A vulnerability in the way mpg123 handles MP3 files with a bitrate

of zero may allow attackers to execute arbitrary code using a
specially crafted MP3 file.

http://marc.theaimsgroup.com/?l=bugtraq&m=104274357314340&w=2

audio/mpg123/Makefile

@@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.27 2002/10/24 22:20:03 naddy Exp $
+# $OpenBSD: Makefile,v 1.28 2003/07/17 23:58:33 brad Exp $
 
 NOT_FOR_ARCHS=	sparc64
 
 COMMENT=	"mpeg audio 1/2 layer 1, 2 and 3 player"
 
 DISTNAME=	mpg123-0.59r
+PKGNAME=	${DISTNAME}p1
 CATEGORIES=	audio
 HOMEPAGE=	http://www.mpg123.de/
 

audio/mpg123/patches/patch-common_c

@@ -0,0 +1,12 @@
+$OpenBSD: patch-common_c,v 1.1 2003/07/17 23:58:33 brad Exp $
+--- common.c.orig	Thu Jul 17 19:20:43 2003
++++ common.c	Thu Jul 17 19:22:04 2003
+@@ -123,7 +123,7 @@ int head_check(unsigned long head)
+ 	return FALSE;
+     if(!((head>>17)&3))
+ 	return FALSE;
+-    if( ((head>>12)&0xf) == 0xf)
++    if( ((head>>12)&0xf) == 0xf || ((head>>12)&0xf) == 0)
+ 	return FALSE;
+     if( ((head>>10)&0x3) == 0x3 )
+ 	return FALSE;