pool/speex
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 930851 from multimedia:libs

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/930851
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/speex?expand=0&rev=31
This commit is contained in:
Dominique Leuenberger 2021-11-14 23:06:16 +00:00 committed by Git OBS Bridge
commit 3223f14046
3 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
speex-CVE-2020-23903.patch Normal file
View File

@ -0,0 +1,26 @@
From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tmatth@videolan.org>
Date: Mon, 13 Jul 2020 23:25:03 -0400
Subject: [PATCH] wav_io: guard against invalid channel numbers
Fixes #13
---
src/wav_io.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/wav_io.c b/src/wav_io.c
index b518301..09d62eb 100644
--- a/src/wav_io.c
+++ b/src/wav_io.c
@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
stmp = le_short(stmp);
*channels = stmp;
- if (stmp>2)
+ if (stmp>2 || stmp<1)
{
fprintf (stderr, "Only mono and (intensity) stereo supported\n");
return -1;
--
GitLab

6
speex.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Nov 11 13:18:22 CET 2021 - tiwai@suse.de
- Fix zero division error in read_samples (CVE-2020-23903 bsc#1192580)
speex-CVE-2020-23903.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Feb 19 17:19:52 UTC 2017 - tom.mbrt@googlemail.com Sun Feb 19 17:19:52 UTC 2017 - tom.mbrt@googlemail.com

8
speex.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package speex # spec file for package speex
# #
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -24,10 +24,11 @@ Release: 0
Summary: An Open Source, Patent Free Speech Codec Summary: An Open Source, Patent Free Speech Codec
License: BSD-3-Clause License: BSD-3-Clause
Group: System/Libraries Group: System/Libraries
Url: http://www.speex.org/ URL: http://www.speex.org/
Source0: http://downloads.xiph.org/releases/speex/%{name}-%{upstream_version}.tar.gz Source0: http://downloads.xiph.org/releases/speex/%{name}-%{upstream_version}.tar.gz
Source1: baselibs.conf Source1: baselibs.conf
Patch0: speex-no-build-date.patch Patch0: speex-no-build-date.patch
Patch1: speex-CVE-2020-23903.patch
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRequires: pkgconfig(ogg) BuildRequires: pkgconfig(ogg)
BuildRequires: pkgconfig(speexdsp) BuildRequires: pkgconfig(speexdsp)
@ -66,6 +67,7 @@ SpeeX library.
%prep %prep
%setup -q -n %{name}-%{upstream_version} %setup -q -n %{name}-%{upstream_version}
%patch0 %patch0
%patch1 -p1
%build %build
%configure \ %configure \