Christian Weisgerber writes: > Nam Nguyen: > >> Here is an update to flac 1.3.4, released on 20 Feb 2022. It comes with >> security fixes. > >> This update: >> - removes upstreamed bitreader.c patch >> - updates cpu.c ppc patch > > I have a different version of that patch that minimizes the changes.
Smaller patch looks good. > >> - bumps library majors >> >> This commit adds -fvisibility=hidden for clang, which explains this >> change, despite upstream reporting "Interface changes: ... (none)." > > Well, that poses a problem. If we bump the library majors, we can't > commit this to -stable. > > Indeed I don't see any interface changes, except for the removal > of a _lot_ of symbols that weren't intended as part of the API > before. > > So our unsatisfactory choices are: > (1) Bump, no backport to -stable. > (2) No bump, in violation of our API policy. > (3) No bump and remove -fvisibility to retain the old symbols. > > Suggestions? This is a good breakdown. I say (2) and hope things don't break. Tradeoff among: - security fixes to -stable - minimizing maintenance - adhering to our API policy With (1) -stable users suffer. Make an exception in this case for ease of maintainability and given a small chance of breaking (since programs are unlikely to be using non-public API bits). In (3), could -fvisibility be removed now and added back next openbsd release cycle? (3) increases maintenance burden as it diverges from upstream and for this juggling of finding out good timing to re-add -fvisibility (e.g., new flac release && no security fixes). I remember sthen@ brought up not being able to commit to -stable if major is bumped. > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/audio/flac/Makefile,v > retrieving revision 1.62 > diff -u -p -r1.62 Makefile > --- Makefile 8 May 2021 15:19:22 -0000 1.62 > +++ Makefile 24 Feb 2022 17:38:27 -0000 > @@ -2,8 +2,7 @@ > > COMMENT= free lossless audio codec > > -DISTNAME= flac-1.3.3 > -REVISION= 0 > +DISTNAME= flac-1.3.4 > CATEGORIES= audio archivers > HOMEPAGE= https://www.xiph.org/flac/ > SHARED_LIBS += FLAC 11.0 # 11.0 > Index: distinfo > =================================================================== > RCS file: /cvs/ports/audio/flac/distinfo,v > retrieving revision 1.13 > diff -u -p -r1.13 distinfo > --- distinfo 12 Aug 2019 21:47:23 -0000 1.13 > +++ distinfo 24 Feb 2022 17:38:27 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (flac-1.3.3.tar.xz) = IT6CvXFsnebbL5i8rbxMJMfi7+jHWTmhqE4oU5xOF0g= > -SIZE (flac-1.3.3.tar.xz) = 1044472 > +SHA256 (flac-1.3.4.tar.xz) = j/BgfnWjIt181uxI9PIlRxQEricw0OqUUSexNVFV5zc= > +SIZE (flac-1.3.4.tar.xz) = 1038356 > Index: patches/patch-src_libFLAC_bitreader_c > =================================================================== > RCS file: patches/patch-src_libFLAC_bitreader_c > diff -N patches/patch-src_libFLAC_bitreader_c > --- patches/patch-src_libFLAC_bitreader_c 8 May 2021 15:19:22 -0000 > 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,17 +0,0 @@ > -$OpenBSD: patch-src_libFLAC_bitreader_c,v 1.1 2021/05/08 15:19:22 naddy Exp $ > - > -CVE-2020-0499: Fix out-of-bounds read > -https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4 > - > -Index: src/libFLAC/bitreader.c > ---- src/libFLAC/bitreader.c.orig > -+++ src/libFLAC/bitreader.c > -@@ -864,7 +864,7 @@ incomplete_lsbs: > - cwords = br->consumed_words; > - words = br->words; > - ucbits = FLAC__BITS_PER_WORD - br->consumed_bits; > -- b = br->buffer[cwords] << br->consumed_bits; > -+ b = cwords < br->capacity ? br->buffer[cwords] << > br->consumed_bits : 0; > - } while(cwords >= words && val < end); > - } > - > Index: patches/patch-src_libFLAC_cpu_c > =================================================================== > RCS file: /cvs/ports/audio/flac/patches/patch-src_libFLAC_cpu_c,v > retrieving revision 1.3 > diff -u -p -r1.3 patch-src_libFLAC_cpu_c > --- patches/patch-src_libFLAC_cpu_c 15 Aug 2019 18:22:34 -0000 1.3 > +++ patches/patch-src_libFLAC_cpu_c 24 Feb 2022 17:38:27 -0000 > @@ -1,43 +1,16 @@ > $OpenBSD: patch-src_libFLAC_cpu_c,v 1.3 2019/08/15 18:22:34 cwen Exp $ > > -Remove getauxval(3) code for ppc because we don't implement this > +No support for reading PPC hwcaps on OpenBSD. > > Index: src/libFLAC/cpu.c > --- src/libFLAC/cpu.c.orig > +++ src/libFLAC/cpu.c > -@@ -53,10 +53,6 @@ > - #define dfprintf(file, format, ...) > - #endif > - > --#if defined FLAC__CPU_PPC > --#include <sys/auxv.h> > --#endif > -- > - #if (defined FLAC__CPU_IA32 || defined FLAC__CPU_X86_64) && (defined > FLAC__HAS_NASM || FLAC__HAS_X86INTRIN) && !defined FLAC__NO_ASM > - > - /* these are flags in EDX of CPUID AX=00000001 */ > -@@ -236,24 +232,8 @@ x86_cpu_info (FLAC__CPUInfo *info) > - static void > - ppc_cpu_info (FLAC__CPUInfo *info) > - { > --#if defined FLAC__CPU_PPC > --#ifndef PPC_FEATURE2_ARCH_3_00 > --#define PPC_FEATURE2_ARCH_3_00 0x00800000 > --#endif > -- > --#ifndef PPC_FEATURE2_ARCH_2_07 > --#define PPC_FEATURE2_ARCH_2_07 0x80000000 > --#endif > -- > -- if (getauxval(AT_HWCAP2) & PPC_FEATURE2_ARCH_3_00) { > -- info->ppc.arch_3_00 = true; > -- } else if (getauxval(AT_HWCAP2) & PPC_FEATURE2_ARCH_2_07) { > -- info->ppc.arch_2_07 = true; > -- } > --#else > +@@ -262,7 +262,7 @@ ppc_cpu_info (FLAC__CPUInfo *info) > + } else if (hwcaps & PPC_FEATURE2_ARCH_2_07) { > + info->ppc.arch_2_07 = true; > + } > +-#elif defined(__APPLE__) > ++#elif defined(__APPLE__) || defined(__OpenBSD__) > + /* no Mac OS X version supports CPU with Power AVI v2.07 or better */ > info->ppc.arch_2_07 = false; > info->ppc.arch_3_00 = false; > --#endif > - } > - > - void FLAC__cpu_info (FLAC__CPUInfo *info)
