Fix CVE-2010-3996
(cherry picked from commit 28ffc19d7421e966635056a4afebb8f68b248da2)
This commit is contained in:
starlet-dx
openeuler-sync-bot
parent
3827322135
commit
c7b4d10ea8
83
CVE-2010-3996-festival-no-LD_LIBRARY_PATH-extension.patch
Normal file
83
CVE-2010-3996-festival-no-LD_LIBRARY_PATH-extension.patch
Normal file
@ -0,0 +1,83 @@
|
||||
From aad72cc9d7d9788daef801ad95d4ce5e873d2b76 Mon Sep 17 00:00:00 2001
|
||||
From: starlet-dx <15929766099@163.com>
|
||||
Date: Mon, 14 Mar 2022 15:01:27 +0800
|
||||
Subject: [PATCH 1/1] festival-no-LD_LIBRARY_PATH-extension
|
||||
|
||||
---
|
||||
src/scripts/shared_script | 19 -------------------
|
||||
src/scripts/shared_setup_prl | 8 --------
|
||||
src/scripts/shared_setup_sh | 18 ------------------
|
||||
3 files changed, 45 deletions(-)
|
||||
|
||||
diff --git a/src/scripts/shared_script b/src/scripts/shared_script
|
||||
index 736034d..5c17b7e 100644
|
||||
--- a/src/scripts/shared_script
|
||||
+++ b/src/scripts/shared_script
|
||||
@@ -1,24 +1,5 @@
|
||||
#!/bin/sh
|
||||
|
||||
-# Festival shared script
|
||||
-
|
||||
-extend() {
|
||||
- var="$1"
|
||||
- extra="$2"
|
||||
- eval "val=\$$var"
|
||||
-
|
||||
- if [ -n "$val" ]
|
||||
- then
|
||||
- val="$extra:$val"
|
||||
- else
|
||||
- val="$extra"
|
||||
- fi
|
||||
- eval "$var='$val'"
|
||||
- eval "export $var"
|
||||
- }
|
||||
-
|
||||
-extend LD_LIBRARY_PATH "__EST__/lib:__LDPATH__"
|
||||
-
|
||||
exec __MAIN__/__PROGRAM__ "$@"
|
||||
|
||||
exit 0
|
||||
diff --git a/src/scripts/shared_setup_prl b/src/scripts/shared_setup_prl
|
||||
index eba11ff..139597f 100644
|
||||
--- a/src/scripts/shared_setup_prl
|
||||
+++ b/src/scripts/shared_setup_prl
|
||||
@@ -1,10 +1,2 @@
|
||||
|
||||
-if (defined($ENV{LD_LIBRARY_PATH}))
|
||||
- {
|
||||
- $ENV{LD_LIBRARY_PATH} = "__TOP__/lib:__LDPATH__:$ENV{LD_LIBRARY_PATH}";
|
||||
- }
|
||||
-else
|
||||
- {
|
||||
- $ENV{LD_LIBRARY_PATH} = "__TOP__/lib";
|
||||
- }
|
||||
|
||||
diff --git a/src/scripts/shared_setup_sh b/src/scripts/shared_setup_sh
|
||||
index ae45097..139597f 100644
|
||||
--- a/src/scripts/shared_setup_sh
|
||||
+++ b/src/scripts/shared_setup_sh
|
||||
@@ -1,20 +1,2 @@
|
||||
|
||||
-# festival shared setup
|
||||
-
|
||||
-extend() {
|
||||
- var="$1"
|
||||
- extra="$2"
|
||||
- eval "val=\$$var"
|
||||
-
|
||||
- if [ -n "$val" ]
|
||||
- then
|
||||
- val="$extra:$val"
|
||||
- else
|
||||
- val="$extra"
|
||||
- fi
|
||||
- eval "$var='$val'"
|
||||
- eval "export $var"
|
||||
- }
|
||||
-
|
||||
-extend LD_LIBRARY_PATH "__EST__/lib:__LDPATH__"
|
||||
|
||||
--
|
||||
2.30.0
|
||||
|
||||
27
CVE-2010-3996-festival-safe-temp-file.patch
Normal file
27
CVE-2010-3996-festival-safe-temp-file.patch
Normal file
@ -0,0 +1,27 @@
|
||||
Index: festival/src/scripts/festival_server.sh
|
||||
===================================================================
|
||||
--- festival.orig/src/scripts/festival_server.sh
|
||||
+++ festival/src/scripts/festival_server.sh
|
||||
@@ -210,14 +210,19 @@ trap "handle_term" 0
|
||||
|
||||
if $show
|
||||
then
|
||||
- create_server_startup $port $server_log /tmp/$$ 3>/dev/null
|
||||
+ tmpfile=`mktemp -q`
|
||||
+ if test $? -ne 0; then
|
||||
+ echo "Error while getting configuration."
|
||||
+ exit 1
|
||||
+ fi
|
||||
+ create_server_startup $port $server_log "$tmpfile" 3>/dev/null
|
||||
fl=false
|
||||
while read l
|
||||
do
|
||||
if $fl ; then echo $l ; fi
|
||||
if [ "$l" = ";---" ] ; then fl=true ; fi
|
||||
- done </tmp/$$
|
||||
- /bin/rm -f /tmp/$$
|
||||
+ done < "$tmpfile"
|
||||
+ /bin/rm -f "$tmpfile"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@ -0,0 +1,83 @@
|
||||
From 940c9fa430199725a750f500b32d656c3a91e3cf Mon Sep 17 00:00:00 2001
|
||||
From: starlet-dx <15929766099@163.com>
|
||||
Date: Mon, 14 Mar 2022 15:18:45 +0800
|
||||
Subject: [PATCH 1/1] speech_tools-no-LD_LIBRARY_PATH-extension
|
||||
|
||||
---
|
||||
speech_tools/scripts/shared_script | 19 -------------------
|
||||
speech_tools/scripts/shared_setup_prl | 8 --------
|
||||
speech_tools/scripts/shared_setup_sh | 18 ------------------
|
||||
3 files changed, 45 deletions(-)
|
||||
|
||||
diff --git a/speech_tools/scripts/shared_script b/speech_tools/scripts/shared_script
|
||||
index ca3e1b5..5c17b7e 100644
|
||||
--- a/speech_tools/scripts/shared_script
|
||||
+++ b/speech_tools/scripts/shared_script
|
||||
@@ -1,24 +1,5 @@
|
||||
#!/bin/sh
|
||||
|
||||
-# EST shared script
|
||||
-
|
||||
-extend() {
|
||||
- var="$1"
|
||||
- extra="$2"
|
||||
- eval "val=\$$var"
|
||||
-
|
||||
- if [ -n "$val" ]
|
||||
- then
|
||||
- val="$extra:$val"
|
||||
- else
|
||||
- val="$extra"
|
||||
- fi
|
||||
- eval "$var='$val'"
|
||||
- eval "export $var"
|
||||
- }
|
||||
-
|
||||
-extend LD_LIBRARY_PATH "__LIB__:__LDPATH__"
|
||||
-
|
||||
exec __MAIN__/__PROGRAM__ "$@"
|
||||
|
||||
exit 0
|
||||
diff --git a/speech_tools/scripts/shared_setup_prl b/speech_tools/scripts/shared_setup_prl
|
||||
index eba11ff..139597f 100644
|
||||
--- a/speech_tools/scripts/shared_setup_prl
|
||||
+++ b/speech_tools/scripts/shared_setup_prl
|
||||
@@ -1,10 +1,2 @@
|
||||
|
||||
-if (defined($ENV{LD_LIBRARY_PATH}))
|
||||
- {
|
||||
- $ENV{LD_LIBRARY_PATH} = "__TOP__/lib:__LDPATH__:$ENV{LD_LIBRARY_PATH}";
|
||||
- }
|
||||
-else
|
||||
- {
|
||||
- $ENV{LD_LIBRARY_PATH} = "__TOP__/lib";
|
||||
- }
|
||||
|
||||
diff --git a/speech_tools/scripts/shared_setup_sh b/speech_tools/scripts/shared_setup_sh
|
||||
index 64f0ba9..139597f 100644
|
||||
--- a/speech_tools/scripts/shared_setup_sh
|
||||
+++ b/speech_tools/scripts/shared_setup_sh
|
||||
@@ -1,20 +1,2 @@
|
||||
|
||||
-# EST shared setup
|
||||
-
|
||||
-extend() {
|
||||
- var="$1"
|
||||
- extra="$2"
|
||||
- eval "val=\$$var"
|
||||
-
|
||||
- if [ -n "$val" ]
|
||||
- then
|
||||
- val="$extra:$val"
|
||||
- else
|
||||
- val="$extra"
|
||||
- fi
|
||||
- eval "$var='$val'"
|
||||
- eval "export $var"
|
||||
- }
|
||||
-
|
||||
-extend LD_LIBRARY_PATH "__TOP__/lib:__LDPATH__"
|
||||
|
||||
--
|
||||
2.30.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: festival
|
||||
Version: 1.96
|
||||
Release: 44
|
||||
Release: 45
|
||||
Summary: Festival Speech Synthesis System
|
||||
License: MIT and GPL+ and TCL
|
||||
URL: http://www.cstr.ed.ac.uk/projects/festival/
|
||||
@ -54,6 +54,10 @@ Patch97: no-shared-data.patch
|
||||
Patch98: festival-1.96-server-script-typo.patch
|
||||
Patch99: festival-gcc7.patch
|
||||
Patch100: Fix-festival-gcc10.patch
|
||||
#https://build.opensuse.org/package/show/openSUSE:Factory/festival
|
||||
Patch101: CVE-2010-3996-festival-no-LD_LIBRARY_PATH-extension.patch
|
||||
Patch102: CVE-2010-3996-festival-safe-temp-file.patch
|
||||
Patch103: CVE-2010-3996-speech_tools-no-LD_LIBRARY_PATH-extension.patch
|
||||
|
||||
BuildRequires: gcc gcc-c++ pulseaudio-libs-devel texi2html ncurses-devel
|
||||
Requires(post): /sbin/ldconfig
|
||||
@ -166,6 +170,9 @@ done
|
||||
%patch98
|
||||
%patch99 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch102 -p1
|
||||
%patch103 -p1
|
||||
|
||||
rm festdoc-%{docversion}/speech_tools/doc/index_html.jade
|
||||
rm festdoc-%{docversion}/speech_tools/doc/tex_stuff.jade
|
||||
@ -349,6 +356,9 @@ fi
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Tue Mar 15 2022 yaoxin <yaoxin30@huawei.com> - 1.96-45
|
||||
- Fix CVE-2010-3996
|
||||
|
||||
* Tue Aug 03 2021 wangyong <wangyong187@huawei.com> - 1.96-44
|
||||
- Fix build error caused by GCC upgrade to GCC-10
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user