2 files changed, 39 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools/CVE-2023-43361.patch b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools/CVE-2023-43361.patch
new file mode 100644
index 0000000000..7f5b634115
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools/CVE-2023-43361.patch
@@ -0,0 +1,38 @@
+From 6ca16244ba70cd1c0c8d062d1416bdc79bf20898 Mon Sep 17 00:00:00 2001
+From: Peter Marko <peter.marko@siemens.com>
+Date: Fri, 17 Jan 2025 18:49:12 +0100
+Subject: [PATCH] oggenc: Don't assume the output path ends in a file name.
+oggenc attempts to create any specified directories in the output
+file path if they don't exist. The parser was assuming there was
+a final filename after the last directory separator, and so would
+try to read off the end of the argument if it was a bare directory
+such as `./` or `outdir/`. This adds a check to make sure the
+scan isn't starting off the end of the path string.
+Thanks to Frank-Z7 (Zeng Yunxiang) at Huazhong University of Science
+and Technology (cse.hust.edu.cn) for the report.
+CVE: CVE-2023-43361
+Upstream-Status: Submitted [https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ oggenc/platform.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/oggenc/platform.c b/oggenc/platform.c
+index 6d9f4ef..1ff02ca 100644
+--- a/oggenc/platform.c
+++ b/oggenc/platform.c
+@@ -147,7 +147,7 @@ int create_directories(char *fn, int isutf8)
+         start = start+2;
+ #endif
+ 
+-    while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
+    while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL)
+     {
+         int rv;
+         memcpy(segment, fn, end-fn);
+-- 
+2.30.2
diff --git a/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb
index 61a4aedb85..2cbd840138 100644
--- a/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb
+++ b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb
@@ -13,6 +13,7 @@ DEPENDS = "libogg libvorbis"
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.gz \
           file://gettext.patch \
           file://0001-ogginfo-Include-utf8.h-for-missing-utf8_decode.patch \
+           file://CVE-2023-43361.patch \
          "
 SRC_URI[md5sum] = "998fca293bd4e4bdc2b96fb70f952f4e"

diff --git a/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools/CVE-2023-43361.patch b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools/CVE-2023-43361.patch new file mode 100644 index 0000000000..7f5b634115 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools/CVE-2023-43361.patch
@@ -0,0 +1,38 @@
		1	From 6ca16244ba70cd1c0c8d062d1416bdc79bf20898 Mon Sep 17 00:00:00 2001
		2	From: Peter Marko <peter.marko@siemens.com>
		3	Date: Fri, 17 Jan 2025 18:49:12 +0100
		4	Subject: [PATCH] oggenc: Don't assume the output path ends in a file name.
		5
		6	oggenc attempts to create any specified directories in the output
		7	file path if they don't exist. The parser was assuming there was
		8	a final filename after the last directory separator, and so would
		9	try to read off the end of the argument if it was a bare directory
		10	such as `./` or `outdir/`. This adds a check to make sure the
		11	scan isn't starting off the end of the path string.
		12
		13	Thanks to Frank-Z7 (Zeng Yunxiang) at Huazhong University of Science
		14	and Technology (cse.hust.edu.cn) for the report.
		15
		16	CVE: CVE-2023-43361
		17	Upstream-Status: Submitted [https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7]
		18	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		19	---
		20	oggenc/platform.c \| 2 +-
		21	1 file changed, 1 insertion(+), 1 deletion(-)
		22
		23	diff --git a/oggenc/platform.c b/oggenc/platform.c
		24	index 6d9f4ef..1ff02ca 100644
		25	--- a/oggenc/platform.c
		26	+++ b/oggenc/platform.c
		27	@@ -147,7 +147,7 @@ int create_directories(char *fn, int isutf8)
		28	start = start+2;
		29	#endif
		30
		31	- while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
		32	+ while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL)
		33	{
		34	int rv;
		35	memcpy(segment, fn, end-fn);
		36	--
		37	2.30.2
		38


diff --git a/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb index 61a4aedb85..2cbd840138 100644 --- a/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb +++ b/meta-multimedia/recipes-multimedia/vorbis-tools/vorbis-tools_1.4.2.bb
@@ -13,6 +13,7 @@ DEPENDS = "libogg libvorbis"
13	SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.gz \	13	SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.gz \
14	file://gettext.patch \	14	file://gettext.patch \
15	file://0001-ogginfo-Include-utf8.h-for-missing-utf8_decode.patch \	15	file://0001-ogginfo-Include-utf8.h-for-missing-utf8_decode.patch \
		16	file://CVE-2023-43361.patch \
16	"	17	"
17		18
18	SRC_URI[md5sum] = "998fca293bd4e4bdc2b96fb70f952f4e"	19	SRC_URI[md5sum] = "998fca293bd4e4bdc2b96fb70f952f4e"