From 0c2046831aa29655046ac0bf5891232063c594bb Mon Sep 17 00:00:00 2001
From: brad <brad@openbsd.org>
Date: Thu, 17 Jul 2003 23:58:33 +0000
Subject: [PATCH] A vulnerability in the way mpg123 handles MP3 files with a
 bitrate of zero may allow attackers to execute arbitrary code using a
 specially crafted MP3 file.

http://marc.theaimsgroup.com/?l=bugtraq&m=104274357314340&w=2
---
 audio/mpg123/Makefile               |  3 ++-
 audio/mpg123/patches/patch-common_c | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 audio/mpg123/patches/patch-common_c

diff --git a/audio/mpg123/Makefile b/audio/mpg123/Makefile
index 82c6843729c..6a22e563012 100644
--- a/audio/mpg123/Makefile
+++ b/audio/mpg123/Makefile
@@ -1,10 +1,11 @@
-# $OpenBSD: Makefile,v 1.27 2002/10/24 22:20:03 naddy Exp $
+# $OpenBSD: Makefile,v 1.28 2003/07/17 23:58:33 brad Exp $
 
 NOT_FOR_ARCHS=	sparc64
 
 COMMENT=	"mpeg audio 1/2 layer 1, 2 and 3 player"
 
 DISTNAME=	mpg123-0.59r
+PKGNAME=	${DISTNAME}p1
 CATEGORIES=	audio
 HOMEPAGE=	http://www.mpg123.de/
 
diff --git a/audio/mpg123/patches/patch-common_c b/audio/mpg123/patches/patch-common_c
new file mode 100644
index 00000000000..51bbe301f58
--- /dev/null
+++ b/audio/mpg123/patches/patch-common_c
@@ -0,0 +1,12 @@
+$OpenBSD: patch-common_c,v 1.1 2003/07/17 23:58:33 brad Exp $
+--- common.c.orig	Thu Jul 17 19:20:43 2003
++++ common.c	Thu Jul 17 19:22:04 2003
+@@ -123,7 +123,7 @@ int head_check(unsigned long head)
+ 	return FALSE;
+     if(!((head>>17)&3))
+ 	return FALSE;
+-    if( ((head>>12)&0xf) == 0xf)
++    if( ((head>>12)&0xf) == 0xf || ((head>>12)&0xf) == 0)
+ 	return FALSE;
+     if( ((head>>10)&0x3) == 0x3 )
+ 	return FALSE;