debian/0000775000000000000000000000000013402024120007154 5ustar debian/rules0000775000000000000000000000106612234475423010261 0ustar #!/usr/bin/make -f include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk include /usr/share/cdbs/1/rules/autoreconf.mk include /usr/share/cdbs/1/rules/utils.mk common-binary-post-install-arch:: list-missing DEB_SHLIBDEPS_INCLUDE := debian/libwavpack1/usr/lib DEB_DH_MAKESHLIBS_ARGS_libwavpack1 += -- -c4 DEB_INSTALL_DOCS_ALL = DEB_INSTALL_DOCS_libwavpack-dev = README DEB_CONFIGURE_EXTRA_FLAGS += --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) ifeq ($(DEB_BUILD_ARCH),amd64) DEB_CONFIGURE_EXTRA_FLAGS += --enable-mmx endif debian/source/0000775000000000000000000000000012234475423010476 5ustar debian/source/format0000664000000000000000000000001412234475423011704 0ustar 3.0 (quilt) debian/watch0000664000000000000000000000013512234475423010226 0ustar version=2 http://www.wavpack.com/downloads.html \ wavpack-(.*\..*)\.tar\.bz2 debian uupdate debian/control0000664000000000000000000000472713240306217010603 0ustar Source: wavpack Section: sound Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian Multimedia Maintainers Uploaders: Sebastian Dröge , Loic Minier Build-Depends: cdbs (>= 0.4.93~), debhelper (>= 9), dh-autoreconf, dpkg-dev (>= 1.14.13) Standards-Version: 3.9.3 Homepage: http://www.wavpack.com Vcs-Git: git://anonscm.debian.org/pkg-multimedia/wavpack.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-multimedia/wavpack.git Package: libwavpack1 Architecture: any Multi-Arch: same Section: libs Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: audio codec (lossy and lossless) - library WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performance and functionality. . This package contains the shared libraries necessary to run programs using libwavpack. Package: libwavpack-dev Architecture: any Multi-Arch: same Section: libdevel Depends: libwavpack1 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Description: audio codec (lossy and lossless) - development files WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performance and functionality. . This package contains the header files, static libraries and symbolic links that developers using libwavpack will need. Package: wavpack Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: audio codec (lossy and lossless) - encoder and decoder WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled performance and functionality. . This package contains an encoder and decoder for wavpack files. debian/wavpack.install0000664000000000000000000000005412234475423012221 0ustar debian/tmp/usr/bin debian/tmp/usr/share/man debian/libwavpack1.install0000664000000000000000000000004512234475423012771 0ustar debian/tmp/usr/lib/*/libwavpack.so.* debian/copyright0000664000000000000000000000370712234475423011140 0ustar This package was debianized by Sebastian Dröge on Sun, 24 Jul 2005 23:15:52 +0200. It was downloaded from http://www.wavpack.com Upstream Authors: David Bryant Copyright: Copyright (c) 1998 - 2006 Conifer Software All rights reserved. License: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of Conifer Software nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. For md5.h and md5.c: This code implements the MD5 message-digest algorithm. The algorithm is due to Ron Rivest. This code was written by Colin Plumb in 1993, no copyright is claimed. This code is in the public domain; do with it what you wish. debian/libwavpack1.symbols0000664000000000000000000000366212234475423013023 0ustar libwavpack.so.1 libwavpack1 #MINVER# * Build-Depends-Package: libwavpack-dev WavpackAddWrapper@Base 4.40.0 WavpackAppendBinaryTagItem@Base 4.60.0 WavpackAppendTagItem@Base 4.40.0 WavpackCloseFile@Base 4.40.0 WavpackDeleteTagItem@Base 4.40.0 WavpackFloatNormalize@Base 4.40.0 WavpackFlushSamples@Base 4.40.0 WavpackFreeWrapper@Base 4.40.0 WavpackGetAverageBitrate@Base 4.40.0 WavpackGetBinaryTagItem@Base 4.60.0 WavpackGetBinaryTagItemIndexed@Base 4.60.0 WavpackGetBitsPerSample@Base 4.40.0 WavpackGetBytesPerSample@Base 4.40.0 WavpackGetChannelMask@Base 4.40.0 WavpackGetEncodedNoise@Base 4.40.0 WavpackGetErrorMessage@Base 4.40.0 WavpackGetFileSize@Base 4.40.0 WavpackGetFloatNormExp@Base 4.40.0 WavpackGetInstantBitrate@Base 4.40.0 WavpackGetLibraryVersion@Base 4.40.0 WavpackGetLibraryVersionString@Base 4.40.0 WavpackGetMD5Sum@Base 4.40.0 WavpackGetMode@Base 4.40.0 WavpackGetNumBinaryTagItems@Base 4.60.0 WavpackGetNumChannels@Base 4.40.0 WavpackGetNumErrors@Base 4.40.0 WavpackGetNumSamples@Base 4.40.0 WavpackGetNumTagItems@Base 4.40.0 WavpackGetProgress@Base 4.40.0 WavpackGetRatio@Base 4.40.0 WavpackGetReducedChannels@Base 4.40.0 WavpackGetSampleIndex@Base 4.40.0 WavpackGetSampleRate@Base 4.40.0 WavpackGetTagItem@Base 4.40.0 WavpackGetTagItemIndexed@Base 4.40.0 WavpackGetVersion@Base 4.40.0 WavpackGetWrapperBytes@Base 4.40.0 WavpackGetWrapperData@Base 4.40.0 WavpackGetWrapperLocation@Base 4.40.0 WavpackLittleEndianToNative@Base 4.40.0 WavpackLossyBlocks@Base 4.40.0 WavpackNativeToLittleEndian@Base 4.40.0 WavpackOpenFileInput@Base 4.40.0 WavpackOpenFileInputEx@Base 4.40.0 WavpackOpenFileOutput@Base 4.40.0 WavpackPackInit@Base 4.40.0 WavpackPackSamples@Base 4.40.0 WavpackSeekSample@Base 4.40.0 WavpackSeekTrailingWrapper@Base 4.40.0 WavpackSetConfiguration@Base 4.40.0 WavpackStoreMD5Sum@Base 4.40.0 WavpackUnpackSamples@Base 4.40.0 WavpackUpdateNumSamples@Base 4.40.0 WavpackWriteTag@Base 4.40.0 debian/libwavpack-dev.install0000664000000000000000000000017312234475423013466 0ustar debian/tmp/usr/lib/*/libwavpack.so debian/tmp/usr/lib/*/libwavpack.a debian/tmp/usr/include debian/tmp/usr/lib/*/pkgconfig debian/compat0000664000000000000000000000000212234475423010374 0ustar 9 debian/gbp.conf0000664000000000000000000000003612234475423010614 0ustar [DEFAULT] pristine-tar = True debian/libwavpack1.shlibs0000664000000000000000000000004512234475423012607 0ustar libwavpack 1 libwavpack1 (>= 4.60.0) debian/patches/0000775000000000000000000000000013402023000010577 5ustar debian/patches/series0000664000000000000000000000005213402016333012024 0ustar CVE-2016-10169.patch CVE-2018-19840.patch debian/patches/CVE-2016-10169.patch0000664000000000000000000000121313240305752013317 0ustar Backport of: From 4bc05fc490b66ef2d45b1de26abf1455b486b0dc Mon Sep 17 00:00:00 2001 From: David Bryant Date: Wed, 21 Dec 2016 22:18:36 -0800 Subject: [PATCH] fixes for 4 fuzz failures posted to SourceForge mailing list diff --git a/src/words.c b/src/words.c index 368b07a..aa6488f 100644 --- a/src/words.c +++ b/src/words.c @@ -1146,6 +1146,10 @@ int32_t FASTCALL get_word (WavpackStream *wps, int chan, int32_t *correction) low &= 0x7fffffff; high &= 0x7fffffff; + + if (low > high) // make sure high and low make sense + high = low; + mid = (high + low + 1) >> 1; if (!c->error_limit) debian/patches/CVE-2018-19840.patch0000664000000000000000000000274613402023000013321 0ustar Backported of: From 667377551faf7d72437de0805bcc3761fa494a54 Mon Sep 17 00:00:00 2001 From: David Bryant Date: Sun, 18 Nov 2018 17:21:17 -0800 Subject: [PATCH] issue #48: remove 'register' keyword because it doesn't actually do anything and troubles C++17 and From 070ef6f138956d9ea9612e69586152339dbefe51 Mon Sep 17 00:00:00 2001 From: David Bryant Date: Thu, 29 Nov 2018 21:00:42 -0800 Subject: [PATCH] issue #53: error out on zero sample rate diff --git a/src/words.c b/src/words.c index aa6488f..5a9ed53 100644 --- a/src/words.c +++ b/src/words.c @@ -979,7 +979,7 @@ static uint32_t FASTCALL read_code (Bitstream *bs, uint32_t maxcode); int32_t FASTCALL get_word (WavpackStream *wps, int chan, int32_t *correction) { - register struct entropy_data *c = wps->w.c + chan; + struct entropy_data *c = wps->w.c + chan; uint32_t ones_count, low, mid, high; int next8, sign; int32_t value; diff --git a/src/wputils.c b/src/wputils.c index 5d30f1e..d69aee5 100644 --- a/src/wputils.c +++ b/src/wputils.c @@ -947,6 +947,11 @@ int WavpackSetConfiguration (WavpackContext *wpc, WavpackConfig *config, uint32_ int num_chans = config->num_channels; int i; + if (!config->sample_rate) { + strcpy (wpc->error_message, "sample rate cannot be zero!"); + return FALSE; + } + wpc->total_samples = total_samples; wpc->config.sample_rate = config->sample_rate; wpc->config.num_channels = config->num_channels; debian/changelog0000664000000000000000000001525113402024120011032 0ustar wavpack (4.70.0-1ubuntu0.2) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19840.patch: checking if sample_rate is not zero in src/wputils.c and removing register keyword in src/read_words.c. - CVE-2018-19840 -- Leonidas S. Barbosa Wed, 05 Dec 2018 15:14:37 -0300 wavpack (4.70.0-1ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service via crafted WV file - debian/patches/CVE-2016-10169.patch: fix in words.c. - CVE-2016-10169 -- Leonidas S. Barbosa Mon, 12 Feb 2018 09:43:33 -0300 wavpack (4.70.0-1) unstable; urgency=low * New upstream release: + debian/patches/0001-pkgconfig.patch, debian/patches/0002-largefile.patch: - Drop patches that were merged upstream. -- Sebastian Dröge Thu, 31 Oct 2013 16:47:06 +0100 wavpack (4.60.1-3) unstable; urgency=low * Team upload. * Check for large files support on 32-bit systems too. Thanks to Frank Lübeck for the report. (Closes: #666340) * Add dh-autoreconf to the build. * Bump debhelper requirement to match debian/compat. * Bump Standards. -- Alessio Treglia Sun, 01 Apr 2012 11:43:30 +0200 wavpack (4.60.1-2) unstable; urgency=low * Team upload. * Enable Multi-Arch support (Closes: #651017): - debian/{*.install,control,rules}: Update references and enable Multi-Arch: same; patch from Becka Morgan. - debian/patches/0001-pkgconfig.patch: Avoid wavpack.pc to be broken after switching to Multi-Arch. * Fix lintian's warnings: - binary-control-field-duplicates-source - copyright-refers-to-deprecated-bsd-license-file - description-synopsis-starts-with-article * Enable MMX extensions on amd64. * Correct maintainer's name, add VCS fields. * Bump debian/compat. * Bump Standards version. * Add gbp config file. -- Alessio Treglia Mon, 05 Dec 2011 11:36:14 +0100 wavpack (4.60.1-1) unstable; urgency=low * New upstream release: + debian/rules: - Some cleanup. + debian/*.1.xml, debian/wavpack.manpages, debian/control: - Manpages are upstream now. * debian/source/format: + Switch to 3.0 (quilt) and use upstream's tar.bz2. -- Sebastian Dröge Thu, 03 Dec 2009 09:51:39 +0100 wavpack (4.60.0-1) unstable; urgency=low * New upstream release: + debian/libwavpack1.symbols, debian/libwavpack1.shlibs: - Updated for the API additions. * debian/control: + Updated Standards-Version to 3.8.3. + Add ${shlibs:Depends} to the -dev package. * debian/control, debian/compat: + Updated to debhelper compat level 6. -- Sebastian Dröge Mon, 05 Oct 2009 07:22:03 +0200 wavpack (4.50.1-1) unstable; urgency=low * New upstream bugfix release. -- Sebastian Dröge Fri, 18 Jul 2008 12:35:46 +0200 wavpack (4.50.0-1) unstable; urgency=low * New upstream release: + debian/patches/01_memory-alignment.patch: - Dropped, fixed different upstream. + debian/libwavpack1.shlibs: - Updated to >= 4.50.0 because of new flags for some functions. * debian/control: + Set maintainer to pkg-multimedia. + Wrap control fields. + Move homepage to the Homepage field. + Update Standards-Version to 3.8.0, no additional changes needed. -- Sebastian Dröge Thu, 26 Jun 2008 13:02:38 +0200 wavpack (4.41.0-2) unstable; urgency=low * debian/libwavpack1.symbols, debian/control: + Add a symbol file for WavPack and build depend on new enough dpkg-dev for this. * debian/control: + Update Standards-Version to 3.7.3, no additional changes needed. + Use ${binary:Version} instead of ${Source-Version}. * debian/patches/01_memory-alignment.patch: + Fix alignment issues which result in a SIGBUS on sparc (Closes: #476234). -- Sebastian Dröge Tue, 15 Apr 2008 12:22:24 +0200 wavpack (4.41.0-1) unstable; urgency=low * New upstream release without API changes. * debian/patches/01_fix-undefined-extern.diff: + Dropped, not necessary anymore. -- Sebastian Dröge Mon, 21 May 2007 12:11:16 +0200 wavpack (4.40.0-2) unstable; urgency=low * Upload to unstable * debian/control: + Update to use my debian.org mail address -- Sebastian Dröge Mon, 16 Apr 2007 01:07:27 +0200 wavpack (4.40.0-1) experimental; urgency=low [ Sebastian Dröge ] * New upstream release * debian/control: + Update package name for new soname and remove now unnecessary conflicts + Drop unnecessary libncurses (build) dependency * debian/rules: + Adjust for new package name * debian/libwavpack1.shlibs: + Set shlibs minimal version from here * debian/patches/01_fix-undefined-extern.diff: + Updated for new file locations * debian/compat: + Update to 5 [ Loic Minier ] * Add year 2006 to copyright. -- Loic Minier Mon, 11 Dec 2006 15:52:24 +0100 wavpack (4.32-2) unstable; urgency=low * Make sure that dh_makeshlibs of libwavpack0 is called before dh_shlibdeps of wavpack to generate correct dependencies. -- Sebastian Dröge Mon, 24 Apr 2006 20:30:48 +0200 wavpack (4.32-1) unstable; urgency=low * New upstream release: + New wvgain utility for calculating and adding ReplayGain informations to files + Fix a crasher on big-endian systems + Some usuability improvements to the commandline utilities * No need to use -fsigned-char anymore * debian/wvgain.1.xml: added manpage for the new wvgain utility * List files which are not in any package after build * Add a Conflict with gstreamer0.8-misc (<< 0.8.12-2) on libwavpack0 as this update breaks ABI and gst-plugins0.8 has to be rebuild against the new version. I didn't invent a .debian soname as upstream promises to use a correct soname in the future when breaking ABI and gstreamer0.8-misc is the only rdepend. -- Sebastian Dröge Thu, 20 Apr 2006 11:58:09 +0200 wavpack (4.3-2) unstable; urgency=low * Use -fsigned-char to solve problems with decoding/encoding on different archs where chars are unsigned by default (including powerpc) * Install the README only in the -dev package -- Sebastian Dröge Thu, 17 Nov 2005 18:38:32 +0100 wavpack (4.3-1) unstable; urgency=low * Initial Revision (Closes: #333087) * 01_fix-undefined-extern.diff: + Fix from Gnome BTS #321212 for setting an extern variable. Fixes gstreamer plugin and maybe more -- Sebastian Dröge Fri, 11 Nov 2005 16:42:07 +0100