Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package vorbis-tools for openSUSE:Factory checked in at 2023-10-20 23:18:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vorbis-tools (Old) and /work/SRC/openSUSE:Factory/.vorbis-tools.new.1945 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vorbis-tools" Fri Oct 20 23:18:50 2023 rev:30 rq:1119212 version:1.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/vorbis-tools/vorbis-tools.changes 2021-01-25 18:24:15.256483928 +0100 +++ /work/SRC/openSUSE:Factory/.vorbis-tools.new.1945/vorbis-tools.changes 2023-10-20 23:22:08.342279930 +0200 @@ -1,0 +2,7 @@ +Fri Oct 20 11:05:02 UTC 2023 - Takashi Iwai <ti...@suse.com> + +- Fix buffer overflow vulnerability during the conversion of wav + files to ogg files (bsc#1215942, CVE-2023-43361): + vorbis-tools-CVE-2023-43361.patch + +------------------------------------------------------------------- New: ---- vorbis-tools-CVE-2023-43361.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vorbis-tools.spec ++++++ --- /var/tmp/diff_new_pack.cjgDU9/_old 2023-10-20 23:22:08.826297589 +0200 +++ /var/tmp/diff_new_pack.cjgDU9/_new 2023-10-20 23:22:08.826297589 +0200 @@ -1,7 +1,7 @@ # # spec file for package vorbis-tools # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,8 @@ Source0: https://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.gz # PATCH-FIX-OPENSUSE vorbis-tools-cflags.diff bnc#93888 -- Remove -fsigned-char option Patch1: vorbis-tools-cflags.diff +# PATCH-FIX-UPSTREAM bsc#1215942 CVE-2023-43361 +Patch2: vorbis-tools-CVE-2023-43361.patch BuildRequires: flac-devel BuildRequires: gettext-tools BuildRequires: libao-devel @@ -49,6 +51,7 @@ %prep %setup -q %patch1 +%patch2 -p1 %build # Because of patch vorbis-tools-cflags.diff regenerate build system ++++++ vorbis-tools-CVE-2023-43361.patch ++++++ >From 69dfbe06ce02e6199444245397acf79fb6857b4c Mon Sep 17 00:00:00 2001 From: Ralph Giles <gi...@thaumas.net> Date: Sun, 17 Sep 2023 11:49:12 -0700 Subject: [PATCH] oggenc: Don't assume the output path ends in a file name. oggenc attempts to create any specified directories in the output file path if they don't exist. The parser was assuming there was a final filename after the last directory separator, and so would try to read off the end of the argument if it was a bare directory such as `./` or `outdir/`. This adds a check to make sure the scan isn't starting off the end of the path string. Thanks to Frank-Z7 (Zeng Yunxiang) at Huazhong University of Science and Technology (cse.hust.edu.cn) for the report. --- oggenc/platform.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/oggenc/platform.c b/oggenc/platform.c index 6d9f4ef..ee0b7ce 100644 --- a/oggenc/platform.c +++ b/oggenc/platform.c @@ -136,18 +136,23 @@ int create_directories(char *fn, int isutf8) { char *end, *start; struct stat statbuf; - char *segment = malloc(strlen(fn)+1); + const size_t fn_len = strlen(fn); + char *segment = malloc(fn_len+1); #ifdef _WIN32 wchar_t seg[MAX_PATH+1]; #endif start = fn; #ifdef _WIN32 - if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':') + // Strip drive prefix + if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') { start = start+2; + } #endif - while((end = strpbrk(start+1, PATH_SEPS)) != NULL) + // Loop through path segments, creating directories if necessary + while((start+1 - fn < fn_len) && + (end = strpbrk(start+1, PATH_SEPS)) != NULL) { int rv; memcpy(segment, fn, end-fn); @@ -159,7 +164,7 @@ int create_directories(char *fn, int isutf8) rv = _wstat(seg,&statbuf); } else #endif - rv = stat(segment,&statbuf); + rv = stat(segment, &statbuf); if(rv) { if(errno == ENOENT) { #ifdef _WIN32 -- GitLab
