speex: upgrade 1.2.0 -> 1.2.1

CVE-2020-23903.patch removed since it's included in 1.2.1 License-Update: Add "Organisation (CSIRO)" to Copyright 2005-2008 Changelog: =========== Check for _WIN32 instead of WIN32 in preprocessor checks wav_io: check for EOF when seeking in wav (fixes hang discovered by fuzzing, see #9) CI: add gitlab CI integration fixed-point: make left shift macros use unsigned to avoid undefined behaviour math_approx: use unsigned int for LCG pseudorandom generator (avoids integer overflow) oss-fuzz: add integration and fuzzing target speexenc: guard against invalid channel numbers (see #13) speexdec: make left shift macros use unsigned to avoid undefined behaviour autotools: do not use deprecated macros (From OE-Core rev: 4a0bd109d59bd51c98ce31c9a9e7904a88e01215) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-29 21:08:42 +01:00 · 2022-06-30 12:25:34 +08:00
parent a13b12b3c5
commit c60bec10c7
2 changed files with 5 additions and 37 deletions
--- a/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
+++ b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
@@ -1,30 +0,0 @@
-Backport patch to fix CVE-2020-23903.
-
-CVE: CVE-2020-23903
-Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
-From: Tristan Matthews <tmatth@videolan.org>
-Date: Mon, 13 Jul 2020 23:25:03 -0400
-Subject: [PATCH] wav_io: guard against invalid channel numbers
-
-Fixes #13
---
- src/wav_io.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/wav_io.c b/src/wav_io.c
-index b5183015..09d62eb0 100644
--- a/src/wav_io.c
-+++ b/src/wav_io.c
-@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
-    stmp = le_short(stmp);
-    *channels = stmp;
- 
-   if (stmp>2)
-+   if (stmp>2 || stmp<1)
-    {
-       fprintf (stderr, "Only mono and (intensity) stereo supported\n");
-       return -1;
--- a/meta/recipes-multimedia/speex/speex_1.2.1.bb
+++ b/meta/recipes-multimedia/speex/speex_1.2.1.bb
@@ -3,17 +3,15 @@ DESCRIPTION = "Speex is an Open Source/Free Software patent-free audio compressi
 HOMEPAGE = "http://www.speex.org"
 SECTION = "libs"
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=314649d8ba9dd7045dfb6683f298d0a8 \
-                    file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eff3f76350f52a99a3df5eec6b79c02a \
+                    file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50 \
+                    "
 DEPENDS = "libogg speexdsp"

-SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz \
-           file://CVE-2020-23903.patch \
-           "
+SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz"
 UPSTREAM_CHECK_REGEX = "speex-(?P<pver>\d+(\.\d+)+)\.tar"

-SRC_URI[md5sum] = "8ab7bb2589110dfaf0ed7fa7757dc49c"
-SRC_URI[sha256sum] = "eaae8af0ac742dc7d542c9439ac72f1f385ce838392dc849cae4536af9210094"
+SRC_URI[sha256sum] = "4b44d4f2b38a370a2d98a78329fefc56a0cf93d1c1be70029217baae6628feea"

 inherit autotools pkgconfig lib_package