Hello community, here is the log from the commit of package wavpack for openSUSE:Factory checked in at 2019-08-16 15:32:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wavpack (Old) and /work/SRC/openSUSE:Factory/.wavpack.new.22127 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wavpack" Fri Aug 16 15:32:36 2019 rev:27 rq:723265 version:5.1.0~git20190420.22977b2 Changes: -------- --- /work/SRC/openSUSE:Factory/wavpack/wavpack.changes 2019-01-15 13:14:37.988439844 +0100 +++ /work/SRC/openSUSE:Factory/.wavpack.new.22127/wavpack.changes 2019-08-16 15:32:38.245926292 +0200 @@ -1,0 +2,18 @@ +Wed Aug 14 10:04:20 UTC 2019 - [email protected] + +- Update to version 5.1.0~git20190420.22977b2: + * Switch to github service to collect all the CVE fixes as releases + are not really happening often + * bsc#1133384 CVE-2019-11498 + * bsc#1141337 CVE-2019-1010315 + * bsc#1141338 CVE-2019-1010318 + * bsc#1141339 CVE-2019-1010317 + * bsc#1141334 CVE-2019-1010319 +- Remove merged patches: + * CVE-2018-19840.patch + * CVE-2018-19841.patch + * CVE-2018-7253.patch + * CVE-2018-7254.patch + * wavpack-CVE-2018-6767.patch + +------------------------------------------------------------------- Old: ---- CVE-2018-19840.patch CVE-2018-19841.patch CVE-2018-7253.patch CVE-2018-7254.patch wavpack-5.1.0.tar.bz2 wavpack-CVE-2018-6767.patch New: ---- _service wavpack-5.1.0~git20190420.22977b2.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wavpack.spec ++++++ --- /var/tmp/diff_new_pack.LyycCe/_old 2019-08-16 15:32:39.045926059 +0200 +++ /var/tmp/diff_new_pack.LyycCe/_new 2019-08-16 15:32:39.045926059 +0200 @@ -18,23 +18,14 @@ %define soname 1 Name: wavpack -Version: 5.1.0 +Version: 5.1.0~git20190420.22977b2 Release: 0 Summary: Hybrid Lossless Audio Compression Format License: BSD-3-Clause Group: Productivity/Multimedia/Sound/Editors and Convertors -Url: http://www.wavpack.com/ -Source0: http://www.wavpack.com/%{name}-%{version}.tar.bz2 +URL: http://www.wavpack.com/ +Source0: %{name}-%{version}.tar.xz Source99: baselibs.conf -# PATCH-FIX-UPSTREAM bsc#1079746 CVE-2018-6767 Crafted wav file can trigger -# a stack buffer overflow when parsing the file -Patch0: wavpack-CVE-2018-6767.patch -Patch1: CVE-2018-7253.patch -Patch2: CVE-2018-7254.patch -# PATCH-FIX-SECURITY CVE-2018-19840.patch bsc1120930 CVE-2018-19840 [email protected] -- Fix denial-of-service (resource exhaustion caused by an infinite loop). -Patch3: CVE-2018-19840.patch -# PATCH-FIX-SECURITY CVE-2018-19841.patch bsc1120929 CVE-2018-19841 [email protected] -- Fix denial-of-service (out-of-bounds read and application crash). -Patch4: CVE-2018-19841.patch BuildRequires: libtool BuildRequires: pkgconfig @@ -78,11 +69,6 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 %build autoreconf -fiv @@ -91,7 +77,6 @@ %install %make_install -# not needed find %{buildroot} -type f -name "*.la" -delete -print %check @@ -101,8 +86,8 @@ %postun -n libwavpack%{soname} -p /sbin/ldconfig %files -# AUTHORS NEWS are empty -%doc ChangeLog README COPYING +%license COPYING +%doc ChangeLog README.md %{_bindir}/wavpack %{_bindir}/wvgain %{_bindir}/wvunpack ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="version">5.1.0</param> <param name="versionformat">5.1.0~git%cd.%h</param> <param name="url">[email protected]:dbry/WavPack.git</param> <param name="scm">git</param> <param name="exclude">.git</param> <param name="changesgenerate">enable</param> <param name="filename">wavpack</param> </service> <service name="recompress" mode="disabled"> <param name="compression">xz</param> <param name="file">*.tar</param> </service> <service name="set_version" mode="disabled"/> </services>
