From nobody Sun Nov 05 20:59:28 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SNn0c6Kpfz50RCT;
	Sun,  5 Nov 2023 20:59:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4SNn0c5sGWz4Mfx;
	Sun,  5 Nov 2023 20:59:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1699217968;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=AagjxH/zlW2xbOFsVusCw4gizYZdf+EhmokKc98X0ko=;
	b=OYpZq4QfBMQveStuyHikPWj6CFJlaxtfTf2ODPr9jkT0mMEvSgaRq+lsgBDQGgnWwYwlcw
	rHnQ7N4k9XtVzGhtp7fwvOCQ8MI9da5Fjmi5FW5PaMgCbaFdl1EJHt4r5mIyflZ9GF76Ee
	qo1gTTswoEL6u2BMoVLSzzKoBX56PXgwHUF59WXoNSAGTDl6a4EiXf6lxpSwS1JWbdQHiK
	GgVll25tOdRaYd3OlhjfXn7SJMxFa29CN8cJONV579gsiDTQUnXRbZsBpr12K9AZ6mpuoT
	+QgFtD0/TAn32haI81MkylrsnBpqEZo2WnZgtjoU1yGKXY4zt0I485+kfxE49Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1699217968;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=AagjxH/zlW2xbOFsVusCw4gizYZdf+EhmokKc98X0ko=;
	b=t1DqxjkHp/NhXU9i3We6CzCBA00ORZv49nVyOimG6rKafCv7Ve3pMnOodpNaqdIVbCGy8v
	X2CUs2cIAwE1TRqoFpvx8E28HaikWjDFbm9ETbMxjQ7ge2+qHmdM4n9kA2Yl1+gUm2Ppfb
	/rlTKHODd7NaQGqS58Qm4prukI9k1cPxrObEXCJvhoNqchy4p1cpyC+kRMfuP5g6utgtME
	5ecfO5P7N7pgtpKwfn8Q+kv+qHcOTzbuv4Cs+ejptjVZuErM0uegOJQ+Sfp57ni45SgrEH
	g5+D2Y5j2O1g4vtUOHCcZ3LDOM4bwPWggQjo/aLN7ECWvKesot3PqBXuIOH0ow==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699217968; a=rsa-sha256; cv=none;
	b=t3I+r9+gtOLx9thrn8Br9eDiHu40Vjqy0LHOaRkv4TJTGgujLYdC0xPgD9udgjAC3X/lQH
	H7NC5CaV32zv0r2aO4qG9LSud6PzdR3UNX/PYL1mg8VZ34Z27qhGtt0qSwHOMcEc1yyJ96
	aMKsQ7Vwb9j7gZIqVs0kqu1Dfee0paVNWyAhLSIcVsfP+Sug/0O83wP5sAAaloC5R5sxJp
	jTzx4uIyQTVQwYwGQhYNgAqnis0OiSbEoeQKlYO+aUsqxdDbnrAt97GfGoqKyIFsdSxuFf
	DAE4szhWgHIDciwQbYDPFXVivNPDrcAAQ5HbbW0jlBPaZ4uLWolPycQilH5uoQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SNn0c4pklzfwZ;
	Sun,  5 Nov 2023 20:59:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3A5KxSkX072096;
	Sun, 5 Nov 2023 20:59:28 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3A5KxSln072093;
	Sun, 5 Nov 2023 20:59:28 GMT
	(envelope-from git)
Date: Sun, 5 Nov 2023 20:59:28 GMT
Message-Id: <202311052059.3A5KxSln072093@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Daniel Engberg <diizzy@FreeBSD.org>
Subject: git: d2378ab547da - main - audio/vorbis-tools: Add patch
  for CVE-2023-43361
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: diizzy
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: d2378ab547da27903d0201a0fef3d272f334d0ac
Auto-Submitted: auto-generated

The branch main has been updated by diizzy:

URL: https://cgit.FreeBSD.org/ports/commit/?id=d2378ab547da27903d0201a0fef3d272f334d0ac

commit d2378ab547da27903d0201a0fef3d272f334d0ac
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-11-05 20:39:54 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-11-05 20:40:51 +0000

    audio/vorbis-tools: Add patch for CVE-2023-43361
    
    Reference:
    https://www.cve.org/CVERecord?id=CVE-2023-43361
    
    Source:
    https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7#note_55477
    
    PR:             274900
    Reviewed by:    naddy (maintainer)
---
 audio/vorbis-tools/Makefile                   |  4 ++--
 audio/vorbis-tools/files/patch-CVE-2023-43361 | 30 +++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/audio/vorbis-tools/Makefile b/audio/vorbis-tools/Makefile
index c5edc2790cf1..481cb71d95bb 100644
--- a/audio/vorbis-tools/Makefile
+++ b/audio/vorbis-tools/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	vorbis-tools
-PORTVERSION=	1.4.2
-PORTREVISION=	3
+DISTVERSION=	1.4.2
+PORTREVISION=	4
 PORTEPOCH=	3
 CATEGORIES=	audio
 MASTER_SITES=	https://downloads.xiph.org/releases/vorbis/
diff --git a/audio/vorbis-tools/files/patch-CVE-2023-43361 b/audio/vorbis-tools/files/patch-CVE-2023-43361
new file mode 100644
index 000000000000..bd6fe963410b
--- /dev/null
+++ b/audio/vorbis-tools/files/patch-CVE-2023-43361
@@ -0,0 +1,30 @@
+diff --git a/oggenc/platform.c b/oggenc/platform.c
+index 6d9f4ef..b66e47a 100644
+--- oggenc/platform.c
++++ oggenc/platform.c
+@@ -136,18 +136,22 @@ int create_directories(char *fn, int isutf8)
+ {
+     char *end, *start;
+     struct stat statbuf;
+-    char *segment = malloc(strlen(fn)+1);
++    const size_t fn_len = strlen(fn);
++    char *segment = malloc(fn_len+1);
+ #ifdef _WIN32
+     wchar_t seg[MAX_PATH+1];
+ #endif
+ 
+     start = fn;
+ #ifdef _WIN32
+-    if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':')
++    // Strip drive prefix
++    if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') {
++ 
+         start = start+2;
+ #endif
+ 
+-    while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
++    // Loop through path segments, creating directories if necessary
++    while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL)
+     {
+         int rv;
+         memcpy(segment, fn, end-fn);