head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.1.0.46 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.44 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.42 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.40 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.38 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.36 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.34 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.32 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.30 pkgsrc-2008Q1:1.1.0.28 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.26 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.24 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.22 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.20 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.18 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.16 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.14 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.12 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.10 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.8 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.6 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.4 pkgsrc-2005Q1-base:1.1 pkgsrc-2004Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2010.03.14.14.19.19; author martin; state dead; branches; next 1.1; 1.1 date 2005.01.07.14.52.13; author drochner; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.01.07.14.52.13; author snj; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.01.15.07.00.18; author snj; state Exp; branches; next ; desc @@ 1.2 log @Update mpg123 to version 1.10.1. Thanks to for answering lots of stupid questions and general guidance. @ text @$NetBSD: patch-at,v 1.1 2005/01/07 14:52:13 drochner Exp $ --- mpg123.c.orig 2005-01-07 15:18:27.000000000 +0100 +++ mpg123.c @@@@ -309,9 +309,9 @@@@ char *find_next_file (int argc, char *ar if (line[0]=='\0' || line[0]=='#') continue; if ((listnamedir) && (line[0]!='/') && (line[0]!='\\')){ - strcpy (linetmp, listnamedir); - strcat (linetmp, line); - strcpy (line, linetmp); + strncpy (linetmp, listnamedir, 1023); + strncat (linetmp, line, 1023 - strlen(linetmp)); + strncpy (line, linetmp, 1023); } return (line); } @ 1.1 log @Fix a buffer overflow by a malicous playlist (CAN-2004-1284). Being here, fix a possible problem which was mentioned in conjunction with CAN-2003-0577 - zero bitrate makes mpg123 assume a negative frame size. bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-at was added on branch pkgsrc-2004Q4 on 2005-01-07 14:52:13 +0000 @ text @d1 17 @ 1.1.2.2 log @Pullup ticket 227 - requested by Matthias Drochner security fix for mpg123 Module Name: pkgsrc Committed By: drochner Date: Fri Jan 7 14:52:13 UTC 2005 Modified Files: pkgsrc/audio/mpg123: Makefile distinfo Added Files: pkgsrc/audio/mpg123/patches: patch-as patch-at Log Message: Fix a buffer overflow by a malicous playlist (CAN-2004-1284). Being here, fix a possible problem which was mentioned in conjunction with CAN-2003-0577 - zero bitrate makes mpg123 assume a negative frame size. bump PKGREVISION --- Module Name: pkgsrc Committed By: drochner Date: Wed Jan 12 11:52:38 UTC 2005 Modified Files: pkgsrc/audio/mpg123: distinfo pkgsrc/audio/mpg123/patches: patch-ar Log Message: another header valdation (CAN-2004-0991) ride on recent PKGREVISION bump --- Module Name: pkgsrc Committed By: wiz Date: Wed Jan 12 14:17:44 UTC 2005 Modified Files: pkgsrc/audio/mpg123: Makefile pkgsrc/audio/mpg123-esound: Makefile pkgsrc/audio/mpg123-nas: Makefile Log Message: PKGREVISION bump for security fix (previous bump was >4 days ago. @ text @a0 17 $NetBSD: patch-at,v 1.1.2.1 2005/01/15 07:00:18 snj Exp $ --- mpg123.c.orig 2005-01-07 15:18:27.000000000 +0100 +++ mpg123.c @@@@ -309,9 +309,9 @@@@ char *find_next_file (int argc, char *ar if (line[0]=='\0' || line[0]=='#') continue; if ((listnamedir) && (line[0]!='/') && (line[0]!='\\')){ - strcpy (linetmp, listnamedir); - strcat (linetmp, line); - strcpy (line, linetmp); + strncpy (linetmp, listnamedir, 1023); + strncat (linetmp, line, 1023 - strlen(linetmp)); + strncpy (line, linetmp, 1023); } return (line); } @