diff --git a/0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch b/0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9cbeb77036616bbd8ccb5f644847176d1fe6e143
--- /dev/null
+++ b/0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch
@@ -0,0 +1,34 @@
+From: David Bryant <david@wavpack.com>
+Date: Tue, 23 Nov 2021 13:14:35 -0800
+Subject: [PATCH] issue #110: sanitize DSD file types for invalid lengths
+
+
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index d7adb6a..5bdcae3 100644
+--- a/cli/dsdiff.c
++++ b/cli/dsdiff.c
+@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             }
+ 
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
++
++            if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
++                error_line ("%s is not a valid .DFF file!", infilename);
++                return WAVPACK_SOFT_ERROR;
++            }
++
+             break;
+         }
+         else {          // just copy unknown chunks to output file
+diff --git a/cli/dsf.c b/cli/dsf.c
+index e1d7973..dddd488 100644
+--- a/cli/dsf.c
++++ b/cli/dsf.c
+@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
+ 
+     if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
+         format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
++        format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
+         (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
+         format_chunk.numChannels < 1 || format_chunk.numChannels > 6 ||
+         format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
diff --git a/wavpack-5.4.0.tar.bz2 b/wavpack-5.4.0.tar.bz2
new file mode 100644
index 0000000000000000000000000000000000000000..7fe2d9fc5ec1384d1b3ff603df9643379292ccdf
Binary files /dev/null and b/wavpack-5.4.0.tar.bz2 differ
diff --git a/wavpack.spec b/wavpack.spec
new file mode 100644
index 0000000000000000000000000000000000000000..4f473851f4719d15916fcbaae12dd596e6968abb
--- /dev/null
+++ b/wavpack.spec
@@ -0,0 +1,66 @@
+%define anolis_release 1
+Name:		wavpack
+Summary:	A completely open audiocodec
+Version:	5.4.0
+Release:	%{anolis_release}%{?dist}
+License:	BSD
+Url:		http://www.wavpack.com/
+Source:		http://www.wavpack.com/%{name}-%{version}.tar.bz2
+# CVE-2021-44269
+Patch1:		0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch
+# For autoreconf
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool
+BuildRequires:  make
+
+%description
+WavPack is a completely open audio compression format providing lossless,
+high-quality lossy, and a unique hybrid compression mode. Although the
+technology is loosely based on previous versions of WavPack, the new
+version 4 format has been designed from the ground up to offer unparalleled
+performance and functionality.
+
+%package devel
+Summary:	WavPack - development files
+Requires:	%{name} = %{version}-%{release}
+Requires:	pkgconfig
+
+%description devel
+Files needed for developing apps using wavpack
+
+%prep
+%autosetup -p1
+
+%build
+autoreconf -ivf
+%configure --disable-static 
+
+make %{?_smp_mflags}
+
+%install
+%make_install
+rm -f %{buildroot}/%{_libdir}/*.la
+
+%ldconfig_scriptlets
+
+%files
+%{_bindir}/*
+%{_libdir}/libwavpack.so.*
+%{_mandir}/man1/wavpack.1*
+%{_mandir}/man1/wvgain.1*
+%{_mandir}/man1/wvunpack.1*
+%{_mandir}/man1/wvtag.1*
+%doc AUTHORS doc/wavpack_doc.html
+%license COPYING
+
+%files devel
+%{_includedir}/*
+%{_libdir}/pkgconfig/*
+%{_libdir}/libwavpack.so
+%doc ChangeLog doc/WavPack5PortingGuide.pdf doc/WavPack5LibraryDoc.pdf doc/WavPack5FileFormat.pdf
+
+%changelog
+*Thu Apr 14 2022 Chunmei Xu <xuchunmei@linux.alibaba.com> - 5.4.0-1
+- init from upstream
+- fix CVE-2021-44269