Bug 8206 - [UPDATE REQUEST 2016.1] wavpack 5.1.0 with fix CVE-2018-6767, CVE-2018-7253 and CVE-2018-7254
: [UPDATE REQUEST 2016.1] wavpack 5.1.0 with fix CVE-2018-6767, CVE-2018-7253 ...
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks: 7790
  Show dependency treegraph
 
Reported: 2017-08-07 21:19 MSD by Алексей-З
Modified: 2018-03-27 17:58 MSD (History)
4 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrey.bondrov: published+


Attachments
sc1 (246.46 KB, image/png)
2018-03-15 18:42 MSK, s.savelyeva
Details
sc2 (261.11 KB, image/png)
2018-03-15 18:43 MSK, s.savelyeva
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Алексей-З 2017-08-07 21:19:30 MSD
Обновился wavpack.
Comment 1 Алексей-З 2017-08-07 21:21:56 MSD
Updated to 5.1.0
https://abf.io/build_lists/2885509
https://abf.io/build_lists/2885510
Comment 2 Алексей-З 2017-09-11 00:43:56 MSD
Пересборка
https://abf.io/build_lists/2893339
https://abf.io/build_lists/2893340
Comment 3 Алзим 2017-10-04 21:08:48 MSD
Пересборка
https://abf.io/build_lists/2899152
https://abf.io/build_lists/2899153
Comment 4 Алзим 2017-10-30 21:49:56 MSK
Пересборка
https://abf.io/build_lists/2906982
https://abf.io/build_lists/2906983
Comment 5 Vladimir Potapov 2017-11-10 08:34:05 MSK
urpmi wavpack
    http://abf-downloads.rosalinux.ru/rosa2016.1/container/2906982/i586/main/release/wavpack-5.1.0-1-rosa2016.1.i586.rpm
                                                                                                                                                           

устанавливается wavpack-5.1.0-1-rosa2016.1.i586.rpm из /var/cache/urpmi/rpms
Подготовка...                    #########################################################################################################################
      1/1: wavpack               #########################################################################################################################
      1/1: удаляется wavpack-4.80.0-2.i586
                                 #########################################################################################################################
keleg@TT-i586 ~ $ wavpack 
wavpack: symbol lookup error: wavpack: undefined symbol: WavpackSetConfiguration64


The issue only for first setup the package. After update previous version the program work correct
*****************************************************
QA Denied
Comment 6 Vladimir Potapov 2017-11-10 08:42:31 MSK
Насколько я понял, при установке не подтягивается библиотека новой версии. Нужно прописать.
Comment 7 Giovanni Mariani 2018-03-03 23:00:05 MSK
Advisory:
Update wavpack to release 5.1.0 (to fix CVE-2016-10169) and add patches for more CVEs (2018-6767, 2018-7253 and 2018-7254).

Packages for Rosa 2016.1 / Main:
Comment 8 Giovanni Mariani 2018-03-03 23:02:41 MSK
Advisory:
Update wavpack to release 5.1.0 (to fix CVE-2016-10169) and add patches for
more CVEs (2018-6767, 2018-7253 and 2018-7254): see bug #7790.
(Sorry, pushed the wrong key...)

Packages for Rosa 2016.1 / Main:
https://abf.rosalinux.ru/build_lists/2920845
https://abf.rosalinux.ru/build_lists/2920846
Comment 12 s.savelyeva 2018-03-14 18:29:29 MSK
There is only i586 architecture for xine-lib  in both containers (for the Main repository), and in one of the containers rpms are doubled)
Comment 13 Giovanni Mariani 2018-03-14 21:46:35 MSK
(In reply to comment #12)
> There is only i586 architecture for xine-lib  in both containers (for the
> Main repository), and in one of the containers rpms are doubled)

Sorry, too many packages to build at the same time.
The right couple for xine-lib is:
https://abf.rosalinux.ru/build_lists/2921140 (i586)
https://abf.rosalinux.ru/build_lists/2921141 (x86_64)
Comment 14 s.savelyeva 2018-03-15 12:17:52 MSK
thanks a lot!

but for the sox of Restricted the same stuff(
Comment 15 s.savelyeva 2018-03-15 16:54:35 MSK
and with audacious-plugins of the Main the same issue
Comment 16 s.savelyeva 2018-03-15 18:41:55 MSK
n some for audacious-plugins: either for Main (tested i586 only) and Restricted it doesn't install. When trying to install looks like it's ok - neither error messages nor in gui nor in console, but it's not installed. (screens after attempts of installation)
Comment 17 s.savelyeva 2018-03-15 18:42:54 MSK
Created attachment 4825 [details]
sc1
Comment 18 s.savelyeva 2018-03-15 18:43:25 MSK
Created attachment 4826 [details]
sc2
Comment 19 Giovanni Mariani 2018-03-16 00:17:39 MSK
(In reply to comment #14)
> thanks a lot!
> 
> but for the sox of Restricted the same stuff(

Bah... This one should do:
https://abf.rosalinux.ru/build_lists/2922162
Comment 20 Giovanni Mariani 2018-03-16 00:50:38 MSK
(In reply to comment #16)
> n some for audacious-plugins: either for Main (tested i586 only) and
> Restricted it doesn't install. When trying to install looks like it's ok -
> neither error messages nor in gui nor in console, but it's not installed.
> (screens after attempts of installation)

Rebuilt all the packages with bumped release (in the previous ones I forgot to enable lame in all builds, given that patents on mp3 expired on April 2017).
Please try those...

audacious-plugins (Main):
https://abf.rosalinux.ru/build_lists/2922163
https://abf.rosalinux.ru/build_lists/2922164

audacious-plugins (Restricted):
https://abf.rosalinux.ru/build_lists/2922165
https://abf.rosalinux.ru/build_lists/2922166

I installed the plf one for x86_64, but cannot reproduce the issue you saw:
running audacious and opening the settings for plug-ins shows me all the involved stuff and I can also select settings or about for them...
Comment 21 s.savelyeva 2018-03-19 13:55:55 MSK
now sox and audacious-plugins are ok)

And please don't forget make link for the containers:) (there are no links for Contrib)
Comment 22 Giovanni Mariani 2018-03-19 19:09:09 MSK
(In reply to comment #21)
> now sox and audacious-plugins are ok)
> 
> And please don't forget make link for the containers:) (there are no links
> for Contrib)
Containers done for all Contrib packages (somehow this does not happen automatically when launching build from abf command line...).
Thank you for your patience...
Comment 23 s.savelyeva 2018-03-23 18:52:56 MSK
Also please add libqt5sql as dependency for mpd:)
Comment 24 Vladimir Potapov 2018-03-23 19:27:19 MSK
The update is sent to expanded testing
**************************************
Comment 25 Giovanni Mariani 2018-03-23 21:39:03 MSK
(In reply to comment #23)
> Also please add libqt5sql as dependency for mpd:)

Do you mean to the mpd spec file?
Comment 26 Vladimir Potapov 2018-03-27 12:46:54 MSD
wavpack-5.1.0-2
https://abf.rosalinux.ru/build_lists/2920845
https://abf.rosalinux.ru/build_lists/2920846

gstreamer0.10-plugins-good-0.10.31-13
https://abf.rosalinux.ru/build_lists/2921127
https://abf.rosalinux.ru/build_lists/2921128

gstreamer1.0-plugins-good-1.12.4-2
https://abf.rosalinux.ru/build_lists/2921144
https://abf.rosalinux.ru/build_lists/2921145

ffmpeg-3.4.2-2
https://abf.rosalinux.ru/build_lists/2921129
https://abf.rosalinux.ru/build_lists/2921130

sox-14.4.2-2
https://abf.rosalinux.ru/build_lists/2921135
https://abf.rosalinux.ru/build_lists/2921136

xine-lib-1.2.6-4
https://abf.rosalinux.ru/build_lists/2921139
https://abf.rosalinux.ru/build_lists/2921141

easytag-2.2.6-8
https://abf.rosalinux.ru/build_lists/2921378
https://abf.rosalinux.ru/build_lists/2921379

audacious-plugins-3.9-3
https://abf.rosalinux.ru/build_lists/2922163
https://abf.rosalinux.ru/build_lists/2922164

deadbeef-0.7.2-3
https://abf.rosalinux.ru/build_lists/2921392
https://abf.rosalinux.ru/build_lists/2921393

qmmp-1.2.0-2
https://abf.rosalinux.ru/build_lists/2921384
https://abf.rosalinux.ru/build_lists/2921385

ffmpeg-3.4.2-2plf
https://abf.rosalinux.ru/build_lists/2921131
https://abf.rosalinux.ru/build_lists/2921132

sox-14.4.2-2plf
https://abf.rosalinux.ru/build_lists/2921137
https://abf.rosalinux.ru/build_lists/2922162

audacious-plugins-3.9-3plf
https://abf.rosalinux.ru/build_lists/2922165
https://abf.rosalinux.ru/build_lists/2922166

deadbeef-0.7.2-3plf
https://abf.rosalinux.ru/build_lists/2921390
https://abf.rosalinux.ru/build_lists/2921391

qmmp-1.2.0-2plf
https://abf.rosalinux.ru/build_lists/2921386
https://abf.rosalinux.ru/build_lists/2921387

mpd-0.20.15-2plf
https://abf.rosalinux.ru/build_lists/2921398
https://abf.rosalinux.ru/build_lists/2921399
************************************************
QA Verified