Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package vorbis-tools for openSUSE:Factory checked in at 2026-05-29 18:03:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vorbis-tools (Old) and /work/SRC/openSUSE:Factory/.vorbis-tools.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vorbis-tools" Fri May 29 18:03:57 2026 rev:34 rq:1355604 version:1.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/vorbis-tools/vorbis-tools.changes 2025-05-26 18:36:44.306454901 +0200 +++ /work/SRC/openSUSE:Factory/.vorbis-tools.new.1937/vorbis-tools.changes 2026-05-29 18:04:06.306907516 +0200 @@ -1,0 +2,8 @@ +Thu May 28 07:56:46 UTC 2026 - Takashi Iwai <[email protected]> + +- Fix buffer underflow in the `ogg123` utility in function `remotethread` + of `remote.c` (CVE-2026-34253, bsc#1265361): + 0001-Do-not-assume-fgets-result-is-non-empty.patch + 0002-ogg123-Handle-EOF-error-in-remote-interface.patch + +------------------------------------------------------------------- New: ---- 0001-Do-not-assume-fgets-result-is-non-empty.patch 0002-ogg123-Handle-EOF-error-in-remote-interface.patch ----------(New B)---------- New: of `remote.c` (CVE-2026-34253, bsc#1265361): 0001-Do-not-assume-fgets-result-is-non-empty.patch 0002-ogg123-Handle-EOF-error-in-remote-interface.patch New: 0001-Do-not-assume-fgets-result-is-non-empty.patch 0002-ogg123-Handle-EOF-error-in-remote-interface.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vorbis-tools.spec ++++++ --- /var/tmp/diff_new_pack.apTyDK/_old 2026-05-29 18:04:07.622961948 +0200 +++ /var/tmp/diff_new_pack.apTyDK/_new 2026-05-29 18:04:07.626962113 +0200 @@ -1,7 +1,7 @@ # # spec file for package vorbis-tools # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2025 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -25,6 +25,8 @@ Group: Productivity/Multimedia/Sound/Utilities URL: https://www.xiph.org/ Source0: https://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.gz +Patch1: 0001-Do-not-assume-fgets-result-is-non-empty.patch +Patch2: 0002-ogg123-Handle-EOF-error-in-remote-interface.patch BuildRequires: gettext-tools BuildRequires: pkgconfig BuildRequires: pkgconfig(ao) >= 1.0.0 ++++++ 0001-Do-not-assume-fgets-result-is-non-empty.patch ++++++ >From 4bb4fb33b25949178179f689db9afb477abeb572 Mon Sep 17 00:00:00 2001 From: "Timothy B. Terriberry" <[email protected]> Date: Tue, 24 Jun 2025 09:14:13 -0700 Subject: [PATCH] Do not assume fgets result is non-empty If a file contains an embedded NUL ('\0') character, strlen() on the result of fgets() can be 0, even when we have not reached the end of the file. Therefore we cannot access index [strlen(buf)-1] to check a character at the end of the string. Thanks to Momoko Shiraishi for the report. Fixes #2332 --- ogg123/playlist.c | 8 ++++++-- ogg123/remote.c | 2 +- vorbiscomment/vcomment.c | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ogg123/playlist.c b/ogg123/playlist.c index afcf5d72baac..3d3bc8ff8264 100644 --- a/ogg123/playlist.c +++ b/ogg123/playlist.c @@ -265,10 +265,14 @@ int playlist_append_from_file(playlist_t *list, char *playlist_filename) /* Crop off trailing newlines if present. Handle DOS (\r\n), Unix (\n) * and MacOS<9 (\r) line endings. */ - if (filename[length - 2] == '\r' && filename[length - 1] == '\n') + if (length >= 2 && filename[length - 2] == '\r' + && filename[length - 1] == '\n') { filename[length - 2] = '\0'; - else if (filename[length - 1] == '\n' || filename[length - 1] == '\r') + } + else if (length >= 1 && ( + filename[length - 1] == '\n' || filename[length - 1] == '\r')) { filename[length - 1] = '\0'; + } if (stat(filename, &stat_buf) == 0) { diff --git a/ogg123/remote.c b/ogg123/remote.c index 30f9787599ba..1107174abe0d 100644 --- a/ogg123/remote.c +++ b/ogg123/remote.c @@ -150,7 +150,7 @@ static void * remotethread(void * arg) { #endif fgets(buf, MAXBUF, stdin); - buf[strlen(buf)-1] = 0; + buf[strcspn(buf, "\n")] = 0; /* Lock on */ pthread_mutex_lock (&main_lock); diff --git a/vorbiscomment/vcomment.c b/vorbiscomment/vcomment.c index 2f1e17a04c17..9c93f055e383 100644 --- a/vorbiscomment/vcomment.c +++ b/vorbiscomment/vcomment.c @@ -123,7 +123,7 @@ char * read_line (FILE *input) buffers[buffer_count] = buffer; buffer_count++; - if (retval[strlen (retval) - 1] == '\n') + if (strchr(retval, '\n') != NULL) { /* End of the line */ break; -- 2.54.0 ++++++ 0002-ogg123-Handle-EOF-error-in-remote-interface.patch ++++++ >From cfc497a442f51fb4885e132deaf2e0ba067bd280 Mon Sep 17 00:00:00 2001 From: "Timothy B. Terriberry" <[email protected]> Date: Tue, 24 Jun 2025 09:38:56 -0700 Subject: [PATCH] ogg123: Handle EOF/error in remote interface Previously, if there was an error or EOF reading commands for the remote interface, the reader would loop infinitely trying to read another command that will never come. Instead, treat error or EOF as a Quit command. We manually send an error message / log, instead of using the existing error path, because we still want the main thread to process the Quit. --- ogg123/remote.c | 126 ++++++++++++++++++++++++++---------------------- 1 file changed, 68 insertions(+), 58 deletions(-) diff --git a/ogg123/remote.c b/ogg123/remote.c index 1107174abe0d..b0416a5e3573 100644 --- a/ogg123/remote.c +++ b/ogg123/remote.c @@ -139,6 +139,7 @@ static void * remotethread(void * arg) { buf[MAXBUF]=0; while(!done) { + char *ret; /* Read a line */ buf[0] = 0; send_log("Waiting for input: ..."); @@ -149,77 +150,86 @@ static void * remotethread(void * arg) { select (1, &fd, NULL, NULL, NULL); #endif - fgets(buf, MAXBUF, stdin); - buf[strcspn(buf, "\n")] = 0; + ret = fgets(buf, MAXBUF, stdin); /* Lock on */ pthread_mutex_lock (&main_lock); - send_log("Input: %s", buf); - error = 0; + if (ret != NULL) { + buf[strcspn(buf, "\n")] = 0; + send_log("Input: %s", buf); + error = 0; - if (!strncasecmp(buf,"l",1)) { - /* prepare to load */ - if ((b=strchr(buf,' ')) != NULL) { - /* Prepare to load a new song */ - strcpy((char*)arg, b+1); + if (!strncasecmp(buf,"l",1)) { + /* prepare to load */ + if ((b=strchr(buf,' ')) != NULL) { + /* Prepare to load a new song */ + strcpy((char*)arg, b+1); + setstatus(NEXT); + } + else { + /* Invalid load command */ + error = 1; + } + } + else + if (!strncasecmp(buf,"p",1)) { + /* Prepare to (un)pause */ + invertpause(); + } + else + if (!strncasecmp(buf,"j",1)) { + /* Prepare to seek */ + if ((b=strchr(buf,' ')) != NULL) { + set_seek_opt(&options, b+1); + } + ignore = 1; + } + else + if (!strncasecmp(buf,"s",1)) { + /* Prepare to stop */ + setstatus(STOP); + } + else + if (!strncasecmp(buf,"r",1)) { + /* Prepare to reload */ setstatus(NEXT); - } + } + else + if (!strncasecmp(buf,"h",1)) { + /* Send help */ + send_msg("H +----------------------------------------------------+"); + send_msg("H | Ogg123 remote interface |"); + send_msg("H |----------------------------------------------------|"); + send_msg("H | Load <file> - load a file and starts playing |"); + send_msg("H | Pause - pause or unpause playing |"); + send_msg("H | Jump [+|-]<f> - jump <f> seconds forth or back |"); + send_msg("H | Stop - stop playing |"); + send_msg("H | Reload - reload last song |"); + send_msg("H | Quit - quit ogg123 |"); + send_msg("H |----------------------------------------------------|"); + send_msg("H | refer to README.remote for documentation |"); + send_msg("H +----------------------------------------------------+"); + ignore = 1; + } + else + if (!strncasecmp(buf,"q",1)) { + /* Prepare to quit */ + setstatus(QUIT); + done = 1; + } else { - /* Invalid load command */ + /* Unknown input received */ error = 1; } } - else - if (!strncasecmp(buf,"p",1)) { - /* Prepare to (un)pause */ - invertpause(); - } - else - if (!strncasecmp(buf,"j",1)) { - /* Prepare to seek */ - if ((b=strchr(buf,' ')) != NULL) { - set_seek_opt(&options, b+1); - } - ignore = 1; - } - else - if (!strncasecmp(buf,"s",1)) { - /* Prepare to stop */ - setstatus(STOP); - } - else - if (!strncasecmp(buf,"r",1)) { - /* Prepare to reload */ - setstatus(NEXT); - } - else - if (!strncasecmp(buf,"h",1)) { - /* Send help */ - send_msg("H +----------------------------------------------------+"); - send_msg("H | Ogg123 remote interface |"); - send_msg("H |----------------------------------------------------|"); - send_msg("H | Load <file> - load a file and starts playing |"); - send_msg("H | Pause - pause or unpause playing |"); - send_msg("H | Jump [+|-]<f> - jump <f> seconds forth or back |"); - send_msg("H | Stop - stop playing |"); - send_msg("H | Reload - reload last song |"); - send_msg("H | Quit - quit ogg123 |"); - send_msg("H |----------------------------------------------------|"); - send_msg("H | refer to README.remote for documentation |"); - send_msg("H +----------------------------------------------------+"); - ignore = 1; - } - else - if (!strncasecmp(buf,"q",1)) { - /* Prepare to quit */ + else { + send_err("E EOF or error reading commands"); + send_log("EOF or error reading commands"); + /* Treat EOF or error as a quit command. */ setstatus(QUIT); done = 1; } - else { - /* Unknown input received */ - error = 1; - } if (ignore) { /* Unlock */ -- 2.54.0
