head	1.4;
access;
symbols
	pkgsrc-2013Q2:1.4.0.8
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2012Q4:1.4.0.6
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2011Q4:1.4.0.4
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q2:1.4.0.2
	pkgsrc-2011Q2-base:1.4
	pkgsrc-2009Q4:1.3.0.38
	pkgsrc-2009Q4-base:1.3
	pkgsrc-2009Q3:1.3.0.36
	pkgsrc-2009Q3-base:1.3
	pkgsrc-2009Q2:1.3.0.34
	pkgsrc-2009Q2-base:1.3
	pkgsrc-2009Q1:1.3.0.32
	pkgsrc-2009Q1-base:1.3
	pkgsrc-2008Q4:1.3.0.30
	pkgsrc-2008Q4-base:1.3
	pkgsrc-2008Q3:1.3.0.28
	pkgsrc-2008Q3-base:1.3
	cube-native-xorg:1.3.0.26
	cube-native-xorg-base:1.3
	pkgsrc-2008Q2:1.3.0.24
	pkgsrc-2008Q2-base:1.3
	cwrapper:1.3.0.22
	pkgsrc-2008Q1:1.3.0.20
	pkgsrc-2008Q1-base:1.3
	pkgsrc-2007Q4:1.3.0.18
	pkgsrc-2007Q4-base:1.3
	pkgsrc-2007Q3:1.3.0.16
	pkgsrc-2007Q3-base:1.3
	pkgsrc-2007Q2:1.3.0.14
	pkgsrc-2007Q2-base:1.3
	pkgsrc-2007Q1:1.3.0.12
	pkgsrc-2007Q1-base:1.3
	pkgsrc-2006Q4:1.3.0.10
	pkgsrc-2006Q4-base:1.3
	pkgsrc-2006Q3:1.3.0.8
	pkgsrc-2006Q3-base:1.3
	pkgsrc-2006Q2:1.3.0.6
	pkgsrc-2006Q2-base:1.3
	pkgsrc-2006Q1:1.3.0.4
	pkgsrc-2006Q1-base:1.3
	pkgsrc-2005Q4:1.3.0.2
	pkgsrc-2005Q4-base:1.3
	pkgsrc-2005Q3:1.2.0.8
	pkgsrc-2005Q3-base:1.2
	pkgsrc-2005Q2:1.2.0.6
	pkgsrc-2005Q2-base:1.2
	pkgsrc-2005Q1:1.2.0.4
	pkgsrc-2005Q1-base:1.2
	pkgsrc-2004Q4:1.2.0.2
	pkgsrc-2004Q4-base:1.2
	pkgsrc-2004Q3:1.1.0.8
	pkgsrc-2004Q3-base:1.1
	pkgsrc-2004Q2:1.1.0.6
	pkgsrc-2004Q2-base:1.1
	pkgsrc-2004Q1:1.1.0.4
	pkgsrc-2004Q1-base:1.1
	pkgsrc-2003Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.4
date	2010.03.14.14.19.19;	author martin;	state dead;
branches;
next	1.3;

1.3
date	2005.10.03.15.17.14;	author joerg;	state Exp;
branches;
next	1.2;

1.2
date	2004.11.07.08.55.04;	author tron;	state Exp;
branches
	1.2.8.1;
next	1.1;

1.1
date	2004.02.10.09.32.47;	author tron;	state Exp;
branches
	1.1.2.1
	1.1.8.1;
next	;

1.2.8.1
date	2005.10.03.19.00.34;	author salo;	state Exp;
branches;
next	;

1.1.2.1
date	2004.02.10.09.32.47;	author agc;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2004.02.10.17.26.34;	author agc;	state Exp;
branches;
next	;

1.1.8.1
date	2004.11.09.08.50.38;	author salo;	state Exp;
branches;
next	;


desc
@@


1.4
log
@Update mpg123 to version 1.10.1.
Thanks to <wiz> for answering lots of stupid questions and general guidance.
@
text
@$NetBSD: patch-aq,v 1.3 2005/10/03 15:17:14 joerg Exp $

--- httpget.c.orig	2005-10-03 17:03:06.000000000 +0200
+++ httpget.c	2005-10-03 17:03:06.000000000 +0200
@@@@ -18,11 +18,9 @@@@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
-#include <sys/errno.h>
+#include <errno.h>
 #include <ctype.h>
 
-extern int errno;
-
 #include "mpg123.h"
 
 #ifndef INADDR_NONE
@@@@ -55,11 +53,10 @@@@
 #endif
 	int pos = 0;
 
-	while(1) {
+	while(pos < (maxlen - 1)) {
 		if( read(fileno(f),string+pos,1) == 1) {
 			pos++;
 			if(string[pos-1] == '\n') {
-				string[pos] = 0;
 				break;
 			}
 		}
@@@@ -78,6 +75,7 @@@@
 	}
 #endif
 
+	string[pos] = '\0';
 }
 
 void encode64 (char *source,char *destination)
@@@@ -111,7 +109,7 @@@@
 }
 
 /* VERY  simple auth-from-URL grabber */
-int getauthfromURL(char *url,char *auth)
+int getauthfromURL(char *url,char *auth,unsigned long authlen)
 {
   char *pos;
 
@@@@ -126,9 +124,13 @@@@
       if( url[i] == '/' )
          return 0;
     }
+    if (pos-url >= authlen) {
+      fprintf (stderr, "Error: authentication data exceeds max. length.\n");
+      return -1;
+    }
     strncpy(auth,url,pos-url);
     auth[pos-url] = 0;
-    strcpy(url,pos+1);
+    memmove(url,pos+1,strlen(pos+1)+1);
     return 1;
   }
   return 0;
@@@@ -199,7 +201,7 @@@@
 	strncpy(p0, portptr, stringlength);
 	*(p0 + stringlength) = '\0';
 
-	for (p = p0; *p && isdigit(*p); p++)
+	for (p = p0; *p && isdigit((unsigned char)*p); p++)
 		;
 	*p = '\0';
 	*port = (char *)p0;
@@@@ -265,7 +267,10 @@@@
 	strncpy (purl, url, 1023);
 	purl[1023] = '\0';
 
-        getauthfromURL(purl,httpauth1);
+        if (getauthfromURL(purl,httpauth1,sizeof(httpauth1)) < 0) {
+		sock = -1;
+		goto exit;
+	}
 
 	do {
 		strcpy (request, "GET ");
@@@@ -399,6 +404,7 @@@@
 		fprintf (stderr, "Too many HTTP relocations.\n");
 		exit (1);
 	}
+exit:
 	free (purl);
 	free (request);
 	free(host);
@


1.3
log
@Correct usage of errno and ctype macros. The former is wrong when thread
linking is active, the latter can result in segfaults.

Bump revisions of mpg123, mpg123-esound and mpg123-nas for the ctype
bugfix.
@
text
@d1 1
a1 1
$NetBSD$
@


1.2
log
@Add fix for security vulnerability reported in CAN-2004-0982 based on
patches from Debian's advisory DSA-578. Bump package revision because of
this fix.
@
text
@d3 16
a18 3
--- httpget.c.orig	2004-11-07 09:47:28.000000000 +0100
+++ httpget.c	2004-11-07 09:49:34.000000000 +0100
@@@@ -55,11 +55,10 @@@@
d31 1
a31 1
@@@@ -78,6 +77,7 @@@@
d39 1
a39 1
@@@@ -111,7 +111,7 @@@@
d48 1
a48 1
@@@@ -126,9 +126,13 @@@@
d63 10
a72 1
@@@@ -265,7 +269,10 @@@@
d84 1
a84 1
@@@@ -399,6 +406,7 @@@@
@


1.2.8.1
log
@Pullup ticket 798 - requested by Joerg Sonnenberger
bugfixes for mpg123

Revisions pulled up:
- pkgsrc/audio/mpg123/Makefile			1.40
- pkgsrc/audio/mpg123/distinfo			1.24
- pkgsrc/audio/mpg123-esound/Makefile		1.12
- pkgsrc/audio/mpg123-nas/Makefile		1.13
- pkgsrc/audio/mpg123/patches/patch-aq		1.3
- pkgsrc/audio/mpg123/patches/patch-av		1.1
- pkgsrc/audio/mpg123/patches/patch-aw		1.1

   Module Name:		pkgsrc
   Committed By:	joerg
   Date:		Mon Oct  3 15:17:14 UTC 2005

   Modified Files:
   	pkgsrc/audio/mpg123: Makefile distinfo
   	pkgsrc/audio/mpg123-esound: Makefile
   	pkgsrc/audio/mpg123-nas: Makefile
   	pkgsrc/audio/mpg123/patches: patch-aq
   Added Files:
   	pkgsrc/audio/mpg123/patches: patch-av patch-aw

   Log Message:
   Correct usage of errno and ctype macros. The former is wrong when thread
   linking is active, the latter can result in segfaults.

   Bump revisions of mpg123, mpg123-esound and mpg123-nas for the ctype
   bugfix.
@
text
@d1 1
a1 1
$NetBSD: patch-aq,v 1.3 2005/10/03 15:17:14 joerg Exp $
d3 3
a5 16
--- httpget.c.orig	2005-10-03 17:03:06.000000000 +0200
+++ httpget.c	2005-10-03 17:03:06.000000000 +0200
@@@@ -18,11 +18,9 @@@@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
-#include <sys/errno.h>
+#include <errno.h>
 #include <ctype.h>
 
-extern int errno;
-
 #include "mpg123.h"
 
 #ifndef INADDR_NONE
@@@@ -55,11 +53,10 @@@@
d18 1
a18 1
@@@@ -78,6 +75,7 @@@@
d26 1
a26 1
@@@@ -111,7 +109,7 @@@@
d35 1
a35 1
@@@@ -126,9 +124,13 @@@@
d50 1
a50 10
@@@@ -199,7 +201,7 @@@@
 	strncpy(p0, portptr, stringlength);
 	*(p0 + stringlength) = '\0';
 
-	for (p = p0; *p && isdigit(*p); p++)
+	for (p = p0; *p && isdigit((unsigned char)*p); p++)
 		;
 	*p = '\0';
 	*port = (char *)p0;
@@@@ -265,7 +267,10 @@@@
d62 1
a62 1
@@@@ -399,6 +404,7 @@@@
@


1.1
log
@Fix security vulnerability reported in CAN-2003-0865. Bump package revision
because of this fix.
@
text
@d3 2
a4 2
--- httpget.c.orig	Tue Feb 10 10:14:29 2004
+++ httpget.c	Tue Feb 10 10:18:07 2004
d26 44
@


1.1.2.1
log
@file patch-aq was added on branch pkgsrc-2003Q4 on 2004-02-10 09:32:47 +0000
@
text
@d1 25
@


1.1.2.2
log
@Pullup security fix to the pkgsrc-2003Q4 branch, requested by Matthias
Scheler.

	Module Name:    pkgsrc
	Committed By:   tron
	Date:           Tue Feb 10 09:32:47 UTC 2004

	Modified Files:
		pkgsrc/audio/mpg123: Makefile distinfo
		pkgsrc/audio/mpg123-esound: Makefile
		pkgsrc/audio/mpg123-nas: Makefile
	Added Files:
		pkgsrc/audio/mpg123/patches: patch-aq

	Log Message:
	Fix security vulnerability reported in CAN-2003-0865. Bump package revision
	because of this fix.
@
text
@a0 25
$NetBSD: patch-aq,v 1.1.2.1 2004/02/10 17:26:34 agc Exp $

--- httpget.c.orig	Tue Feb 10 10:14:29 2004
+++ httpget.c	Tue Feb 10 10:18:07 2004
@@@@ -55,11 +55,10 @@@@
 #endif
 	int pos = 0;
 
-	while(1) {
+	while(pos < (maxlen - 1)) {
 		if( read(fileno(f),string+pos,1) == 1) {
 			pos++;
 			if(string[pos-1] == '\n') {
-				string[pos] = 0;
 				break;
 			}
 		}
@@@@ -78,6 +77,7 @@@@
 	}
 #endif
 
+	string[pos] = '\0';
 }
 
 void encode64 (char *source,char *destination)
@


1.1.8.1
log
@Pullup ticket 134 - requested by Matthias Scheler
security fix for mpg123

        Module Name:	pkgsrc
        Committed By:	tron
        Date:		Sun Nov  7 08:55:04 UTC 2004

        Modified Files:
        	pkgsrc/audio/mpg123: Makefile distinfo
        	pkgsrc/audio/mpg123-esound: Makefile
        	pkgsrc/audio/mpg123-nas: Makefile
        	pkgsrc/audio/mpg123/patches: patch-aq

        Log Message:
        Add fix for security vulnerability reported in CAN-2004-0982 based on
        patches from Debian's advisory DSA-578. Bump package revision because
        of this fix.
@
text
@d1 1
a1 1
$NetBSD: patch-aq,v 1.2 2004/11/07 08:55:04 tron Exp $
d3 2
a4 2
--- httpget.c.orig	2004-11-07 09:47:28.000000000 +0100
+++ httpget.c	2004-11-07 09:49:34.000000000 +0100
a25 44
@@@@ -111,7 +111,7 @@@@
 }
 
 /* VERY  simple auth-from-URL grabber */
-int getauthfromURL(char *url,char *auth)
+int getauthfromURL(char *url,char *auth,unsigned long authlen)
 {
   char *pos;
 
@@@@ -126,9 +126,13 @@@@
       if( url[i] == '/' )
          return 0;
     }
+    if (pos-url >= authlen) {
+      fprintf (stderr, "Error: authentication data exceeds max. length.\n");
+      return -1;
+    }
     strncpy(auth,url,pos-url);
     auth[pos-url] = 0;
-    strcpy(url,pos+1);
+    memmove(url,pos+1,strlen(pos+1)+1);
     return 1;
   }
   return 0;
@@@@ -265,7 +269,10 @@@@
 	strncpy (purl, url, 1023);
 	purl[1023] = '\0';
 
-        getauthfromURL(purl,httpauth1);
+        if (getauthfromURL(purl,httpauth1,sizeof(httpauth1)) < 0) {
+		sock = -1;
+		goto exit;
+	}
 
 	do {
 		strcpy (request, "GET ");
@@@@ -399,6 +406,7 @@@@
 		fprintf (stderr, "Too many HTTP relocations.\n");
 		exit (1);
 	}
+exit:
 	free (purl);
 	free (request);
 	free(host);
@