From 9354dcc6c0b802f1ae7d1351d774a640071a1a8f Mon Sep 17 00:00:00 2001
From: Tomas Korbar <tkorbar@redhat.com>
Date: Aug 19 2019 09:55:33 +0000
Subject: Fix for CVE-2019-1010317


---

diff --git a/wavpack-0013-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch b/wavpack-0013-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
new file mode 100644
index 0000000..57bcaf9
--- /dev/null
+++ b/wavpack-0013-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
@@ -0,0 +1,30 @@
+diff --git a/cli/caff.c b/cli/caff.c
+index 2a5e2d9..a35da74 100644
+--- a/cli/caff.c
++++ b/cli/caff.c
+@@ -152,7 +152,7 @@ static struct {
+ 
+ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config)
+ {
+-    uint32_t chan_chunk = 0, channel_layout = 0, bcount;
++    uint32_t chan_chunk = 0, desc_chunk = 0, channel_layout = 0, bcount;
+     unsigned char *channel_identities = NULL;
+     unsigned char *channel_reorder = NULL;
+     int64_t total_samples = 0, infilesize;
+@@ -218,6 +218,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
+             }
+ 
+             WavpackBigEndianToNative (&caf_audio_format, CAFAudioFormatFormat);
++            desc_chunk = 1;
+ 
+             if (debug_logging_mode) {
+                 char formatstr [5];
+@@ -458,7 +459,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
+         else if (!strncmp (caf_chunk_header.mChunkType, "data", 4)) {     // on the data chunk, get size and exit loop
+             uint32_t mEditCount;
+ 
+-            if (!DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
++            if (!desc_chunk || !DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
+                 bcount != sizeof (mEditCount)) {
+                     error_line ("%s is not a valid .CAF file!", infilename);
+                     return WAVPACK_SOFT_ERROR;
diff --git a/wavpack.spec b/wavpack.spec
index de8aa15..f77fe75 100644
--- a/wavpack.spec
+++ b/wavpack.spec
@@ -1,7 +1,7 @@
 Name:		wavpack
 Summary:	A completely open audiocodec
 Version:	5.1.0
-Release:	15%{?dist}
+Release:	16%{?dist}
 License:	BSD
 Url:		http://www.wavpack.com/
 Source:		http://www.wavpack.com/%{name}-%{version}.tar.bz2
@@ -17,6 +17,7 @@ Patch9:		wavpack-0009-issue-43-catch-zero-channel-count-in-DSF-and-DSDIFF-.patch
 Patch10:	wavpack-0010-issue-65-make-sure-DSDIFF-files-have-a-valid-channel.patch
 Patch11:	wavpack-0011-issue-67-make-sure-sample-rate-is-specified-and-non-.patch
 Patch12:	wavpack-0012-issue-68-clear-WaveHeader-at-start-to-prevent-uninit.patch
+Patch13:	wavpack-0013-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
 # For autoreconf
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -77,6 +78,9 @@ rm -f %{buildroot}/%{_libdir}/*.la
 %doc ChangeLog README
 
 %changelog
+* Mon Aug 19 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-16
+- Fix for CVE-2019-1010317
+
 * Mon Aug 19 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
 - Fix for CVE-2019-1010319