Here is an update to flac 1.3.4, released on 20 Feb 2022. It comes with security fixes.
changelog: https://xiph.org/flac/changelog.html This update: - removes upstreamed bitreader.c patch - updates cpu.c ppc patch - bumps library majors check_sym reports removed symbols: https://namtsui.com/public/check_sym_FLAC.txt https://namtsui.com/public/check_sym_FLACpp.txt This commit adds -fvisibility=hidden for clang, which explains this change, despite upstream reporting "Interface changes: ... (none)." see: https://github.com/xiph/flac/commit/d4a1b345dd16591ff6f17c67ee519afebe2f9792 include/FLAC/export.h:70:#define FLAC_API __attribute__ ((visibility ("default"))) include/FLAC++/export.h:70:#define FLACPP_API __attribute__ ((visibility ("default"))) Testing ------- `make test' passes. I successfully tested flac playback with the following consumers: libsndfile audacity cmus deadbeef flac123 moc sox Feedback? OK? Index: Makefile =================================================================== RCS file: /cvs/ports/audio/flac/Makefile,v retrieving revision 1.62 diff -u -p -u -p -r1.62 Makefile --- Makefile 8 May 2021 15:19:22 -0000 1.62 +++ Makefile 23 Feb 2022 04:44:15 -0000 @@ -2,12 +2,11 @@ COMMENT= free lossless audio codec -DISTNAME= flac-1.3.3 -REVISION= 0 +DISTNAME= flac-1.3.4 CATEGORIES= audio archivers HOMEPAGE= https://www.xiph.org/flac/ -SHARED_LIBS += FLAC 11.0 # 11.0 -SHARED_LIBS += FLAC++ 9.0 # 9.0 +SHARED_LIBS += FLAC 12.0 # 11.0 +SHARED_LIBS += FLAC++ 10.0 # 9.0 MAINTAINER= Christian Weisgerber <[email protected]> Index: distinfo =================================================================== RCS file: /cvs/ports/audio/flac/distinfo,v retrieving revision 1.13 diff -u -p -u -p -r1.13 distinfo --- distinfo 12 Aug 2019 21:47:23 -0000 1.13 +++ distinfo 23 Feb 2022 04:44:15 -0000 @@ -1,2 +1,2 @@ -SHA256 (flac-1.3.3.tar.xz) = IT6CvXFsnebbL5i8rbxMJMfi7+jHWTmhqE4oU5xOF0g= -SIZE (flac-1.3.3.tar.xz) = 1044472 +SHA256 (flac-1.3.4.tar.xz) = j/BgfnWjIt181uxI9PIlRxQEricw0OqUUSexNVFV5zc= +SIZE (flac-1.3.4.tar.xz) = 1038356 Index: patches/patch-src_libFLAC_bitreader_c =================================================================== RCS file: patches/patch-src_libFLAC_bitreader_c diff -N patches/patch-src_libFLAC_bitreader_c --- patches/patch-src_libFLAC_bitreader_c 8 May 2021 15:19:22 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-src_libFLAC_bitreader_c,v 1.1 2021/05/08 15:19:22 naddy Exp $ - -CVE-2020-0499: Fix out-of-bounds read -https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4 - -Index: src/libFLAC/bitreader.c ---- src/libFLAC/bitreader.c.orig -+++ src/libFLAC/bitreader.c -@@ -864,7 +864,7 @@ incomplete_lsbs: - cwords = br->consumed_words; - words = br->words; - ucbits = FLAC__BITS_PER_WORD - br->consumed_bits; -- b = br->buffer[cwords] << br->consumed_bits; -+ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0; - } while(cwords >= words && val < end); - } - Index: patches/patch-src_libFLAC_cpu_c =================================================================== RCS file: /cvs/ports/audio/flac/patches/patch-src_libFLAC_cpu_c,v retrieving revision 1.3 diff -u -p -u -p -r1.3 patch-src_libFLAC_cpu_c --- patches/patch-src_libFLAC_cpu_c 15 Aug 2019 18:22:34 -0000 1.3 +++ patches/patch-src_libFLAC_cpu_c 23 Feb 2022 04:44:15 -0000 @@ -5,18 +5,20 @@ Remove getauxval(3) code for ppc because Index: src/libFLAC/cpu.c --- src/libFLAC/cpu.c.orig +++ src/libFLAC/cpu.c -@@ -53,10 +53,6 @@ +@@ -53,12 +53,6 @@ #define dfprintf(file, format, ...) #endif -#if defined FLAC__CPU_PPC +-#if defined(__linux__) || (defined(__FreeBSD__) && (__FreeBSD__ >= 12)) -#include <sys/auxv.h> -#endif +-#endif - #if (defined FLAC__CPU_IA32 || defined FLAC__CPU_X86_64) && (defined FLAC__HAS_NASM || FLAC__HAS_X86INTRIN) && !defined FLAC__NO_ASM /* these are flags in EDX of CPUID AX=00000001 */ -@@ -236,24 +232,8 @@ x86_cpu_info (FLAC__CPUInfo *info) +@@ -238,42 +232,8 @@ x86_cpu_info (FLAC__CPUInfo *info) static void ppc_cpu_info (FLAC__CPUInfo *info) { @@ -29,14 +31,32 @@ Index: src/libFLAC/cpu.c -#define PPC_FEATURE2_ARCH_2_07 0x80000000 -#endif - +-#ifdef __linux__ - if (getauxval(AT_HWCAP2) & PPC_FEATURE2_ARCH_3_00) { - info->ppc.arch_3_00 = true; - } else if (getauxval(AT_HWCAP2) & PPC_FEATURE2_ARCH_2_07) { - info->ppc.arch_2_07 = true; - } --#else +-#elif defined(__FreeBSD__) && (__FreeBSD__ >= 12) +- long hwcaps; +- /* elf_aux_info() appeared in FreeBSD 12.0 */ +- elf_aux_info(AT_HWCAP2, &hwcaps, sizeof(hwcaps)); +- if (hwcaps & PPC_FEATURE2_ARCH_3_00) { +- info->ppc.arch_3_00 = true; +- } else if (hwcaps & PPC_FEATURE2_ARCH_2_07) { +- info->ppc.arch_2_07 = true; +- } +-#elif defined(__APPLE__) +- /* no Mac OS X version supports CPU with Power AVI v2.07 or better */ info->ppc.arch_2_07 = false; info->ppc.arch_3_00 = false; +-#else +-#error Unsupported platform! Please add support for reading ppc hwcaps. +-#endif +- +-#else +- info->ppc.arch_2_07 = false; +- info->ppc.arch_3_00 = false; -#endif }
