X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com [209.85.215.65])
	by lists.alpinelinux.org (Postfix) with ESMTP id 364B75C3E81
	for <alpine-aports@lists.alpinelinux.org>; Mon,  6 Feb 2017 13:52:31 +0000 (GMT)
Received: by mail-lf0-f65.google.com with SMTP id x1so4002228lff.0
        for <alpine-aports@lists.alpinelinux.org>; Mon, 06 Feb 2017 05:52:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=819htc5GWJYr+xK3xhmoQaR4fixYUhvkxaH7phb2nLg=;
        b=lEPW1MU2NNcOEsN2v+yoMzSOJMHtf5lDPFv0XjxClDsLW0OZ0c2Tl/Xud4GHRUrI96
         Xuq0q4qmVfhmC1nWtrrObufXoKHhuGSHSY/svewvLPHmYVFdLEUVWeJKQqyt/crEHFwc
         uhaiahYvEJF8jAFeZYJJAt9zSXD86IwcgkOMeCxXbBX7NPM4yv75BylKZlqzIeEzl9nO
         JyipAlbB9AD3uXWUdc+2A2QidmWlDWgD85rFxpm9qxEuTFbV+0YZQVgif79c42IA1tN/
         746c2y64JQplMG5KnXlCI8P+a+kGzv7O6mGun3zZk+qtgjSpyw+1/C+MbWl6+wk9ASc6
         p+3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=819htc5GWJYr+xK3xhmoQaR4fixYUhvkxaH7phb2nLg=;
        b=iWBcMnIrmW4ctbkA0sEoge0QGCqY6h1vnveWN6TOg8Rgg2oa7omurr4CSuoWMzqPRk
         ONVANv7yaJG3RtLaUOcN9uyU6yDqYhj0j/l3C4ks92eAsPSckhdB0U8L87aLtRiUTTHI
         SZPSQ49uA3RwObyj7jSgSyR6Ni8XwFW4FK+t93/v5KRN+yoPP0LugyT1r3ZaQAZfis1E
         fXTmUNbsw/Pv1QYsSq4EZhqeQj8/9CnwQnj2XiXcxaAig0l/0cAkFR6/wN2YlmsEgvz6
         JNw+XvZkU08lAHmMl4DgMQ/mcPWwQbLzU9KrSYyY/wsrX0SzTkwmGenP620vnWZD98je
         ipTg==
X-Gm-Message-State: AIkVDXLvS+sZ7n2hfracBd03yIIlXp4mNBToqhtvaSjiGDpwgyC+OW+N/mmYIN8NU3aycw==
X-Received: by 10.25.170.7 with SMTP id t7mr3824299lfe.105.1486389150395;
        Mon, 06 Feb 2017 05:52:30 -0800 (PST)
Received: from v3-3.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id a71sm292602lfe.36.2017.02.06.05.52.29
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Mon, 06 Feb 2017 05:52:29 -0800 (PST)
From: Sergei Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergei Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH v3.3] main/wavpack: security upgrade to 5.1.0 - fixes #6820
Date: Mon,  6 Feb 2017 13:52:23 +0000
Message-Id: <1486389143-4634-1-git-send-email-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.6.6
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2016-10169: global buffer overread in read_code / read_words.c
CVE-2016-10170: Heap out of bounds read in WriteCaffHeader / caff.c
CVE-2016-10171: heap out of bounds read in unreorder_channels / wvunpack.c
CVE-2016-10172: Heap out of bounds read in read_new_config_info / open_utils.c
---
A comment from upstream says:
The current release [5.1.0] has been extensively tested by AFL and is probably the most robust WavPack release to date. It is also 100% functionally compatible with 4.80 (no broken apps).
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc#commitcomment-20691383

http://www.wavpack.com/changelog.txt

 main/wavpack/APKBUILD | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/main/wavpack/APKBUILD b/main/wavpack/APKBUILD
index a75d35b..2729177 100644
--- a/main/wavpack/APKBUILD
+++ b/main/wavpack/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Contributor: Carlo Landmeter
 # Maintainer:  Natanael Copa <ncopa@alpinelinux.org>
 pkgname=wavpack
-pkgver=4.75.2
+pkgver=5.1.0
 pkgrel=0
 pkgdesc="Audio compression format with lossless, lossy, and hybrid compression modes"
 url="http://www.wavpack.com/"
@@ -13,6 +14,13 @@ install=
 subpackages="$pkgname-dev $pkgname-doc"
 source="http://www.wavpack.com/${pkgname}-${pkgver}.tar.bz2"
 
+# secfixes:
+#   5.1.0-r0:
+#   - CVE-2016-10169
+#   - CVE-2016-10170
+#   - CVE-2016-10171
+#   - CVE-2016-10172
+
 _builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
 	cd "$_builddir"
@@ -49,6 +57,6 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 }
 
-md5sums="e8bbc4c3382f9148918ad7b896e10ac1  wavpack-4.75.2.tar.bz2"
-sha256sums="7d31b34166c33c3109b45c6e4579b472fd05e3ee8ec6d728352961c5cdd1d6b0  wavpack-4.75.2.tar.bz2"
-sha512sums="f4af9f74aff27d9503d97319a4749d901bd7563c7e3eed025128d58add09dcd16f873d18c54f4bad1df95cdadd9f0c8047f8186d5158c175e60c22ed2df39635  wavpack-4.75.2.tar.bz2"
+md5sums="7f06272651f0c2292c1d0ba353386782  wavpack-5.1.0.tar.bz2"
+sha256sums="1939627d5358d1da62bc6158d63f7ed12905552f3a799c799ee90296a7612944  wavpack-5.1.0.tar.bz2"
+sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f43eed8b9ec1dead934a1148401b9dced3b05f509b7942c48d7af31cf80a54  wavpack-5.1.0.tar.bz2"
-- 
2.6.6



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---