import wavpack-5.1.0-15.el8

SOURCES/wavpack-0006-issue-68-clear-WaveHeader-at-start-to-prevent-uninit.patch

@@ -0,0 +1,12 @@
+diff --git a/cli/wave64.c b/cli/wave64.c
+index 7beffe6..59548b1 100644
+--- a/cli/wave64.c
++++ b/cli/wave64.c
+@@ -56,6 +56,7 @@ int ParseWave64HeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+     int format_chunk = 0;
+     uint32_t bcount;
+ 
++    CLEAR (WaveHeader);
+     infilesize = DoGetFileSize (infile);
+     memcpy (&filehdr, fourcc, 4);
+ 

SOURCES/wavpack-0007-issue-53-error-out-on-zero-sample-rate.patch

@@ -0,0 +1,16 @@
+diff --git a/src/pack_utils.c b/src/pack_utils.c
+index 2253f0d..2a83497 100644
+--- a/src/pack_utils.c
++++ b/src/pack_utils.c
+@@ -195,6 +195,11 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
+     int num_chans = config->num_channels;
+     int i;
+ 
++    if (!config->sample_rate) {
++        strcpy (wpc->error_message, "sample rate cannot be zero!");
++        return FALSE;
++    }
++
+     wpc->stream_version = (config->flags & CONFIG_COMPATIBLE_WRITE) ? CUR_STREAM_VERS : MAX_STREAM_VERS;
+ 
+     if ((config->qmode & QMODE_DSD_AUDIO) && config->bytes_per_sample == 1 && config->bits_per_sample == 8) {

SOURCES/wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch

@@ -0,0 +1,39 @@
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index 410dc1c..a592fdc 100644
+--- a/cli/dsdiff.c
++++ b/cli/dsdiff.c
+@@ -170,8 +170,8 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+ 
+             if (!strncmp (prop_chunk, "SND ", 4)) {
+                 char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
+-                uint16_t numChannels, chansSpecified, chanMask = 0;
+-                uint32_t sampleRate;
++                uint16_t numChannels = 0, chansSpecified, chanMask = 0;
++                uint32_t sampleRate = 0;
+ 
+                 while (eptr - cptr >= sizeof (dff_chunk_header)) {
+                     memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header));
+@@ -194,6 +194,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+ 
+                             chansSpecified = (int)(dff_chunk_header.ckDataSize - sizeof (numChannels)) / 4;
+ 
++                            if (numChannels < chansSpecified || numChannels < 1 || numChannels > 256) {
++                                error_line ("%s is not a valid .DFF file!", infilename);
++                                free (prop_chunk);
++                                return WAVPACK_SOFT_ERROR;
++                            }
++
+                             while (chansSpecified--) {
+                                 if (!strncmp (cptr, "SLFT", 4) || !strncmp (cptr, "MLFT", 4))
+                                     chanMask |= 0x1;
+@@ -263,6 +269,10 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             free (prop_chunk);
+         }
+         else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
++            if (!config->num_channels || !config->sample_rate) {
++                error_line ("%s is not a valid .DFF file!", infilename);
++                return WAVPACK_SOFT_ERROR;
++            }
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+             break;
+         }

SOURCES/wavpack-0009-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch

@@ -0,0 +1,30 @@
+diff --git a/cli/caff.c b/cli/caff.c
+index 2a5e2d9..a35da74 100644
+--- a/cli/caff.c
++++ b/cli/caff.c
+@@ -152,7 +152,7 @@ static struct {
+ 
+ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config)
+ {
+-    uint32_t chan_chunk = 0, channel_layout = 0, bcount;
++    uint32_t chan_chunk = 0, desc_chunk = 0, channel_layout = 0, bcount;
+     unsigned char *channel_identities = NULL;
+     unsigned char *channel_reorder = NULL;
+     int64_t total_samples = 0, infilesize;
+@@ -218,6 +218,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
+             }
+ 
+             WavpackBigEndianToNative (&caf_audio_format, CAFAudioFormatFormat);
++            desc_chunk = 1;
+ 
+             if (debug_logging_mode) {
+                 char formatstr [5];
+@@ -458,7 +459,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
+         else if (!strncmp (caf_chunk_header.mChunkType, "data", 4)) {     // on the data chunk, get size and exit loop
+             uint32_t mEditCount;
+ 
+-            if (!DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
++            if (!desc_chunk || !DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
+                 bcount != sizeof (mEditCount)) {
+                     error_line ("%s is not a valid .CAF file!", infilename);
+                     return WAVPACK_SOFT_ERROR;

SOURCES/wavpack-0010-issue-54-fix-potential-out-of-bounds-heap-read.patch

@@ -0,0 +1,20 @@
+diff --git a/src/open_utils.c b/src/open_utils.c
+index 80051fc..4fe0d67 100644
+--- a/src/open_utils.c
++++ b/src/open_utils.c
+@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
+ #endif
+ 
+             if (meta_bc == 4) {
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
++                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
+                     return FALSE;
+             }
+             else {
+                 csum ^= csum >> 16;
+ 
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
++                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
+                     return FALSE;
+             }
+ 

SPECS/wavpack.spec

@@ -1,7 +1,7 @@
 Name:		wavpack
 Summary:	A completely open audiocodec
 Version:	5.1.0
-Release:	9%{?dist}
+Release:	15%{?dist}
 License:	BSD
 Group:		Applications/Multimedia
 Url:		http://www.wavpack.com/
@@ -11,6 +11,11 @@ Patch2:		wavpack-0002-issue-28-do-not-overwrite-heap-on-corrupt-DSDIFF-fil.patch
 Patch3:		wavpack-0003-issue-28-fix-buffer-overflows-and-bad-allocs-on-corr.patch
 Patch4:		wavpack-0004-issue-33-sanitize-size-of-unknown-chunks-before-mall.patch
 Patch5:		wavpack-0005-issue-30-issue-31-issue-32-no-multiple-format-chunks.patch
+Patch6:		wavpack-0006-issue-68-clear-WaveHeader-at-start-to-prevent-uninit.patch
+Patch7:		wavpack-0007-issue-53-error-out-on-zero-sample-rate.patch
+Patch8:		wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch
+Patch9:		wavpack-0009-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
+Patch10:	wavpack-0010-issue-54-fix-potential-out-of-bounds-heap-read.patch
 # For autoreconf
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -65,6 +70,30 @@ rm -f %{buildroot}/%{_libdir}/*.la
 %doc ChangeLog README
 
 %changelog
+* Fri Oct 04 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
+- fix Out-of-bounds read in WavpackVerifySingleBlock function (#1663151)
+- CVE-2018-19841
+
+* Thu Oct 03 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-14
+- fix uninitialized variable in ParseCaffHeaderConfig (#1741251)
+- CVE-2019-1010317
+
+* Thu Oct 03 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-13
+- fortify parsing of .dff files (#1707428, #1733627)
+- CVE-2019-1010315
+- CVE-2019-11498
+
+* Thu Oct 03 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-12
+- fix possible infinite loop in WavpackPackInit function (#1663154)
+- CVE-2018-19840
+
+* Tue Oct 01 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-11
+- Fix issues with gating
+
+* Mon Sep 30 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-10
+- fix uninitialized variable in ParseWave64HeaderConfig (#1741200)
+- CVE-2019-1010319
+
 * Thu Sep 20 2018 Miroslav Lichvar <mlichvar@redhat.com> - 5.1.0-9
 - Disable assembly optimizations to avoid gaps in annobin coverage (#1630638)