Hi, a patch to fix this is attached and archived on: http://people.debian.org/~nion/nmu-diff/mt-daapd-0.9~r1696-1.3_0.9~r1696-1.4.patch
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u mt-daapd-0.9~r1696/debian/changelog mt-daapd-0.9~r1696/debian/changelog
--- mt-daapd-0.9~r1696/debian/changelog
+++ mt-daapd-0.9~r1696/debian/changelog
@@ -1,3 +1,11 @@
+mt-daapd (0.9~r1696-1.4) unstable; urgency=low
+
+ * Fix authentication upstream patch checking for a wrong return value
+ (03_fix-authentication.dpatch; Closes: #496217).
+ * Fix taglib api calls (04_taglib_api_calls.dpatch; Closes: #483337)
+
+ -- Nico Golde <[EMAIL PROTECTED]> Wed, 27 Aug 2008 14:53:45 +0200
+
mt-daapd (0.9~r1696-1.3) unstable; urgency=high
* Non-maintainer upload by the Security Team.
diff -u mt-daapd-0.9~r1696/debian/patches/00list mt-daapd-0.9~r1696/debian/patches/00list
--- mt-daapd-0.9~r1696/debian/patches/00list
+++ mt-daapd-0.9~r1696/debian/patches/00list
@@ -2,0 +3,2 @@
+03_fix-authentication
+04_taglib_api_calls
only in patch2:
unchanged:
--- mt-daapd-0.9~r1696.orig/debian/patches/04_taglib_api_calls.dpatch
+++ mt-daapd-0.9~r1696/debian/patches/04_taglib_api_calls.dpatch
@@ -0,0 +1,47 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04_taglib_api_calls.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad mt-daapd-0.9~r1696~/src/scan-mpc.c mt-daapd-0.9~r1696/src/scan-mpc.c
+--- mt-daapd-0.9~r1696~/src/scan-mpc.c 2007-08-10 06:07:26.000000000 +0200
++++ mt-daapd-0.9~r1696/src/scan-mpc.c 2008-08-27 14:53:27.000000000 +0200
+@@ -70,31 +70,31 @@
+ len = strlen(val);
+ if ((pmp3->title = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3->title, val, len);
+- taglib_tag_free_strings(val);
++ taglib_tag_free_strings();
+ }
+ if ((val = taglib_tag_artist(tag)) != NULL) {
+ len = strlen(val);
+ if ((pmp3->artist = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3->artist, val, len);
+- taglib_tag_free_strings(val);
++ taglib_tag_free_strings();
+ }
+ if ((val = taglib_tag_album(tag)) != NULL) {
+ len = strlen(val);
+ if ((pmp3->album = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3->album, val, len);
+- taglib_tag_free_strings(val);
++ taglib_tag_free_strings();
+ }
+ if ((val = taglib_tag_comment(tag)) != NULL) {
+ len = strlen(val);
+ if ((pmp3->comment = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3->comment, val, len);
+- taglib_tag_free_strings(val);
++ taglib_tag_free_strings();
+ }
+ if ((val = taglib_tag_genre(tag)) != NULL) {
+ len = strlen(val);
+ if ((pmp3->genre = calloc(len + 1, 1)) != NULL)
+ strncpy(pmp3->genre, val, len);
+- taglib_tag_free_strings(val);
++ taglib_tag_free_strings();
+ }
+
+ if ((i = taglib_tag_year(tag)) != 0)
only in patch2:
unchanged:
--- mt-daapd-0.9~r1696.orig/debian/patches/03_fix-authentication.dpatch
+++ mt-daapd-0.9~r1696/debian/patches/03_fix-authentication.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 03_fix-authentication.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad mt-daapd-0.9~r1696~/src/webserver.c mt-daapd-0.9~r1696/src/webserver.c
+--- mt-daapd-0.9~r1696~/src/webserver.c 2007-10-22 05:40:29.000000000 +0200
++++ mt-daapd-0.9~r1696/src/webserver.c 2008-08-27 14:49:35.000000000 +0200
+@@ -1131,7 +1131,7 @@
+ if((auth_handler) && (auth_handler(pwsc,NULL,NULL)==0)) {
+ /* do the auth thing */
+ auth=ws_getarg(&pwsc->request_headers,"Authorization");
+- if((auth) && (ws_decodepassword(auth,&username, &password))) {
++ if((auth) && (0 == ws_decodepassword(auth,&username, &password))) {
+ if(auth_handler(pwsc,username,password))
+ can_dispatch=1;
+ ws_addarg(&pwsc->request_vars,"HTTP_USER","%s",username);
pgpBJGtvdiZfi.pgp
Description: PGP signature
