From 3968e2e655a8aeecc4f3c1feab09f99d7d5f26eb Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: May 24 2022 10:11:42 +0000
Subject: import wavpack-5.1.0-16.el8


---

diff --git a/SOURCES/wavpack-0011-issue-110-sanitize-DSD-file-types.patch b/SOURCES/wavpack-0011-issue-110-sanitize-DSD-file-types.patch
new file mode 100644
index 0000000..e71c22b
--- /dev/null
+++ b/SOURCES/wavpack-0011-issue-110-sanitize-DSD-file-types.patch
@@ -0,0 +1,35 @@
+commit 3915cf88c0cf2cf9806d7323071c9b856b6dc52b
+Author: Tomas Korbar <tkorbar@redhat.com>
+Date:   Tue May 17 18:11:33 2022 +0200
+
+    Fix CVE-2021-44269
+
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index 62d8a0c..fa69e32 100644
+--- a/cli/dsdiff.c
++++ b/cli/dsdiff.c
+@@ -284,6 +284,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+                 return WAVPACK_SOFT_ERROR;
+             }
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
++            
++            if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
++                error_line ("%s is not a valid .DFF file!", infilename);
++                return WAVPACK_SOFT_ERROR;
++            }
++
+             break;
+         }
+         else {          // just copy unknown chunks to output file
+diff --git a/cli/dsf.c b/cli/dsf.c
+index cd82ae9..fd6b2a5 100644
+--- a/cli/dsf.c
++++ b/cli/dsf.c
+@@ -121,6 +121,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
+ 
+     if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
+         format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
++        format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
+         (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
+         format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
+             error_line ("%s is not a valid .DSF file!", infilename);
diff --git a/SPECS/wavpack.spec b/SPECS/wavpack.spec
index 5c26fbc..d3ae267 100644
--- a/SPECS/wavpack.spec
+++ b/SPECS/wavpack.spec
@@ -1,7 +1,7 @@
 Name:		wavpack
 Summary:	A completely open audiocodec
 Version:	5.1.0
-Release:	15%{?dist}
+Release:	16%{?dist}
 License:	BSD
 Group:		Applications/Multimedia
 Url:		http://www.wavpack.com/
@@ -16,6 +16,8 @@ Patch7:		wavpack-0007-issue-53-error-out-on-zero-sample-rate.patch
 Patch8:		wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch
 Patch9:		wavpack-0009-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
 Patch10:	wavpack-0010-issue-54-fix-potential-out-of-bounds-heap-read.patch
+Patch11:	wavpack-0011-issue-110-sanitize-DSD-file-types.patch
+
 # For autoreconf
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -70,6 +72,10 @@ rm -f %{buildroot}/%{_libdir}/*.la
 %doc ChangeLog README
 
 %changelog
+* Tue May 17 2022 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-16
+- CVE-2021-44269 wavpack: heap Out-of-bounds Read
+- Resolves: CVE-2021-44269
+
 * Fri Oct 04 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
 - fix Out-of-bounds read in WavpackVerifySingleBlock function (#1663151)
 - CVE-2018-19841