git.libre-soc.org Git - buildroot.git/commit

author	Fabrice Fontaine <fontaine.fabrice@gmail.com>
	Wed, 18 Dec 2019 22:23:18 +0000 (23:23 +0100)
committer	Peter Korsgaard <peter@korsgaard.com>
	Thu, 19 Dec 2019 11:21:35 +0000 (12:21 +0100)
commit	7a24c6d63b168dc138af606b47c881e13c84774c
tree	3abb967fc670621101220f4e2cd2dc27b2c1cfbf	tree
parent	43959c561602596502d20c232b3d46707a373054	commit \| diff

package/wavpack: security bump to version 5.2.0

- Switch to github to get latest version
- Drop patches (already in version)
- Fix CVE-2018-19840: The function WavpackPackInit in pack_utils.c in
  libwavpack.a in WavPack through 5.1.0 allows attackers to cause a
  denial-of-service (resource exhaustion caused by an infinite loop) via
  a crafted wav audio file because WavpackSetConfiguration64 mishandles
  a sample rate of zero.
- Fix CVE-2018-19841: The function WavpackVerifySingleBlock in
  open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers
  to cause a denial-of-service (out-of-bounds read and application
  crash) via a crafted WavPack Lossless Audio file, as demonstrated by
  wvunpack.
- Add hash for license file

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/wavpack/0001-fix-Github-issue-19-new-dependency-on-wchar-t-by-removing.patch	[deleted file]	blob \| history
package/wavpack/0002-issue-27-do-not-overwrite-stack-on-corrupt-RF64-file.patch	[deleted file]	blob \| history
package/wavpack/0003-issue-28-do-not-overwrite-heap-on-corrupt-DSDIFF-fil.patch	[deleted file]	blob \| history
package/wavpack/0004-issue-28-fix-buffer-overflows-and-bad-allocs-on-corr.patch	[deleted file]	blob \| history
package/wavpack/0005-issue-30-issue-31-issue-32-no-multiple-format-chunks.patch	[deleted file]	blob \| history
package/wavpack/0006-issue-33-sanitize-size-of-unknown-chunks-before-mall.patch	[deleted file]	blob \| history
package/wavpack/wavpack.hash		diff \| blob \| history
package/wavpack/wavpack.mk		diff \| blob \| history