head 1.3; access; symbols pkgsrc-2015Q1:1.1.0.50 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.48 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.46 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.44 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.42 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.40 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.38 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.36 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.34 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.32 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.30 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.28 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.26 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.24 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.22 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.20 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.18 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.16 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.14 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.12 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.10 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.8 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.6 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.4 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.2 pkgsrc-2009Q1-base:1.1; locks; strict; comment @# @; 1.3 date 2015.04.21.03.22.58; author rodent; state dead; branches; next 1.2; commitid MYmCA0aNjWYJgpiy; 1.2 date 2015.04.20.13.38.23; author rodent; state Exp; branches; next 1.1; commitid KaaoUGCoaGiBGkiy; 1.1 date 2009.01.13.12.38.49; author drochner; state Exp; branches; next ; desc @@ 1.3 log @Fix MIDI support via portsmf. The patches we had were integrated in 1.3.5, (CVE-2007-6061) so they're no longer relevant. @ text @$NetBSD: patch-ba,v 1.2 2015/04/20 13:38:23 rodent Exp $ Bounds checking. --- lib-src/portsmf/strparse.cpp.orig 2015-03-02 01:07:05.000000000 +0000 +++ lib-src/portsmf/strparse.cpp @@@@ -19,8 +19,9 @@@@ char String_parse::peek() } -void String_parse::get_nonspace_quoted(string &field) +void String_parse::get_nonspace_quoted(string &field, int flen) { + char *ofield = field; field.clear(); skip_space(); bool quoted = false; @@@@ -29,7 +30,7 @@@@ void String_parse::get_nonspace_quoted(s field.append(1, '"'); pos = pos + 1; } - while ((*str)[pos] && (quoted || !isspace((*str)[pos]))) { + while ((*str)[pos] && (quoted || !isspace((*str)[pos])) && (field - ofield) < (flen - 2)) { if ((*str)[pos] == '"') { if (quoted) { field.append(1, '"'); @ 1.2 log @There are quite a lot of changes to this package. They are spread across eight (8) wiki pages here: http://wiki.audacityteam.org/wiki/Release_Notes. For pkgsrc changes, some patches were removed which were integrated upstream or don't exist in source anymore. PKG_OPTIONS framework was added to enable the user to built with gtk{2,3}, jack, alsa, NLS, ladspa, and debug options. gtk3, jack, and alsa options need work and aren't supported currently. This package uses a cc-by-v3.0-license which needs to be imported sometime too. Using portaudio-devel from pkgsrc is disabled, due to requiring the Pa_GetStreamHostApiType() function which is not present in our stable version. The in-tree portaudio is used instead. Nyquist support is not building as well at the moment along with the portsmf midi support. Package adds many additional dependencies like lv2, lilv, libogg, twolame, libsbsms, libsndfile, and more. Enjoy. @ text @d1 1 a1 1 $NetBSD: patch-ba,v 1.1 2009/01/13 12:38:49 drochner Exp $ @ 1.1 log @patch around SA33356: Audacity "String_parse::get_nonspace_quoted()" Buffer Overflow (homegrown patch, might be sufficient or not) bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ d3 5 a7 3 --- lib-src/allegro/strparse.cpp.orig 2006-11-15 05:12:11.000000000 +0100 +++ lib-src/allegro/strparse.cpp @@@@ -16,8 +16,9 @@@@ char String_parse::peek() d11 2 a12 2 -void String_parse::get_nonspace_quoted(char *field) +void String_parse::get_nonspace_quoted(char *field, int flen) d15 1 d18 2 a19 3 if (string[pos] == '"') { @@@@ -25,7 +26,7 @@@@ void String_parse::get_nonspace_quoted(c *field++ = '"'; d22 3 a24 3 - while (string[pos] && (quoted || !isspace(string[pos]))) { + while (string[pos] && (quoted || !isspace(string[pos])) && (field - ofield) < (flen - 2)) { if (string[pos] == '"') { d26 1 a26 1 *field++ = '"'; @