From 132ca6eac2bca3267dccf1a02295a2bf8147cb28 Mon Sep 17 00:00:00 2001 From: Robert Kausch Date: Tue, 26 Jan 2021 08:11:43 +0100 Subject: [PATCH] wavpack: bump to 5.4.0 (#5637) --- .../wavpack/patches/CVE-2020-35738.patch | 52 ------------------- ...pack-5.3.0.recipe => wavpack-5.4.0.recipe} | 11 ++-- 2 files changed, 5 insertions(+), 58 deletions(-) delete mode 100644 media-sound/wavpack/patches/CVE-2020-35738.patch rename media-sound/wavpack/{wavpack-5.3.0.recipe => wavpack-5.4.0.recipe} (88%) diff --git a/media-sound/wavpack/patches/CVE-2020-35738.patch b/media-sound/wavpack/patches/CVE-2020-35738.patch deleted file mode 100644 index fbbd40ba8..000000000 --- a/media-sound/wavpack/patches/CVE-2020-35738.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 89df160596132e3bd666322e1c20b2ebd4b92cd0 Mon Sep 17 00:00:00 2001 -From: David Bryant -Date: Tue, 29 Dec 2020 20:47:19 -0800 -Subject: [PATCH] issue #91: fix integer overflows resulting in buffer overruns - and sanitize a few more encoding parameters for clarity - ---- - src/pack_utils.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/pack_utils.c b/src/pack_utils.c -index 17d9381..480ab90 100644 ---- a/src/pack_utils.c -+++ b/src/pack_utils.c -@@ -200,8 +200,13 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64 - return FALSE; - } - -- if (!num_chans) { -- strcpy (wpc->error_message, "channel count cannot be zero!"); -+ if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) { -+ strcpy (wpc->error_message, "invalid channel count!"); -+ return FALSE; -+ } -+ -+ if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) { -+ strcpy (wpc->error_message, "invalid custom block samples!"); - return FALSE; - } - -@@ -523,7 +528,7 @@ int WavpackPackInit (WavpackContext *wpc) - if (wpc->config.num_channels == 1) - wpc->block_samples *= 2; - -- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 300000) -+ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 300000) - wpc->block_samples /= 2; - } - else { -@@ -534,10 +539,10 @@ int WavpackPackInit (WavpackContext *wpc) - - wpc->block_samples = wpc->config.sample_rate / divisor; - -- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 75000) -+ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 75000) - wpc->block_samples /= 2; - -- while (wpc->block_samples * wpc->config.num_channels < 20000) -+ while ((int64_t) wpc->block_samples * wpc->config.num_channels < 20000) - wpc->block_samples *= 2; - } - diff --git a/media-sound/wavpack/wavpack-5.3.0.recipe b/media-sound/wavpack/wavpack-5.4.0.recipe similarity index 88% rename from media-sound/wavpack/wavpack-5.3.0.recipe rename to media-sound/wavpack/wavpack-5.4.0.recipe index 672208304..db136206c 100644 --- a/media-sound/wavpack/wavpack-5.3.0.recipe +++ b/media-sound/wavpack/wavpack-5.4.0.recipe @@ -1,13 +1,12 @@ SUMMARY="Hybrid lossless audio compression format & tools" DESCRIPTION="WavPack is a completely open audio compression format, providing \ lossless, high-quality lossy, and a unique hybrid compression mode." -HOMEPAGE="http://wavpack.com/" -COPYRIGHT="1998-2020 David Bryant" +HOMEPAGE="https://wavpack.com/" +COPYRIGHT="1998-2021 David Bryant" LICENSE="WavPack" -REVISION="2" -SOURCE_URI="http://wavpack.com/wavpack-$portVersion.tar.bz2" -CHECKSUM_SHA256="b6f00b3a2185a1d2df6cf8d893ec60fd645d2eb90db7428a617fd27c9e8a6a01" -PATCHES="CVE-2020-35738.patch" +REVISION="1" +SOURCE_URI="https://wavpack.com/wavpack-$portVersion.tar.bz2" +CHECKSUM_SHA256="0716a6dcf9a72d61005e1b09bbbd61aaf49837cb4e4a351992a6daed16cac034" ARCHITECTURES="!x86_gcc2 x86 x86_64" SECONDARY_ARCHITECTURES="!x86_gcc2 x86"