aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2019-10-24 09:24:05 -0300
committerKevin Daudt <kdaudt@alpinelinux.org>2019-10-31 16:40:16 +0000
commit04fd297cbeb9d82c92edd1d0295cc3df604e8f76 (patch)
tree9172ed9a8011a533eb17ded50b672926991714b8
parentac13a7ec13c38e284179ba8bd155ea75a6bb62ea (diff)
downloadaports-04fd297cbeb9d82c92edd1d0295cc3df604e8f76.tar.gz
aports-04fd297cbeb9d82c92edd1d0295cc3df604e8f76.tar.bz2
aports-04fd297cbeb9d82c92edd1d0295cc3df604e8f76.tar.xz
main/aspell: fix CVE-2019-17544
ref #10898 Closes !772
-rw-r--r--main/aspell/APKBUILD10
-rw-r--r--main/aspell/CVE-2019-17544.patch39
2 files changed, 47 insertions, 2 deletions
diff --git a/main/aspell/APKBUILD b/main/aspell/APKBUILD
index 208b251e7e..358b2ac985 100644
--- a/main/aspell/APKBUILD
+++ b/main/aspell/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=aspell
pkgver=0.60.6.1
-pkgrel=13
+pkgrel=14
pkgdesc="A spell checker designed to eventually replace Ispell"
url="http://aspell.net/"
arch="all"
@@ -15,9 +15,14 @@ makedepends="ncurses-dev perl gettext-dev"
install=
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
0001-Compile-Fixes-for-GCC-7.patch
+ CVE-2019-17544.patch
"
builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+# 0.60.6.1-r14:
+# - CVE-2019-17544
+
prepare() {
cd "$builddir"
default_prepare
@@ -70,4 +75,5 @@ libs() {
}
sha512sums="f310c7590be98406589b5c26ca36a2ecfe4733f0b40fd6c176b96b7955ef2b5cd0ec9a3d770cf132146ae7a896042b4b698945112995ee1ae66adcfa5542247f aspell-0.60.6.1.tar.gz
-05875eca05d3b5ba9b7577f193fd8b0a2a372b4392f7a7901aee250bacbde924622e27278dc50582be684ed5d289968a98ee70ae0d9f6cb44a50ed454805c58a 0001-Compile-Fixes-for-GCC-7.patch"
+05875eca05d3b5ba9b7577f193fd8b0a2a372b4392f7a7901aee250bacbde924622e27278dc50582be684ed5d289968a98ee70ae0d9f6cb44a50ed454805c58a 0001-Compile-Fixes-for-GCC-7.patch
+8df739702cc7591344359721eb7fff247b02404a60666cc94b1e8da063c711d87df5f97dcf22af05efdb54f4e2a38bbc0b6b2bb60386fc6e9c68e15fe2fa9535 CVE-2019-17544.patch"
diff --git a/main/aspell/CVE-2019-17544.patch b/main/aspell/CVE-2019-17544.patch
new file mode 100644
index 0000000000..5bdb439151
--- /dev/null
+++ b/main/aspell/CVE-2019-17544.patch
@@ -0,0 +1,39 @@
+diff --git a/common/config.cpp b/common/config.cpp
+index b1e919b..51486a7 100644
+--- a/common/config.cpp
++++ b/common/config.cpp
+@@ -763,7 +763,7 @@ namespace acommon {
+ }
+ res.append(':');
+ }
+- if (res.back() == ':') res.pop_back();
++ if (!res.empty() && res.back() == ':') res.pop_back();
+ }
+
+ struct ListAddHelper : public AddableContainer
+diff --git a/common/file_util.cpp b/common/file_util.cpp
+index 8515832..56ea501 100644
+--- a/common/file_util.cpp
++++ b/common/file_util.cpp
+@@ -181,6 +181,7 @@ namespace acommon {
+ while ( (dir = els.next()) != 0 )
+ {
+ path = dir;
++ if (path.empty()) continue;
+ if (path.back() != '/') path += '/';
+ unsigned dir_len = path.size();
+ path += filename;
+diff --git a/common/getdata.cpp b/common/getdata.cpp
+index 7e822c9..1b04823 100644
+--- a/common/getdata.cpp
++++ b/common/getdata.cpp
+@@ -64,7 +64,7 @@ namespace acommon {
+ char * unescape(char * dest, const char * src)
+ {
+ while (*src) {
+- if (*src == '\\') {
++ if (*src == '\\' && src[1]) {
+ ++src;
+ switch (*src) {
+ case 'n': *dest = '\n'; break;
+