Resolves: (CVE-2014-0027) flite: insecure temporary file use
This commit is contained in:
Rui Matos
parent
4d685579ed
commit
25c3cfb64e
@ -0,0 +1,50 @@
|
||||
From a85193f122b7ec0d377e0a39ac58c64f12c51085 Mon Sep 17 00:00:00 2001
|
||||
From: Rui Matos <tiagomatos@gmail.com>
|
||||
Date: Mon, 6 Jan 2014 13:45:00 +0000
|
||||
Subject: [PATCH] auserver.c: Only write audio data to a file in debug builds
|
||||
|
||||
This isn't useful in regular builds and is actually a security
|
||||
concern.
|
||||
---
|
||||
src/audio/auserver.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/audio/auserver.c b/src/audio/auserver.c
|
||||
index 29716d3..3e838d0 100644
|
||||
--- a/src/audio/auserver.c
|
||||
+++ b/src/audio/auserver.c
|
||||
@@ -58,9 +58,11 @@ static int play_wave_from_socket(snd_header *header,int audiostream)
|
||||
int q,i,n,r;
|
||||
unsigned char bytes[CST_AUDIOBUFFSIZE];
|
||||
short shorts[CST_AUDIOBUFFSIZE];
|
||||
+#ifdef DEBUG
|
||||
cst_file fff;
|
||||
|
||||
fff = cst_fopen("/tmp/awb.wav",CST_OPEN_WRITE|CST_OPEN_BINARY);
|
||||
+#endif
|
||||
|
||||
if ((audio_device = audio_open(header->sample_rate,1,
|
||||
(header->encoding == CST_SND_SHORT) ?
|
||||
@@ -107,7 +109,9 @@ static int play_wave_from_socket(snd_header *header,int audiostream)
|
||||
for (q=r; q > 0; q-=n)
|
||||
{
|
||||
n = audio_write(audio_device,shorts,q);
|
||||
+#ifdef DEBUG
|
||||
cst_fwrite(fff,shorts,2,q);
|
||||
+#endif
|
||||
if (n <= 0)
|
||||
{
|
||||
audio_close(audio_device);
|
||||
@@ -116,7 +120,9 @@ static int play_wave_from_socket(snd_header *header,int audiostream)
|
||||
}
|
||||
}
|
||||
audio_close(audio_device);
|
||||
+#ifdef DEBUG
|
||||
cst_fclose(fff);
|
||||
+#endif
|
||||
|
||||
return CST_OK_FORMAT;
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: flite
|
||||
Version: 1.3
|
||||
Release: 20%{?dist}
|
||||
Release: 21%{?dist}
|
||||
Summary: Small, fast speech synthesis engine (text-to-speech)
|
||||
|
||||
Group: Applications/Multimedia
|
||||
@ -12,6 +12,7 @@ Patch0: flite-1.3-sharedlibs.patch
|
||||
Patch1: flite-1.3-doc_texinfo.patch
|
||||
Patch2: flite-1.3-alsa_support.patch
|
||||
Patch3: flite-1.3-implicit_dso_linking.patch
|
||||
Patch4: 0001-auserver.c-Only-write-audio-data-to-a-file-in-debug-.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
%if 0%{?el4}
|
||||
@ -45,6 +46,7 @@ Development files for Flite, a small, fast speech synthesis engine.
|
||||
%patch1 -p1 -b .flite-1.3-doc_texinfo
|
||||
%patch2 -p1 -b .flite-1.3-alsa_support
|
||||
%patch3 -p1 -b .flite-1.3-implicit_dso_linking
|
||||
%patch4 -p1
|
||||
cp -p %{SOURCE1} .
|
||||
|
||||
|
||||
@ -96,6 +98,9 @@ rm -rf %{buildroot}
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jan 6 2014 Rui Matos <rmatos@redhat.com> - 1.3-21
|
||||
- Resolves: (CVE-2014-0027) flite: insecure temporary file use
|
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-20
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user