Skip to main content
Topic: WavPack 5.2.0 Release (Read 1465 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

WavPack 5.2.0 Release

A few days ago I finished up a new WavPack release. The primary motivation for this was to include fixes for ten CVEs that have been filed since the previous version was made almost three years ago. Fortunately most of the CVEs are completely harmless (unexploitable) and the few that might have exploits only affect the command-line encoder (wavpack.exe), not the library. However, when I discovered that distro maintainers were backporting these fixes into older revisions of WavPack (because it's not their job to evaluate the potential threat of a CVE) I decided I must get a new release out ASAP.

There also are three years of minor fixes in there, including two bugs that might affect Foobar2000 users: verify (-v) failing with hybrid lossless mode from stdin source and fixing WAV headers when ignoring length (-i) mode is used.

Finally, in other news, WavPack is now using Travis CI for build verification, has support for CMake, and has been accepted and running in Google's OSS-fuzz project.

I have not updated the official website yet, but all the packages and binaries are posted on GitHub.

  • fixed: potential security issues including the following CVEs:
             CVE-2018-19840 CVE-2018-19841 CVE-2018-10536
             CVE-2018-10537 CVE-2018-10538 CVE-2018-10539
             CVE-2018-10540 CVE-2018-7254  CVE-2018-7253
  • added: support for CMake, Travis CI, and Google's OSS-fuzz
  • fixed: use correction file for encode verify (pipe input, Windows)
  • fixed: correct WAV header with actual length (pipe input, -i option)
  • fixed: thumb interworking and not needing v6 architecture (ARM asm)
  • added: handle more ID3v2.3 tag items and from all file types
  • fixed: coredump on Sparc64 (changed MD5 implementation)
  • fixed: handle invalid ID3v2.3 tags from sacd-ripper
  • fixed: several corner-case memory leaks

Thanks so much to all the people who helped on WavPack over the last three years, and of course thanks to all the users!

Re: WavPack 5.2.0 Release

Reply #1
Thanks for the new relase ....
It has not yet been included in the Ubuntu repositories because I see that there is 5.1
Thank you

Re: WavPack 5.2.0 Release

Reply #2
Ubuntu will probably rather backport the security changes, instead of updating it. At least if you're on LTS.

Re: WavPack 5.2.0 Release

Reply #3
I have the 18.04 LTS

Re: WavPack 5.2.0 Release

Reply #4
The security fixes have been patched in the 5.1.0-2ubuntu1.4 version that goes with Ubuntu 18.04. See here. That was in July.

The only thing in the new release that might be useful on Ubuntu would be the improved ID3v2 tag importing which can now be used with all file types, handles a lot more fields, and handles the corrupt tags made by sacd_ripper. If you want those improvements you need to build from source and install because as kode54 says, they're not likely to bring 5.2.0 into an LTS.

Re: WavPack 5.2.0 Release

Reply #5
Or you can wait until next year, when 20.04 is due. Of course, your distribution won't offer to automatically upgrade to it until it reaches 20.04.1.

Re: WavPack 5.2.0 Release

Reply #6

If you want those improvements you need to build from source and install because as kode54 says, they're not likely to bring 5.2.0 into an LTS.
Well, those improvements would be useful to me but I don't know how to install them, in fact I noticed that many tags from the dsf are not imported, patience I will wait for the release of the new LTS in April where I hope there is the default 5.2
Thank you

Re: WavPack 5.2.0 Release

Reply #7
Even if you're not comfortable building and installing the new version, there's no reason to wait until the next LTS, especially since there's no guarantee they'll update to 5.2.0 then.

I created a static build of the executables for Ubuntu that should work fine on your system, and since they include the library you don't have to worry about anything getting messed up. Just copy them (as root) into /usr/local/bin and bash will pick them up first (the installed versions should be in /usr/bin). You might have to restart the shell or do a hash -r command to use them the first time.

If they don't work right (I'm pretty sure they will) or you decide to go back to the previous installed version, just delete them and it will be like they never existed. Obviously you'll want to delete them before you try to update to the next LTS.

Of course you should not normally just run Linux executables that someone posted on a forum, and if you don't feel comfortable doing that now I can also show you how to build these same files on your system, again without messing anything up.

Re: WavPack 5.2.0 Release

Reply #8
My usr / local / bin folder is empty but if I open it as an administrator it tells me that I don't have permission to insert files inside, I don't know why ...... I have to put the loose files or the whole wavpack-5.2 folder .0-bin?
Thank you

Re: WavPack 5.2.0 Release

Reply #9
You need to copy the 4 files individually, not the folder.

Check your PM...  :)

Re: WavPack 5.2.0 Release

Reply #10
Another singleuser way is to run them from the user profile dir - e.g . ~/Downloads/wavpack. You can even compile into the /home folder by ./configure --prefix ~

Anyway thats what I do when playing with linux.  In windows similarly , I run non-installer apps from my userprofile. this way you avoid permission issues / risks of messing system wide things.
wavpack 4.8 -b256hx6c

Re: WavPack 5.2.0 Release

Reply #11
Yay for a new WavPack (maintenance) release!

Thanks David, and have a great 2020.
WavPack 5.2.0 -b384hx6cmv / qaac 2.68 -V 100


Re: WavPack 5.2.0 Release

Reply #12
I managed to put the files in the usr / local / bin folder, I practically had the zipped file in the download folder, I extracted the wavpack-5.2.0-bin folder and then I opened it as an administrator, next to it I opened a new tab and I went to / usr / local / bin and I put the 4 files, everything went well, I also made a conversion from dsf to wv terminal and wrote me that I have version 5.2 and I noticed that now it imports tags that didn't matter before.
Thanks and Happy 2020 David

SimplePortal 1.0.0 RC1 © 2008-2020