Security fix:

A problem in the handling of some types of remote files has been reported
in mpg123. Because of this, it may be possible for a remote attacker to
execute arbitrary code with the privileges of the mpg123 user.

ok naddy@ jolan@

audio/mpg123/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.29 2003/07/21 20:24:42 pvalchev Exp $
+# $OpenBSD: Makefile,v 1.30 2003/11/13 20:51:50 margarida Exp $
 
 COMMENT=	"mpeg audio 1/2 layer 1, 2 and 3 player"
 
 DISTNAME=	mpg123-0.59r
-PKGNAME=	${DISTNAME}p1
+PKGNAME=	${DISTNAME}p2
 CATEGORIES=	audio
 HOMEPAGE=	http://www.mpg123.de/
 

audio/mpg123/patches/patch-httpget_c

@@ -0,0 +1,24 @@
+$OpenBSD: patch-httpget_c,v 1.1 2003/11/13 20:51:50 margarida Exp $
+--- httpget.c.orig	2003-11-13 18:34:37.000000000 +0000
++++ httpget.c	2003-11-13 18:35:10.000000000 +0000
+@@ -55,11 +55,10 @@ void readstring (char *string, int maxle
+ #endif
+ 	int pos = 0;
+ 
+-	while(1) {
++	while(pos < maxlen) {
+ 		if( read(fileno(f),string+pos,1) == 1) {
+ 			pos++;
+ 			if(string[pos-1] == '\n') {
+-				string[pos] = 0;
+ 				break;
+ 			}
+ 		}
+@@ -68,6 +67,7 @@ void readstring (char *string, int maxle
+ 			exit(1);
+ 		}
+ 	}
++	string[pos] = 0;
+ #if 0
+ 	do {
+ 		result = fgets(string, maxlen, f);