All of lore.kernel.org
 help / color / mirror / Atom feed
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/1] package/wavpack: security bump to version 5.4.0
Date: Wed, 13 Jan 2021 07:45:11 +0100	[thread overview]
Message-ID: <20210113064511.120257-1-fontaine.fabrice@gmail.com> (raw)

WavPack 5.4.0 contains a fix for CVE-2020-35738 wherein a specially
crafted WAV file could cause the WAVPACK command-line program to crash
with an out-of-bounds write (see issue #91).

Update hash of COPYING (update in year:
https://github.com/dbry/WavPack/commit/2ce3c069be548e82ea9c05741ace6583e549c6de)

https://github.com/dbry/WavPack/blob/5.4.0/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/wavpack/wavpack.hash | 4 ++--
 package/wavpack/wavpack.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/wavpack/wavpack.hash b/package/wavpack/wavpack.hash
index eeef730321..abc9ab6905 100644
--- a/package/wavpack/wavpack.hash
+++ b/package/wavpack/wavpack.hash
@@ -1,3 +1,3 @@
 # locally computed hash
-sha256  b444379a0bee0330f137cb3e9a100e6a12a63a6d01987ba66b3729f85e282307  wavpack-5.3.0.tar.xz
-sha256  a0bbe245dfe263f73946b72306e8336818009ff1e52b119784c288f2785fc260  COPYING
+sha256  4bde6a6b2a86614a6bd2579e60dcc974e2c8f93608d2281110a717c1b3c28b79  wavpack-5.4.0.tar.xz
+sha256  f38defde000d62c4ff158f1445cb85a0c2f67cbc1d3cfa34ed882f439f6e3b43  COPYING
diff --git a/package/wavpack/wavpack.mk b/package/wavpack/wavpack.mk
index 586082fdd6..85185ab348 100644
--- a/package/wavpack/wavpack.mk
+++ b/package/wavpack/wavpack.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WAVPACK_VERSION = 5.3.0
+WAVPACK_VERSION = 5.4.0
 WAVPACK_SITE = \
 	https://github.com/dbry/WavPack/releases/download/$(WAVPACK_VERSION)
 WAVPACK_SOURCE = wavpack-$(WAVPACK_VERSION).tar.xz
-- 
2.29.2

             reply	other threads:[~2021-01-13  6:45 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-13  6:45 Fabrice Fontaine [this message]
2021-01-13  9:31 ` [Buildroot] [PATCH 1/1] package/wavpack: security bump to version 5.4.0 Peter Korsgaard
2021-01-17 16:55 ` Peter Korsgaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210113064511.120257-1-fontaine.fabrice@gmail.com \
    --to=fontaine.fabrice@gmail.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.