summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia
diff options
context:
space:
mode:
authorKai Kang <kai.kang@windriver.com>2022-01-17 00:23:58 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-01-17 11:49:12 +0000
commit310fe1261d273b58eb8bc0f7ab839c78ddfad245 (patch)
treec33779e950fa482483cbefd925a31624ec3eb7d3 /meta/recipes-multimedia
parent63099553f607b34732ad0903651cf97fbebdc46f (diff)
downloadpoky-310fe1261d273b58eb8bc0f7ab839c78ddfad245.tar.gz
speex: fix CVE-2020-23903
Backport patch to fix CVE-2020-23903. CVE: CVE-2020-23903 (From OE-Core rev: b8f56e5e9eef32c1e01742f913e205d93548de1f) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia')
-rw-r--r--meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch30
-rw-r--r--meta/recipes-multimedia/speex/speex_1.2.0.bb4
2 files changed, 33 insertions, 1 deletions
diff --git a/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
new file mode 100644
index 0000000000..eb16e95ffc
--- /dev/null
+++ b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
@@ -0,0 +1,30 @@
1Backport patch to fix CVE-2020-23903.
2
3CVE: CVE-2020-23903
4Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84]
5
6Signed-off-by: Kai Kang <kai.kang@windriver.com>
7
8From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
9From: Tristan Matthews <tmatth@videolan.org>
10Date: Mon, 13 Jul 2020 23:25:03 -0400
11Subject: [PATCH] wav_io: guard against invalid channel numbers
12
13Fixes #13
14---
15 src/wav_io.c | 2 +-
16 1 file changed, 1 insertion(+), 1 deletion(-)
17
18diff --git a/src/wav_io.c b/src/wav_io.c
19index b5183015..09d62eb0 100644
20--- a/src/wav_io.c
21+++ b/src/wav_io.c
22@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
23 stmp = le_short(stmp);
24 *channels = stmp;
25
26- if (stmp>2)
27+ if (stmp>2 || stmp<1)
28 {
29 fprintf (stderr, "Only mono and (intensity) stereo supported\n");
30 return -1;
diff --git a/meta/recipes-multimedia/speex/speex_1.2.0.bb b/meta/recipes-multimedia/speex/speex_1.2.0.bb
index 3a0911d6f8..ea475f0f1b 100644
--- a/meta/recipes-multimedia/speex/speex_1.2.0.bb
+++ b/meta/recipes-multimedia/speex/speex_1.2.0.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=314649d8ba9dd7045dfb6683f298d0a8 \
7 file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50" 7 file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50"
8DEPENDS = "libogg speexdsp" 8DEPENDS = "libogg speexdsp"
9 9
10SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz" 10SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz \
11 file://CVE-2020-23903.patch \
12 "
11UPSTREAM_CHECK_REGEX = "speex-(?P<pver>\d+(\.\d+)+)\.tar" 13UPSTREAM_CHECK_REGEX = "speex-(?P<pver>\d+(\.\d+)+)\.tar"
12 14
13SRC_URI[md5sum] = "8ab7bb2589110dfaf0ed7fa7757dc49c" 15SRC_URI[md5sum] = "8ab7bb2589110dfaf0ed7fa7757dc49c"