wavpack (5.1.0-2ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write
    - debian/patches/CVE-2020-35738.patch: checks bounds
      in order to avoid/fix integer overflows resulting in buffer
      overruns in src/pack_utils.c.
    - CVE-2020-35738

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Tue, 05 Jan 2021 10:32:02 -0300

wavpack (5.1.0-2ubuntu1.4) bionic-security; urgency=medium

  * debian/0009-issue-41-make-sure-DFF-does-not*.patch: make sure
    DFF chunk does not have negative length.
  * debian/patches/0010-issue-43-catch-zero*.patch: catch zero
    channel count in DSF and DSDIFF files.
  * SECURITY UPDATE: Crash due a divide by zero
    - debian/patches/CVE-2019-1010315.patch: make sure DSDIFF files
      have a valid channel count in cli/dsdiff.c.
    - CVE-2019-1010315
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010317.patch: make sure CAF files
      have a "desc" chunk in cli/caff.c.
    - CVE-2019-1010317
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010318.patch: make sure sample rate is
      specified and non-zero in DFF files in cli/dsdiff.c.
    - CVE-2019-1010318
  * SECURITY UPDATE: Crashes and segfaults
    - debian/patches/CVE-2019-1010319.patch: clear WaveHeader at start
      to prevent uninitialized read in cli/wave64.c.
    - CVE-2019-1010319

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 16 Jul 2019 09:04:50 -0300

wavpack (5.1.0-2ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-11498.patch: make sure sample rate variable
      is specified and non-zero in DFF files in cli/dsdiff.c.
    - CVE-2019-11498

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 29 Apr 2019 11:43:20 -0300

wavpack (5.1.0-2ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-19840.patch: checking
      if sample_rate is not zero in src/pack_utils.c.
    - CVE-2018-19840
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-19841.patch: fix in
      src/open_utils.c.

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 06 Dec 2018 08:47:38 -0300

wavpack (5.1.0-2ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Writing to memory vulnerability in wav64 and riff
    - debian/patches/CVE-2018-10536-and-10537.patch: fixing in cli/riff.c,
      cli/wave64.c.
    - CVE-2018-10536
    - CVE-2018-10537
  * SECURITY UPDATE: Out-of-bounds writes in riff, DSDiff and W64
    - debian/patches/CVE-2018-10538-and-10539-and-10540.patch: sanitize
      size of unknown chunks before malloc in cli/dsdiff.c, cli/riff.c,
      cli/wave64.c.
    - CVE-2018-10538
    - CVE-2018-10539
    - CVE-2018-10540

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 30 Apr 2018 15:53:18 -0300

wavpack (5.1.0-2ubuntu1) bionic; urgency=medium

  * SECURITY UPDATE: stack-based buffer overr-read
    - debian/patches/CVE-2018-6767.patch: do not overwrite
      stack on corrupt RF64 file in cli/riff.c.
    - CVE-2018-6767
  * SECURITY UPDATE: Maliciously crafted DSDIFF can result
    in a denial of service
    - debian/patches/CVE-2018-7253.patch: do not overwrite
      heap on corrupt DSDIFF file in cli/dsdiff.c
    - CVE-2018-7253
  * SECURITY UPDATE: Denial of service through maliciously
    crafted CAF file
    - debian/patches/CVE-2018-7254.patch: fix buffer overflows
      and bad allocs in cli/caff.c.
    - CVE-2018-7254

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Thu, 22 Feb 2018 12:13:50 -0300

wavpack (5.1.0-2) unstable; urgency=medium

  * Bump Standards-Version to 4.0.0.
  * Drop myself from Uploaders.

 -- Loïc Minier <lool@debian.org>  Sun, 09 Jul 2017 21:32:49 +0200

wavpack (5.1.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/patches: Removed patches included upstream.
  * debian/copyright: Update copyright years.

 -- Sebastian Ramacher <sramacher@debian.org>  Thu, 15 Jun 2017 12:59:20 +0200

wavpack (5.0.0-2) unstable; urgency=medium

  * Team upload.
  * debian/patches: Apply upstream fix to fix some fuzz failures
    (CVE-2016-10169, CVE-2016-10170, CVE-2016-10171, CVE-2016-10172). (Closes:
    #853076)

 -- Sebastian Ramacher <sramacher@debian.org>  Mon, 30 Jan 2017 21:04:05 +0100

wavpack (5.0.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/libwavpack1.symbols: Add new symbols.
  * debian/copyright: Update copyright information.
  * debian/control: Bump Standards-Version.

 -- Sebastian Ramacher <sramacher@debian.org>  Mon, 02 Jan 2017 13:56:51 +0100

wavpack (4.80.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/patches/mark-stack-non-executable.patch: Removed, included
    upstream.
  * debian/control:
    - Bump Standards-Version, no changes needed.
    - Update Vcs-*.

 -- Sebastian Ramacher <sramacher@debian.org>  Tue, 05 Apr 2016 21:47:45 +0200

wavpack (4.75.2-2) unstable; urgency=medium

  * Team upload.
  * debian/rules:
    - No longer pass --enable-mmx on amd64. It was removed.
    - Pass --disable-asm on armel and armhf to fix FTBFS.

 -- Sebastian Ramacher <sramacher@debian.org>  Sun, 17 Jan 2016 17:39:03 +0100

wavpack (4.75.2-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
  * debian/patches/mark-stack-non-executable.patch: Mark stack as
    non-executable. Thanks to Russell Coker for the patch. (Closes: #793320)
  * debian/control: Remove ${shlibs:Depends} from libwavpack-dev's Depends.

 -- Sebastian Ramacher <sramacher@debian.org>  Sun, 17 Jan 2016 13:39:23 +0100

wavpack (4.75.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream release:
    - improved: reorganization for modularity and to improve linking
    - added: assembler optimizations for encode/decode on x86 and x64
    - added: assembler optimizations for decoding on ARMv7 (Linux)
    - improved: several minor speed optimizations using intrinsics
    - fixed: wavpack.pc.in not working correctly on some Linux distros
    - fixed: memcpy() issue causing abort() on OpenBSD
  * Touch Standards-Version

 -- Alessio Treglia <alessio@debian.org>  Wed, 10 Jun 2015 19:17:14 +0100

wavpack (4.70.0-1) unstable; urgency=low

  * New upstream release:
    + debian/patches/0001-pkgconfig.patch,
      debian/patches/0002-largefile.patch:
      - Drop patches that were merged upstream.

 -- Sebastian Dröge <slomo@debian.org>  Thu, 31 Oct 2013 16:47:06 +0100

wavpack (4.60.1-3) unstable; urgency=low

  * Team upload.
  * Check for large files support on 32-bit systems too.
    Thanks to Frank Lübeck for the report. (Closes: #666340)
  * Add dh-autoreconf to the build.
  * Bump debhelper requirement to match debian/compat.
  * Bump Standards.

 -- Alessio Treglia <alessio@debian.org>  Sun, 01 Apr 2012 11:43:30 +0200

wavpack (4.60.1-2) unstable; urgency=low

  * Team upload.
  * Enable Multi-Arch support (Closes: #651017):
    - debian/{*.install,control,rules}: Update references and enable
      Multi-Arch: same; patch from Becka Morgan.
    - debian/patches/0001-pkgconfig.patch: Avoid wavpack.pc to be
      broken after switching to Multi-Arch.
  * Fix lintian's warnings:
    - binary-control-field-duplicates-source
    - copyright-refers-to-deprecated-bsd-license-file
    - description-synopsis-starts-with-article
  * Enable MMX extensions on amd64.
  * Correct maintainer's name, add VCS fields.
  * Bump debian/compat.
  * Bump Standards version.
  * Add gbp config file.

 -- Alessio Treglia <alessio@debian.org>  Mon, 05 Dec 2011 11:36:14 +0100

wavpack (4.60.1-1) unstable; urgency=low

  * New upstream release:
    + debian/rules:
      - Some cleanup.
    + debian/*.1.xml,
      debian/wavpack.manpages,
      debian/control:
      - Manpages are upstream now.
  * debian/source/format:
    + Switch to 3.0 (quilt) and use upstream's tar.bz2.

 -- Sebastian Dröge <slomo@debian.org>  Thu, 03 Dec 2009 09:51:39 +0100

wavpack (4.60.0-1) unstable; urgency=low

  * New upstream release:
    + debian/libwavpack1.symbols,
      debian/libwavpack1.shlibs:
      - Updated for the API additions.
  * debian/control:
    + Updated Standards-Version to 3.8.3.
    + Add ${shlibs:Depends} to the -dev package.
  * debian/control,
    debian/compat:
    + Updated to debhelper compat level 6.

 -- Sebastian Dröge <slomo@debian.org>  Mon, 05 Oct 2009 07:22:03 +0200

wavpack (4.50.1-1) unstable; urgency=low

  * New upstream bugfix release.

 -- Sebastian Dröge <slomo@debian.org>  Fri, 18 Jul 2008 12:35:46 +0200

wavpack (4.50.0-1) unstable; urgency=low

  * New upstream release:
    + debian/patches/01_memory-alignment.patch:
      - Dropped, fixed different upstream.
    + debian/libwavpack1.shlibs:
      - Updated to >= 4.50.0 because of new flags for some functions.
  * debian/control:
    + Set maintainer to pkg-multimedia.
    + Wrap control fields.
    + Move homepage to the Homepage field.
    + Update Standards-Version to 3.8.0, no additional changes needed.

 -- Sebastian Dröge <slomo@debian.org>  Thu, 26 Jun 2008 13:02:38 +0200

wavpack (4.41.0-2) unstable; urgency=low

  * debian/libwavpack1.symbols,
    debian/control:
    + Add a symbol file for WavPack and build depend on new enough dpkg-dev
      for this.
  * debian/control:
    + Update Standards-Version to 3.7.3, no additional changes needed.
    + Use ${binary:Version} instead of ${Source-Version}.
  * debian/patches/01_memory-alignment.patch:
    + Fix alignment issues which result in a SIGBUS on sparc (Closes: #476234).

 -- Sebastian Dröge <slomo@debian.org>  Tue, 15 Apr 2008 12:22:24 +0200

wavpack (4.41.0-1) unstable; urgency=low

  * New upstream release without API changes.
  * debian/patches/01_fix-undefined-extern.diff:
    + Dropped, not necessary anymore.

 -- Sebastian Dröge <slomo@debian.org>  Mon, 21 May 2007 12:11:16 +0200

wavpack (4.40.0-2) unstable; urgency=low

  * Upload to unstable
  * debian/control:
    + Update to use my debian.org mail address

 -- Sebastian Dröge <slomo@debian.org>  Mon, 16 Apr 2007 01:07:27 +0200

wavpack (4.40.0-1) experimental; urgency=low

  [ Sebastian Dröge ]
  * New upstream release
  * debian/control:
    + Update package name for new soname and remove now unnecessary conflicts
    + Drop unnecessary libncurses (build) dependency
  * debian/rules:
    + Adjust for new package name
  * debian/libwavpack1.shlibs:
    + Set shlibs minimal version from here
  * debian/patches/01_fix-undefined-extern.diff:
    + Updated for new file locations
  * debian/compat:
    + Update to 5

  [ Loic Minier ]
  * Add year 2006 to copyright.

 -- Loic Minier <lool@dooz.org>  Mon, 11 Dec 2006 15:52:24 +0100

wavpack (4.32-2) unstable; urgency=low

  * Make sure that dh_makeshlibs of libwavpack0 is called before dh_shlibdeps
    of wavpack to generate correct dependencies.

 -- Sebastian Dröge <slomo@ubuntu.com>  Mon, 24 Apr 2006 20:30:48 +0200

wavpack (4.32-1) unstable; urgency=low

  * New upstream release:
    + New wvgain utility for calculating and adding ReplayGain informations
      to files
    + Fix a crasher on big-endian systems
    + Some usuability improvements to the commandline utilities
  * No need to use -fsigned-char anymore
  * debian/wvgain.1.xml: added manpage for the new wvgain utility
  * List files which are not in any package after build
  * Add a Conflict with gstreamer0.8-misc (<< 0.8.12-2) on libwavpack0 as this
    update breaks ABI and gst-plugins0.8 has to be rebuild against the new
    version. I didn't invent a .debian soname as upstream promises to use a
    correct soname in the future when breaking ABI and gstreamer0.8-misc is
    the only rdepend.

 -- Sebastian Dröge <slomo@ubuntu.com>  Thu, 20 Apr 2006 11:58:09 +0200

wavpack (4.3-2) unstable; urgency=low

  * Use -fsigned-char to solve problems with decoding/encoding on different
    archs where chars are unsigned by default (including powerpc)
  * Install the README only in the -dev package

 -- Sebastian Dröge <slomo@ubuntu.com>  Thu, 17 Nov 2005 18:38:32 +0100

wavpack (4.3-1) unstable; urgency=low

  * Initial Revision (Closes: #333087)
  * 01_fix-undefined-extern.diff:
    + Fix from Gnome BTS #321212 for setting an extern variable. Fixes
      gstreamer plugin and maybe more

 -- Sebastian Dröge <slomo@ubuntu.com>  Fri, 11 Nov 2005 16:42:07 +0100

