diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2020-01-07 13:08:20 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2020-01-07 13:09:44 +0000 |
| commit | 8d9741b8c528f0fceb3321dfaaa66f3746888f1f (patch) | |
| tree | cbf4cbd2e8f21316e30aa16568d3a7ae45ebe594 | |
| parent | 739b1c4d5cc974a69631d54e887289c9c79dce02 (diff) | |
| download | aports-8d9741b8c528f0fceb3321dfaaa66f3746888f1f.tar.gz aports-8d9741b8c528f0fceb3321dfaaa66f3746888f1f.tar.bz2 aports-8d9741b8c528f0fceb3321dfaaa66f3746888f1f.tar.xz | |
main/hunspell: fix CVE-2019-16707
fixes #11101
| -rw-r--r-- | main/hunspell/APKBUILD | 13 | ||||
| -rw-r--r-- | main/hunspell/CVE-2019-16707.patch | 22 |
2 files changed, 32 insertions, 3 deletions
diff --git a/main/hunspell/APKBUILD b/main/hunspell/APKBUILD index 9bc05a42cb6..2b3d1b6aae3 100644 --- a/main/hunspell/APKBUILD +++ b/main/hunspell/APKBUILD @@ -1,16 +1,22 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=hunspell pkgver=1.6.2 -pkgrel=1 +pkgrel=2 pkgdesc="Spell checker and morphological analyzer library and program" url="https://hunspell.github.io/" arch="all" license="GPL-2.0-or-later LGPL-2.0-or-later MPL-1.1" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" makedepends="gettext-dev ncurses-dev readline-dev autoconf automake libtool" -source="$pkgname-$pkgver.tar.gz::https://github.com/hunspell/hunspell/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/hunspell/hunspell/archive/v$pkgver.tar.gz + CVE-2019-16707.patch + " builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 1.6.2-r2: +# - CVE-2019-16707 + prepare() { cd "$builddir" default_prepare @@ -40,4 +46,5 @@ package() { make -j1 DESTDIR="$pkgdir" install } -sha512sums="a23127f1271da95ac06a1fb2f57b659485e959567b61da05b2bb350684003a0fb7e882b5e524c465fd890f79f513ed03174f38611989a1c09081147c47d6da11 hunspell-1.6.2.tar.gz" +sha512sums="a23127f1271da95ac06a1fb2f57b659485e959567b61da05b2bb350684003a0fb7e882b5e524c465fd890f79f513ed03174f38611989a1c09081147c47d6da11 hunspell-1.6.2.tar.gz +e7674819a9da4c3d742d34338d68d137d8613f97be2d25bf20db5219d4dd626f59a63ed4757b92f34307f499f2d687014065cdea97b55c98db295a8290300d2d CVE-2019-16707.patch" diff --git a/main/hunspell/CVE-2019-16707.patch b/main/hunspell/CVE-2019-16707.patch new file mode 100644 index 00000000000..649eef5b293 --- /dev/null +++ b/main/hunspell/CVE-2019-16707.patch @@ -0,0 +1,22 @@ +From ac938e2ecb48ab4dd21298126c7921689d60571b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> +Date: Tue, 12 Nov 2019 20:03:15 +0000 +Subject: [PATCH] invalid read memory access #624 + +--- + src/hunspell/suggestmgr.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx +index dba084e9..c23f165a 100644 +--- a/src/hunspell/suggestmgr.cxx ++++ b/src/hunspell/suggestmgr.cxx +@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring( + int l2 = su2.size(); + // decapitalize dictionary word + if (complexprefixes) { +- if (su1[l1 - 1] == su2[l2 - 1]) ++ if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1]) + return 1; + } else { + unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l; |