diff --git a/audio/vorbis-tools/Makefile b/audio/vorbis-tools/Makefile index c5edc2790cf1..481cb71d95bb 100644 --- a/audio/vorbis-tools/Makefile +++ b/audio/vorbis-tools/Makefile @@ -1,40 +1,40 @@ PORTNAME= vorbis-tools -PORTVERSION= 1.4.2 -PORTREVISION= 3 +DISTVERSION= 1.4.2 +PORTREVISION= 4 PORTEPOCH= 3 CATEGORIES= audio MASTER_SITES= https://downloads.xiph.org/releases/vorbis/ MAINTAINER= naddy@FreeBSD.org COMMENT= Play, encode, and manage Ogg Vorbis files WWW= https://xiph.org/vorbis/ LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYING LIB_DEPENDS= libao.so:audio/libao \ libcurl.so:ftp/curl \ libFLAC.so:audio/flac \ libogg.so:audio/libogg \ libopusfile.so:audio/opusfile \ libspeex.so:audio/speex \ libvorbis.so:audio/libvorbis USES= cpe iconv localbase:ldflags pkgconfig CPE_VENDOR= xiph GNU_CONFIGURE= yes CONFIGURE_ENV= PTHREAD_LIBS="-lpthread" CONFIGURE_ARGS= --without-kate OPTIONS_DEFINE= NLS OPTIONS_SUB= yes NLS_USES= gettext NLS_CONFIGURE_ENABLE= nls post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/share/examples/vorbis-tools ${INSTALL_DATA} ${WRKSRC}/ogg123/ogg123rc-example \ ${STAGEDIR}${PREFIX}/share/examples/vorbis-tools/ogg123rc .include diff --git a/audio/vorbis-tools/files/patch-CVE-2023-43361 b/audio/vorbis-tools/files/patch-CVE-2023-43361 new file mode 100644 index 000000000000..bd6fe963410b --- /dev/null +++ b/audio/vorbis-tools/files/patch-CVE-2023-43361 @@ -0,0 +1,30 @@ +diff --git a/oggenc/platform.c b/oggenc/platform.c +index 6d9f4ef..b66e47a 100644 +--- oggenc/platform.c ++++ oggenc/platform.c +@@ -136,18 +136,22 @@ int create_directories(char *fn, int isutf8) + { + char *end, *start; + struct stat statbuf; +- char *segment = malloc(strlen(fn)+1); ++ const size_t fn_len = strlen(fn); ++ char *segment = malloc(fn_len+1); + #ifdef _WIN32 + wchar_t seg[MAX_PATH+1]; + #endif + + start = fn; + #ifdef _WIN32 +- if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':') ++ // Strip drive prefix ++ if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') { ++ + start = start+2; + #endif + +- while((end = strpbrk(start+1, PATH_SEPS)) != NULL) ++ // Loop through path segments, creating directories if necessary ++ while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL) + { + int rv; + memcpy(segment, fn, end-fn);