head 1.3; access; symbols pkgsrc-2014Q4:1.2.0.48 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.46 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.44 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.42 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.40 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.38 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.36 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.34 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.32 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.30 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.28 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.26 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.24 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.22 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.20 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.18 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.16 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.14 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.12 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.10 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.8 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.6 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.4 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.2 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.1.0.16 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.14 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.12 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.10 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.8 pkgsrc-2008Q1:1.1.0.6 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.4 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.2 pkgsrc-2007Q3-base:1.1; locks; strict; comment @# @; 1.3 date 2015.02.19.00.20.47; author wiz; state dead; branches; next 1.2; commitid kTOFpsHgf4L0eyay; 1.2 date 2009.01.07.18.45.54; author drochner; state Exp; branches; next 1.1; 1.1 date 2007.08.14.21.41.06; author drochner; state Exp; branches; next ; desc @@ 1.3 log @Update to 1.64.6 using audio/streamripper-current and patch from PR 49677 provided by Petar Bogdanovic. New for 1.64.6 ------------------------------------ Mon Mar 30 21:10:13 EDT 2009 * Fix bug which creates corrupted id3v2 tags * Remove trailing periods for stream name New for 1.64.5 ------------------------------------ Sun Mar 8 12:08:15 EDT 2009 * Change default values for - localhost from "localhost" to "127.0.0.1" - splitpoint padding from 300 ms to 0 ms - metadata and relay codeset (if UTF-8) to ISO-8859-1 - id3 codeset to UTF-16 - "keep files in incomplete" from false to true * Fix parse rules to properly tag artists with "-" in their name (#540543) * Fix bitrate & metadata reporting in console (#1957248) * Fix integer overflow on bytes read (#1261305) * Option for stopping based on megabytes ripped now uses MiB instead of MB * Support splitting based on empty StreamTitle= strings 2648664 New for 1.64.4 ------------------------------------ Mon Feb 16 21:27:29 EST 2009 * Fix problem where corrupt ogg files are being created * Robustify metadata parsing for Limecast servers * Fix buffer overflow bug with substitution rules (#2492422) * Fix file creation bug when "/" is in stream name (#2533980) * Disable creating cue file for ogg streams * Fix problem skipping extra track on ogg streams @ text @$NetBSD: patch-ab,v 1.2 2009/01/07 18:45:54 drochner Exp $ --- lib/http.c.orig 2009-01-07 18:27:06.000000000 +0100 +++ lib/http.c @@@@ -115,7 +115,7 @@@@ httplib_parse_url(const char *url, URLIN /* search for a login '@@' token */ if (strchr(url, '@@') != NULL) { - ret = sscanf(url, "%[^:]:%[^@@]", urlinfo->username, urlinfo->password); + ret = sscanf(url, "%1023[^:]:%1023[^@@]", urlinfo->username, urlinfo->password); #if defined (commentout) if (ret < 2) return SR_ERROR_PARSE_FAILURE; #endif @@@@ -132,13 +132,13 @@@@ httplib_parse_url(const char *url, URLIN /* search for a port seperator */ if (strchr(url, ':') != NULL) { - ret = sscanf(url, "%[^:]:%hu/%s", urlinfo->host, + ret = sscanf(url, "%511[^:]:%hu/%252s", urlinfo->host, (short unsigned int*)&urlinfo->port, urlinfo->path+1); if (urlinfo->port < 1) return SR_ERROR_PARSE_FAILURE; ret -= 1; } else { urlinfo->port = 80; - ret = sscanf(url, "%[^/]/%s", urlinfo->host, urlinfo->path+1); + ret = sscanf(url, "%511[^/]/%252s", urlinfo->host, urlinfo->path+1); } if (ret < 1) return SR_ERROR_INVALID_URL; @@@@ -258,11 +258,11 @@@@ httplib_construct_page_request (const ch /* Return 1 if a match was found, 0 if not found */ int -extract_header_value (char *header, char *dest, char *match) +extract_header_value (char *header, char *dest, char *match, int maxlen) { char* start = (char *)strstr(header, match); if (start) { - subnstr_until(start+strlen(match), "\n", dest, MAX_ICY_STRING); + subnstr_until(start+strlen(match), "\n", dest, maxlen); return 1; } else { return 0; @@@@ -321,24 +321,32 @@@@ httplib_parse_sc_header (const char *url } // read generic headers - extract_header_value(header, info->http_location, "Location:"); - extract_header_value(header, info->server, "Server:"); - rc = extract_header_value(header, info->icy_name, "icy-name:"); + extract_header_value(header, info->http_location, "Location:", + sizeof(info->http_location)); + extract_header_value(header, info->server, "Server:", + sizeof(info->server)); + rc = extract_header_value(header, info->icy_name, "icy-name:", + sizeof(info->icy_name)); if (rc == 0) { /* Icecast 2.0.1 */ - rc = extract_header_value(header, info->icy_name, "ice-name:"); + rc = extract_header_value(header, info->icy_name, "ice-name:", + sizeof(info->icy_name)); } info->have_icy_name = rc; - extract_header_value(header, info->icy_url, "icy-url:"); - rc = extract_header_value(header, stempbr, "icy-br:"); + extract_header_value(header, info->icy_url, "icy-url:", + sizeof(info->icy_url)); + rc = extract_header_value(header, stempbr, + "icy-br:", sizeof(stempbr)); if (rc) { info->icy_bitrate = atoi(stempbr); } /* interpret the content type from http header */ - rc = extract_header_value(header, stempbr, "Content-Type:"); + rc = extract_header_value(header, stempbr, + "Content-Type:", sizeof(stempbr)); if (rc == 0) { - rc = extract_header_value(header, stempbr, "content-type:"); + rc = extract_header_value(header, stempbr, + "content-type:", sizeof(stempbr)); } if (rc == 0) { info->content_type = CONTENT_TYPE_UNKNOWN; @@@@ -407,6 +415,7 @@@@ httplib_parse_sc_header (const char *url info->content_type = content_type_by_url; } } + // Check for Icecast 1 else if ((start = (char *)strstr(header, "icecast")) != NULL) { if (!info->server[0]) { @@@@ -418,19 +427,19 @@@@ httplib_parse_sc_header (const char *url } // icecast 1.x headers. - extract_header_value(header, info->icy_url, "x-audiocast-server-url:"); - rc = extract_header_value(header, info->icy_name, "x-audiocast-name:"); + extract_header_value(header, info->icy_url, "x-audiocast-server-url:", + sizeof(info->icy_url)); + rc = extract_header_value(header, info->icy_name, "x-audiocast-name:", + sizeof(info->icy_name)); info->have_icy_name |= rc; - extract_header_value(header, info->icy_genre, "x-audiocast-genre:"); - rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:"); + extract_header_value(header, info->icy_genre, "x-audiocast-genre:", + sizeof(info->icy_genre)); + rc = extract_header_value(header, stempbr, "x-audiocast-bitrate:", + sizeof(stempbr)); if (rc) { info->icy_bitrate = atoi(stempbr); } } - // WTF is Zwitterion? - else if ((start = (char *)strstr(header, "Zwitterion v")) != NULL) { - sscanf(start, "%[^<]<", info->server); - } /* Last chance to deduce content type */ if (info->content_type == CONTENT_TYPE_UNKNOWN) { @@@@ -626,16 +635,17 @@@@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ int best_open = 0; sprintf (buf1, "File%d=", s); - if (!extract_header_value (buf, location_buf, buf1)) { + if (!extract_header_value (buf, location_buf, buf1, + sizeof(location_buf))) { break; } if (s == 1) { - strcpy (info->http_location, location_buf); + sr_strncpy (info->http_location, location_buf, MAX_HOST_LEN); rc = SR_SUCCESS; } sprintf (buf1, "Title%d=", s); - if (!extract_header_value (buf, title_buf, buf1)) { + if (!extract_header_value (buf, title_buf, buf1, sizeof(title_buf))) { break; } num_scanned = sscanf (title_buf, "(#%*[0-9] - %d/%d",&used,&total); @@@@ -644,12 +654,12 @@@@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ } open = total - used; if (open > best_open) { - strcpy (info->http_location, location_buf); + sr_strncpy (info->http_location, location_buf, MAX_HOST_LEN); best_open = open; } } - strcpy (info->http_location, location_buf); + sr_strncpy (info->http_location, location_buf, MAX_HOST_LEN); return rc; } @@@@ -689,7 +699,7 @@@@ httplib_get_m3u (HSOCKET *sock, SR_HTTP_ if (len > 4 && !strcmp (&p[len-4], ".mp3")) { continue; } - strcpy (info->http_location, p); + sr_strncpy (info->http_location, p, MAX_HOST_LEN); debug_printf ("Redirecting from M3U to: %s\n", p); return SR_SUCCESS; } @ 1.2 log @add a patch from upstream to fix buffer overflows in the HTML parser (CVE-2008-4829), bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @fix the http header parsing buffer overflow, the same way as done in 1.62.2, bump PKGREVISION The reason I'm not updating to 1.62.2 yet is that it triggers problems with NetBSD's iconv(3) (WCHAR_T doesn't work), and that it doesn't create id3v1 tags anymore per default which many programs want. @ text @d3 1 a3 1 --- lib/http.c.orig 2006-08-25 04:01:49.000000000 +0200 d5 25 d85 9 a93 1 @@@@ -418,11 +426,15 @@@@ httplib_parse_sc_header (const char *url d113 9 a121 1 @@@@ -626,7 +638,8 @@@@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ d131 3 a133 1 @@@@ -635,7 +648,7 @@@@ httplib_get_pls (HSOCKET *sock, SR_HTTP_ d142 24 @