: buildlink3.mk,v 1.7.4.1 2005/04/16 19:32:17 snj Exp $
 
 BUILDLINK_DEPTH:=		${BUILDLINK_DEPTH}+
 GNOME_VFS_BUILDLINK3_MK:=	${GNOME_VFS_BUILDLINK3_MK}+
@@ -11,7 +11,8 @@ BUILDLINK_PACKAGES:=	${BUILDLINK_PACKAGES:Ngnome-vfs}
 BUILDLINK_PACKAGES+=	gnome-vfs
 
 .if !empty(GNOME_VFS_BUILDLINK3_MK:M+)
-BUILDLINK_DEPENDS.gnome-vfs+=	gnome-vfs>=1.0.5nb7
+BUILDLINK_DEPENDS.gnome-vfs+=		gnome-vfs>=1.0.5nb7
+BUILDLINK_RECOMMENDED.gnome-vfs+=	gnome-vfs>=1.0.5nb8
 BUILDLINK_PKGSRCDIR.gnome-vfs?=	../../sysutils/gnome-vfs
 .endif	# GNOME_VFS_BUILDLINK3_MK
 
diff --git a/sysutils/gnome-vfs/distinfo b/sysutils/gnome-vfs/distinfo
index c5e986689f5..1b84157357f 100644
--- a/sysutils/gnome-vfs/distinfo
+++ b/sysutils/gnome-vfs/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.15 2005/02/24 13:40:53 agc Exp $
+$NetBSD: distinfo,v 1.15.2.1 2005/04/16 19:32:17 snj Exp $
 
 SHA1 (gnome-vfs-1.0.5.tar.gz) = 41156323969d44e3f14ce481b81bfdb5d1deba49
 RMD160 (gnome-vfs-1.0.5.tar.gz) = 76fbf8e590e41d2cac39faef9edc85e2df02c21a
 Size (gnome-vfs-1.0.5.tar.gz) = 1048954 bytes
+SHA1 (patch-aa) = 9bb8ed4b9fbab1ff21d86b3d1e297cb89544137b
 SHA1 (patch-ab) = 6d038601f881185f8a4c55a604f7baccb8693ffe
 SHA1 (patch-ac) = 4da6d9b46d059710dcd8248dd9d23cb79e5253e1
 SHA1 (patch-ae) = a0906ba19a6953aca3b173f03fb1b2d9bf742a09
diff --git a/sysutils/gnome-vfs/patches/patch-aa b/sysutils/gnome-vfs/patches/patch-aa
new file mode 100644
index 00000000000..dc822e7f3d7
--- /dev/null
+++ b/sysutils/gnome-vfs/patches/patch-aa
@@ -0,0 +1,13 @@
+$NetBSD: patch-aa,v 1.6.12.1 2005/04/16 19:32:17 snj Exp $
+
+--- modules/cdda-cddb.c.orig	2001-03-16 12:44:25.000000000 +1000
++++ modules/cdda-cddb.c
+@@ -339,7 +339,7 @@ CDDBDoQuery (cdrom_drive *cd_desc, CDDBS
+     query->query_match=MATCH_INEXACT;
+     query->query_matches=0;
+ 
+-    while(!CDDBReadLine(socket,inbuffer,256)) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && !CDDBReadLine(socket,inbuffer,256)) {
+       query->query_list[query->query_matches].list_genre=
+ 	CDDBGenreValue(ChopWhite(strtok(inbuffer," ")));
+