1 files changed, 42 insertions, 0 deletions

diff --git a/audio/flite/patches/patch-CVE-2014-0027 b/audio/flite/patches/patch-CVE-2014-0027
new file mode 100644
index 00000000000..d056f712b3b
--- /dev/null
+++ b/audio/flite/patches/patch-CVE-2014-0027
@@ -0,0 +1,42 @@
+$NetBSD: patch-CVE-2014-0027,v 1.1 2019/09/07 11:42:49 nia Exp $
+
+Only write audio data to a file in debug builds.
+
+This isn't useful in regular builds and is actually a security concern.
+
+https://github.com/festvox/flite/pull/3
+
+--- src/audio/auserver.c.orig	2017-10-21 14:01:07.000000000 +0000
++++ src/audio/auserver.c
+@@ -67,9 +67,11 @@ static int play_wave_from_socket(snd_hea
+     int q,i,n,r;
+     unsigned char bytes[CST_AUDIOBUFFSIZE];
+     short shorts[CST_AUDIOBUFFSIZE];
++#ifdef DEBUG
+     cst_file fff;
+ 
+     fff = cst_fopen("/tmp/awb.wav",CST_OPEN_WRITE|CST_OPEN_BINARY);
++#endif
+ 
+     if ((audio_device = audio_open(header->sample_rate,1,
+ 				   (header->encoding == CST_SND_SHORT) ?
+@@ -116,7 +118,9 @@ static int play_wave_from_socket(snd_hea
+ 	for (q=r; q > 0; q-=n)
+ 	{
+ 	    n = audio_write(audio_device,shorts,q);
++#ifdef DEBUG
+ 	    cst_fwrite(fff,shorts,2,q);
++#endif
+ 	    if (n <= 0)
+ 	    {
+ 		audio_close(audio_device);
+@@ -125,7 +129,9 @@ static int play_wave_from_socket(snd_hea
+ 	}
+     }
+     audio_close(audio_device);
++#ifdef DEBUG
+     cst_fclose(fff);
++#endif
+ 
+     return CST_OK_FORMAT;
+