rpms
/
speex
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c8
Branches Tags
rpms:c8
rpms:c9s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:imports/c9/speex-1.2.0-11.el9
rpms:imports/c9-beta/speex-1.2.0-11.el9
rpms:imports/c9/speex-1.2.0-10.el9
rpms:imports/c9-beta/speex-1.2.0-10.el9
rpms:imports/c8-beta/speex-1.2.0-1.el8
rpms:imports/c8/speex-1.2.0-1.el8
...
compare: rpms:aea195d6674dbc894e32415398102e2e847436c2
Branches Tags
rpms:c9s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c8
rpms:imports/c9/speex-1.2.0-11.el9
rpms:imports/c9-beta/speex-1.2.0-11.el9
rpms:imports/c9/speex-1.2.0-10.el9
rpms:imports/c9-beta/speex-1.2.0-10.el9
rpms:imports/c8-beta/speex-1.2.0-1.el8
rpms:imports/c8/speex-1.2.0-1.el8

No commits in common. "c8" and "aea195d6674dbc894e32415398102e2e847436c2" have entirely different histories.
c8 ... aea195d667

6 changed files with 65 additions and 8 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/speex-1.2.0.tar.gz
/speex-1.2.0.tar.gz

2
.speex.metadata
View File

@ -1 +1 @@
18ebc3fa3236b4369509e9439acc32d0e864fa7f SOURCES/speex-1.2.0.tar.gz
18ebc3fa3236b4369509e9439acc32d0e864fa7f speex-1.2.0.tar.gz

8
gating.yaml Normal file
View File

@ -0,0 +1,8 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (speex-1.2.0.tar.gz) = 7fe10838c7d1bafcbe42295b82b79262420dba793b8a4388e2f73a3007850b5572face1b5308d9f4e8d7dfc9cb1c016cbad88cd65b2892667986107ed946836b

14
speex-CVE-2020-23903.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/src/wav_io.c b/src/wav_io.c
index b51830158f4defb536a760c93a77567daf69a74b..09d62eb017bb48fe48fa1efcaa122719ef1fe39f 100644
--- a/src/wav_io.c
+++ b/src/wav_io.c
@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
stmp = le_short(stmp);
*channels = stmp;
- if (stmp>2)
+ if (stmp>2 || stmp<1)
{
fprintf (stderr, "Only mono and (intensity) stereo supported\n");
return -1;

46
SPECS/speex.spec → speex.spec
View File

@ -1,15 +1,17 @@
Summary: A voice compression format (codec)
Name: speex
Version: 1.2.0
Release: 1%{?dist}
Release: 11%{?dist}
License: BSD
Group: System Environment/Libraries
URL: https://www.speex.org/
Source0: https://downloads.xiph.org/releases/speex/%{name}-%{version}.tar.gz
BuildRequires: make
BuildRequires: gcc
BuildRequires: pkgconfig(ogg)
BuildRequires: pkgconfig(speexdsp)
Patch0: speex-CVE-2020-23903.patch
%description
Speex is a patent-free compression format designed especially for
speech. It is specialized for voice communications at low bit-rates in
@ -19,7 +21,6 @@ data (e.g. voice mail).
%package devel
Summary: Development package for %{name}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
@ -28,7 +29,6 @@ speech. This package contains development files for %{name}
%package tools
Summary: The tools package for %{name}
Group: Applications/Multimedia
Requires: %{name}%{?_isa} = %{version}-%{release}
%description tools
@ -37,16 +37,17 @@ speech. This package contains tools files and user's manual for %{name}.
%prep
%setup -q
%patch0 -p1 -b.CVE-2020-23903
%build
%configure --disable-static --enable-binaries
# Remove rpath from speexenc and speexdec
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{?_smp_mflags}
%make_build
%install
make DESTDIR=$RPM_BUILD_ROOT install
%make_install
rm -f $RPM_BUILD_ROOT%{_docdir}/speex/manual.pdf
%ldconfig_scriptlets
@ -72,6 +73,39 @@ rm -f $RPM_BUILD_ROOT%{_docdir}/speex/manual.pdf
%changelog
* Thu Mar 24 2022 Tomas Korbar <tkorbar@redhat.com> - 1.2.0-11
- CVE-2020-23903 speex: divide by zero in read_samples() via crafted WAV file
- Resolves: CVE-2020-23903
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.0-10
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.0-9
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Aug 18 2020 Tomas Korbar <tkorbar@redhat.com> - 1.2.0-7
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Mar 06 2018 Miroslav Lichvar <mlichvar@redhat.com> - 1.2.0-1
- update to 1.2.0
- use macro for ldconfig scriptlets