FLAC 1.3.4
This release mostly fixes (security related) bugs. When building with MSVC, using CMake is preferred, see the README under "Building with CMake" for more information. Building with MSVC using solution files is deprecated and these files will be removed in the future.
General:
* Fix 12 decoder bugs found by oss-fuzz, including CVE-2020-0499 (erikd, Martijn van Beurden)
- Fix encoder bug CVE-2021-0561 (NeelkamalSemwal)
- Integrate oss-fuzzers (erikd, Guido Vranken)
- Seeking fixes (NeelkamalSemwal, Robert Kausch)
- Various fixes and improvements (Andrei Astafev, Rosen Penev, Håkan Kvist, oreo639, erikd, Tamás Zahola, Ulrik Mikaelsson, Tyler Dunn, tmkk)
* FLAC format:
- (none)
* Ogg FLAC format:
- (none)
* flac:
- Various fixes and improvements (Andrei Astafev, Martijn van Beurden)
* metaflac:
- (none)
* build system:
- CMake improvements (evpobr, Vitaliy Kirsanov, erikd, Ozkan Sezer, Tyler Dunn, tg-m DeadSix27, ericLemanissier, Chocobo1).
- Fixes for MinGW and MSVC (Ozkan Sezer).
- Fix for clang (Ozkan Sezer)
- Fix for PowerPC (Peter Seiderer, Thomas BERNARD)
- Fix for FreeBSD PowerPC (pkubaj).
* testing/validation:
- Add Windows target to CI, improve logging (Ralph Giles)
- CI improvements (Ralph Giles, Ewout ter Hoeven)
* documentation:
- Doxygen fixes (Tyler Dunn)
- Fix typos (Tim Gates, maxz)
* Interface changes:
- libFLAC:
(none)
- libFLAC++:
(none)
All checksums have been double-checked against existing RMD160 and
SHA512 hashes.
The following distfiles couldn't be fetched (possibly they are fetched
conditionally):
./audio/freeswitch-sounds-ru/distinfo freeswitch/freeswitch-sounds-ru-RU-elena-32000-1.0.13.tar.gz
./audio/freeswitch-sounds-ru/distinfo freeswitch/freeswitch-sounds-ru-RU-elena-48000-1.0.13.tar.gz
./audio/freeswitch-music/distinfo freeswitch/freeswitch-sounds-music-32000-1.0.8.tar.gz
./audio/freeswitch-music/distinfo freeswitch/freeswitch-sounds-music-48000-1.0.8.tar.gz
./audio/freeswitch-sounds-fr/distinfo freeswitch/freeswitch-sounds-fr-ca-june-32000-1.0.18.tar.gz
./audio/freeswitch-sounds-fr/distinfo freeswitch/freeswitch-sounds-fr-ca-june-48000-1.0.18.tar.gz
./audio/freeswitch-sounds-en/distinfo freeswitch/freeswitch-sounds-en-us-callie-32000-1.0.22.tar.gz
./audio/freeswitch-sounds-en/distinfo freeswitch/freeswitch-sounds-en-us-callie-48000-1.0.22.tar.gz
FLAC 1.3.3:
General:
- Fix CPU detection
- Switch from unsigned types to uint32_t
- CppCheck fixes
- Improve SIMD decoding of 24 bit files
- POWER* amnd POWER9 improvements
- More tests.
flac:
- When converting to WAV, use WAVEFORMATEXTENSIBLE when bits per second is not 8 or 16
- Fix --output-prefix with input-files in sub-directories
build system:
- Cmake support
- Visual Studio updates
- Fix for MSVC when UNICODE is enabled
- Fix for OpenBSD/i386
General:
* Fix undefined behaviour using GCC/Clang UBSAN (erikd).
* General hardening via fuzz testing with AFL (erikd and others).
* General code improvements (lvqcl, erikd and others).
* Add FLAC in MP4 specification docs (Ralph Giles).
* MSVS build cleanups (lvqcl).
* Fix some cppcheck warnings (erikd).
* Assume all currently used OSes support SSE2.
flac:
* Fix potential infinite loop on flac-to-flac conversion (erikd).
* Add WAVEFORMATEXTENSIBLE to WAV (as needed) when decoding (lvqcl).
* Only write vorbis-comments if they are non-empty.
* Error out if decoding RAW with bits != (8|16|24).
metaflac:
* Add --scan-replay-gain option.
build system:
* Fixes for MSVC and Makefile.lite build systems.
libraries:
* CPU detection cleanup and fixes (Julian Calaby, erikd and lvqcl).
* Fix two stream decoder bugs (Max Kellermann).
* Fix a NULL dereference bug (on a malformed file).
* Changed the LPC order guess for a slight compression improvement, particularly for classical music (Martijn van Beurden).
* Improved encoding speed on older Intel CPUs.
* Fixed a seeking bug when decoding certain files (Miroslav Lichvar).
* Put an upper bound (32768) on the number of seek points.
* Fix potential memory leaks.
* Support 64bit brword/bwword allowing FLAC__BYTES_PER_WORD to be set to 8 (disabled by default).
* Fix an out-of-bounds heap read.
* Win32: Only use large buffers when writing to disk.
Problems found with existing distfiles:
/pub/pkgsrc/distfiles/amp-0.7.6.tgz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-music-32000-1.0.8.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-music-48000-1.0.8.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-en-us-callie-32000-1.0.22.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-en-us-callie-48000-1.0.22.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-32000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-48000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-16000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-32000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-48000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-8000-1.0.12.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-32000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-fr-ca-june-48000-1.0.18.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-32000-1.0.13.tar.gz
/pub/pkgsrc/distfiles/freeswitch/freeswitch-sounds-ru-RU-elena-48000-1.0.13.tar.gz
/pub/pkgsrc/distfiles/kid3-3.3.0.tar.gz
/pub/pkgsrc/distfiles/libdca-0.0.5.tar.bz2
/pub/pkgsrc/distfiles/mp3to.gz
/pub/pkgsrc/distfiles/squeezeboxserver-7.5.1-noCPAN.tgz
No changes made to these file.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* Improved decoding efficiency of all bit depths but especially so for 24 bits for IA32 architecture.
* Faster encoding using SSE and AVX.
* Fixed bartlett, bartlett_hann and triangle functions.
* New apodization functions partial_tukey and punchout_tukey for improved compression.
* Retuned compression presets to incorporate new apodization functions.
* Fix -Wcast-align warnings on armhf architecture
FLAC 1.3.0 (26-May-2013)
General:
Move development to Xiph.org git repository.
The --sector-align option of flac has been deprecated and may not exist in future versions. shntool provides similar functionality.
Support for the RF64 and Wave64 formats in flac (see below).
Better handling of cuesheets with non-CD-DA sample rates.
The --ignore-chunk-sizes option has been added to the flac command line tool.
FLAC format:
(none)
Ogg FLAC format:
(none)
flac:
Added support for encoding from and decoding to the RF64 format, and a new corresponding option --force-rf64-format. (SF #1762502). --keep-foreign-metadata is also supported.
Added support for encoding from and decoding to the Sony Wave64 format, and a new corresponding option --force-wave64-format. (SF #1769582). --keep-foreign-metadata is also supported.
Added new options --preserve-modtime and --no-preserve-modtime to specify whether or not output files should copy the timestamp and permissions from their input files. The default is --preserve-modtime as in previous versions. (SF #1805428).
Allow MM:SS:FF and MM:SS.SS time formats in non-CD-DA cuesheets. (SF #1947353, SF #2182432)
The --sector-align option of flac has been deprecated and may not exist in future versions. shntool provides similar functionality. (SF #1805946)
Improved error message when user attempts to decode a non-FLAC file (SF #2222789).
Fix bug where flac was disallowing use of --replay-gain when encoding from stdin (SF #1840124).
Fix bug with fractional seconds on some locales (SF #1815517, SF #1858012).
Read and write appropriate channel masks for 6.1 and 7.1 surround input WAV files. Documentation was also updated.
Correct Wave64 GUIDs.
Support 56kHz to 192kHz gain analysis (patch from Earl Chew)
Add ability to handle utf8 filenames on Windows (large set of patches from Janne Hyvärinen)
metaflac:
Allow MM:SS:FF and MM:SS.SS time formats in non-CD-DA cuesheets. (SF #1947353, SF #2182432)
plugins:
Minor updates for XMMS plugin.
Winamp2 plugin was dropped because Nullsoft has provided native FLAC support since 2006.
build system:
Fixes for autotools (including SF #1859664).
Fixes for MinGW (including SF #2000973, SF #2209829).
Fixes for gcc (including SF #1834168, SF #2002481).
Fixes for Sun Studio/Forte (SF #1701960).
Fixes for windows builds (including SF #1676822, SF #1756624, SF #1809863, SF #1911149).
Fixes for FreeBSD and OpenBSD.
Compile with GNU gcc _FORTIFY_SOURCE=2 and stack protection where those features are detected.
Enable a bunch of GCC compiler warnings and fix code that generates warnings.
documentation:
Document --ignore-chunk-sizes and --apply-replaygain-which-is-not-lossless option for flac.
libraries:
libFLAC encoder was defaulting to level 0 compression instead of 5 (SF #1816825).
Fix bug in bitreader handling of read callback returning a short count (SF #2490454).
Improve decoder's ability to distinguish between a FLAC sync code and an MPEG one (SF #2491433).
Interface changes:
libFLAC:
Added FLAC__format_blocksize_is_subset()
libFLAC++:
Add a number of convienience methods.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
This fixes a number of security problems (integer overflows resulting
in heap-based buffer overflow, CVE-2007-4619).
Other changes:
-speedup
-some new options
-bugfixes
-added support for all RIFF/AIFF metadata
Thanks to Chavdar Ivanov for providing a patch.
* General:
o Improved compression with no impact on format or decoding speed.
o Much better recovery for corrupted files
o Better multichannel support
o Large file (>2GB) support everywhere
o flac now supports FLAC and Ogg FLAC as input to the encoder (e.g. can re-encode FLAC to FLAC) and preserve all the metadata like tags, etc.
o New PICTURE metadata block for storing things like cover art, new --picture option to flac and --import-picture-from option to metaflac for importing pictures, new --export-picture-to option to metaflac for exporting pictures, and metadata API additions for searching for suitable pictures based on type, size and color constraints.
o Support for new REPLAYGAIN_REFERENCE_LOUDNESS tag.
o Fixed a bug in Ogg FLAC encoding where metadata was not being updated properly. Existing Ogg FLAC files should be recoded to fix up the metadata, e.g. flac -Vf -S 10s --ogg file.ogg
o In the developer libraries, the interface has been simplfied by merging the three decoding layers into a single class; ditto for the encoders. Also, libOggFLAC has been merged into libFLAC and libOggFLAC++ has been merged into libFLAC++ so there is a single API supporting both native FLAC and Ogg FLAC.
* FLAC format:
o New PICTURE metadata block for storing things like cover art.
o Speaker assignments and channel orders for 3-6 channels (see frame header).
o Further restrictions on the FLAC subset when the sample rate is <=48kHz; in this case the maximum LPC order is now 12 and maximum blocksize is 4608. This is to further limit the processing and memory requirements for hardware implementations while not measurably affecting compression.
* Ogg FLAC format:
o (none)
* flac:
o Improved the -F option to allow decoding of FLAC files whose metadata is corrupted, and other kinds of severe corruption.
o Encoder can now take FLAC and Ogg FLAC as input. The output FLAC file will have all the same metadata as the original unless overridden with options on the command line.
o Encoder can now take WAVEFORMATEXTENSIBLE WAVE files as input; decoder will output WAVEFORMATEXTENSIBLE WAVE files when necessary to conform to the latest Microsoft specifications.
o Now properly supports AIFF and WAVEFORMATEXTENSIBLE multichannel input, performing necessary channel reordering both for encoding and decoding. WAVEFORMATEXTENSIBLE channel mask is also saved to a tag on encoding and restored on decoding for situations when there is no natural mapping to FLAC channel assignments.
o Expanded support for "odd" sample resolutions to WAVE and AIFF input; all resolutions from 4 to 24 bits-per-sample now supported for all input types.
o Added a new option --tag-from-file for setting a tag from file (e.g. for importing a cuesheet as a tag).
o Added a new option --picture for adding pictures.
o Added a new option --apodization for specifying the window function(s) to be used in LPC analysis.
o Added support for encoding from non-compressed AIFF-C (SF #1090933).
o Importing of non-CDDA-compliant cuesheets now only issues a warning, not an error (see here).
o MD5 comparison failures on decoding are now an error instead of a warning and will also return a non-zero exit code (SF #1493725).
o The default padding size is now 8K, or 64K if the input audio stream is more than 20 minutes long.
o Fixed a bug in cuesheet parsing where it would return an error if the last line of the cuesheet did not end with a newline.
o Fixed a bug that caused a crash when -a and -t were used together (SF #1229481).
o Fixed a bug with --sector-align where appended samples were not always totally silent (SF #1237707).
o Fixed bugs with --sector-align and raw input files.
o Fixed a bug printing out unknown AIFF subchunk names (SF #1267476).
o Fixed a bug where WAVE files with "data" subchunks of size 0 where accepted (SF #1293830).
o Fixed a bug where sync error at end-of-stream of truncated files was not being caught (SF #1244071).
o Fixed a problem with filename parsing if file does not have extension but also has a . in the path (SF #1161916).
o Fixed a problem with fractional-second parsing for --skip/--until in some locales (SF #1031043).
o Increase progress report rate when -p and -e are used together (SF #1580122).
* metaflac:
o Added support for read-only operations on Ogg FLAC files.
o Added a new option --set-tag-from-file for setting a tag from file (e.g. for importing a cuesheet as a tag).
o Added a new option --import-picture-from for importing pictures.
o Added a new option --export-picture-to for exporting pictures.
o Added shorthand operation --remove-replay-gain for removing ReplayGain tags.
o --export-cuesheet-to now properly specifies the FLAC file name (SF #1272825).
o Importing of non-CDDA-compliant cuesheets now issues a warning.
o Removed the following deprecated tag editing options; you should use the new option names shown instead:
+ Removed --show-vc-vendor; use --show-vendor-tag
+ Removed --show-vc-field; use --show-tag
+ Removed --remove-vc-all; use --remove-all-tags
+ Removed --remove-vc-field; use --remove-tag
+ Removed --remove-vc-firstfield; use --remove-first-tag
+ Removed --set-vc-field; use --set-tag
+ Removed --import-vc-from; use --import-tags-from
+ Removed --export-vc-to; use --export-tags-to
o Disallow multiple input FLAC files when --import-tags-from=- is used (SF #1082577).
* plugins:
o When ReplayGain is on, if tags for the preferred kind of gain (album/track) are not in a stream, the other kind will be used.
o Added ReplayGain info to file info box in XMMS plugin
o Fixed UTF-8 decoder to disallow non-shortest-form and surrogate sequences (see here).
* build system:
o Added support for building on OS/2 with EMX (SF #1229495)
o Added support for building with Borland C++ (SF #1599018)
o Added a --disable-xmms-plugin option to configure to prevent building the XMMS plugin (SF #930494).
o Added a --disable-doxygen-docs option to configure for disabling Doxygen-based API doc generation (SF #1365935).
o Added a --disable-thorough-tests option to configure to do the basic library, stream, and tool tests in a reasonable time (SF #1077948).
o Added large file support with AC_SYS_LARGEFILE; use --disable-largefile with configure to disable.
* libraries:
o Merged libOggFLAC into libFLAC; both formats are now supporte through the same API.
o Merged libOggFLAC++ into libFLAC++; both formats are now supporte through the same API.
o libFLAC and libFLAC++: Simplified encoder setup with new FLAC__stream_encoder_set_compression_level() function.
o libFLAC: Improved compression with no impact on FLAC format or decoding time by adding a windowing stage before LPC analysis.
o libFLAC: Fixed a bug where missing STREAMINFO fields (min/max framesize, total samples, MD5 sum) and seek point offsets were not getting rewritten back to Ogg FLAC file (SF #1338969).
o libFLAC: Fixed a bug in cuesheet parsing where it would return an error if the last line of the cuesheet did not end with a newline.
o libFLAC: Fixed UTF-8 decoder to disallow non-shortest-form and surrogate sequences (see here).
o libFLAC: Fixed a bug in the return value for FLAC__stream_decoder_set_metadata_respond_application() and FLAC__stream_decoder_set_metadata_ignore_application() when there was a memory allocation error (SF #1235005).
* Interface changes (see also the porting guide for specific instructions on porting to FLAC 1.1.3):
o all libraries;
+ Merged libOggFLAC into libFLAC; both formats are now supporte through the same API.
+ Merged libOggFLAC++ into libFLAC++; both formats are now supporte through the same API.
+ Merged seekable stream decoder and file decoder into the stream decoder.
+ Merged seekable stream encoder and file encoder into the stream encoder.
+ Added #defines for the API version number to make porting easier; see include/lib*FLAC*/export.h.
o libFLAC:
+ Added FLAC__stream_encoder_set_apodization()
+ Added FLAC__stream_encoder_set_compression_level()
+ Added FLAC__metadata_object_cuesheet_calculate_cddb_id()
+ Added FLAC__metadata_get_cuesheet()
+ Added FLAC__metadata_get_picture()
+ Added FLAC__metadata_chain_read_ogg() and FLAC__metadata_chain_read_ogg_with_callbacks()
+ Changed FLAC__stream_encoder_finish() now returns a FLAC__bool to signal a verify failure, or error processing last frame or updating metadata.
+ Changed FLAC__StreamDecoderState: removed state FLAC__STREAM_DECODER_UNPARSEABLE_STREAM
+ Changed FLAC__StreamDecoderErrorStatus: new error code FLAC__STREAM_DECODER_ERROR_STATUS_UNPARSEABLE_STREAM
+ The above two changes mean that when the decoder encounters what it thinks are unparseable frames from a future decoder, instead of returning a fatal error with the FLAC__STREAM_DECODER_UNPARSEABLE_STREAM state, it just calls the error callback with FLAC__STREAM_DECODER_ERROR_STATUS_UNPARSEABLE_STREAM and leaves the behavior up to the application.
o libFLAC++:
+ Added FLAC::Metadata::Picture
+ Added FLAC::Encoder::Stream::set_apodization()
+ Added FLAC::Encoder::Stream::set_compression_level()
+ Added FLAC::Metadata::CueSheet::calculate_cddb_id()
+ Added FLAC::Metadata::get_cuesheet()
+ Added FLAC::Metadata::get_picture()
+ Changed FLAC::Metadata::Chain::read() to accept a flag denoting Ogg FLAC input
+ Changed FLAC::Decoder::Stream::finish() now returns a bool to signal an MD5 failure like FLAC__stream_decoder_finish() does.
+ Changed FLAC::Encoder::Stream::finish() now returns a bool to signal a verify failure, or error processing last frame or updating metadata.
o libOggFLAC:
+ Merged into libFLAC.
o libOggFLAC++:
+ Merged into libFLAC++.
Shlib major bump -> bump ABI depends.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
New in this release are small decoding speedups for all platforms,
small encoding speedups in fast (non-LPC) mode, streaming support
in the XMMS plugin, and several bug fixes. For developers there
are also a few additions and changes to the metadata API to make
working with tags easier. See the changelog entry for complete
details. This release actually wasn't supposed to happen so soon,
but needed to be made to fix library naming and build problems in
FLAC 1.1.1 that caused trouble for package maintainers, so unless
you are having trouble with one of the particular bugs that got
fixed in 1.1.2 then there is not much of a need to upgrade.
assembler. Since they cause the FLAC build to fail on AIX and NetBSD,
only enable the optimizations if the OPSYS is Darwin.
There is also a misplaced #endif in lpc.h that causes the build to
fail on all platforms if assembler optimizations are disabled. This
is fixed by patch-af.
Thanks to Michael <macallan18@earthlink.net> for troubleshooting!
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.