X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f66.google.com (mail-lf0-f66.google.com [209.85.215.66])
	by lists.alpinelinux.org (Postfix) with ESMTP id C816A5C4C2D
	for <alpine-aports@lists.alpinelinux.org>; Mon,  6 Feb 2017 13:45:13 +0000 (GMT)
Received: by mail-lf0-f66.google.com with SMTP id q89so3981728lfi.1
        for <alpine-aports@lists.alpinelinux.org>; Mon, 06 Feb 2017 05:45:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=KyQcdiFqw0igtJlBmQJTafQy4IEuNgh8IX+hZbTPutI=;
        b=IaA0Fj/jIgBc9pQQR2H7xFilbOj6xutqBEplr4MtjV6MA3cixbj6uaFFbmJM05zZ6h
         Umv9z8mPq5U2zyrnhJ1H9Y28OTw8DIMXBwNETVznU1lS+QeZWK/mDqxbsdcKTmdUt15M
         bWKPhsEjncBTpPcrq7iB7aziBXtLb5SHz+2YZ4b3zXFKcTTYOzvJVDsFlF2PPqTf5dxo
         Zj+dMqG2xpc4sBZKLMejv4kxx8JhViP/0LSdakq55zDi9xomFKCfsxHzsbuzHKhLJStx
         iQ2lDrhFpfcJU2hhGHXh6CAS5ctrKTt9tQ8VwuECuMqMv13bklN632M4LcbKPF54OTyI
         7beg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=KyQcdiFqw0igtJlBmQJTafQy4IEuNgh8IX+hZbTPutI=;
        b=m1Lv+JIL8jxgj8oJ3aj72dn6U8BT3D8AqbPqrn+FjdTbsmPnqdYqLwgZfXdXE+019H
         8+M8yfTLULLODYGYEMkhxJB8X/7s3kf2xXm9AX9Fh4ESzgr3XvFOn/MtiYciSN7p+h8A
         nUTDnaX5FYWGEnoo5uIbVeF7XAIz8NhvN452zZRliTyma6rRZUibrNmmEMz7VmbeSccb
         24CIB20J1Cp3JtVKx4qEvVjeFc0K/9KgvkX1CSDHN0VI5bUG+pvgnVLNTdM6kkCrNY89
         ajA4XxR80H+VF3Qq7TCitMdPTI+s3ZypZMAr8FvnklIbKtkrcBhRkPNBwYxog00jp9lt
         pQ2Q==
X-Gm-Message-State: AIkVDXKDKcSE5rsUa1Y/bydrM8goiapEoODCRRb6gKM01u3tL4NCOoU4RZ1DJKxkYwjU8g==
X-Received: by 10.46.14.1 with SMTP id 1mr4080142ljo.60.1486388712747;
        Mon, 06 Feb 2017 05:45:12 -0800 (PST)
Received: from v3-5.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id s10sm292781lja.18.2017.02.06.05.45.11
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 06 Feb 2017 05:45:12 -0800 (PST)
From: Sergei Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergei Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH v3.5] main/wavpack: security upgrade to 5.1.0 - fixes #6818
Date: Mon,  6 Feb 2017 13:45:04 +0000
Message-Id: <20170206134504.5082-1-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.11.0
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2016-10169: global buffer overread in read_code / read_words.c
CVE-2016-10170: Heap out of bounds read in WriteCaffHeader / caff.c
CVE-2016-10171: heap out of bounds read in unreorder_channels / wvunpack.c
CVE-2016-10172: Heap out of bounds read in read_new_config_info / open_utils.c
---
A comment from upstream said:
The current release [5.1.0] has been extensively tested by AFL and is probably the most robust WavPack release to date. It is also 100% functionally compatible with 4.80 (no broken apps).
https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc#commitcomment-20691383

http://www.wavpack.com/changelog.txt

 main/wavpack/APKBUILD | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/main/wavpack/APKBUILD b/main/wavpack/APKBUILD
index cd3a5a9794..c0a3d615fe 100644
--- a/main/wavpack/APKBUILD
+++ b/main/wavpack/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Contributor: Carlo Landmeter
 # Maintainer:  Natanael Copa <ncopa@alpinelinux.org>
 pkgname=wavpack
-pkgver=4.80.0
+pkgver=5.1.0
 pkgrel=0
 pkgdesc="Audio compression format with lossless, lossy, and hybrid compression modes"
 url="http://www.wavpack.com/"
@@ -13,18 +14,21 @@ install=
 subpackages="$pkgname-dev $pkgname-doc"
 source="http://www.wavpack.com/${pkgname}-${pkgver}.tar.bz2"
 
-_builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+#   5.1.0-r0:
+#   - CVE-2016-10169
+#   - CVE-2016-10170
+#   - CVE-2016-10171
+#   - CVE-2016-10172
+
+builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
-	cd "$_builddir"
-	for i in $source; do
-		case $i in
-		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
-		esac
-	done
+	cd "$builddir"
+	default_prepare || return 1
 }
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 
 	local _arch_opts=
 	case "$CARCH" in
@@ -45,10 +49,10 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make DESTDIR="$pkgdir" install || return 1
 }
 
-md5sums="0f2f1184813dce1caf51b52af615ec17  wavpack-4.80.0.tar.bz2"
-sha256sums="79182ea75f7bd1ca931ed230062b435fde4a4c2e0dbcad048007bd1ef1e66be9  wavpack-4.80.0.tar.bz2"
-sha512sums="728d53df866c75d6d0d2e576b798fc59c308c735baf8075171dcdfb35cce81e5847114568f8160d411a2521aa8c0244c01c9129b0c124ee9cfa4f4748eed2b80  wavpack-4.80.0.tar.bz2"
+md5sums="7f06272651f0c2292c1d0ba353386782  wavpack-5.1.0.tar.bz2"
+sha256sums="1939627d5358d1da62bc6158d63f7ed12905552f3a799c799ee90296a7612944  wavpack-5.1.0.tar.bz2"
+sha512sums="4c31616ae63c3a875afa20f26ce935f7a8f9921e2892b4b8388eca3ccd83b2d686f43eed8b9ec1dead934a1148401b9dced3b05f509b7942c48d7af31cf80a54  wavpack-5.1.0.tar.bz2"
-- 
2.11.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---