On Tue, Feb 22, 2022 at 09:07:35PM -0800, Nam Nguyen wrote:
> Here is an update to flac 1.3.4, released on 20 Feb 2022. It comes with
> security fixes.
>
> changelog: https://xiph.org/flac/changelog.html
>
> This update:
> - removes upstreamed bitreader.c patch
> - updates cpu.c ppc patch
> - bumps library majors
>
> check_sym reports removed symbols:
> https://namtsui.com/public/check_sym_FLAC.txt
> https://namtsui.com/public/check_sym_FLACpp.txt
>
> This commit adds -fvisibility=hidden for clang, which explains this
> change, despite upstream reporting "Interface changes: ... (none)."
> see:
> https://github.com/xiph/flac/commit/d4a1b345dd16591ff6f17c67ee519afebe2f9792
> include/FLAC/export.h:70:#define FLAC_API __attribute__ ((visibility ("default")))
> include/FLAC++/export.h:70:#define FLACPP_API __attribute__ ((visibility ("default")))
>
> Testing
> -------
> `make test' passes. I successfully tested flac playback with the
> following consumers: libsndfile audacity cmus deadbeef flac123 moc sox
All tests pass on sparc64, OK kn.
port-lib-depends-check reports
flac-1.3.4(audio/flac):
Extra: pthread.26
> Feedback? OK?
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/audio/flac/Makefile,v
> retrieving revision 1.62
> diff -u -p -u -p -r1.62 Makefile
> --- Makefile 8 May 2021 15:19:22 -0000 1.62
> +++ Makefile 23 Feb 2022 04:44:15 -0000
> @@ -2,12 +2,11 @@
>
> COMMENT= free lossless audio codec
>
> -DISTNAME= flac-1.3.3
> -REVISION= 0
> +DISTNAME= flac-1.3.4
> CATEGORIES= audio archivers
> HOMEPAGE= https://www.xiph.org/flac/
> -SHARED_LIBS += FLAC 11.0 # 11.0
> -SHARED_LIBS += FLAC++ 9.0 # 9.0
> +SHARED_LIBS += FLAC 12.0 # 11.0
> +SHARED_LIBS += FLAC++ 10.0 # 9.0
>
> MAINTAINER= Christian Weisgerber <naddy@openbsd.org>
>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/audio/flac/distinfo,v
> retrieving revision 1.13
> diff -u -p -u -p -r1.13 distinfo
> --- distinfo 12 Aug 2019 21:47:23 -0000 1.13
> +++ distinfo 23 Feb 2022 04:44:15 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (flac-1.3.3.tar.xz) = IT6CvXFsnebbL5i8rbxMJMfi7+jHWTmhqE4oU5xOF0g=
> -SIZE (flac-1.3.3.tar.xz) = 1044472
> +SHA256 (flac-1.3.4.tar.xz) = j/BgfnWjIt181uxI9PIlRxQEricw0OqUUSexNVFV5zc=
> +SIZE (flac-1.3.4.tar.xz) = 1038356
> Index: patches/patch-src_libFLAC_bitreader_c
> ===================================================================
> RCS file: patches/patch-src_libFLAC_bitreader_c
> diff -N patches/patch-src_libFLAC_bitreader_c
> --- patches/patch-src_libFLAC_bitreader_c 8 May 2021 15:19:22 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,17 +0,0 @@
> -$OpenBSD: patch-src_libFLAC_bitreader_c,v 1.1 2021/05/08 15:19:22 naddy Exp $
> -
> -CVE-2020-0499: Fix out-of-bounds read
> -https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4
> -
> -Index: src/libFLAC/bitreader.c
> ---- src/libFLAC/bitreader.c.orig
> -+++ src/libFLAC/bitreader.c
> -@@ -864,7 +864,7 @@ incomplete_lsbs:
> - cwords = br->consumed_words;
> - words = br->words;
> - ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
> -- b = br->buffer[cwords] << br->consumed_bits;
> -+ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
> - } while(cwords >= words && val < end);
> - }
> -
> Index: patches/patch-src_libFLAC_cpu_c
> ===================================================================
> RCS file: /cvs/ports/audio/flac/patches/patch-src_libFLAC_cpu_c,v
> retrieving revision 1.3
> diff -u -p -u -p -r1.3 patch-src_libFLAC_cpu_c
> --- patches/patch-src_libFLAC_cpu_c 15 Aug 2019 18:22:34 -0000 1.3
> +++ patches/patch-src_libFLAC_cpu_c 23 Feb 2022 04:44:15 -0000
> @@ -5,18 +5,20 @@ Remove getauxval(3) code for ppc because
> Index: src/libFLAC/cpu.c
> --- src/libFLAC/cpu.c.orig
> +++ src/libFLAC/cpu.c
> -@@ -53,10 +53,6 @@
> +@@ -53,12 +53,6 @@
> #define dfprintf(file, format, ...)
>
No comments:
Post a Comment