X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f65.google.com (mail-lf0-f65.google.com [209.85.215.65])
	by lists.alpinelinux.org (Postfix) with ESMTP id 976935C4B0F
	for <alpine-aports@lists.alpinelinux.org>; Mon,  6 Feb 2017 12:48:58 +0000 (GMT)
Received: by mail-lf0-f65.google.com with SMTP id q89so3844550lfi.1
        for <alpine-aports@lists.alpinelinux.org>; Mon, 06 Feb 2017 04:48:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=hPBPg4B2rrnLJQwqbFproCqP1+bZ2rrhc/ectp+1vKk=;
        b=ThnemelgT2pRXajUfmb8fcm+Keot0UBQt9IoXKiBYeb6FToWyZE8JfYE5TtuXPFxqs
         BIritkwOMJ6DQ1OqDbS7aHj2BCsOmEuwiso7XS4OT9ZTeuSojFUZFv0w0uz022a3PULr
         OdHFIUT32JOrlS8xF7qsoAmGKqsCFGh/bwL2hVqnFa6XmXoAsMrl92Pm6pCp7kMwVkGV
         vxP+UbMOPb25uN6mfxMtuqo8IRUKK7UDz5kXfNBws3JdjUyQB2jJMMRouwgmX3uUhj5c
         3ABS+H/pyfsj6y0IXsG7kElqm6JXiWfQRriO77vG8w9C7u5MKhrjY7tDLdR+BSkpZXCk
         7eIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=hPBPg4B2rrnLJQwqbFproCqP1+bZ2rrhc/ectp+1vKk=;
        b=lK5h3gprQ25/AwmZXU6tla7jF+UkHz7RofDQrjBBKdQWMTURVDdTV3dFeuwHC3JRpY
         qTrHaN0z0Zu8bcjLPR1ElDQLq47fh7BEXW8uRo38+MuoIRBe5VhT8t9a//zI6cLsUQWn
         3CemPIZW6t1cPBa0QiYnMJ3gynAIfxWan/2uReV56IsMrgOSBYmVWRq7BSCI5qRO457W
         av3Jl0kwO04KcCg3VHHJ2kjDYvlGEMhv+6KgxxVo87J249tiU6GMO35cDIqG9WqQjEBl
         EkuXr6ySbNyua7u6vDuoJ4n+PvX9ZDTsIFdLsMSkQMiT1c62u3XyJAJGjEt3fhaloTRF
         pqwA==
X-Gm-Message-State: AIkVDXL+oKQvTdGEgK62yBLSH/IXJTe6ufo61eTpmVXHSQ3q5ZgoovR6pYryWq50Q81OwA==
X-Received: by 10.25.221.217 with SMTP id w86mr3306126lfi.141.1486385337547;
        Mon, 06 Feb 2017 04:48:57 -0800 (PST)
Received: from edge.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id 15sm249460ljw.17.2017.02.06.04.48.56
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 06 Feb 2017 04:48:56 -0800 (PST)
From: Sergei Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergei Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH edge] main/wavpack: security upgrade to 5.1.0 - fixes #6817
Date: Mon,  6 Feb 2017 12:48:50 +0000
Message-Id: <20170206124850.9250-1-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.11.0
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2016-10169: global buffer overread in read_code / read_words.c
CVE-2016-10170: Heap out of bounds read in WriteCaffHeader / caff.c
CVE-2016-10171: heap out of bounds read in unreorder_channels / wvunpack.c
CVE-2016-10172: Heap out of bounds read in read_new_config_info / open_utils.c
---
 main/wavpack/APKBUILD | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/main/wavpack/APKBUILD b/main/wavpack/APKBUILD
index cd3a5a9794..c0a3d615fe 100644
--- a/main/wavpack/APKBUILD
+++ b/main/wavpack/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Contributor: Carlo Landmeter
 # Maintainer:  Natanael Copa <ncopa@alpinelinux.org>
 pkgname=wavpack
-pkgver=4.80.0
+pkgver=5.1.0
 pkgrel=0
 pkgdesc="Audio compression format with lossless, lossy, and hybrid compression modes"
 url="http://www.wavpack.com/"
@@ -13,18 +14,21 @@ install=
 subpackages="$pkgname-dev $pkgname-doc"
 source="http://www.wavpack.com/${pkgname}-${pkgver}.tar.bz2"
 
-_builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+#   5.1.0-r0:
+#   - CVE-2016-10169
+#   - CVE-2016-10170
+#   - CVE-2016-10171
+#   - CVE-2016-10172
+
+builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
-	cd "$_builddir"
-	for i in $source; do
-		case $i in
-		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
-		esac
-	done
+	cd "$builddir"
+	default_prepare || return 1
 }
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 
 	local _arch_opts=
 	case "$CARCH" in
@@ -45,10 +49,10 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make DESTDIR="$pkgdir" install || return 1
 }
 
-md5sums="0f2f1184813dce1caf51b52af615ec17  wavpack-4.80.0.tar.bz2"
-sha256sums="79182ea75f7bd1ca931ed230062b435fde4a4c2e0dbcad048007bd1ef1e66be9  wavpack-4.80.0.tar.bz2"
-sha512sums="728d53df866c75d6d0d2e576b798fc59c308c735baf8075171dcdfb35cce81e5847114568f8160d411a2521aa8c0244c01c9129b0c124ee9cfa4f4748eed2b80  wavpack-4.80.0.tar.bz2"
+md5sums="7f06272651f0c2292c1d0ba353386782  wavpack-5.1.0.tar.bz2"
+sha256sums="1939627d5358d1da62bc6158d63f7ed12905552f3a799c799ee90296a7612944  wavpack-5.1.0.tar.bz2"
+sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f43eed8b9ec1dead934a1148401b9dced3b05f509b7942c48d7af31cf80a54  wavpack-5.1.0.tar.bz2"
-- 
2.11.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---