Add a patch for the most recent mpg123 buffer-overflow vulnerability

noted in VuXML.

PR:		ports/73091
Submitted by:	Roman Bogorodskiy <bogorodskiy@inbox.ru> (maintainer)
VuXML:		http://vuxml.FreeBSD.org/20d16518-2477-11d9-814e-0001020eed82.html
Approved by:	clement

audio/mpg123/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME=	mpg123
 PORTVERSION=	0.59r
-PORTREVISION=	14
+PORTREVISION=	15
 CATEGORIES=	audio ipv6
 MASTER_SITES=	http://www.mpg123.de/mpg123/ \
 		http://www-ti.informatik.uni-tuebingen.de/~hippm/mpg123/

audio/mpg123/files/patch-httpget.c

@@ -1,6 +1,6 @@
---- httpget.c.orig	2003-11-13 18:34:37.000000000 +0000
-+++ httpget.c	2003-11-13 18:35:10.000000000 +0000
-@@ -55,11 +55,10 @@ void readstring (char *string, int maxle
+--- httpget.c.orig	Fri Nov  5 16:11:04 2004
++++ httpget.c	Fri Nov  5 16:43:27 2004
+@@ -55,11 +55,10 @@
  #endif
  	int pos = 0;
  
@@ -13,7 +13,7 @@
  				break;
  			}
  		}
-@@ -68,6 +67,7 @@ void readstring (char *string, int maxle
+@@ -68,6 +67,7 @@
  			exit(1);
  		}
  	}
@@ -21,3 +21,42 @@
  #if 0
  	do {
  		result = fgets(string, maxlen, f);
+@@ -114,6 +114,7 @@
+ int getauthfromURL(char *url,char *auth)
+ {
+   char *pos;
++  int len;
+ 
+   *auth = 0;
+ 
+@@ -126,8 +127,14 @@
+       if( url[i] == '/' )
+          return 0;
+     }
+-    strncpy(auth,url,pos-url);
+-    auth[pos-url] = 0;
++
++    if ((pos-url) > 255)
++      len = 255;
++    else
++      len = pos-url;
++
++    strncpy(auth,url,len);
++    auth[len] = 0;
+     strcpy(url,pos+1);
+     return 1;
+   }
+@@ -292,11 +299,11 @@
+ 			}
+ 			strcat (request, sptr);
+ 		}
+-		sprintf (request + strlen(request),
++		snprintf (request + strlen(request), linelength - strlen(request),
+ 			" HTTP/1.0\r\nUser-Agent: %s/%s\r\n",
+ 			prgName, prgVersion);
+ 		if (host) {
+-			sprintf(request + strlen(request),
++			snprintf(request + strlen(request), linelength - strlen(request),
+ 				"Host: %s:%s\r\n", host, myport);
+ #if 0
+ 			free (host);