[festival] Fixing format security flaws (#1037060)

Mon May 12 17:22:58 UTC 2014

commit a82e48131542dfbeee356aa984cf52b9cacf50ca
Author: Jaromir Capik <jcapik at redhat.com>
Date:   Mon May 12 19:22:35 2014 +0200

    Fixing format security flaws (#1037060)

 festival-1.96-format-security.patch |   24 ++++++++++++++++++++++++
 festival.spec                       |   12 +++++++++++-
 2 files changed, 35 insertions(+), 1 deletions(-)
---

diff --git a/festival-1.96-format-security.patch b/festival-1.96-format-security.patch
new file mode 100644
index 0000000..144de47
--- /dev/null
+++ b/festival-1.96-format-security.patch
@@ -0,0 +1,24 @@
+diff -Naur festival.orig/speech_tools/siod/siodeditline.c festival/speech_tools/siod/siodeditline.c
+--- festival.orig/speech_tools/siod/siodeditline.c	2004-04-30 18:56:51.000000000 +0200
++++ festival/speech_tools/siod/siodeditline.c	2014-05-12 19:00:37.491000000 +0200
+@@ -151,7 +151,7 @@
+     symbol = el_current_sym();
+     infostring = siod_manual_sym(symbol);
+     putc('\n',stderr);
+-    fprintf(stderr,infostring);
++    fprintf(stderr,"%s",infostring);
+     fflush(stderr);
+     putc('\n',stderr);
+     fflush(stderr);
+diff -Naur festival.orig/speech_tools/utils/cmd_line.cc festival/speech_tools/utils/cmd_line.cc
+--- festival.orig/speech_tools/utils/cmd_line.cc	2004-09-30 14:53:37.000000000 +0200
++++ festival/speech_tools/utils/cmd_line.cc	2014-05-12 19:08:57.577000000 +0200
+@@ -460,7 +460,7 @@
+     fprintf(stdout,"<cmdsynopsis><command>%s</command>", 
+ 	    (const char *)full.filename());
+ 
+-    fprintf(stdout, (const char *)ts.get_upto_eoln().string());
++    fprintf(stdout, "%s", (const char *)ts.get_upto_eoln().string());
+ 
+     while (!ts.eof())
+     {
diff --git a/festival.spec b/festival.spec
index 7ae027a..e5d92c7 100644
--- a/festival.spec
+++ b/festival.spec
@@ -6,7 +6,7 @@
 Name: festival
 Summary: Speech synthesis and text-to-speech system
 Version: %{festivalversion}
-Release: 26%{?dist}
+Release: 27%{?dist}
 
 URL: http://www.cstr.ed.ac.uk/projects/festival/
 Group: Applications/Multimedia
@@ -117,6 +117,9 @@ Patch20: festival-1.96-speechtools-1.2.96-beta+awb.patch
 # but that's something to take up with upstream.
 Patch31: festival-1.96-kludge-etcpath-into-libarch.patch
 
+# Fixing format-security flaws
+Patch60: festival-1.96-format-security.patch
+
 # For some reason, the Nitech voices (and the previous CMU versions) fail to
 # define proclaim_voice, which makes them not show up in the voice
 # descriptions, which makes gnome-speech not show them.
@@ -522,6 +525,9 @@ for f in speech_tools/main/siod_main.cc src/arch/festival/festival.cc; do
   sed -i -e 's,{{HORRIBLELIBARCHKLUDGE}},"%{_libdir}",' $f
 done
 
+%patch60 -p1 -b .fmtsec
+
+
 # no backups for these patches because
 # the voice directories are copied wholesale
 %patch90 -p1
@@ -534,6 +540,7 @@ done
 %patch97 -p1 -b .no-share
 %patch98 -b .typo
 
+
 # zero length
 rm festdoc-%{docversion}/speech_tools/doc/index_html.jade
 rm festdoc-%{docversion}/speech_tools/doc/examples_gen/error_example_section.sgml
@@ -907,6 +914,9 @@ fi
 
 
 %changelog
+* Mon May 12 2014 Jaromir Capik <jcapik at redhat.com> - 1.96-27
+- Fixing format security flaws (#1037060)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.96-26
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
