import speex-1.2.0-11.el9

This commit is contained in:
CentOS Sources 2022-11-15 01:27:11 -05:00 committed by Stepan Oksanichenko
parent db3239389a
commit 50d365258c
2 changed files with 22 additions and 1 deletions

View File

@ -0,0 +1,14 @@
diff --git a/src/wav_io.c b/src/wav_io.c
index b51830158f4defb536a760c93a77567daf69a74b..09d62eb017bb48fe48fa1efcaa122719ef1fe39f 100644
--- a/src/wav_io.c
+++ b/src/wav_io.c
@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
stmp = le_short(stmp);
*channels = stmp;
- if (stmp>2)
+ if (stmp>2 || stmp<1)
{
fprintf (stderr, "Only mono and (intensity) stereo supported\n");
return -1;

View File

@ -1,7 +1,7 @@
Summary: A voice compression format (codec)
Name: speex
Version: 1.2.0
Release: 10%{?dist}
Release: 11%{?dist}
License: BSD
URL: https://www.speex.org/
Source0: https://downloads.xiph.org/releases/speex/%{name}-%{version}.tar.gz
@ -10,6 +10,8 @@ BuildRequires: gcc
BuildRequires: pkgconfig(ogg)
BuildRequires: pkgconfig(speexdsp)
Patch0: speex-CVE-2020-23903.patch
%description
Speex is a patent-free compression format designed especially for
speech. It is specialized for voice communications at low bit-rates in
@ -35,6 +37,7 @@ speech. This package contains tools files and user's manual for %{name}.
%prep
%setup -q
%patch0 -p1 -b.CVE-2020-23903
%build
%configure --disable-static --enable-binaries
@ -70,6 +73,10 @@ rm -f $RPM_BUILD_ROOT%{_docdir}/speex/manual.pdf
%changelog
* Thu Mar 24 2022 Tomas Korbar <tkorbar@redhat.com> - 1.2.0-11
- CVE-2020-23903 speex: divide by zero in read_samples() via crafted WAV file
- Resolves: CVE-2020-23903
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.0-10
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688