From: Peter Seiderer <ps.report@gmx.net>
To: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>,
Fabrice Fontaine <fontaine.fabrice@gmail.com>,
buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/flac: security bump to version 1.3.4
Date: Mon, 21 Feb 2022 22:07:45 +0100 [thread overview]
Message-ID: <20220221220745.3fb583e5@gmx.net> (raw)
In-Reply-To: <20220221204235.GB2166282@scaer>
Hello Fabice, Yann,
On Mon, 21 Feb 2022 21:42:35 +0100, "Yann E. MORIN" <yann.morin.1998@free.fr> wrote:
> Fabrice, All,
>
> On 2022-02-21 18:26 +0100, Fabrice Fontaine spake thusly:
> > This release mostly fixes (security related) bugs including:
> > - Fix 12 decoder bugs found by oss-fuzz, including CVE-2020-0499
> > - Fix encoder bug CVE-2021-0561
> >
> > Also:
> > - Replace first patch which was reverted by
> > https://github.com/xiph/flac/commit/4fbb6d4f2ecf2a96c17ea9880108409f852c08a9
>
> You removed that patch entirely, but forgot to drop FLAC_AUTORECONF=YES.
>
> I had a look at that upstream commit, and I was wondering how they got
> to fix that build issue if they reverted the patch. And indeed it is not
> fixed and still happens:
>
> cpu.c:58:10: fatal error: sys/auxv.h: No such file or directory
> #include <sys/auxv.h>
> ^~~~~~~~~~~~
> compilation terminated.
> make[6]: *** [Makefile:739: cpu.lo] Error 1
> make[5]: *** [Makefile:796: all-recursive] Error 1
> make[4]: *** [Makefile:435: all-recursive] Error 1
> make[3]: *** [Makefile:500: all-recursive] Error 1
> make[2]: *** [Makefile:432: all] Error 2
>
> So we need to adapt that patch instead of dropping it (and thus we need
> to keep AUTORECONF=YES, of course).
Same conclusion/test from my side..., just keeping the patch (and autoreconf) works...
Regards,
Peter
>
> Regards,
> Yann E. MORIN.
>
> > - Disable stack protection (enabled by default since
> > https://github.com/xiph/flac/commit/f706f2832270a0b7851cdffe62ad37acda9423fe)
> > - Drop md5 which is not provided anymore
> > - Update indentation in hash file (two spaces)
> >
> > https://github.com/xiph/flac/releases/tag/1.3.4
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > ---
> > ...ck-for-sys-auxv.h-before-defining-FL.patch | 36 -------------------
> > package/flac/flac.hash | 12 +++----
> > package/flac/flac.mk | 5 +--
> > 3 files changed, 8 insertions(+), 45 deletions(-)
> > delete mode 100644 package/flac/0001-configure.ac-check-for-sys-auxv.h-before-defining-FL.patch
> >
> > diff --git a/package/flac/0001-configure.ac-check-for-sys-auxv.h-before-defining-FL.patch b/package/flac/0001-configure.ac-check-for-sys-auxv.h-before-defining-FL.patch
> > deleted file mode 100644
> > index d1398d4b3e..0000000000
> > --- a/package/flac/0001-configure.ac-check-for-sys-auxv.h-before-defining-FL.patch
> > +++ /dev/null
> > @@ -1,36 +0,0 @@
> > -From 14a0713389fbfef59225d027ea466ebb478a8c6b Mon Sep 17 00:00:00 2001
> > -From: Peter Seiderer <ps.report@gmx.net>
> > -Date: Thu, 19 Sep 2019 21:18:04 +0200
> > -Subject: [PATCH] configure.ac: check for sys/auxv.h before defining FLAC__CPU_PPC
> > -
> > -Upstream: https://github.com/xiph/flac/pull/142
> > -Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> > ----
> > - configure.ac | 4 ++--
> > - 1 file changed, 2 insertions(+), 2 deletions(-)
> > -
> > -diff --git a/configure.ac b/configure.ac
> > -index 0228a12..64cb3f2 100644
> > ---- a/configure.ac
> > -+++ b/configure.ac
> > -@@ -144,7 +144,7 @@ case "$host_cpu" in
> > - powerpc64|powerpc64le)
> > - cpu_ppc64=true
> > - cpu_ppc=true
> > -- AC_DEFINE(FLAC__CPU_PPC)
> > -+ AC_CHECK_HEADER(sys/auxv.h, AC_DEFINE(FLAC__CPU_PPC))
> > - AH_TEMPLATE(FLAC__CPU_PPC, [define if building for PowerPC])
> > - AC_DEFINE(FLAC__CPU_PPC64)
> > - AH_TEMPLATE(FLAC__CPU_PPC64, [define if building for PowerPC64])
> > -@@ -152,7 +152,7 @@ case "$host_cpu" in
> > - ;;
> > - powerpc|powerpcle)
> > - cpu_ppc=true
> > -- AC_DEFINE(FLAC__CPU_PPC)
> > -+ AC_CHECK_HEADER(sys/auxv.h, AC_DEFINE(FLAC__CPU_PPC))
> > - AH_TEMPLATE(FLAC__CPU_PPC, [define if building for PowerPC])
> > - asm_optimisation=$asm_opt
> > - ;;
> > ---
> > -2.23.0
> > -
> > diff --git a/package/flac/flac.hash b/package/flac/flac.hash
> > index df7c2d1b95..2444535e0f 100644
> > --- a/package/flac/flac.hash
> > +++ b/package/flac/flac.hash
> > @@ -1,10 +1,8 @@
> > -# From https://ftp.osuosl.org/pub/xiph/releases/flac/MD5SUMS
> > -md5 26703ed2858c1fc9ffc05136d13daa69 flac-1.3.3.tar.xz
> > # From https://ftp.osuosl.org/pub/xiph/releases/flac/SHA1SUMS
> > -sha1 6ac2e8f1dd18c9b0214c4d81bd70cdc1e943cffe flac-1.3.3.tar.xz
> > +sha1 99c28482a8b2d81deaf740639e4cb55658427420 flac-1.3.4.tar.xz
> > # From http://downloads.xiph.org/releases/flac/SHA256SUMS.txt
> > -sha256 213e82bd716c9de6db2f98bcadbc4c24c7e2efe8c75939a1a84e28539c4e1748 flac-1.3.3.tar.xz
> > +sha256 8ff0607e75a322dd7cd6ec48f4f225471404ae2730d0ea945127b1355155e737 flac-1.3.4.tar.xz
> > # Locally computed
> > -sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
> > -sha256 5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a COPYING.LGPL
> > -sha256 fa27cb11f13f97b0c5f3ff363b1e2610c6efe87ed175779cb2a78e44eb19d34c COPYING.Xiph
> > +sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
> > +sha256 5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a COPYING.LGPL
> > +sha256 fa27cb11f13f97b0c5f3ff363b1e2610c6efe87ed175779cb2a78e44eb19d34c COPYING.Xiph
> > diff --git a/package/flac/flac.mk b/package/flac/flac.mk
> > index 9aa00b7ffd..2ff048b6e6 100644
> > --- a/package/flac/flac.mk
> > +++ b/package/flac/flac.mk
> > @@ -4,7 +4,7 @@
> > #
> > ################################################################################
> >
> > -FLAC_VERSION = 1.3.3
> > +FLAC_VERSION = 1.3.4
> > FLAC_SITE = http://downloads.xiph.org/releases/flac
> > FLAC_SOURCE = flac-$(FLAC_VERSION).tar.xz
> > FLAC_INSTALL_STAGING = YES
> > @@ -19,7 +19,8 @@ FLAC_AUTORECONF = YES
> > FLAC_CONF_OPTS = \
> > $(if $(BR2_INSTALL_LIBSTDCPP),--enable-cpplibs,--disable-cpplibs) \
> > --disable-xmms-plugin \
> > - --disable-altivec
> > + --disable-altivec \
> > + --disable-stack-smash-protection
> >
> > ifeq ($(BR2_PACKAGE_LIBOGG),y)
> > FLAC_CONF_OPTS += --with-ogg=$(STAGING_DIR)/usr
> > --
> > 2.34.1
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot@buildroot.org
> > https://lists.buildroot.org/mailman/listinfo/buildroot
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-02-21 21:07 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-21 17:26 [Buildroot] [PATCH 1/1] package/flac: security bump to version 1.3.4 Fabrice Fontaine
2022-02-21 20:42 ` Yann E. MORIN
2022-02-21 21:07 ` Peter Seiderer [this message]
2022-02-21 21:58 ` Fabrice Fontaine
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220221220745.3fb583e5@gmx.net \
--to=ps.report@gmx.net \
--cc=bernd.kuhls@t-online.de \
--cc=buildroot@buildroot.org \
--cc=fontaine.fabrice@gmail.com \
--cc=yann.morin.1998@free.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.