From b388f59a9d6581b260f44da7653f981dedec6a111675db5e5a637cab2c686aa1 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Thu, 11 Nov 2021 12:24:51 +0000 Subject: [PATCH] Accepting request 930850 from home:tiwai:branches:multimedia:libs - Fix zero division error in read_samples (CVE-2020-23903 bsc#1192580) speex-CVE-2020-23903.patch OBS-URL: https://build.opensuse.org/request/show/930850 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/speex?expand=0&rev=26 --- speex-CVE-2020-23903.patch | 26 ++++++++++++++++++++++++++ speex.changes | 6 ++++++ speex.spec | 8 +++++--- 3 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 speex-CVE-2020-23903.patch diff --git a/speex-CVE-2020-23903.patch b/speex-CVE-2020-23903.patch new file mode 100644 index 0000000..abfa27c --- /dev/null +++ b/speex-CVE-2020-23903.patch @@ -0,0 +1,26 @@ +From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001 +From: Tristan Matthews +Date: Mon, 13 Jul 2020 23:25:03 -0400 +Subject: [PATCH] wav_io: guard against invalid channel numbers + +Fixes #13 +--- + src/wav_io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wav_io.c b/src/wav_io.c +index b518301..09d62eb 100644 +--- a/src/wav_io.c ++++ b/src/wav_io.c +@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32 + stmp = le_short(stmp); + *channels = stmp; + +- if (stmp>2) ++ if (stmp>2 || stmp<1) + { + fprintf (stderr, "Only mono and (intensity) stereo supported\n"); + return -1; +-- +GitLab + diff --git a/speex.changes b/speex.changes index d254656..5489163 100644 --- a/speex.changes +++ b/speex.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Nov 11 13:18:22 CET 2021 - tiwai@suse.de + +- Fix zero division error in read_samples (CVE-2020-23903 bsc#1192580) + speex-CVE-2020-23903.patch + ------------------------------------------------------------------- Sun Feb 19 17:19:52 UTC 2017 - tom.mbrt@googlemail.com diff --git a/speex.spec b/speex.spec index bed0df9..95d397d 100644 --- a/speex.spec +++ b/speex.spec @@ -1,7 +1,7 @@ # # spec file for package speex # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,10 +24,11 @@ Release: 0 Summary: An Open Source, Patent Free Speech Codec License: BSD-3-Clause Group: System/Libraries -Url: http://www.speex.org/ +URL: http://www.speex.org/ Source0: http://downloads.xiph.org/releases/speex/%{name}-%{upstream_version}.tar.gz Source1: baselibs.conf Patch0: speex-no-build-date.patch +Patch1: speex-CVE-2020-23903.patch BuildRequires: pkg-config BuildRequires: pkgconfig(ogg) BuildRequires: pkgconfig(speexdsp) @@ -66,6 +67,7 @@ SpeeX library. %prep %setup -q -n %{name}-%{upstream_version} %patch0 +%patch1 -p1 %build %configure \