Hello community,
here is the log from the commit of package festival for openSUSE:Factory
checked in at Sat Oct 2 01:22:15 CEST 2010.
--------
--- festival/festival.changes 2009-06-10 14:40:44.000000000 +0200
+++ /mounts/work_src_done/STABLE/festival/festival.changes 2010-09-30 14:50:22.000000000 +0200
@@ -1,0 +2,14 @@
+Thu Sep 30 14:46:34 CEST 2010 - vuntz@opensuse.org
+
+- Add festival-safe-temp-file.patch: do not use the PID of the
+ process to create a temporary file. Mentioned in bnc#642507.
+
+-------------------------------------------------------------------
+Wed Sep 29 12:27:31 CEST 2010 - vuntz@opensuse.org
+
+- Add festival-no-LD_LIBRARY_PATH-extension.patch and
+ speech_tools-no-LD_LIBRARY_PATH-extension.patch: do not change
+ LD_LIBRARY_PATH to include a directory that can be used by
+ malicious users. Fix bnc#642507.
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
festival-no-LD_LIBRARY_PATH-extension.patch
festival-safe-temp-file.patch
speech_tools-no-LD_LIBRARY_PATH-extension.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ festival.spec ++++++
--- /var/tmp/diff_new_pack.cxd3h6/_old 2010-10-02 01:18:50.000000000 +0200
+++ /var/tmp/diff_new_pack.cxd3h6/_new 2010-10-02 01:18:50.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package festival (Version 1.96)
#
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,11 +21,11 @@
Name: festival
BuildRequires: gcc-c++ ncurses-devel pkgconfig
Url: http://www.cstr.ed.ac.uk/projects/festival/
-License: BSD 3-Clause
+License: BSD3c
Group: Productivity/Text/Convertors
AutoReqProv: on
Version: 1.96
-Release: 121
+Release: 128
Summary: The Festival Speech Synthesis System
Source0: festival-%{version}-beta.tar.bz2
Source1: speech_tools-1.2.96-beta.tar.bz2
@@ -42,6 +42,10 @@
Patch4: festival-1.95-libdir.patch
Patch7: festival-1.95-audsp.patch
Patch8: festival-1.96-chroot.patch
+# PATCH-FIX-UPSTREAM festival-no-LD_LIBRARY_PATH-extension.patch bnc#642507 vuntz@opensuse.org -- Do not change LD_LIBRARY_PATH in binaries, to avoid any risks
+Patch9: festival-no-LD_LIBRARY_PATH-extension.patch
+# PATCH-FIX-UPSTREAM festival-safe-temp-file.patch bnc#642507 vuntz@opensuse.org -- Create temporary files in a safe way
+Patch10: festival-safe-temp-file.patch
# speech-tools patches
Patch11: speech_tools-1.2.95-gcc4.patch
Patch12: speech_tools-1.2.95-config.patch
@@ -49,6 +53,8 @@
Patch14: speech_tools-1.2.95-returnvalue.patch
Patch15: speech_tools-1.2.96-beta.patch
Patch16: speech_tools-1.2.96-beta-const.patch
+# PATCH-FIX-UPSTREAM speech_tools-no-LD_LIBRARY_PATH-extension.patch vuntz@opensuse.org -- Do not change LD_LIBRARY_PATH in binaries, to avoid any risks
+Patch17: speech_tools-no-LD_LIBRARY_PATH-extension.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %fillup_prereq /usr/sbin/useradd /usr/sbin/groupadd
@@ -59,16 +65,8 @@
techniques. It is written in C++ and has a Scheme-based command
interpreter for general control.
-
-
-Authors:
---------
- Alan W Black