aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-10-24 09:24:05 -0300
committerKevin Daudt <kdaudt@alpinelinux.org>2019-10-31 16:40:26 +0000
commitb536611ee6298539033c380cc5f69a7e7a433e8e (patch)
treebf01970caf054cf568c266c1def4cb807ef7610b
parent10154706bf344955d0bcd1e5ecb1ef7a7aeec2e5 (diff)
main/aspell: fix CVE-2019-17544
ref #10898 Closes !773
-rw-r--r--main/aspell/APKBUILD15
-rw-r--r--main/aspell/CVE-2019-17544.patch39
2 files changed, 49 insertions, 5 deletions
diff --git a/main/aspell/APKBUILD b/main/aspell/APKBUILD
index 7fe214a4950..096c0546b30 100644
--- a/main/aspell/APKBUILD
+++ b/main/aspell/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=aspell
pkgver=0.60.6.1
-pkgrel=12
+pkgrel=13
pkgdesc="A spell checker designed to eventually replace Ispell"
url="http://aspell.net/"
arch="all"
@@ -13,9 +13,15 @@ depends=
depends_dev="$pkgname-utils"
makedepends="ncurses-dev perl gettext-dev"
install=
-source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+ CVE-2019-17544.patch
+ "
builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+# 0.60.6.1-r13:
+# - CVE-2019-17544
+
prepare() {
cd "$builddir"
default_prepare
@@ -67,6 +73,5 @@ libs() {
rm -fr "$pkgdir"/usr/lib
}
-md5sums="e66a9c9af6a60dc46134fdacf6ce97d7 aspell-0.60.6.1.tar.gz"
-sha256sums="f52583a83a63633701c5f71db3dc40aab87b7f76b29723aeb27941eff42df6e1 aspell-0.60.6.1.tar.gz"
-sha512sums="f310c7590be98406589b5c26ca36a2ecfe4733f0b40fd6c176b96b7955ef2b5cd0ec9a3d770cf132146ae7a896042b4b698945112995ee1ae66adcfa5542247f aspell-0.60.6.1.tar.gz"
+sha512sums="f310c7590be98406589b5c26ca36a2ecfe4733f0b40fd6c176b96b7955ef2b5cd0ec9a3d770cf132146ae7a896042b4b698945112995ee1ae66adcfa5542247f aspell-0.60.6.1.tar.gz
+8df739702cc7591344359721eb7fff247b02404a60666cc94b1e8da063c711d87df5f97dcf22af05efdb54f4e2a38bbc0b6b2bb60386fc6e9c68e15fe2fa9535 CVE-2019-17544.patch"
diff --git a/main/aspell/CVE-2019-17544.patch b/main/aspell/CVE-2019-17544.patch
new file mode 100644
index 00000000000..5bdb4391514
--- /dev/null
+++ b/main/aspell/CVE-2019-17544.patch
@@ -0,0 +1,39 @@
+diff --git a/common/config.cpp b/common/config.cpp
+index b1e919b..51486a7 100644
+--- a/common/config.cpp
++++ b/common/config.cpp
+@@ -763,7 +763,7 @@ namespace acommon {
+ }
+ res.append(':');
+ }
+- if (res.back() == ':') res.pop_back();
++ if (!res.empty() && res.back() == ':') res.pop_back();
+ }
+
+ struct ListAddHelper : public AddableContainer
+diff --git a/common/file_util.cpp b/common/file_util.cpp
+index 8515832..56ea501 100644
+--- a/common/file_util.cpp
++++ b/common/file_util.cpp
+@@ -181,6 +181,7 @@ namespace acommon {
+ while ( (dir = els.next()) != 0 )
+ {
+ path = dir;
++ if (path.empty()) continue;
+ if (path.back() != '/') path += '/';
+ unsigned dir_len = path.size();
+ path += filename;
+diff --git a/common/getdata.cpp b/common/getdata.cpp
+index 7e822c9..1b04823 100644
+--- a/common/getdata.cpp
++++ b/common/getdata.cpp
+@@ -64,7 +64,7 @@ namespace acommon {
+ char * unescape(char * dest, const char * src)
+ {
+ while (*src) {
+- if (*src == '\\') {
++ if (*src == '\\' && src[1]) {
+ ++src;
+ switch (*src) {
+ case 'n': *dest = '\n'; break;
+