[pkgsrc/trunk]: pkgsrc/multimedia/xine-lib xine security patch of the day: fi...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a0434e13b68a
branches:  trunk
changeset: 541289:a0434e13b68a
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Fri Apr 18 14:01:22 2008 +0000

description:
xine security patch of the day: fix possible buffer overflow in
nsf parser (SA29850), patch from upstream CVS, bump PKGREVISION

diffstat:

 multimedia/xine-lib/Makefile         |   4 +++-
 multimedia/xine-lib/distinfo         |   3 ++-
 multimedia/xine-lib/patches/patch-ay |  17 +++++++++++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diffs (52 lines):

diff -r 3875685269ad -r a0434e13b68a multimedia/xine-lib/Makefile
--- a/multimedia/xine-lib/Makefile      Fri Apr 18 13:51:53 2008 +0000
+++ b/multimedia/xine-lib/Makefile      Fri Apr 18 14:01:22 2008 +0000
@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.57 2008/04/10 11:48:58 drochner Exp $
+# $NetBSD: Makefile,v 1.58 2008/04/18 14:01:22 drochner Exp $
 
 .include "Makefile.common"
 
+PKGREVISION=   1
+
 COMMENT=               Multimedia player library
 
 BUILDLINK_API_DEPENDS.vcdimager+= vcdimager>=0.7.20nb1
diff -r 3875685269ad -r a0434e13b68a multimedia/xine-lib/distinfo
--- a/multimedia/xine-lib/distinfo      Fri Apr 18 13:51:53 2008 +0000
+++ b/multimedia/xine-lib/distinfo      Fri Apr 18 14:01:22 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.54 2008/04/15 19:25:28 drochner Exp $
+$NetBSD: distinfo,v 1.55 2008/04/18 14:01:22 drochner Exp $
 
 SHA1 (xine-lib-1.1.12.tar.bz2) = a27872a4292e2ce6c35018a1cbbf7a88eecda8cd
 RMD160 (xine-lib-1.1.12.tar.bz2) = 305c1b3787a4191083b9793281ce3f3043d65fcb
@@ -20,6 +20,7 @@
 SHA1 (patch-av) = acbb2ffbaf72b4744538d996be95321e8eb23fd9
 SHA1 (patch-aw) = 78ab44197a6b9f85e4b272d522ce254de4d557dc
 SHA1 (patch-ax) = 71f2619aa750a51a641922d482b29ea998e8ab48
+SHA1 (patch-ay) = a4079a11f4a399010408e146684b878cd5eb584a
 SHA1 (patch-be) = e1a0856361c26d924ce12794e9f7eb0174857100
 SHA1 (patch-bg) = 10eb076d087a40ac5f7920794ff7b34f2aa0495b
 SHA1 (patch-cb) = 08d9920022988d2764d941cfa8b1aa5602a0ec81
diff -r 3875685269ad -r a0434e13b68a multimedia/xine-lib/patches/patch-ay
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/xine-lib/patches/patch-ay      Fri Apr 18 14:01:22 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-ay,v 1.5 2008/04/18 14:01:22 drochner Exp $
+
+--- src/demuxers/demux_nsf.c.orig      2008-04-18 15:12:10.000000000 +0200
++++ src/demuxers/demux_nsf.c
+@@ -106,9 +106,9 @@ static int open_nsf_file(demux_nsf_t *th
+ 
+   this->total_songs = header[6];
+   this->current_song = header[7];
+-  this->title = strdup(&header[0x0E]);
+-  this->artist = strdup(&header[0x2E]);
+-  this->copyright = strdup(&header[0x4E]);
++  this->title = strndup((char*)&header[0x0E], 0x20);
++  this->artist = strndup((char*)&header[0x2E], 0x20);
++  this->copyright = strndup((char*)&header[0x4E], 0x20);
+ 
+   this->filesize = this->input->get_length(this->input);
+