Consider replacing alac with ffmpeg due to security issues

[ehaupt]

alac has a long list of bugs and security issues. Please consider replacing it with ffmpeg.

This has been prompted by this FreeBSD issue.

[mikebrady]

Thanks for the suggestion and the information, Emanuel. As it happens Shairport Sync is just now capable of AirPlay 2 operation on FreeBSD and it is using an ffmpeg AAC decoder, so it should be possible to look at using the ffmpeg ALAC decoder. However, the size of the (libavcodec?) library may be an issue on smaller devices. Once the AirPlay 2 capability is released, I'll look into it.

[ehaupt]

Thank you @mikebrady! Maybe both, libavcodec and alac could be made optional (by configure argument). That would leave users and packagers a choice.

[github-actions[bot]]

This issue has been inactive for 45 days so will be closed 7 days from now. To prevent this, please remove the "stale" label or post a comment.

[ehaupt]

This issue has been inactive for 45 days so will be closed 7 days from now. To prevent this, please remove the "stale" label or post a comment.

Issue still valid.

[github-actions[bot]]

This issue has been inactive for 45 days so will be closed 7 days from now. To prevent this, please remove the "stale" label or post a comment.

[m1m1s1ku]

Still valid.

[ehaupt]

This repo seems to have source code fixed to at least some extent:

https://github.com/nu774/qaac/tree/master/ALAC https://perkele.cc/software/ALAC

[github-actions[bot]]

This issue has been inactive for 45 days so will be closed 7 days from now. To prevent this, please remove the "stale" label or post a comment.

[ehaupt]

Still valid.

[mikebrady]

Working (slowly) on stuff associated with this…

[ehaupt]

Still valid.

[ehaupt]

It is still relevant.

[mikebrady]

Yes it is!

[mikebrady]

This is still active!

[mikebrady]

Still active!

[github-actions[bot]]

This issue has been inactive for 28 days so will be closed 7 days from now. To prevent this, please remove the "stale" label or post a comment.