Mail archive
alpine-aports

[alpine-aports] [PATCH edge] main/wavpack: security upgrade to 5.1.0 - fixes #6817

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Mon, 6 Feb 2017 12:48:50 +0000

CVE-2016-10169: global buffer overread in read_code / read_words.c
CVE-2016-10170: Heap out of bounds read in WriteCaffHeader / caff.c
CVE-2016-10171: heap out of bounds read in unreorder_channels / wvunpack.c
CVE-2016-10172: Heap out of bounds read in read_new_config_info / open_utils.c
---
 main/wavpack/APKBUILD | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)
diff --git a/main/wavpack/APKBUILD b/main/wavpack/APKBUILD
index cd3a5a9794..c0a3d615fe 100644
--- a/main/wavpack/APKBUILD
+++ b/main/wavpack/APKBUILD
_at_@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Carlo Landmeter
 # Maintainer:  Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=wavpack
-pkgver=4.80.0
+pkgver=5.1.0
 pkgrel=0
 pkgdesc="Audio compression format with lossless, lossy, and hybrid compression modes"
 url="http://www.wavpack.com/"
_at_@ -13,18 +14,21 @@ install=
 subpackages="$pkgname-dev $pkgname-doc"
 source="http://www.wavpack.com/${pkgname}-${pkgver}.tar.bz2"
 
-_builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+#   5.1.0-r0:
+#   - CVE-2016-10169
+#   - CVE-2016-10170
+#   - CVE-2016-10171
+#   - CVE-2016-10172
+
+builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
-	cd "$_builddir"
-	for i in $source; do
-		case $i in
-		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
-		esac
-	done
+	cd "$builddir"
+	default_prepare || return 1
 }
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 
 	local _arch_opts=
 	case "$CARCH" in
_at_@ -45,10 +49,10 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make DESTDIR="$pkgdir" install || return 1
 }
 
-md5sums="0f2f1184813dce1caf51b52af615ec17  wavpack-4.80.0.tar.bz2"
-sha256sums="79182ea75f7bd1ca931ed230062b435fde4a4c2e0dbcad048007bd1ef1e66be9  wavpack-4.80.0.tar.bz2"
-sha512sums="728d53df866c75d6d0d2e576b798fc59c308c735baf8075171dcdfb35cce81e5847114568f8160d411a2521aa8c0244c01c9129b0c124ee9cfa4f4748eed2b80  wavpack-4.80.0.tar.bz2"
+md5sums="7f06272651f0c2292c1d0ba353386782  wavpack-5.1.0.tar.bz2"
+sha256sums="1939627d5358d1da62bc6158d63f7ed12905552f3a799c799ee90296a7612944  wavpack-5.1.0.tar.bz2"
+sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f43eed8b9ec1dead934a1148401b9dced3b05f509b7942c48d7af31cf80a54  wavpack-5.1.0.tar.bz2"
-- 
2.11.0
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Mon Feb 06 2017 - 12:48:50 GMT