aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2020-01-07 13:08:20 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2020-01-07 13:08:20 +0000
commit1839ebaf8cb2877211ea94226e7da84ca113eb21 (patch)
treec1220acff81e922a0dfeb9e7b12ab631d3fcbdf9
parent4e803597c91a0cf312e53ce62458e81f5294c6e9 (diff)
downloadaports-1839ebaf8cb2877211ea94226e7da84ca113eb21.tar.gz
aports-1839ebaf8cb2877211ea94226e7da84ca113eb21.tar.bz2
aports-1839ebaf8cb2877211ea94226e7da84ca113eb21.tar.xz
main/hunspell: fix CVE-2019-16707
fixes #11101
-rw-r--r--main/hunspell/APKBUILD13
-rw-r--r--main/hunspell/CVE-2019-16707.patch22
2 files changed, 32 insertions, 3 deletions
diff --git a/main/hunspell/APKBUILD b/main/hunspell/APKBUILD
index 9bc05a42cb..2b3d1b6aae 100644
--- a/main/hunspell/APKBUILD
+++ b/main/hunspell/APKBUILD
@@ -1,16 +1,22 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=hunspell
pkgver=1.6.2
-pkgrel=1
+pkgrel=2
pkgdesc="Spell checker and morphological analyzer library and program"
url="https://hunspell.github.io/"
arch="all"
license="GPL-2.0-or-later LGPL-2.0-or-later MPL-1.1"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
makedepends="gettext-dev ncurses-dev readline-dev autoconf automake libtool"
-source="$pkgname-$pkgver.tar.gz::https://github.com/hunspell/hunspell/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/hunspell/hunspell/archive/v$pkgver.tar.gz
+ CVE-2019-16707.patch
+ "
builddir="$srcdir/$pkgname-$pkgver"
+# secfixes:
+# 1.6.2-r2:
+# - CVE-2019-16707
+
prepare() {
cd "$builddir"
default_prepare
@@ -40,4 +46,5 @@ package() {
make -j1 DESTDIR="$pkgdir" install
}
-sha512sums="a23127f1271da95ac06a1fb2f57b659485e959567b61da05b2bb350684003a0fb7e882b5e524c465fd890f79f513ed03174f38611989a1c09081147c47d6da11 hunspell-1.6.2.tar.gz"
+sha512sums="a23127f1271da95ac06a1fb2f57b659485e959567b61da05b2bb350684003a0fb7e882b5e524c465fd890f79f513ed03174f38611989a1c09081147c47d6da11 hunspell-1.6.2.tar.gz
+e7674819a9da4c3d742d34338d68d137d8613f97be2d25bf20db5219d4dd626f59a63ed4757b92f34307f499f2d687014065cdea97b55c98db295a8290300d2d CVE-2019-16707.patch"
diff --git a/main/hunspell/CVE-2019-16707.patch b/main/hunspell/CVE-2019-16707.patch
new file mode 100644
index 0000000000..649eef5b29
--- /dev/null
+++ b/main/hunspell/CVE-2019-16707.patch
@@ -0,0 +1,22 @@
+From ac938e2ecb48ab4dd21298126c7921689d60571b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
+Date: Tue, 12 Nov 2019 20:03:15 +0000
+Subject: [PATCH] invalid read memory access #624
+
+---
+ src/hunspell/suggestmgr.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx
+index dba084e9..c23f165a 100644
+--- a/src/hunspell/suggestmgr.cxx
++++ b/src/hunspell/suggestmgr.cxx
+@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring(
+ int l2 = su2.size();
+ // decapitalize dictionary word
+ if (complexprefixes) {
+- if (su1[l1 - 1] == su2[l2 - 1])
++ if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
+ return 1;
+ } else {
+ unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;