audio/vorbis-tools: Add patch for CVE-2023-43361

Reference: https://www.cve.org/CVERecord?id=CVE-2023-43361 Source: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7#note_55477 PR: 274900 Reviewed by: naddy (maintainer)

audio/vorbis-tools: Add patch for CVE-2023-43361
d2378ab5 · Daniel Engberg · 3308e620 · d2378ab5 · d2378ab5
Commit d2378ab5 authored 1 year ago by Daniel Engberg
--- a/audio/vorbis-tools/Makefile
+++ b/audio/vorbis-tools/Makefile
 PORTNAME=	vorbis-tools
-PORTVERSION=	1.4.2
-PORTREVISION=	3
+DISTVERSION=	1.4.2
+PORTREVISION=	4
 PORTEPOCH=	3
 CATEGORIES=	audio
 MASTER_SITES=	https://downloads.xiph.org/releases/vorbis/

--- a/audio/vorbis-tools/files/patch-CVE-2023-43361
+++ b/audio/vorbis-tools/files/patch-CVE-2023-43361
+diff --git a/oggenc/platform.c b/oggenc/platform.c
+index 6d9f4ef..b66e47a 100644
+--- oggenc/platform.c
+++ oggenc/platform.c
+@@ -136,18 +136,22 @@ int create_directories(char *fn, int isutf8)
+ {
+     char *end, *start;
+     struct stat statbuf;
+-    char *segment = malloc(strlen(fn)+1);
+    const size_t fn_len = strlen(fn);
+    char *segment = malloc(fn_len+1);
+ #ifdef _WIN32
+     wchar_t seg[MAX_PATH+1];
+ #endif
+ 
+     start = fn;
+ #ifdef _WIN32
+-    if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':')
+    // Strip drive prefix
+    if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') {
+ 
+         start = start+2;
+ #endif
+ 
+-    while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
+    // Loop through path segments, creating directories if necessary
+    while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL)
+     {
+         int rv;
+         memcpy(segment, fn, end-fn);