diff options
author | A. Wilcox <awilcox@wilcox-tech.com> | 2020-03-10 02:44:11 +0000 |
---|---|---|
committer | A. Wilcox <awilcox@wilcox-tech.com> | 2020-03-10 02:44:11 +0000 |
commit | b2b91cc7b341c21dd2754f766e3688d1cd8683cd (patch) | |
tree | 89eb840eb4db48f40d8e3b4315b883b108d3b71e /user/hunspell | |
parent | 757c7417918541af9e656e023b2ead86998a07d9 (diff) | |
parent | 2da62e2b9ab827bf6930e008d51cd0ab468dbd1b (diff) | |
download | packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.tar.gz packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.tar.bz2 packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.tar.xz packages-b2b91cc7b341c21dd2754f766e3688d1cd8683cd.zip |
Merge branch 'cves.2020.02.28' into 'master'
CVE patches for 2020.02.28
See merge request adelie/packages!408
Diffstat (limited to 'user/hunspell')
-rw-r--r-- | user/hunspell/APKBUILD | 14 | ||||
-rw-r--r-- | user/hunspell/CVE-2019-16707.patch | 22 |
2 files changed, 32 insertions, 4 deletions
diff --git a/user/hunspell/APKBUILD b/user/hunspell/APKBUILD index 79da8d619..ec63c5414 100644 --- a/user/hunspell/APKBUILD +++ b/user/hunspell/APKBUILD @@ -1,7 +1,7 @@ -# Maintainer: +# Maintainer: pkgname=hunspell pkgver=1.7.0 -pkgrel=0 +pkgrel=1 pkgdesc="Spell checker and morphological analyzer library and program" url="https://hunspell.github.io/" arch="all" @@ -9,7 +9,12 @@ license="GPL-2.0+ AND LGPL-2.0+ AND MPL-1.1" depends="" makedepends="ncurses-dev autoconf automake libtool" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" -source="$pkgname-$pkgver.tar.gz::https://github.com/hunspell/hunspell/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/hunspell/hunspell/archive/v$pkgver.tar.gz + CVE-2019-16707.patch" + +# secfixes: +# 1.7.0-r1: +# - CVE-2019-16707 prepare() { default_prepare @@ -35,4 +40,5 @@ package() { make -j1 DESTDIR="$pkgdir" install } -sha512sums="8149b2e8b703a0610c9ca5160c2dfad3cf3b85b16b3f0f5cfcb7ebb802473b2d499e8e2d0a637a97a37a24d62424e82d3880809210d3f043fa17a4970d47c903 hunspell-1.7.0.tar.gz" +sha512sums="8149b2e8b703a0610c9ca5160c2dfad3cf3b85b16b3f0f5cfcb7ebb802473b2d499e8e2d0a637a97a37a24d62424e82d3880809210d3f043fa17a4970d47c903 hunspell-1.7.0.tar.gz +e7674819a9da4c3d742d34338d68d137d8613f97be2d25bf20db5219d4dd626f59a63ed4757b92f34307f499f2d687014065cdea97b55c98db295a8290300d2d CVE-2019-16707.patch" diff --git a/user/hunspell/CVE-2019-16707.patch b/user/hunspell/CVE-2019-16707.patch new file mode 100644 index 000000000..649eef5b2 --- /dev/null +++ b/user/hunspell/CVE-2019-16707.patch @@ -0,0 +1,22 @@ +From ac938e2ecb48ab4dd21298126c7921689d60571b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com> +Date: Tue, 12 Nov 2019 20:03:15 +0000 +Subject: [PATCH] invalid read memory access #624 + +--- + src/hunspell/suggestmgr.cxx | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx +index dba084e9..c23f165a 100644 +--- a/src/hunspell/suggestmgr.cxx ++++ b/src/hunspell/suggestmgr.cxx +@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring( + int l2 = su2.size(); + // decapitalize dictionary word + if (complexprefixes) { +- if (su1[l1 - 1] == su2[l2 - 1]) ++ if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1]) + return 1; + } else { + unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l; |