From 33c163d5dcaa1dd0e661e0369e3abbf8cbb88fcf Mon Sep 17 00:00:00 2001
From: marcm <marcm@openbsd.org>
Date: Sat, 10 May 2003 02:46:54 +0000
Subject: [PATCH] Security fix: addresses remote buffer overflow referenced
 here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0928

from MAINTAINER
---
 devel/libgtop/Makefile                           |  5 +++--
 devel/libgtop/patches/patch-src_daemon_gnuserv_c | 16 ++++++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)
 create mode 100644 devel/libgtop/patches/patch-src_daemon_gnuserv_c

diff --git a/devel/libgtop/Makefile b/devel/libgtop/Makefile
index 6b2f02e6a75..b5608351a62 100644
--- a/devel/libgtop/Makefile
+++ b/devel/libgtop/Makefile
@@ -1,11 +1,12 @@
-# $OpenBSD: Makefile,v 1.16 2002/12/03 22:45:33 pvalchev Exp $
+# $OpenBSD: Makefile,v 1.17 2003/05/10 02:46:54 marcm Exp $
 
 COMMENT=		"portable library for obtaining system information"
 
 DISTNAME=		libgtop-1.0.13
+PKGNAME=		${DISTNAME}p1
 CATEGORIES=		devel
 
-HOMEPAGE=		http://www.home-of-linux.org/gnome/libgtop/
+HOMEPAGE=		http://www.gnome.org/softwaremap/projects/libgtop/
 MAINTAINER=		Jim Geovedi <jim@corebsd.or.id>
 
 MASTER_SITES=		${MASTER_SITE_GNOME:=sources/libgtop/1.0/}
diff --git a/devel/libgtop/patches/patch-src_daemon_gnuserv_c b/devel/libgtop/patches/patch-src_daemon_gnuserv_c
new file mode 100644
index 00000000000..c319d377d45
--- /dev/null
+++ b/devel/libgtop/patches/patch-src_daemon_gnuserv_c
@@ -0,0 +1,16 @@
+$OpenBSD: patch-src_daemon_gnuserv_c,v 1.1 2003/05/10 02:46:54 marcm Exp $
+--- src/daemon/gnuserv.c.orig	Fri May  9 17:06:45 2003
++++ src/daemon/gnuserv.c	Fri May  9 17:09:13 2003
+@@ -200,6 +200,12 @@ permitted (u_long host_addr, int fd)
+ 
+ 	auth_data_len = atoi (buf);
+ 
++	if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
++		syslog_message(LOG_WARNING,
++			       "Invalid data length supplied by client");
++		return FALSE;
++	}
++
+ 	if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len)
+ 	    return FALSE;
+