!23 Upgrade to 5.6.0

From: @cherry530 Reviewed-by: @Lostwayzxc, @caodongxia Signed-off-by: @caodongxia
2023-05-09 11:43:29 +00:00 · 2023-05-09 11:43:29 +00:00 · 24d77bd85d
commit 24d77bd85d
parent c601c28cce 7197c19332
4 changed files with 8 additions and 57 deletions
--- a/CVE-2020-35738.patch
+++ b/CVE-2020-35738.patch
@ -1,52 +0,0 @@
 From 89df160596132e3bd666322e1c20b2ebd4b92cd0 Mon Sep 17 00:00:00 2001
 From: David Bryant <david@wavpack.com>
 Date: Tue, 29 Dec 2020 20:47:19 -0800
 Subject: [PATCH] issue #91: fix integer overflows resulting in buffer overruns
 and sanitize a few more encoding parameters for clarity
 ---
 src/pack_utils.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)
 diff --git a/src/pack_utils.c b/src/pack_utils.c
 index 17d9381..480ab90 100644
 --- a/src/pack_utils.c
 +++ b/src/pack_utils.c
@@ -200,8 +200,13 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
         return FALSE;
     }
 -    if (!num_chans) {
 -        strcpy (wpc->error_message, "channel count cannot be zero!");
 +    if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) {
 +        strcpy (wpc->error_message, "invalid channel count!");
 +        return FALSE;
 +    }
 +
 +    if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) {
 +        strcpy (wpc->error_message, "invalid custom block samples!");
         return FALSE;
     }
@@ -523,7 +528,7 @@ int WavpackPackInit (WavpackContext *wpc)
         if (wpc->config.num_channels == 1)
             wpc->block_samples *= 2;
 -        while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 300000)
 +        while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 300000)
             wpc->block_samples /= 2;
     }
     else {
@@ -534,10 +539,10 @@ int WavpackPackInit (WavpackContext *wpc)
         wpc->block_samples = wpc->config.sample_rate / divisor;
 -        while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 75000)
 +        while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 75000)
             wpc->block_samples /= 2;
 -        while (wpc->block_samples * wpc->config.num_channels < 20000)
 +        while ((int64_t) wpc->block_samples * wpc->config.num_channels < 20000)
             wpc->block_samples *= 2;
     }
--- a/wavpack-5.3.0.tar.xz
+++ b/wavpack-5.3.0.tar.xz
--- a/wavpack-5.6.0.tar.xz
+++ b/wavpack-5.6.0.tar.xz
--- a/wavpack.spec
+++ b/wavpack.spec
@ -1,13 +1,13 @@
 Name:           wavpack
-Version:        5.3.0
+Version:        5.6.0
-Release:        3
+Release:        1
 Summary:        Hybrid Lossless Wavefile Compressor
 License:        BSD-3-Clause
 Url:            http://www.wavpack.com/
 Source:         https://github.com/dbry/WavPack/releases/download/%{version}/%{name}-%{version}.tar.xz
 Patch0000:      CVE-2020-35738.patch
 BuildRequires:  autoconf automake libtool
 BuildRequires:  gettext-devel
 Recommends:     %{name}-help = %{version}-%{release}
@ -37,7 +37,7 @@ Help document for the wavpack package.
 %build
 autoreconf -ivf
-%configure --disable-static
+%configure --disable-static --disable-rpath
 %make_build
@ -51,7 +51,7 @@ autoreconf -ivf
 /sbin/ldconfig
 %files
-%doc AUTHORS doc/wavpack_doc.html
+%{_docdir}/*
 %license COPYING
 %{_bindir}/*
 %{_libdir}/libwavpack.so.*
@ -66,6 +66,9 @@ autoreconf -ivf
 %{_mandir}/man1/*.1*
 %changelog
 * Tue May 09 2023 xu_ping <707078654@qq.com> - 5.6.0-1
 - Upgrade to 5.6.0
 * Tue May 10 2022 caodongxia <caodongxia@h-partners.com> - 5.3.0-3
 - License compliance rectification