From a54d1f643d158cc2b9ccaa1bb18e17226cf7f6e4 Mon Sep 17 00:00:00 2001
From: drochner <drochner@pkgsrc.org>
Date: Fri, 21 Nov 2008 10:38:19 +0000
Subject: fixa possible heap overflow due to wrong buffer length check
 (CVE-2008-5030), from Debian, bump PKGREVISION

---
 audio/libcdaudio/Makefile         |  4 ++--
 audio/libcdaudio/distinfo         |  4 ++--
 audio/libcdaudio/patches/patch-ac | 13 +++++++++++--
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/audio/libcdaudio/Makefile b/audio/libcdaudio/Makefile
index 336dd9da617..c58f1157b44 100644
--- a/audio/libcdaudio/Makefile
+++ b/audio/libcdaudio/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.29 2008/07/14 12:55:56 joerg Exp $
+# $NetBSD: Makefile,v 1.30 2008/11/21 10:38:19 drochner Exp $
 
 DISTNAME=	libcdaudio-0.99.12
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	audio
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libcdaudio/}
 
diff --git a/audio/libcdaudio/distinfo b/audio/libcdaudio/distinfo
index 9132a33852b..d293353b43f 100644
--- a/audio/libcdaudio/distinfo
+++ b/audio/libcdaudio/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.12 2005/09/06 08:10:57 abs Exp $
+$NetBSD: distinfo,v 1.13 2008/11/21 10:38:19 drochner Exp $
 
 SHA1 (libcdaudio-0.99.12.tar.gz) = 1862d3f387634a216faa867164d840b6f5552294
 RMD160 (libcdaudio-0.99.12.tar.gz) = 57f7446db6c65c968eb58a9404652718d6517b74
 Size (libcdaudio-0.99.12.tar.gz) = 357150 bytes
 SHA1 (patch-aa) = f7cf7d430917e6860fb43529cb349d358890f7a4
 SHA1 (patch-ab) = 9df8c234de3cb5a6b262fae093e430e471afa1f0
-SHA1 (patch-ac) = 073ceed3794fbd889b0efec49cd2dfe63c7fda07
+SHA1 (patch-ac) = a67d2b7ea503c4d696a05024d46f8a895c47051b
diff --git a/audio/libcdaudio/patches/patch-ac b/audio/libcdaudio/patches/patch-ac
index ccfc506a413..faa9ed6e1dd 100644
--- a/audio/libcdaudio/patches/patch-ac
+++ b/audio/libcdaudio/patches/patch-ac
@@ -1,6 +1,6 @@
-$NetBSD: patch-ac,v 1.1 2005/04/15 01:50:57 rh Exp $
+$NetBSD: patch-ac,v 1.2 2008/11/21 10:38:19 drochner Exp $
 
---- src/cddb.c.orig	2004-09-09 11:26:39.000000000 +1000
+--- src/cddb.c.orig	2004-09-09 03:26:39.000000000 +0200
 +++ src/cddb.c
 @@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock,
      }
@@ -11,3 +11,12 @@ $NetBSD: patch-ac,v 1.1 2005/04/15 01:50:57 rh Exp $
        slashed = 0;
        if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
  	index = 0;
+@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct 
+       free(file);
+ 	 
+       while(!feof(cddb_data)) {
+-	fgets(inbuffer, 512, cddb_data);			   
++	fgets(inbuffer, 256, cddb_data);			   
+ 	cddb_process_line(inbuffer, data);
+       }
+ 	 
-- 
cgit v1.2.3