diff --git a/CVE-2020-35738.patch b/CVE-2020-35738.patch deleted file mode 100644 index fbbd40ba8bd9d5ab9ec9af827dd8724f40d59f2c..0000000000000000000000000000000000000000 --- a/CVE-2020-35738.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 89df160596132e3bd666322e1c20b2ebd4b92cd0 Mon Sep 17 00:00:00 2001 -From: David Bryant -Date: Tue, 29 Dec 2020 20:47:19 -0800 -Subject: [PATCH] issue #91: fix integer overflows resulting in buffer overruns - and sanitize a few more encoding parameters for clarity - ---- - src/pack_utils.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/pack_utils.c b/src/pack_utils.c -index 17d9381..480ab90 100644 ---- a/src/pack_utils.c -+++ b/src/pack_utils.c -@@ -200,8 +200,13 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64 - return FALSE; - } - -- if (!num_chans) { -- strcpy (wpc->error_message, "channel count cannot be zero!"); -+ if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) { -+ strcpy (wpc->error_message, "invalid channel count!"); -+ return FALSE; -+ } -+ -+ if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) { -+ strcpy (wpc->error_message, "invalid custom block samples!"); - return FALSE; - } - -@@ -523,7 +528,7 @@ int WavpackPackInit (WavpackContext *wpc) - if (wpc->config.num_channels == 1) - wpc->block_samples *= 2; - -- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 300000) -+ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 300000) - wpc->block_samples /= 2; - } - else { -@@ -534,10 +539,10 @@ int WavpackPackInit (WavpackContext *wpc) - - wpc->block_samples = wpc->config.sample_rate / divisor; - -- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 75000) -+ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 75000) - wpc->block_samples /= 2; - -- while (wpc->block_samples * wpc->config.num_channels < 20000) -+ while ((int64_t) wpc->block_samples * wpc->config.num_channels < 20000) - wpc->block_samples *= 2; - } - diff --git a/wavpack-5.3.0.tar.xz b/wavpack-5.3.0.tar.xz deleted file mode 100644 index c231025811014445c5365b636f2a14481ca7d897..0000000000000000000000000000000000000000 Binary files a/wavpack-5.3.0.tar.xz and /dev/null differ diff --git a/wavpack-5.6.0.tar.xz b/wavpack-5.6.0.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..e1480de1ffab003ed9285180835d0ab36b799c93 Binary files /dev/null and b/wavpack-5.6.0.tar.xz differ diff --git a/wavpack.spec b/wavpack.spec index 5246f678de7308d59942af8f73c920944867b290..299586881086446e38e6fb279cfa9514d025eb36 100644 --- a/wavpack.spec +++ b/wavpack.spec @@ -1,13 +1,13 @@ Name: wavpack -Version: 5.3.0 -Release: 3 +Version: 5.6.0 +Release: 1 Summary: Hybrid Lossless Wavefile Compressor License: BSD-3-Clause Url: http://www.wavpack.com/ Source: https://github.com/dbry/WavPack/releases/download/%{version}/%{name}-%{version}.tar.xz -Patch0000: CVE-2020-35738.patch BuildRequires: autoconf automake libtool +BuildRequires: gettext-devel Recommends: %{name}-help = %{version}-%{release} @@ -37,7 +37,7 @@ Help document for the wavpack package. %build autoreconf -ivf -%configure --disable-static +%configure --disable-static --disable-rpath %make_build @@ -51,7 +51,7 @@ autoreconf -ivf /sbin/ldconfig %files -%doc AUTHORS doc/wavpack_doc.html +%{_docdir}/* %license COPYING %{_bindir}/* %{_libdir}/libwavpack.so.* @@ -66,6 +66,9 @@ autoreconf -ivf %{_mandir}/man1/*.1* %changelog +* Tue May 09 2023 xu_ping <707078654@qq.com> - 5.6.0-1 +- Upgrade to 5.6.0 + * Tue May 10 2022 caodongxia - 5.3.0-3 - License compliance rectification