flac: 1.3.3 -> 1.3.4

4 files changed, 6 insertions, 112 deletions

diff --git a/flac/.signature b/flac/.signature
index 7f0fff74a..98fabd9fc 100644
--- a/flac/.signature
+++ b/flac/.signature
@@ -1,7 +1,5 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/Uxh4j/6PEOv3zoJy43TDAwlkCC7uje5YLqSKUNMxXBdNiDaF0rquUbwnvlnyuX7NEE/xAJixVnV3pn2HA+V7Aw=
-SHA256 (Pkgfile) = 7e94e96a7c807506dc3ecd9b5f94dcdd816d108b2c22a4e9ba892b738327e577
+RWSE3ohX2g5d/St5yD0QQQVvEo+/fXZ9iI4LO5SWKo44FyNM8pDGnQJ6HiSbb63Cc557rTY0xM1jAPGUK5s5Rsc87ovRH7L29wg=
+SHA256 (Pkgfile) = 66df61db3f77928e589e385910393a586e5826f3fdb077a6f1cad9f1e808267f
 SHA256 (.footprint) = 1b4686b5a9615a67c8c91b0b51f2e1688c245bf737e0d2772231bcd502d96004
-SHA256 (flac-1.3.3.tar.xz) = 213e82bd716c9de6db2f98bcadbc4c24c7e2efe8c75939a1a84e28539c4e1748
-SHA256 (2e7931c.patch) = 4c720576c909cb0a624dba339285970bc01488b19a875333fdc74b43e1c020ba
-SHA256 (ced7f68.patch) = f41722979b57c4fd9cc80018af90e035f0ecacbfb5cbe8161838c01d58879047
+SHA256 (flac-1.3.4.tar.xz) = 8ff0607e75a322dd7cd6ec48f4f225471404ae2730d0ea945127b1355155e737
diff --git a/flac/2e7931c.patch b/flac/2e7931c.patch
deleted file mode 100644
index 53556bbca..000000000
--- a/flac/2e7931c.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 2e7931c27eb15e387da440a37f12437e35b22dd4 Mon Sep 17 00:00:00 2001
-From: Erik de Castro Lopo <erikd@mega-nerd.com>
-Date: Mon, 7 Oct 2019 12:55:58 +1100
-Subject: [PATCH] libFLAC/bitreader.c: Fix out-of-bounds read
-
-Credit: Oss-Fuzz
-Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
-Testcase: fuzzer_decoder-5670265022840832
----
- src/libFLAC/bitreader.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
-index 5e4b59180e..3df4d02c0b 100644
---- a/src/libFLAC/bitreader.c
-+++ b/src/libFLAC/bitreader.c
-@@ -869,7 +869,7 @@ FLAC__bool FLAC__bitreader_read_rice_signed_block(FLAC__BitReader *br, int vals[
- 			cwords = br->consumed_words;
- 			words = br->words;
- 			ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
--			b = br->buffer[cwords] << br->consumed_bits;
-+			b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
- 		} while(cwords >= words && val < end);
- 	}
- 
diff --git a/flac/Pkgfile b/flac/Pkgfile
index 7c9d40f81..c67afdd4b 100644
--- a/flac/Pkgfile
+++ b/flac/Pkgfile
@@ -4,18 +4,13 @@
 # Depends on: libogg
 
 name=flac
-version=1.3.3
-release=2
-source=(https://downloads.xiph.org/releases/flac/$name-$version.tar.xz
-	2e7931c.patch
-	ced7f68.patch)
+version=1.3.4
+release=1
+source=(https://downloads.xiph.org/releases/flac/$name-$version.tar.xz)
 
 build() {
 	cd $name-$version
 
-	patch -p1 -i $SRC/2e7931c.patch # CVE-2020-0499
-	patch -p1 -i $SRC/ced7f68.patch # overflow checks
-
 	./configure --prefix=/usr
 
 	make
diff --git a/flac/ced7f68.patch b/flac/ced7f68.patch
deleted file mode 100644
index eb2b7871b..000000000
--- a/flac/ced7f68.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From ced7f6829d14e38128bf0ba66412cc0541246c46 Mon Sep 17 00:00:00 2001
-From: Martijn van Beurden <mvanb1@gmail.com>
-Date: Mon, 6 Jul 2020 21:38:39 +0200
-Subject: [PATCH] Add some overflow checks for residual bits calculation
-
----
- src/libFLAC/stream_encoder.c | 23 +++++++++++++++--------
- 1 file changed, 15 insertions(+), 8 deletions(-)
-
-diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c
-index 74387ec3be..4c91247fe8 100644
---- a/src/libFLAC/stream_encoder.c
-+++ b/src/libFLAC/stream_encoder.c
-@@ -4110,13 +4110,14 @@ static inline uint32_t count_rice_bits_in_partition_(
- 	const FLAC__int32 *residual
- )
- {
--	uint32_t i, partition_bits =
-+	uint32_t i;
-+	uint64_t partition_bits =
- 		FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_PARAMETER_LEN + /* actually could end up being FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2_PARAMETER_LEN but err on side of 16bps */
- 		(1+rice_parameter) * partition_samples /* 1 for unary stop bit + rice_parameter for the binary portion */
- 	;
- 	for(i = 0; i < partition_samples; i++)
- 		partition_bits += ( (FLAC__uint32)((residual[i]<<1)^(residual[i]>>31)) >> rice_parameter );
--	return partition_bits;
-+	return (uint32_t)(flac_min(partition_bits,(uint32_t)(-1))); // To make sure the return value doesn't overflow
- }
- #else
- static inline uint32_t count_rice_bits_in_partition_(
-@@ -4125,15 +4126,15 @@ static inline uint32_t count_rice_bits_in_partition_(
- 	const FLAC__uint64 abs_residual_partition_sum
- )
- {
--	return
-+	return (uint32_t)(flac_min( // To make sure the return value doesn't overflow
- 		FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_PARAMETER_LEN + /* actually could end up being FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2_PARAMETER_LEN but err on side of 16bps */
- 		(1+rice_parameter) * partition_samples + /* 1 for unary stop bit + rice_parameter for the binary portion */
- 		(
- 			rice_parameter?
--				(uint32_t)(abs_residual_partition_sum >> (rice_parameter-1)) /* rice_parameter-1 because the real coder sign-folds instead of using a sign bit */
--				: (uint32_t)(abs_residual_partition_sum << 1) /* can't shift by negative number, so reverse */
-+				(abs_residual_partition_sum >> (rice_parameter-1)) /* rice_parameter-1 because the real coder sign-folds instead of using a sign bit */
-+				: (abs_residual_partition_sum << 1) /* can't shift by negative number, so reverse */
- 		)
--		- (partition_samples >> 1)
-+		- (partition_samples >> 1),(uint32_t)(-1)));
- 		/* -(partition_samples>>1) to subtract out extra contributions to the abs_residual_partition_sum.
- 		 * The actual number of bits used is closer to the sum(for all i in the partition) of  abs(residual[i])>>(rice_parameter-1)
- 		 * By using the abs_residual_partition sum, we also add in bits in the LSBs that would normally be shifted out.
-@@ -4224,7 +4225,10 @@ FLAC__bool set_partitioned_rice_(
- 				raw_bits[0] = 0;
- 		}
- 		parameters[0] = best_rice_parameter;
--		bits_ += best_partition_bits;
-+		if(best_partition_bits < UINT_MAX - bits_) // To make sure _bits doesn't overflow
-+			bits_ += best_partition_bits;
-+		else
-+			bits_ = UINT_MAX;
- 	}
- 	else {
- 		uint32_t partition, residual_sample;
-@@ -4327,7 +4331,10 @@ FLAC__bool set_partitioned_rice_(
- 					raw_bits[partition] = 0;
- 			}
- 			parameters[partition] = best_rice_parameter;
--			bits_ += best_partition_bits;
-+			if(best_partition_bits < UINT_MAX - bits_) // To make sure _bits doesn't overflow
-+				bits_ += best_partition_bits;
-+			else
-+				bits_ = UINT_MAX;
- 			residual_sample += partition_samples;
- 		}
- 	}