Bug 258428 - audio/flac: Potential fixes we may want to add
Summary: audio/flac: Potential fixes we may want to add
Status: Closed Works As Intended
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Christian Weisgerber
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-11 10:38 UTC by Daniel Engberg
Modified: 2021-09-13 20:58 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (naddy)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg freebsd_committer 2021-09-11 10:38:54 UTC
CVE (may not apply other users than Android):
https://github.com/xiph/flac/issues/243

Compiler fixes:

GCC
https://github.com/xiph/flac/commit/5f5035d2093421c43770eb0f0628e2f60aea61a5

Detect AVX/FMA intrinsics availability on clang 
https://github.com/xiph/flac/commit/b358381a102a2c1c153ee4cf95dfc04af62faa1a
Comment 1 Christian Weisgerber freebsd_committer 2021-09-13 20:58:24 UTC
Thank you.

CVE-2021-0561 is potentially relevant, but needs evaluation by somebody who understands the FLAC internals. I can't judge its correctness. In other words, we'll have to wait and see how upstream handles this.

The GCC problem is crazy and needs to be fixed in the compiler, i.e., lang/gcc9, if anybody uses that compiler to build FLAC.

The AVX intrinsics change is applicable, but just an optimization. We'll pick it up with the next upstream release.