[hardknott,16/17] speex: fix CVE-2020-23903

Message ID	c58cea5f6a6ea4afd1af4d7b4008febb37729680.1643259953.git.anuj.mittal@intel.com
State	Accepted, archived
Commit	c58cea5f6a6ea4afd1af4d7b4008febb37729680
Headers	show Return-Path: <anuj.mittal@intel.com> ip: 192.55.52.120, mailfrom: anuj.mittal@intel.com) From: Anuj Mittal <anuj.mittal@intel.com> To: openembedded-core@lists.openembedded.org Subject: [hardknott][PATCH 16/17] speex: fix CVE-2020-23903 Date: Thu, 27 Jan 2022 13:10:09 +0800 Message-Id: <c58cea5f6a6ea4afd1af4d7b4008febb37729680.1643259953.git.anuj.mittal@intel.com> In-Reply-To: <cover.1643259953.git.anuj.mittal@intel.com> References: <cover.1643259953.git.anuj.mittal@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[hardknott,01/17] tune-cortexa72: remove crypto for the default cortex-a72 \| expand [hardknott,01/17] tune-cortexa72: remove crypto for the default cortex-a72 [hardknott,02/17] tune-cortexa72: Enable the crc extension by default for cortexa72 [hardknott,03/17] tune-cortexa72: Drop the redundant cortexa72-crc tune [hardknott,04/17] socat: update SRC_URI [hardknott,05/17] pigz: fix one failure of command "unpigz -l" [hardknott,06/17] binutils: upgrade binutils-2.36 to latest version [hardknott,07/17] gcc: upgrade to gcc-10.3 version [hardknott,08/17] glibc: upgrade glibc-2.33 to latest version [hardknott,09/17] linux-yocto/5.4: update to v5.4.169 [hardknott,10/17] linux-yocto/5.4: update to v5.4.170 [hardknott,11/17] linux-yocto/5.4: update to v5.4.171 [hardknott,12/17] linux-yocto/5.4: update to v5.4.172 [hardknott,13/17] expat fix CVE-2022-22822 through CVE-2022-22827 [hardknott,14/17] expat: fix CVE-2021-45960 [hardknott,15/17] expat: fix CVE-2021-46143 [hardknott,16/17] speex: fix CVE-2020-23903 [hardknott,17/17] lighttpd: backport a fix for CVE-2022-22707

Message ID

c58cea5f6a6ea4afd1af4d7b4008febb37729680.1643259953.git.anuj.mittal@intel.com

State

Accepted, archived

Commit

c58cea5f6a6ea4afd1af4d7b4008febb37729680

Headers

From: Anuj Mittal <anuj.mittal@intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [hardknott][PATCH 16/17] speex: fix CVE-2020-23903
Date: Thu, 27 Jan 2022 13:10:09 +0800
Message-Id: 
 <c58cea5f6a6ea4afd1af4d7b4008febb37729680.1643259953.git.anuj.mittal@intel.com>
In-Reply-To: <cover.1643259953.git.anuj.mittal@intel.com>
References: <cover.1643259953.git.anuj.mittal@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[hardknott,01/17] tune-cortexa72: remove crypto for the default cortex-a72 | expand

Commit Message

Mittal, Anuj Jan. 27, 2022, 5:10 a.m. UTC

From: Kai Kang <kai.kang@windriver.com>

Backport patch to fix CVE-2020-23903.

CVE: CVE-2020-23903

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b8f56e5e9eef32c1e01742f913e205d93548de1f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 .../speex/speex/CVE-2020-23903.patch          | 30 +++++++++++++++++++
 meta/recipes-multimedia/speex/speex_1.2.0.bb  |  4 ++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch

diff --git a/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
new file mode 100644
index 0000000000..eb16e95ffc
--- /dev/null
+++ b/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch
@@ -0,0 +1,30 @@ 
+Backport patch to fix CVE-2020-23903.
+
+CVE: CVE-2020-23903
+Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
+From: Tristan Matthews <tmatth@videolan.org>
+Date: Mon, 13 Jul 2020 23:25:03 -0400
+Subject: [PATCH] wav_io: guard against invalid channel numbers
+
+Fixes #13
+---
+ src/wav_io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/wav_io.c b/src/wav_io.c
+index b5183015..09d62eb0 100644
+--- a/src/wav_io.c
++++ b/src/wav_io.c
+@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
+    stmp = le_short(stmp);
+    *channels = stmp;
+ 
+-   if (stmp>2)
++   if (stmp>2 || stmp<1)
+    {
+       fprintf (stderr, "Only mono and (intensity) stereo supported\n");
+       return -1;
diff --git a/meta/recipes-multimedia/speex/speex_1.2.0.bb b/meta/recipes-multimedia/speex/speex_1.2.0.bb
index 3a0911d6f8..ea475f0f1b 100644
--- a/meta/recipes-multimedia/speex/speex_1.2.0.bb
+++ b/meta/recipes-multimedia/speex/speex_1.2.0.bb
@@ -7,7 +7,9 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=314649d8ba9dd7045dfb6683f298d0a8 \
                     file://include/speex/speex.h;beginline=1;endline=34;md5=ef8c8ea4f7198d71cf3509c6ed05ea50"
 DEPENDS = "libogg speexdsp"
 
-SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz"
+SRC_URI = "http://downloads.xiph.org/releases/speex/speex-${PV}.tar.gz \
+           file://CVE-2020-23903.patch \
+           "
 UPSTREAM_CHECK_REGEX = "speex-(?P<pver>\d+(\.\d+)+)\.tar"
 
 SRC_URI[md5sum] = "8ab7bb2589110dfaf0ed7fa7757dc49c"

[hardknott,16/17] speex: fix CVE-2020-23903

Commit Message

Patch