diff --git a/backport-CVE-2020-23903.patch b/backport-CVE-2020-23903.patch
deleted file mode 100644
index 4a43846..0000000
--- a/backport-CVE-2020-23903.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
-From: Tristan Matthews <tmatth@videolan.org>
-Date: Mon, 13 Jul 2020 23:25:03 -0400
-Subject: [PATCH] wav_io: guard against invalid channel numbers
-
-Fixes #13
----
- src/wav_io.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/wav_io.c b/src/wav_io.c
-index c2e2bc8..4d77cd7 100644
---- a/src/wav_io.c
-+++ b/src/wav_io.c
-@@ -108,7 +108,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
-    stmp = le_short(stmp);
-    *channels = stmp;
- 
--   if (stmp>2)
-+   if (stmp>2 || stmp<1)
-    {
-       fprintf (stderr, "Only mono and (intensity) stereo supported\n");
-       return -1;
--- 
-1.8.3.1
-
diff --git a/backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch b/backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch
deleted file mode 100644
index 00e3c0f..0000000
--- a/backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From c1f82d214872cae4a60c2594cc8c53d11246e3a9 Mon Sep 17 00:00:00 2001
-From: Tristan Matthews <tmatth@videolan.org>
-Date: Sat, 2 Mar 2019 00:50:35 -0500
-Subject: [PATCH] math_approx: use unsigned int for LCG pseudorandom generator
-
-This avoids an integer overflow.
----
- libspeex/cb_search.c   | 4 ++--
- libspeex/cb_search.h   | 4 ++--
- libspeex/math_approx.h | 4 ++--
- libspeex/modes.h       | 2 +-
- libspeex/nb_celp.h     | 2 +-
- libspeex/sb_celp.h     | 2 +-
- 6 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/libspeex/cb_search.c b/libspeex/cb_search.c
-index 63f4c6a..9629772 100644
---- a/libspeex/cb_search.c
-+++ b/libspeex/cb_search.c
-@@ -517,7 +517,7 @@ const void *par,                      /* non-overlapping codebook */
- int   nsf,                      /* number of samples in subframe */
- SpeexBits *bits,
- char *stack,
--spx_int32_t *seed
-+spx_uint32_t *seed
- )
- {
-    int i,j;
-@@ -602,7 +602,7 @@ const void *par,                      /* non-overlapping codebook */
- int   nsf,                      /* number of samples in subframe */
- SpeexBits *bits,
- char *stack,
--spx_int32_t *seed
-+spx_uint32_t *seed
- )
- {
-    int i;
-diff --git a/libspeex/cb_search.h b/libspeex/cb_search.h
-index 7687b45..eb45b56 100644
---- a/libspeex/cb_search.h
-+++ b/libspeex/cb_search.h
-@@ -70,7 +70,7 @@ const void *par,                /* non-overlapping codebook */
- int   nsf,                      /* number of samples in subframe */
- SpeexBits *bits,
- char *stack,
--spx_int32_t *seed
-+spx_uint32_t *seed
- );
- 
- 
-@@ -97,7 +97,7 @@ const void *par,                /* non-overlapping codebook */
- int   nsf,                      /* number of samples in subframe */
- SpeexBits *bits,
- char *stack,
--spx_int32_t *seed
-+spx_uint32_t *seed
- );
- 
- #endif
-diff --git a/libspeex/math_approx.h b/libspeex/math_approx.h
-index 9ca8307..6573113 100644
---- a/libspeex/math_approx.h
-+++ b/libspeex/math_approx.h
-@@ -46,7 +46,7 @@
- #define spx_atan atan
- 
- /** Generate a pseudo-random number */
--static inline spx_word16_t speex_rand(spx_word16_t std, spx_int32_t *seed)
-+static inline spx_word16_t speex_rand(spx_word16_t std, spx_uint32_t *seed)
- {
-    const unsigned int jflone = 0x3f800000;
-    const unsigned int jflmsk = 0x007fffff;
-@@ -119,7 +119,7 @@ static inline spx_int16_t spx_ilog4(spx_uint32_t x)
- #ifdef FIXED_POINT
- 
- /** Generate a pseudo-random number */
--static inline spx_word16_t speex_rand(spx_word16_t std, spx_int32_t *seed)
-+static inline spx_word16_t speex_rand(spx_word16_t std, spx_uint32_t *seed)
- {
-    spx_word32_t res;
-    *seed = 1664525 * *seed + 1013904223;
-diff --git a/libspeex/modes.h b/libspeex/modes.h
-index 26e2d86..0ae19cc 100644
---- a/libspeex/modes.h
-+++ b/libspeex/modes.h
-@@ -86,7 +86,7 @@ typedef void (*innovation_quant_func)(spx_word16_t *, spx_coef_t *, spx_coef_t *
-                                       spx_sig_t *, spx_word16_t *, SpeexBits *, char *, int, int);
- 
- /** Innovation unquantization function */
--typedef void (*innovation_unquant_func)(spx_sig_t *, const void *, int, SpeexBits*, char *, spx_int32_t *);
-+typedef void (*innovation_unquant_func)(spx_sig_t *, const void *, int, SpeexBits*, char *, spx_uint32_t *);
- 
- /** Description of a Speex sub-mode (wither narrowband or wideband */
- typedef struct SpeexSubmode {
-diff --git a/libspeex/nb_celp.h b/libspeex/nb_celp.h
-index 14c776f..41ccd15 100644
---- a/libspeex/nb_celp.h
-+++ b/libspeex/nb_celp.h
-@@ -153,7 +153,7 @@ typedef struct DecState {
-    spx_word16_t  last_pitch_gain; /**< Pitch gain of last correctly decoded frame */
-    spx_word16_t  pitch_gain_buf[3]; /**< Pitch gain of last decoded frames */
-    int    pitch_gain_buf_idx;   /**< Tail of the buffer */
--   spx_int32_t seed;            /** Seed used for random number generation */
-+   spx_uint32_t seed;            /** Seed used for random number generation */
-    
-    int    encode_submode;
-    const SpeexSubmode * const *submodes; /**< Sub-mode data */
-diff --git a/libspeex/sb_celp.h b/libspeex/sb_celp.h
-index e8c3761..24a2801 100644
---- a/libspeex/sb_celp.h
-+++ b/libspeex/sb_celp.h
-@@ -121,7 +121,7 @@ typedef struct SBDecState {
-    spx_word16_t *innov_save;      /** If non-NULL, innovation is copied here */
-    
-    spx_word16_t last_ener;
--   spx_int32_t seed;
-+   spx_uint32_t seed;
- 
-    int    encode_submode;
-    const SpeexSubmode * const *submodes;
--- 
-2.23.0
-
diff --git a/backport-wav_io-check-for-EOF-when-seeking-in-wav.patch b/backport-wav_io-check-for-EOF-when-seeking-in-wav.patch
deleted file mode 100644
index 1b72344..0000000
--- a/backport-wav_io-check-for-EOF-when-seeking-in-wav.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From bdc392257c330e49872a5217dfb56becd1ee8f45 Mon Sep 17 00:00:00 2001
-From: Tristan Matthews <tmatth@videolan.org>
-Date: Tue, 11 Sep 2018 05:12:53 -0400
-Subject: [PATCH] wav_io: check for EOF when seeking in wav
-
-Fixes hang discovered by fuzzing: https://github.com/xiph/speex/issues/9
----
- src/wav_io.c | 24 +++++++++++++++++-------
- 1 file changed, 17 insertions(+), 7 deletions(-)
-
-diff --git a/src/wav_io.c b/src/wav_io.c
-index c2e2bc85..b5183015 100644
---- a/src/wav_io.c
-+++ b/src/wav_io.c
-@@ -75,8 +75,11 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
-       itmp = le_int(itmp);
-       /*fprintf (stderr, "skip=%d\n", itmp);*/
-       /*strange way of seeking, but it works even for pipes*/
--      for (i=0;i<itmp;i++)
--         fgetc(file);
-+      for (i=0;i<itmp;i++) {
-+        if (fgetc(file) == EOF) {
-+          break;
-+        }
-+      }
-       /*fseek(file, itmp, SEEK_CUR);*/
-       fread(ch, 1, 4, file);
-       if (feof(file))
-@@ -152,9 +155,13 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
- 
- 
-    /*strange way of seeking, but it works even for pipes*/
--   if (skip_bytes>0)
--      for (i=0;i<skip_bytes;i++)
--         fgetc(file);
-+   if (skip_bytes>0) {
-+      for (i=0;i<skip_bytes;i++) {
-+        if (fgetc(file) == EOF) {
-+          break;
-+        }
-+      }
-+   }
- 
-    /*fseek(file, skip_bytes, SEEK_CUR);*/
- 
-@@ -164,8 +171,11 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
-       fread(&itmp, 4, 1, file);
-       itmp = le_int(itmp);
-       /*strange way of seeking, but it works even for pipes*/
--      for (i=0;i<itmp;i++)
--         fgetc(file);
-+      for (i=0;i<itmp;i++) {
-+        if (fgetc(file) == EOF) {
-+          break;
-+        }
-+      }
-       /*fseek(file, itmp, SEEK_CUR);*/
-       fread(ch, 1, 4, file);
-       if (feof(file))
diff --git a/speex-1.2.0.tar.gz b/speex-1.2.0.tar.gz
deleted file mode 100644
index 113f1cf..0000000
Binary files a/speex-1.2.0.tar.gz and /dev/null differ
diff --git a/speex-1.2.1.tar.gz b/speex-1.2.1.tar.gz
new file mode 100644
index 0000000..bfc4470
Binary files /dev/null and b/speex-1.2.1.tar.gz differ
diff --git a/speex.spec b/speex.spec
index 80556af..ee83257 100644
--- a/speex.spec
+++ b/speex.spec
@@ -1,15 +1,11 @@
 Name:		speex
-Version:	1.2.0
-Release:	7
+Version:	1.2.1
+Release:	1
 Summary:	A Free Codec For Free Speech
 License:	BSD
 URL:		https://www.speex.org/
 Source0:	http://downloads.us.xiph.org/releases/speex/%{name}-%{version}.tar.gz
 
-Patch6000: backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch
-Patch6001: backport-CVE-2020-23903.patch
-Patch6002: backport-wav_io-check-for-EOF-when-seeking-in-wav.patch
-
 BuildRequires: gcc git pkgconfig(ogg) pkgconfig(speexdsp)
 
 Obsoletes: %{name}-tools
@@ -71,6 +67,12 @@ This package is the development and  files for speex.
 %{_mandir}/man1/speexdec.1.gz
 
 %changelog
+* Mon Nov 7 2022 Bin Hu <hubin73@huawei.com> - 1.2.1-1
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:update version 1.2.1
+
 * Mon Jun 20 2022 shixuantong<shixuantong@h-partners.com> - 1.2.0-7
 - Type:bugfix
 - ID:NA