[pkgsrc/trunk]: pkgsrc/audio Add fix for security vulnerability reported in C...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/audio Add fix for security vulnerability reported in C...
From: tron <tron%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 00:47:57 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9734c712b6a0
branches:  trunk
changeset: 483078:9734c712b6a0
user:      tron <tron%pkgsrc.org@localhost>
date:      Sun Nov 07 08:55:04 2004 +0000

description:
Add fix for security vulnerability reported in CAN-2004-0982 based on
patches from Debian's advisory DSA-578. Bump package revision because of
this fix.

diffstat:

 audio/mpg123-esound/Makefile  |   4 +-
 audio/mpg123-nas/Makefile     |   4 +-
 audio/mpg123/Makefile         |   4 +-
 audio/mpg123/distinfo         |   4 +-
 audio/mpg123/patches/patch-aq |  50 ++++++++++++++++++++++++++++++++++++++++--
 5 files changed, 55 insertions(+), 11 deletions(-)

diffs (117 lines):

diff -r 7c8aa6581488 -r 9734c712b6a0 audio/mpg123-esound/Makefile
--- a/audio/mpg123-esound/Makefile      Sun Nov 07 03:33:44 2004 +0000
+++ b/audio/mpg123-esound/Makefile      Sun Nov 07 08:55:04 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.8 2004/10/03 00:13:08 tv Exp $
+# $NetBSD: Makefile,v 1.9 2004/11/07 08:55:04 tron Exp $
 
 PKGNAME=       mpg123-esound-${MPG123_VERSION}
-PKGREVISION=   3
+PKGREVISION=   4
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio with EsounD
 
 TARGET_SUFFIX= -esd
diff -r 7c8aa6581488 -r 9734c712b6a0 audio/mpg123-nas/Makefile
--- a/audio/mpg123-nas/Makefile Sun Nov 07 03:33:44 2004 +0000
+++ b/audio/mpg123-nas/Makefile Sun Nov 07 08:55:04 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.9 2004/09/07 22:14:10 salo Exp $
+# $NetBSD: Makefile,v 1.10 2004/11/07 08:55:04 tron Exp $
 
 PKGNAME=       mpg123${TARGET_SUFFIX}-${MPG123_VERSION}
-PKGREVISION=   4
+PKGREVISION=   5
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio with NAS output
 
 TARGET_SUFFIX= -nas
diff -r 7c8aa6581488 -r 9734c712b6a0 audio/mpg123/Makefile
--- a/audio/mpg123/Makefile     Sun Nov 07 03:33:44 2004 +0000
+++ b/audio/mpg123/Makefile     Sun Nov 07 08:55:04 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.36 2004/09/07 22:14:09 salo Exp $
+# $NetBSD: Makefile,v 1.37 2004/11/07 08:55:04 tron Exp $
 
 PKGNAME=       mpg123-${MPG123_VERSION}
-PKGREVISION=   4
+PKGREVISION=   5
 COMMENT=       Command-line player for mpeg layer 1, 2 and 3 audio
 
 CONFLICTS+=    mpg123-nas-[0-9]*
diff -r 7c8aa6581488 -r 9734c712b6a0 audio/mpg123/distinfo
--- a/audio/mpg123/distinfo     Sun Nov 07 03:33:44 2004 +0000
+++ b/audio/mpg123/distinfo     Sun Nov 07 08:55:04 2004 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.18 2004/09/07 22:14:09 salo Exp $
+$NetBSD: distinfo,v 1.19 2004/11/07 08:55:04 tron Exp $
 
 SHA1 (mpg123/mpg123-0.59r.tar.gz) = c32fe242f4506d218bd19a51a4034da9fdc79493
 Size (mpg123/mpg123-0.59r.tar.gz) = 159028 bytes
@@ -20,5 +20,5 @@
 SHA1 (patch-an) = 08917e1825adcfd870bb2c61ae865339da7c45ef
 SHA1 (patch-ao) = 40961a43cc3dbebf71deee1c240907896d297304
 SHA1 (patch-ap) = b35e7f6739a8b4979412793c7b3f2f7f5a9f15a7
-SHA1 (patch-aq) = ea443c1d45d856f360d2ccba3e5e2d058ac65007
+SHA1 (patch-aq) = a993d815b6657b9a2241b2e3f0ba30d6c2861230
 SHA1 (patch-ar) = 6238d6f2ff3f3abf4fd47bc36edcf6696d76fea4
diff -r 7c8aa6581488 -r 9734c712b6a0 audio/mpg123/patches/patch-aq
--- a/audio/mpg123/patches/patch-aq     Sun Nov 07 03:33:44 2004 +0000
+++ b/audio/mpg123/patches/patch-aq     Sun Nov 07 08:55:04 2004 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-aq,v 1.1 2004/02/10 09:32:47 tron Exp $
+$NetBSD: patch-aq,v 1.2 2004/11/07 08:55:04 tron Exp $
 
---- httpget.c.orig     Tue Feb 10 10:14:29 2004
-+++ httpget.c  Tue Feb 10 10:18:07 2004
+--- httpget.c.orig     2004-11-07 09:47:28.000000000 +0100
++++ httpget.c  2004-11-07 09:49:34.000000000 +0100
 @@ -55,11 +55,10 @@
  #endif
        int pos = 0;
@@ -23,3 +23,47 @@
  }
  
  void encode64 (char *source,char *destination)
+@@ -111,7 +111,7 @@
+ }
+ 
+ /* VERY  simple auth-from-URL grabber */
+-int getauthfromURL(char *url,char *auth)
++int getauthfromURL(char *url,char *auth,unsigned long authlen)
+ {
+   char *pos;
+ 
+@@ -126,9 +126,13 @@
+       if( url[i] == '/' )
+          return 0;
+     }
++    if (pos-url >= authlen) {
++      fprintf (stderr, "Error: authentication data exceeds max. length.\n");
++      return -1;
++    }
+     strncpy(auth,url,pos-url);
+     auth[pos-url] = 0;
+-    strcpy(url,pos+1);
++    memmove(url,pos+1,strlen(pos+1)+1);
+     return 1;
+   }
+   return 0;
+@@ -265,7 +269,10 @@
+       strncpy (purl, url, 1023);
+       purl[1023] = '\0';
+ 
+-        getauthfromURL(purl,httpauth1);
++        if (getauthfromURL(purl,httpauth1,sizeof(httpauth1)) < 0) {
++              sock = -1;
++              goto exit;
++      }
+ 
+       do {
+               strcpy (request, "GET ");
+@@ -399,6 +406,7 @@
+               fprintf (stderr, "Too many HTTP relocations.\n");
+               exit (1);
+       }
++exit:
+       free (purl);
+       free (request);
+       free(host);

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc suse_gtk2 updated again.
Next by Date: [pkgsrc/trunk]: pkgsrc/www/p5-Apache-Session-Wrapper This pkg need devel/p5-M...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc suse_gtk2 updated again.
Next by Thread: [pkgsrc/trunk]: pkgsrc/www/p5-Apache-Session-Wrapper This pkg need devel/p5-M...
Indexes:

Home | Main Index | Thread Index | Old Index