security fix for CVE-2013-1980, libxmp MASI Parsing Buffer Overflow Vulnerability

note that this port could use an update by someone who cares..

audio/xmp/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.51 2013/04/02 14:09:23 naddy Exp $
+# $OpenBSD: Makefile,v 1.52 2013/04/23 13:10:46 jasper Exp $
 
 SHARED_ONLY=		Yes
 
@@ -7,7 +7,7 @@ COMMENT-xmms=		extended module player plugin for XMMS
 
 DISTNAME=		xmp-3.5.0
 PKGNAME-main=		${DISTNAME}
-REVISION-main=		0
+REVISION-main=		1
 PKGNAME-xmms=		xmms-${DISTNAME}
 CATEGORIES=		audio
 

audio/xmp/patches/patch-src_loaders_masi_load_c

@@ -0,0 +1,19 @@
+$OpenBSD: patch-src_loaders_masi_load_c,v 1.1 2013/04/23 13:10:46 jasper Exp $
+
+CVE-2013-1980, libxmp MASI Parsing Buffer Overflow Vulnerability
+
+
+--- src/loaders/masi_load.c.orig	Tue Apr 23 15:06:29 2013
++++ src/loaders/masi_load.c	Tue Apr 23 15:06:49 2013
+@@ -144,9 +144,9 @@ static void get_dsmp(struct xmp_context *ctx, int size
+ 	i = cur_ins;
+ 	m->xxi[i] = calloc(sizeof(struct xxm_instrument), 1);
+ 
+-	fread(&m->xxih[i].name, 1, 34, f);
++	fread(&m->xxih[i].name, 1, 31, f);
+ 	str_adj((char *)m->xxih[i].name);
+-	fseek(f, 5, SEEK_CUR);
++	fseek(f, 8, SEEK_CUR);
+ 	read8(f);		/* insno */
+ 	read8(f);
+ 	m->xxs[i].len = read32l(f);