head 1.2; access; symbols pkgsrc-2026Q1:1.2.0.150 pkgsrc-2026Q1-base:1.2 pkgsrc-2025Q4:1.2.0.148 pkgsrc-2025Q4-base:1.2 pkgsrc-2025Q3:1.2.0.146 pkgsrc-2025Q3-base:1.2 pkgsrc-2025Q2:1.2.0.144 pkgsrc-2025Q2-base:1.2 pkgsrc-2025Q1:1.2.0.142 pkgsrc-2025Q1-base:1.2 pkgsrc-2024Q4:1.2.0.140 pkgsrc-2024Q4-base:1.2 pkgsrc-2024Q3:1.2.0.138 pkgsrc-2024Q3-base:1.2 pkgsrc-2024Q2:1.2.0.136 pkgsrc-2024Q2-base:1.2 pkgsrc-2024Q1:1.2.0.134 pkgsrc-2024Q1-base:1.2 pkgsrc-2023Q4:1.2.0.132 pkgsrc-2023Q4-base:1.2 pkgsrc-2023Q3:1.2.0.130 pkgsrc-2023Q3-base:1.2 pkgsrc-2023Q2:1.2.0.128 pkgsrc-2023Q2-base:1.2 pkgsrc-2023Q1:1.2.0.126 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.2.0.124 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.122 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.120 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.2.0.118 pkgsrc-2022Q1-base:1.2 pkgsrc-2021Q4:1.2.0.116 pkgsrc-2021Q4-base:1.2 pkgsrc-2021Q3:1.2.0.114 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.2.0.112 pkgsrc-2021Q2-base:1.2 pkgsrc-2021Q1:1.2.0.110 pkgsrc-2021Q1-base:1.2 pkgsrc-2020Q4:1.2.0.108 pkgsrc-2020Q4-base:1.2 pkgsrc-2020Q3:1.2.0.106 pkgsrc-2020Q3-base:1.2 pkgsrc-2020Q2:1.2.0.102 pkgsrc-2020Q2-base:1.2 pkgsrc-2020Q1:1.2.0.82 pkgsrc-2020Q1-base:1.2 pkgsrc-2019Q4:1.2.0.104 pkgsrc-2019Q4-base:1.2 pkgsrc-2019Q3:1.2.0.100 pkgsrc-2019Q3-base:1.2 pkgsrc-2019Q2:1.2.0.98 pkgsrc-2019Q2-base:1.2 pkgsrc-2019Q1:1.2.0.96 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.2.0.94 pkgsrc-2018Q4-base:1.2 pkgsrc-2018Q3:1.2.0.92 pkgsrc-2018Q3-base:1.2 pkgsrc-2018Q2:1.2.0.90 pkgsrc-2018Q2-base:1.2 pkgsrc-2018Q1:1.2.0.88 pkgsrc-2018Q1-base:1.2 pkgsrc-2017Q4:1.2.0.86 pkgsrc-2017Q4-base:1.2 pkgsrc-2017Q3:1.2.0.84 pkgsrc-2017Q3-base:1.2 pkgsrc-2017Q2:1.2.0.80 pkgsrc-2017Q2-base:1.2 pkgsrc-2017Q1:1.2.0.78 pkgsrc-2017Q1-base:1.2 pkgsrc-2016Q4:1.2.0.76 pkgsrc-2016Q4-base:1.2 pkgsrc-2016Q3:1.2.0.74 pkgsrc-2016Q3-base:1.2 pkgsrc-2016Q2:1.2.0.72 pkgsrc-2016Q2-base:1.2 pkgsrc-2016Q1:1.2.0.70 pkgsrc-2016Q1-base:1.2 pkgsrc-2015Q4:1.2.0.68 pkgsrc-2015Q4-base:1.2 pkgsrc-2015Q3:1.2.0.66 pkgsrc-2015Q3-base:1.2 pkgsrc-2015Q2:1.2.0.64 pkgsrc-2015Q2-base:1.2 pkgsrc-2015Q1:1.2.0.62 pkgsrc-2015Q1-base:1.2 pkgsrc-2014Q4:1.2.0.60 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.58 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.56 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.54 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.52 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.50 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.48 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.46 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.44 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.42 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.40 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.38 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.36 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.34 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.32 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.30 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.28 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.26 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.24 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.22 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.20 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.18 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.16 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.14 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.12 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.10 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.8 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.6 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.4 pkgsrc-2008Q1:1.2.0.2; locks; strict; comment @# @; 1.2 date 2008.05.21.09.42.13; author tron; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2008.05.20.13.31.39; author simonb; state Exp; branches; next ; 1.2.2.1 date 2008.05.21.09.42.13; author rtr; state dead; branches; next 1.2.2.2; 1.2.2.2 date 2008.05.23.10.25.50; author rtr; state Exp; branches; next ; desc @@ 1.2 log @Fix broken URL and correct incorrect patch checksum. @ text @$NetBSD: patch-ab,v 1.1 2008/05/20 13:31:39 simonb Exp $ Fix for initite loop bug in libid3tag-0.15.0b. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109 --- field.c.orig 2004-01-23 20:41:32.000000000 +1100 +++ field.c @@@@ -291,7 +291,7 @@@@ int id3_field_parse(union id3_field *fie end = *ptr + length; - while (end - *ptr > 0) { + while (end - *ptr > 0 && **ptr != '\0') { ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); if (ucs4 == 0) goto fail; @ 1.2.2.1 log @file patch-ab was added on branch pkgsrc-2008Q1 on 2008-05-23 10:25:50 +0000 @ text @d1 16 @ 1.2.2.2 log @pullup ticket #2392 - requested by simonb, tron libid3tag: fix end of string check revisions pulled up: - pkgsrc/audio/libid3tag/Makefile 1.22 - pkgsrc/audio/libid3tag/distinfo 1.4,1.5 - pkgsrc/audio/libid3tag/patches/patch-ab 1.1,1.2 Module Name: pkgsrc Committed By: simonb Date: Tue May 20 13:31:39 UTC 2008 Modified Files: pkgsrc/audio/libid3tag: Makefile distinfo Added Files: pkgsrc/audio/libid3tag/patches: patch-ab Log Message: Check for end-of-string when parsing a stringlist field. Problem and fix originally reported by Kentaro Oda to the mad-dev mailing list. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109 for some more info. ------------------------------------------------------------------------ Module Name: pkgsrc Committed By: tron Date: Wed May 21 09:42:13 UTC 2008 Modified Files: pkgsrc/audio/libid3tag: distinfo pkgsrc/audio/libid3tag/patches: patch-ab Log Message: Fix broken URL and correct incorrect patch checksum. @ text @a0 16 $NetBSD: patch-ab,v 1.1 2008/05/20 13:31:39 simonb Exp $ Fix for initite loop bug in libid3tag-0.15.0b. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109 --- field.c.orig 2004-01-23 20:41:32.000000000 +1100 +++ field.c @@@@ -291,7 +291,7 @@@@ int id3_field_parse(union id3_field *fie end = *ptr + length; - while (end - *ptr > 0) { + while (end - *ptr > 0 && **ptr != '\0') { ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); if (ucs4 == 0) goto fail; @ 1.1 log @Check for end-of-string when parsing a stringlist field. Problem and fix originally reported by Kentaro Oda to the mad-dev mailing list. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109 for some more info. @ text @d1 1 a1 1 $NetBSD$ d4 1 a4 1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2008-2109 @