commit: 05aa17f5639172598cd0ab639cf51afe789a755d Author: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org> AuthorDate: Thu Jan 4 10:25:24 2024 +0000 Commit: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org> CommitDate: Thu Jan 4 10:25:34 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05aa17f5
media-sound/vorbis-tools: applied buffer overflow fix Bug: https://bugs.gentoo.org/918549 Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org> .../files/vorbis-tools-1.4.2-docdir.patch | 4 +-- .../vorbis-tools-1.4.2-fix-buffer-overflow.patch | 32 ++++++++++++++++++++++ ....4.2-r3.ebuild => vorbis-tools-1.4.2-r4.ebuild} | 3 +- 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-docdir.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-docdir.patch index faec14fe65c6..3dc0bd1892f8 100644 --- a/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-docdir.patch +++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-docdir.patch @@ -1,8 +1,8 @@ Thanks-to: Chris Mayo https://bugs.gentoo.org/533774 ---- a/configure 2021-01-21 10:14:17.000000000 +0100 -+++ b/configure 2021-01-23 14:24:06.178883282 +0100 +--- a/configure ++++ b/configure @@ -937,7 +937,7 @@ runstatedir='${localstatedir}/run' includedir='${prefix}/include' diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-fix-buffer-overflow.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-fix-buffer-overflow.patch new file mode 100644 index 000000000000..20d4b65e2630 --- /dev/null +++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-fix-buffer-overflow.patch @@ -0,0 +1,32 @@ +fix from https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7 + + diff --git a/oggenc/platform.c b/oggenc/platform.c + index 6d9f4ef..b66e47a 100644 + --- a/oggenc/platform.c + +++ b/oggenc/platform.c + @@ -136,18 +136,22 @@ int create_directories(char *fn, int isutf8) + { + char *end, *start; + struct stat statbuf; + - char *segment = malloc(strlen(fn)+1); + + const size_t fn_len = strlen(fn); + + char *segment = malloc(fn_len+1); + #ifdef _WIN32 + wchar_t seg[MAX_PATH+1]; + #endif + + start = fn; + #ifdef _WIN32 + - if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':') + + // Strip drive prefix + + if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') { + + + start = start+2; + #endif + + - while((end = strpbrk(start+1, PATH_SEPS)) != NULL) + + // Loop through path segments, creating directories if necessary + + while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL) + { + int rv; + memcpy(segment, fn, end-fn); diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.2-r3.ebuild b/media-sound/vorbis-tools/vorbis-tools-1.4.2-r4.ebuild similarity index 92% rename from media-sound/vorbis-tools/vorbis-tools-1.4.2-r3.ebuild rename to media-sound/vorbis-tools/vorbis-tools-1.4.2-r4.ebuild index 5ba47cf06cc9..05d291d1539e 100644 --- a/media-sound/vorbis-tools/vorbis-tools-1.4.2-r3.ebuild +++ b/media-sound/vorbis-tools/vorbis-tools-1.4.2-r4.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -34,6 +34,7 @@ BDEPEND=" PATCHES=( "${FILESDIR}"/${PN}-1.4.2-r3-docdir.patch "${FILESDIR}"/${P}-clang16.patch + "${FILESDIR}"/${P}-fix-buffer-overflow.patch ) src_prepare() {
