import speex-1.2.0-11.el9

SOURCES/speex-CVE-2020-23903.patch

@@ -0,0 +1,14 @@
+diff --git a/src/wav_io.c b/src/wav_io.c
+index b51830158f4defb536a760c93a77567daf69a74b..09d62eb017bb48fe48fa1efcaa122719ef1fe39f 100644
+--- a/src/wav_io.c
++++ b/src/wav_io.c
+@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
+    stmp = le_short(stmp);
+    *channels = stmp;
+ 
+-   if (stmp>2)
++   if (stmp>2 || stmp<1)
+    {
+       fprintf (stderr, "Only mono and (intensity) stereo supported\n");
+       return -1;
+

SPECS/speex.spec

@@ -1,7 +1,7 @@
 Summary:	A voice compression format (codec)
 Name:		speex
 Version:	1.2.0
-Release:	10%{?dist}
+Release:	11%{?dist}
 License:	BSD
 URL:		https://www.speex.org/
 Source0:	https://downloads.xiph.org/releases/speex/%{name}-%{version}.tar.gz
@@ -10,6 +10,8 @@ BuildRequires:	gcc
 BuildRequires:	pkgconfig(ogg)
 BuildRequires:	pkgconfig(speexdsp)
 
+Patch0: speex-CVE-2020-23903.patch
+
 %description
 Speex is a patent-free compression format designed especially for
 speech. It is specialized for voice communications at low bit-rates in
@@ -35,6 +37,7 @@ speech. This package contains tools files and user's manual for %{name}.
 
 %prep
 %setup -q
+%patch0 -p1 -b.CVE-2020-23903
 
 %build
 %configure --disable-static --enable-binaries
@@ -70,6 +73,10 @@ rm -f $RPM_BUILD_ROOT%{_docdir}/speex/manual.pdf
 
 
 %changelog
+* Thu Mar 24 2022 Tomas Korbar <tkorbar@redhat.com> - 1.2.0-11
+- CVE-2020-23903 speex: divide by zero in read_samples() via crafted WAV file
+- Resolves: CVE-2020-23903
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.0-10
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688