rpms
/
wavpack
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:i10c-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i10c-beta' have entirely different histories.
c9 ... i10c-beta

4 changed files with 53 additions and 51 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/wavpack-5.4.0.tar.bz2 SOURCES/wavpack-5.6.0.tar.bz2

2
.wavpack.metadata
Unescape View File

@ -1 +1 @@
99fe66d518a69998a02dd7fd8d0c9bb93f663762 SOURCES/wavpack-5.4.0.tar.bz2 0ca034f95ce7a16937fdc3a247ee0c32fd603d0f SOURCES/wavpack-5.6.0.tar.bz2

30
SOURCES/wavpack-5.4.0-CVE-2021-44269-heap-Out-of-bounds-Read.patch
Unescape View File

@ -1,30 +0,0 @@
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index d7adb6a..5bdcae3 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
}
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+
+ if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
+ error_line ("%s is not a valid .DFF file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
break;
}
else { // just copy unknown chunks to output file
diff --git a/cli/dsf.c b/cli/dsf.c
index e1d7973..dddd488 100644
--- a/cli/dsf.c
+++ b/cli/dsf.c
@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
+ format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
(format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
format_chunk.numChannels < 1 || format_chunk.numChannels > 6 ||
format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {

70
SPECS/wavpack.spec
Unescape View File

@ -1,17 +1,16 @@
Name: wavpack Name: wavpack
Summary: A completely open audiocodec Summary: A completely open audiocodec
Version: 5.4.0 Version: 5.6.0
Release: 5%{?dist} Release: 8%{?dist}
License: BSD License: BSD-3-Clause AND BSD-2-Clause AND LicenseRef-Fedora-Public-Domain
Url: http://www.wavpack.com/ Url: http://www.wavpack.com/
Source: http://www.wavpack.com/%{name}-%{version}.tar.bz2 Source: http://www.wavpack.com/%{name}-%{version}.tar.bz2
# For autoreconf # For autoreconf
BuildRequires: make
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: libtool BuildRequires: libtool
BuildRequires: make
Patch0: wavpack-5.4.0-CVE-2021-44269-heap-Out-of-bounds-Read.patch BuildRequires: gettext-devel
%description %description
WavPack is a completely open audio compression format providing lossless, WavPack is a completely open audio compression format providing lossless,
@ -38,16 +37,15 @@ autoreconf -ivf
# for ARM is written for ARMv7 only and building WavPack for an ARM-non-v7 # for ARM is written for ARMv7 only and building WavPack for an ARM-non-v7
# architecture will fail. # architecture will fail.
# http://lists.busybox.net/pipermail/buildroot/2015-October/142117.html # http://lists.busybox.net/pipermail/buildroot/2015-October/142117.html
%configure --disable-static \ %configure --disable-static --disable-rpath --disable-asm
%ifarch armv3l armv4b armv4l armv4tl armv5tel armv5tejl armv6l armv6hl
--disable-asm \
%endif
make %{?_smp_mflags} make %{?_smp_mflags}
%install %install
%make_install %make_install
rm -f %{buildroot}/%{_libdir}/*.la rm -f %{buildroot}/%{_libdir}/*.la
# we will install the documentation ourselves through the %doc macro
rm -rf %{buildroot}/%{_docdir}/
%ldconfig_scriptlets %ldconfig_scriptlets
@ -58,7 +56,7 @@ rm -f %{buildroot}/%{_libdir}/*.la
%{_mandir}/man1/wvgain.1* %{_mandir}/man1/wvgain.1*
%{_mandir}/man1/wvunpack.1* %{_mandir}/man1/wvunpack.1*
%{_mandir}/man1/wvtag.1* %{_mandir}/man1/wvtag.1*
%doc AUTHORS doc/wavpack_doc.html %doc AUTHORS doc/wavpack_doc.html doc/style.css
%license COPYING %license COPYING
%files devel %files devel
@ -68,16 +66,50 @@ rm -f %{buildroot}/%{_libdir}/*.la
%doc ChangeLog doc/WavPack5PortingGuide.pdf doc/WavPack5LibraryDoc.pdf doc/WavPack5FileFormat.pdf %doc ChangeLog doc/WavPack5PortingGuide.pdf doc/WavPack5LibraryDoc.pdf doc/WavPack5FileFormat.pdf
%changelog %changelog
* Tue May 17 2022 Tomas Korbar <tkorbar@redhat.com> - 5.4.0-5 * Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 5.6.0-8
- CVE-2021-44269 wavpack: heap Out-of-bounds Read - Rebuilt for MSVSphere 10
- Resolves: CVE-2021-44269
* Mon Jul 29 2024 Tomas Korbar <tkorbar@redhat.com> - 5.6.0-8
- Disable ASM code parts
- Resolves: RHEL-46283
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 5.6.0-7
- Bump release for June 2024 mass rebuild
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.6.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Nov 02 2023 Tomas Korbar <tkorbar@redhat.com> - 5.6.0-5
- Add licenses to fully conform to SPDX
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.6.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Mar 11 2023 Tomas Korbar <tkorbar@redhat.com> - 5.6.0-3
- Change the License tag to the SPDX format
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Dec 08 2022 Tomas Korbar <tkorbar@redhat.com> - 5.6.0-1
- Rebase to 5.6.0
- Resolves: rhbz#2148994
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jul 13 2022 Tomas Korbar <tkorbar@redhat.com> - 5.5.0-1
- Rebase to 5.5.0
- Resolves: rhbz#2105686
* Wed Apr 6 2022 Peter Lemenkov <lemenkov@gmail.com> - 5.4.0-5
- Fix for CVE-2021-44269
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.0-4 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.0-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.0-3 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.0-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.0-2 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Write Preview
Loading…
Cancel
Save