wavpack (5.1.0-2ubuntu1.5) bionic-security; urgency=medium * SECURITY UPDATE: Out-of-bounds write - debian/patches/CVE-2020-35738.patch: checks bounds in order to avoid/fix integer overflows resulting in buffer overruns in src/pack_utils.c. - CVE-2020-35738 -- Leonidas Da Silva Barbosa Tue, 05 Jan 2021 10:32:02 -0300 wavpack (5.1.0-2ubuntu1.4) bionic-security; urgency=medium * debian/0009-issue-41-make-sure-DFF-does-not*.patch: make sure DFF chunk does not have negative length. * debian/patches/0010-issue-43-catch-zero*.patch: catch zero channel count in DSF and DSDIFF files. * SECURITY UPDATE: Crash due a divide by zero - debian/patches/CVE-2019-1010315.patch: make sure DSDIFF files have a valid channel count in cli/dsdiff.c. - CVE-2019-1010315 * SECURITY UPDATE: Crashes and segfaults - debian/patches/CVE-2019-1010317.patch: make sure CAF files have a "desc" chunk in cli/caff.c. - CVE-2019-1010317 * SECURITY UPDATE: Crashes and segfaults - debian/patches/CVE-2019-1010318.patch: make sure sample rate is specified and non-zero in DFF files in cli/dsdiff.c. - CVE-2019-1010318 * SECURITY UPDATE: Crashes and segfaults - debian/patches/CVE-2019-1010319.patch: clear WaveHeader at start to prevent uninitialized read in cli/wave64.c. - CVE-2019-1010319 -- Leonidas S. Barbosa Tue, 16 Jul 2019 09:04:50 -0300 wavpack (5.1.0-2ubuntu1.3) bionic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-11498.patch: make sure sample rate variable is specified and non-zero in DFF files in cli/dsdiff.c. - CVE-2019-11498 -- Leonidas S. Barbosa Mon, 29 Apr 2019 11:43:20 -0300 wavpack (5.1.0-2ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19840.patch: checking if sample_rate is not zero in src/pack_utils.c. - CVE-2018-19840 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19841.patch: fix in src/open_utils.c. -- Leonidas S. Barbosa Thu, 06 Dec 2018 08:47:38 -0300 wavpack (5.1.0-2ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: Writing to memory vulnerability in wav64 and riff - debian/patches/CVE-2018-10536-and-10537.patch: fixing in cli/riff.c, cli/wave64.c. - CVE-2018-10536 - CVE-2018-10537 * SECURITY UPDATE: Out-of-bounds writes in riff, DSDiff and W64 - debian/patches/CVE-2018-10538-and-10539-and-10540.patch: sanitize size of unknown chunks before malloc in cli/dsdiff.c, cli/riff.c, cli/wave64.c. - CVE-2018-10538 - CVE-2018-10539 - CVE-2018-10540 -- Leonidas S. Barbosa Mon, 30 Apr 2018 15:53:18 -0300 wavpack (5.1.0-2ubuntu1) bionic; urgency=medium * SECURITY UPDATE: stack-based buffer overr-read - debian/patches/CVE-2018-6767.patch: do not overwrite stack on corrupt RF64 file in cli/riff.c. - CVE-2018-6767 * SECURITY UPDATE: Maliciously crafted DSDIFF can result in a denial of service - debian/patches/CVE-2018-7253.patch: do not overwrite heap on corrupt DSDIFF file in cli/dsdiff.c - CVE-2018-7253 * SECURITY UPDATE: Denial of service through maliciously crafted CAF file - debian/patches/CVE-2018-7254.patch: fix buffer overflows and bad allocs in cli/caff.c. - CVE-2018-7254 -- Leonidas S. Barbosa Thu, 22 Feb 2018 12:13:50 -0300 wavpack (5.1.0-2) unstable; urgency=medium * Bump Standards-Version to 4.0.0. * Drop myself from Uploaders. -- Loïc Minier Sun, 09 Jul 2017 21:32:49 +0200 wavpack (5.1.0-1) unstable; urgency=medium * Team upload. * New upstream release. * debian/patches: Removed patches included upstream. * debian/copyright: Update copyright years. -- Sebastian Ramacher Thu, 15 Jun 2017 12:59:20 +0200 wavpack (5.0.0-2) unstable; urgency=medium * Team upload. * debian/patches: Apply upstream fix to fix some fuzz failures (CVE-2016-10169, CVE-2016-10170, CVE-2016-10171, CVE-2016-10172). (Closes: #853076) -- Sebastian Ramacher Mon, 30 Jan 2017 21:04:05 +0100 wavpack (5.0.0-1) unstable; urgency=medium * Team upload. * New upstream release. * debian/libwavpack1.symbols: Add new symbols. * debian/copyright: Update copyright information. * debian/control: Bump Standards-Version. -- Sebastian Ramacher Mon, 02 Jan 2017 13:56:51 +0100 wavpack (4.80.0-1) unstable; urgency=medium * Team upload. * New upstream release. * debian/patches/mark-stack-non-executable.patch: Removed, included upstream. * debian/control: - Bump Standards-Version, no changes needed. - Update Vcs-*. -- Sebastian Ramacher Tue, 05 Apr 2016 21:47:45 +0200 wavpack (4.75.2-2) unstable; urgency=medium * Team upload. * debian/rules: - No longer pass --enable-mmx on amd64. It was removed. - Pass --disable-asm on armel and armhf to fix FTBFS. -- Sebastian Ramacher Sun, 17 Jan 2016 17:39:03 +0100 wavpack (4.75.2-1) unstable; urgency=medium * Team upload. * New upstream release. * debian/patches/mark-stack-non-executable.patch: Mark stack as non-executable. Thanks to Russell Coker for the patch. (Closes: #793320) * debian/control: Remove ${shlibs:Depends} from libwavpack-dev's Depends. -- Sebastian Ramacher Sun, 17 Jan 2016 13:39:23 +0100 wavpack (4.75.0-1) unstable; urgency=medium * Team upload. * New upstream release: - improved: reorganization for modularity and to improve linking - added: assembler optimizations for encode/decode on x86 and x64 - added: assembler optimizations for decoding on ARMv7 (Linux) - improved: several minor speed optimizations using intrinsics - fixed: wavpack.pc.in not working correctly on some Linux distros - fixed: memcpy() issue causing abort() on OpenBSD * Touch Standards-Version -- Alessio Treglia Wed, 10 Jun 2015 19:17:14 +0100 wavpack (4.70.0-1) unstable; urgency=low * New upstream release: + debian/patches/0001-pkgconfig.patch, debian/patches/0002-largefile.patch: - Drop patches that were merged upstream. -- Sebastian Dröge Thu, 31 Oct 2013 16:47:06 +0100 wavpack (4.60.1-3) unstable; urgency=low * Team upload. * Check for large files support on 32-bit systems too. Thanks to Frank Lübeck for the report. (Closes: #666340) * Add dh-autoreconf to the build. * Bump debhelper requirement to match debian/compat. * Bump Standards. -- Alessio Treglia Sun, 01 Apr 2012 11:43:30 +0200 wavpack (4.60.1-2) unstable; urgency=low * Team upload. * Enable Multi-Arch support (Closes: #651017): - debian/{*.install,control,rules}: Update references and enable Multi-Arch: same; patch from Becka Morgan. - debian/patches/0001-pkgconfig.patch: Avoid wavpack.pc to be broken after switching to Multi-Arch. * Fix lintian's warnings: - binary-control-field-duplicates-source - copyright-refers-to-deprecated-bsd-license-file - description-synopsis-starts-with-article * Enable MMX extensions on amd64. * Correct maintainer's name, add VCS fields. * Bump debian/compat. * Bump Standards version. * Add gbp config file. -- Alessio Treglia Mon, 05 Dec 2011 11:36:14 +0100 wavpack (4.60.1-1) unstable; urgency=low * New upstream release: + debian/rules: - Some cleanup. + debian/*.1.xml, debian/wavpack.manpages, debian/control: - Manpages are upstream now. * debian/source/format: + Switch to 3.0 (quilt) and use upstream's tar.bz2. -- Sebastian Dröge Thu, 03 Dec 2009 09:51:39 +0100 wavpack (4.60.0-1) unstable; urgency=low * New upstream release: + debian/libwavpack1.symbols, debian/libwavpack1.shlibs: - Updated for the API additions. * debian/control: + Updated Standards-Version to 3.8.3. + Add ${shlibs:Depends} to the -dev package. * debian/control, debian/compat: + Updated to debhelper compat level 6. -- Sebastian Dröge Mon, 05 Oct 2009 07:22:03 +0200 wavpack (4.50.1-1) unstable; urgency=low * New upstream bugfix release. -- Sebastian Dröge Fri, 18 Jul 2008 12:35:46 +0200 wavpack (4.50.0-1) unstable; urgency=low * New upstream release: + debian/patches/01_memory-alignment.patch: - Dropped, fixed different upstream. + debian/libwavpack1.shlibs: - Updated to >= 4.50.0 because of new flags for some functions. * debian/control: + Set maintainer to pkg-multimedia. + Wrap control fields. + Move homepage to the Homepage field. + Update Standards-Version to 3.8.0, no additional changes needed. -- Sebastian Dröge Thu, 26 Jun 2008 13:02:38 +0200 wavpack (4.41.0-2) unstable; urgency=low * debian/libwavpack1.symbols, debian/control: + Add a symbol file for WavPack and build depend on new enough dpkg-dev for this. * debian/control: + Update Standards-Version to 3.7.3, no additional changes needed. + Use ${binary:Version} instead of ${Source-Version}. * debian/patches/01_memory-alignment.patch: + Fix alignment issues which result in a SIGBUS on sparc (Closes: #476234). -- Sebastian Dröge Tue, 15 Apr 2008 12:22:24 +0200 wavpack (4.41.0-1) unstable; urgency=low * New upstream release without API changes. * debian/patches/01_fix-undefined-extern.diff: + Dropped, not necessary anymore. -- Sebastian Dröge Mon, 21 May 2007 12:11:16 +0200 wavpack (4.40.0-2) unstable; urgency=low * Upload to unstable * debian/control: + Update to use my debian.org mail address -- Sebastian Dröge Mon, 16 Apr 2007 01:07:27 +0200 wavpack (4.40.0-1) experimental; urgency=low [ Sebastian Dröge ] * New upstream release * debian/control: + Update package name for new soname and remove now unnecessary conflicts + Drop unnecessary libncurses (build) dependency * debian/rules: + Adjust for new package name * debian/libwavpack1.shlibs: + Set shlibs minimal version from here * debian/patches/01_fix-undefined-extern.diff: + Updated for new file locations * debian/compat: + Update to 5 [ Loic Minier ] * Add year 2006 to copyright. -- Loic Minier Mon, 11 Dec 2006 15:52:24 +0100 wavpack (4.32-2) unstable; urgency=low * Make sure that dh_makeshlibs of libwavpack0 is called before dh_shlibdeps of wavpack to generate correct dependencies. -- Sebastian Dröge Mon, 24 Apr 2006 20:30:48 +0200 wavpack (4.32-1) unstable; urgency=low * New upstream release: + New wvgain utility for calculating and adding ReplayGain informations to files + Fix a crasher on big-endian systems + Some usuability improvements to the commandline utilities * No need to use -fsigned-char anymore * debian/wvgain.1.xml: added manpage for the new wvgain utility * List files which are not in any package after build * Add a Conflict with gstreamer0.8-misc (<< 0.8.12-2) on libwavpack0 as this update breaks ABI and gst-plugins0.8 has to be rebuild against the new version. I didn't invent a .debian soname as upstream promises to use a correct soname in the future when breaking ABI and gstreamer0.8-misc is the only rdepend. -- Sebastian Dröge Thu, 20 Apr 2006 11:58:09 +0200 wavpack (4.3-2) unstable; urgency=low * Use -fsigned-char to solve problems with decoding/encoding on different archs where chars are unsigned by default (including powerpc) * Install the README only in the -dev package -- Sebastian Dröge Thu, 17 Nov 2005 18:38:32 +0100 wavpack (4.3-1) unstable; urgency=low * Initial Revision (Closes: #333087) * 01_fix-undefined-extern.diff: + Fix from Gnome BTS #321212 for setting an extern variable. Fixes gstreamer plugin and maybe more -- Sebastian Dröge Fri, 11 Nov 2005 16:42:07 +0100