On 2/24/2022 12:42 PM, Christian Weisgerber wrote:
> Nam Nguyen:
>
>> Here is an update to flac 1.3.4, released on 20 Feb 2022. It comes with
>> security fixes.
>> This update:
>> - removes upstreamed bitreader.c patch
>> - updates cpu.c ppc patch
> I have a different version of that patch that minimizes the changes.
>
>> - bumps library majors
>>
>> This commit adds -fvisibility=hidden for clang, which explains this
>> change, despite upstream reporting "Interface changes: ... (none)."
> Well, that poses a problem. If we bump the library majors, we can't
> commit this to -stable.
>
> Indeed I don't see any interface changes, except for the removal
> of a _lot_ of symbols that weren't intended as part of the API
> before.
>
> So our unsatisfactory choices are:
> (1) Bump, no backport to -stable.
> (2) No bump, in violation of our API policy.
> (3) No bump and remove -fvisibility to retain the old symbols.
>
> Suggestions?
Remove the use of -fvisibility=hidden for the -stable backport but keep
it for -current.
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/audio/flac/Makefile,v
> retrieving revision 1.62
> diff -u -p -r1.62 Makefile
> --- Makefile 8 May 2021 15:19:22 -0000 1.62
> +++ Makefile 24 Feb 2022 17:38:27 -0000
> @@ -2,8 +2,7 @@
>
> COMMENT= free lossless audio codec
>
> -DISTNAME= flac-1.3.3
> -REVISION= 0
> +DISTNAME= flac-1.3.4
> CATEGORIES= audio archivers
> HOMEPAGE= https://www.xiph.org/flac/
> SHARED_LIBS += FLAC 11.0 # 11.0
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/audio/flac/distinfo,v
> retrieving revision 1.13
> diff -u -p -r1.13 distinfo
> --- distinfo 12 Aug 2019 21:47:23 -0000 1.13
> +++ distinfo 24 Feb 2022 17:38:27 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (flac-1.3.3.tar.xz) = IT6CvXFsnebbL5i8rbxMJMfi7+jHWTmhqE4oU5xOF0g=
> -SIZE (flac-1.3.3.tar.xz) = 1044472
> +SHA256 (flac-1.3.4.tar.xz) = j/BgfnWjIt181uxI9PIlRxQEricw0OqUUSexNVFV5zc=
> +SIZE (flac-1.3.4.tar.xz) = 1038356
> Index: patches/patch-src_libFLAC_bitreader_c
> ===================================================================
> RCS file: patches/patch-src_libFLAC_bitreader_c
> diff -N patches/patch-src_libFLAC_bitreader_c
> --- patches/patch-src_libFLAC_bitreader_c 8 May 2021 15:19:22 -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,17 +0,0 @@
> -$OpenBSD: patch-src_libFLAC_bitreader_c,v 1.1 2021/05/08 15:19:22 naddy Exp $
> -
> -CVE-2020-0499: Fix out-of-bounds read
> -https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4
> -
> -Index: src/libFLAC/bitreader.c
> ---- src/libFLAC/bitreader.c.orig
> -+++ src/libFLAC/bitreader.c
> -@@ -864,7 +864,7 @@ incomplete_lsbs:
> - cwords = br->consumed_words;
> - words = br->words;
> - ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
> -- b = br->buffer[cwords] << br->consumed_bits;
> -+ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
> - } while(cwords >= words && val < end);
> - }
> -
> Index: patches/patch-src_libFLAC_cpu_c
> ===================================================================
> RCS file: /cvs/ports/audio/flac/patches/patch-src_libFLAC_cpu_c,v
> retrieving revision 1.3
> diff -u -p -r1.3 patch-src_libFLAC_cpu_c
> --- patches/patch-src_libFLAC_cpu_c 15 Aug 2019 18:22:34 -0000 1.3
> +++ patches/patch-src_libFLAC_cpu_c 24 Feb 2022 17:38:27 -0000
> @@ -1,43 +1,16 @@
> $OpenBSD: patch-src_libFLAC_cpu_c,v 1.3 2019/08/15 18:22:34 cwen Exp $
>
> -Remove getauxval(3) code for ppc because we don't implement this
> +No support for reading PPC hwcaps on OpenBSD.
>
> Index: src/libFLAC/cpu.c
> --- src/libFLAC/cpu.c.orig
> +++ src/libFLAC/cpu.c
> -@@ -53,10 +53,6 @@
> - #define dfprintf(file, format, ...)
> -
No comments:
Post a Comment