Opened 3 years ago

Closed 3 years ago

#16688 closed enhancement (fixed)

speex 1.2.1 speexdsp

Reported by: martyj19 Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

Upstream now at 

https://gitlab.xiph.org/xiph/speex
https://gitlab.xiph.org/xiph/speex/-/releases

Needs an autoreconf.

Change History (8)

comment:1 by Bruce Dubbs, 3 years ago

It's interesting that this version of speex is not at https://downloads.xiph.org/releases/speex/.

The previous release was December 2016. This package has a weird file name: speex-Speex-1.2.1.tar.bz2

Release notes: 

    Check for _WIN32 instead of WIN32 in preprocessor checks
    wav_io: check for EOF when seeking in wav (fixes hang discovered by fuzzing)
    CI: add gitlab CI integration
    fixed-point: make left shift macros use unsigned to avoid undefined behaviour
    math_approx: use unsigned int for LCG pseudorandom generator 
      (avoids integer overflow)
    oss-fuzz: add integration and fuzzing target
    speexenc: guard against invalid channel numbers
    speexdec: make left shift macros use unsigned to avoid undefined behaviour
    autotools: do not use deprecated macros

comment:2 by martyj19, 3 years ago

Correct about the odd tarball names.

From xiph.org, "Development" and "speex"/"speexdsp" leads you to gitlab. From xiph.org "Downloads" and "speex" leads you to a broken link. https://github.com/xiph/speex has the announcement "Speex voice codec mirror - THIS IS A MIRROR, DEVELOPMENT HAPPENS AT https://gitlab.xiph.org/xiph/speex" The mailing list makes no announcement.

I should have also called out 

https://gitlab.xiph.org/xiph/speexdsp/-/releases

Arch had the new release which is what led me to discover the apparent move.

comment:3 by Xi Ruoyao, 3 years ago

Milestone: 11.299-Waiting
Summary: speex 1.2.1speex 1.2.1 (wait until official release)

I've raised https://gitlab.xiph.org/xiph/speex/-/issues/2040 and the maintainer says they "will announce on speex.org and the speex-devel mailing list when the release is officially out (and tarballs are up)".

comment:4 by Bruce Dubbs, 3 years ago

Summary: speex 1.2.1 (wait until official release)speex 1.2.1 speexdsp (wait until official release)

I'm not sure if we should update this now or not. The 1.2.1 tarballs for both speex and speexdsp are available at https://downloads.xiph.org/releases/speex/, but the web site still says 1.2.0 and I can't find the mailing lit archives.

comment:5 by Xi Ruoyao, 3 years ago

Milestone: 99-Waiting11.2
Summary: speex 1.2.1 speexdsp (wait until official release)speex 1.2.1 speexdsp

Release announced at https://www.speex.org/downloads/. Release note is also available here.

comment:6 by Douglas R. Reno, 3 years ago

Contains fixes for CVE-2020-23903 and CVE-2020-23904

comment:7 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Priority: normalelevated
Status: newassigned

comment:8 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at 193a4fff698aec6b7673c24099ca7d0ebd29c189

Security Advisories to come later (once I have completed the others)

Note: See TracTickets for help on using tickets.