From bb5a66fb88ad207f1eaea30e9015d1a6b1055082 Mon Sep 17 00:00:00 2001
From: CentOS Buildsys <bugs@centos.org>
Date: Jan 24 2014 21:56:39 +0000
Subject: import flite-1.3-22.el7.src.rpm


---

diff --git a/SOURCES/0001-auserver.c-Only-write-audio-data-to-a-file-in-debug-.patch b/SOURCES/0001-auserver.c-Only-write-audio-data-to-a-file-in-debug-.patch
new file mode 100644
index 0000000..09b54f6
--- /dev/null
+++ b/SOURCES/0001-auserver.c-Only-write-audio-data-to-a-file-in-debug-.patch
@@ -0,0 +1,50 @@
+From a85193f122b7ec0d377e0a39ac58c64f12c51085 Mon Sep 17 00:00:00 2001
+From: Rui Matos <tiagomatos@gmail.com>
+Date: Mon, 6 Jan 2014 13:45:00 +0000
+Subject: [PATCH] auserver.c: Only write audio data to a file in debug builds
+
+This isn't useful in regular builds and is actually a security
+concern.
+---
+ src/audio/auserver.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/audio/auserver.c b/src/audio/auserver.c
+index 29716d3..3e838d0 100644
+--- a/src/audio/auserver.c
++++ b/src/audio/auserver.c
+@@ -58,9 +58,11 @@ static int play_wave_from_socket(snd_header *header,int audiostream)
+     int q,i,n,r;
+     unsigned char bytes[CST_AUDIOBUFFSIZE];
+     short shorts[CST_AUDIOBUFFSIZE];
++#ifdef DEBUG
+     cst_file fff;
+ 
+     fff = cst_fopen("/tmp/awb.wav",CST_OPEN_WRITE|CST_OPEN_BINARY);
++#endif
+ 
+     if ((audio_device = audio_open(header->sample_rate,1,
+ 				   (header->encoding == CST_SND_SHORT) ?
+@@ -107,7 +109,9 @@ static int play_wave_from_socket(snd_header *header,int audiostream)
+ 	for (q=r; q > 0; q-=n)
+ 	{
+ 	    n = audio_write(audio_device,shorts,q);
++#ifdef DEBUG
+ 	    cst_fwrite(fff,shorts,2,q);
++#endif
+ 	    if (n <= 0)
+ 	    {
+ 		audio_close(audio_device);
+@@ -116,7 +120,9 @@ static int play_wave_from_socket(snd_header *header,int audiostream)
+ 	}
+     }
+     audio_close(audio_device);
++#ifdef DEBUG
+     cst_fclose(fff);
++#endif
+ 
+     return CST_OK_FORMAT;
+ 
+-- 
+1.8.3.1
+
diff --git a/SPECS/flite.spec b/SPECS/flite.spec
index 99b6672..aaf034c 100644
--- a/SPECS/flite.spec
+++ b/SPECS/flite.spec
@@ -1,6 +1,6 @@
 Name:           flite
 Version:        1.3
-Release:        19%{?dist}
+Release:        22%{?dist}
 Summary:        Small, fast speech synthesis engine (text-to-speech)
 
 Group:          Applications/Multimedia
@@ -12,6 +12,7 @@ Patch0:         flite-1.3-sharedlibs.patch
 Patch1:         flite-1.3-doc_texinfo.patch
 Patch2:         flite-1.3-alsa_support.patch
 Patch3:         flite-1.3-implicit_dso_linking.patch
+Patch4:         0001-auserver.c-Only-write-audio-data-to-a-file-in-debug-.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %if 0%{?el4}
@@ -45,6 +46,7 @@ Development files for Flite, a small, fast speech synthesis engine.
 %patch1 -p1 -b .flite-1.3-doc_texinfo
 %patch2 -p1 -b .flite-1.3-alsa_support
 %patch3 -p1 -b .flite-1.3-implicit_dso_linking
+%patch4 -p1
 cp -p %{SOURCE1} .
 
 
@@ -96,6 +98,15 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.3-22
+- Mass rebuild 2014-01-24
+
+* Mon Jan  6 2014 Rui Matos <rmatos@redhat.com> - 1.3-21
+- Resolves: (CVE-2014-0027) flite: insecure temporary file use
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.3-20
+- Mass rebuild 2013-12-27
+
 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-19
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild