From 5bcc061c788d92fd30854098f79a2f942a235f8f Mon Sep 17 00:00:00 2001
From: Nathan <ndowens04@gmail.com>
Date: Wed, 9 Jan 2019 23:07:48 -0600
Subject: [PATCH] wavpack: Add patch for CVE-2018-19840 CVE-2018-19841

---
 srcpkgs/wavpack/patches/CVE-2018-19840.patch | 25 +++++++++++++++++
 srcpkgs/wavpack/patches/CVE-2018-19841.patch | 29 ++++++++++++++++++++
 srcpkgs/wavpack/template                     |  8 +++---
 3 files changed, 58 insertions(+), 4 deletions(-)
 create mode 100644 srcpkgs/wavpack/patches/CVE-2018-19840.patch
 create mode 100644 srcpkgs/wavpack/patches/CVE-2018-19841.patch

diff --git a/srcpkgs/wavpack/patches/CVE-2018-19840.patch b/srcpkgs/wavpack/patches/CVE-2018-19840.patch
new file mode 100644
index 0000000000..95e03f1d15
--- /dev/null
+++ b/srcpkgs/wavpack/patches/CVE-2018-19840.patch
@@ -0,0 +1,25 @@
+From 070ef6f138956d9ea9612e69586152339dbefe51 Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Thu, 29 Nov 2018 21:00:42 -0800
+Subject: [PATCH] issue #53: error out on zero sample rate
+
+---
+ src/pack_utils.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git src/pack_utils.c src/pack_utils.c
+index 2253f0d..2a83497 100644
+--- a/src/pack_utils.c
++++ b/src/pack_utils.c
+@@ -195,6 +195,11 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
+     int num_chans = config->num_channels;
+     int i;
+ 
++    if (!config->sample_rate) {
++        strcpy (wpc->error_message, "sample rate cannot be zero!");
++        return FALSE;
++    }
++
+     wpc->stream_version = (config->flags & CONFIG_COMPATIBLE_WRITE) ? CUR_STREAM_VERS : MAX_STREAM_VERS;
+ 
+     if ((config->qmode & QMODE_DSD_AUDIO) && config->bytes_per_sample == 1 && config->bits_per_sample == 8) {
diff --git a/srcpkgs/wavpack/patches/CVE-2018-19841.patch b/srcpkgs/wavpack/patches/CVE-2018-19841.patch
new file mode 100644
index 0000000000..6872ed91e4
--- /dev/null
+++ b/srcpkgs/wavpack/patches/CVE-2018-19841.patch
@@ -0,0 +1,29 @@
+From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Thu, 29 Nov 2018 21:53:51 -0800
+Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
+
+---
+ src/open_utils.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/open_utils.c b/src/open_utils.c
+index 80051fc..4fe0d67 100644
+--- a/src/open_utils.c
++++ b/src/open_utils.c
+@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
+ #endif
+ 
+             if (meta_bc == 4) {
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
++                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
+                     return FALSE;
+             }
+             else {
+                 csum ^= csum >> 16;
+ 
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
++                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
+                     return FALSE;
+             }
+ 
diff --git a/srcpkgs/wavpack/template b/srcpkgs/wavpack/template
index cddba4a6d7..1424575d4b 100644
--- a/srcpkgs/wavpack/template
+++ b/srcpkgs/wavpack/template
@@ -1,15 +1,15 @@
 # Template file for 'wavpack'
 pkgname=wavpack
 version=5.1.0
-revision=3
-patch_args="-Np1"
+revision=4
 build_style=gnu-configure
 short_desc="Hybrid lossless audio compression"
-homepage="http://www.wavpack.com/"
-license="BSD-3-Clause"
 maintainer="Juan RP <xtraeme@voidlinux.org>"
+license="BSD-3-Clause"
+homepage="http://www.wavpack.com/"
 distfiles="http://www.wavpack.com/${pkgname}-${version}.tar.bz2"
 checksum=1939627d5358d1da62bc6158d63f7ed12905552f3a799c799ee90296a7612944
+patch_args="-Np1"
 
 pre_configure() {
 	case "$XBPS_TARGET_MACHINE" in