Pick fixes for two security vulnerabilities from upstream repository:

CVE-2017-14160: Fix bounds check on very low sample rates.
CVE-2018-10392: Sanity check number of channels in setup.

These were committed upstream two years ago, but there has been no
release since.

Reported by: T.J. Townsend <tj@openbsd.org>
Security: 4200d5f5-b985-11ea-b08a-f8b156b6dcc8