summaryrefslogtreecommitdiff
path: root/app-text/aspell
diff options
context:
space:
mode:
Diffstat (limited to 'app-text/aspell')
-rw-r--r--app-text/aspell/Manifest3
-rw-r--r--app-text/aspell/aspell-0.60.8-r3.ebuild (renamed from app-text/aspell/aspell-0.60.8-r1.ebuild)3
-rw-r--r--app-text/aspell/files/aspell-0.60.8-cve-2019-25051.patch96
3 files changed, 100 insertions, 2 deletions
diff --git a/app-text/aspell/Manifest b/app-text/aspell/Manifest
index 75f18dd0a2f8..05d25b6e3e20 100644
--- a/app-text/aspell/Manifest
+++ b/app-text/aspell/Manifest
@@ -3,6 +3,7 @@ AUX aspell-0.60.5-solaris.patch 538 BLAKE2B bafba6f85217bca2f27382ce6f25d511e2db
AUX aspell-0.60.6-darwin-bundles.patch 967 BLAKE2B 2b159dbac972ad9a246723fd7fbbdd34d611ac1647828fc9ee7afdc70bef326bb11794e80ecfc1b14166fcedc199d880fbc83e54824d333cd2590873a14ae03e SHA512 d1725c48b0fcb77131ad7d8804afd87fc9552993552bbee52164ad9d8b49e9e3ddd6d78b1a519ab242462e4f66f32b375e995aca1feb88faaddb5c036f6cf6eb
AUX aspell-0.60.6.1-clang.patch 1288 BLAKE2B fa2da2471f3ec3c6d5c9a98c0afd000bd86cd116b8380ea7ef2acdd1ffb1bf4f241fa60222b2228c60cfd643bb5f310c5671a649e71850ec830ec6d5fcc44cf8 SHA512 453e46b6057dc9fba5e80aa9a3c569f5aa2bc04deeebc4951539e6f251babfba0f6ea2e4f51c59d6e870bf69b1ef7d03b76816d7557a6b673ed0d276f0b3244f
AUX aspell-0.60.6.1-unicode.patch 8273 BLAKE2B ceadde03ffb1904e58c76074444013d2517a20dafeb5847963b6d8e3dbd4ab7fb00fe0d13fd26d3381edeb4e68b2feefb2c8b44186336bdfe197d483920dd509 SHA512 8601183d2e84801c193f5a4412e021ff79ccd27e031c0e8ec85a879619868d13389cb60fb0f4fa971114da64645dd4fc5cbe480f49e88d575826cf429a533b98
+AUX aspell-0.60.8-cve-2019-25051.patch 2880 BLAKE2B b181caf27feae7eae908c92496a5f05f7e7f1f1a089c460b757c2f745b97f5339d4c8e13cf851e704cff7952c5dcd5ad0a8496ec1ae45c1e83fb1fa577134c63 SHA512 529f3f4737d2e19f7571f4c8666b1cd089cc4e9dfdaa52dc468919f01ce9f8f8112d8fe8afda295b3dfb92f5e0c2bbd79bf1ec69f06c163c32eb28f0168ab263
DIST aspell-0.60.8.tar.gz 3486448 BLAKE2B a72e70af65749059a576740377f93b20ab283f73fa7919894f6af189b5aa73581fa0410800851c9396e7d13f4cbc2f7edc23c53d46874d0389ffdb2432ff08c2 SHA512 8ef4952c553b6234dfe777240d2d97beb13ef9201e18d56bee3b5068d13525db3625b7130d9f5122f7c529da0ccb0c70eb852a81472a7d15fb7c4ee5ba21cd29
-EBUILD aspell-0.60.8-r1.ebuild 2785 BLAKE2B 00825b68a63d55438388d5186910efb724e2afd6a4bd8bb2973f75b136a754666753a1ed43bdeb906e9fc1051597eca1129c99496cb842a08d2d3672cc1ccc76 SHA512 48ce8e82a61f1180f81e87826f9c97ba9fe7c44a70f082a5dfa76cc9797c54d6d5ace73d2e3198e008772e9b82a614987415b8c02016759e5be108c30def6cbb
+EBUILD aspell-0.60.8-r3.ebuild 2836 BLAKE2B f263110d907b5d3906863e2196f873073b209662d4a885fd5d2dd0d58e2f4fc81f743f0b7b9d28506656ac350ff4a37419229870897de24308eb465ada95c32d SHA512 f2275e2d87c00600d7ad265db2a6822f3ac7af84b0474fb500acdf70ed152cb48969e8d41c0e5703e3a6a2aaa4f26e6be6b17c03cb1a71f9cb8770410dbd33d2
MISC metadata.xml 250 BLAKE2B d57634b040c498296655940e3ee580c8580075a4190e2600113cee5548ff44a2025568380f3d5d9f3ca0fcd1ea5d41c9871395ffbcf4bd32d8df6a494852a885 SHA512 c225bdf339347a1768b255d905f3831904cdc375f3d4e90e41c68645b8bcfe2dfdf8e6aa4c67063103f459808a387c8edd9b35b073b8be175f7a3bd490fe3dca
diff --git a/app-text/aspell/aspell-0.60.8-r1.ebuild b/app-text/aspell/aspell-0.60.8-r3.ebuild
index 8f4ef0b3e3ce..499e003d437d 100644
--- a/app-text/aspell/aspell-0.60.8-r1.ebuild
+++ b/app-text/aspell/aspell-0.60.8-r3.ebuild
@@ -47,7 +47,7 @@ done
unset DICT LANG LANGUAGES
RDEPEND="
- sys-libs/ncurses:0=[unicode?]
+ sys-libs/ncurses:=[unicode(+)?]
nls? ( virtual/libintl )
"
@@ -66,6 +66,7 @@ PATCHES=(
"${FILESDIR}/${PN}-0.60.6-darwin-bundles.patch"
"${FILESDIR}/${PN}-0.60.6.1-clang.patch"
"${FILESDIR}/${PN}-0.60.6.1-unicode.patch"
+ "${FILESDIR}/${PN}-0.60.8-cve-2019-25051.patch"
)
src_prepare() {
diff --git a/app-text/aspell/files/aspell-0.60.8-cve-2019-25051.patch b/app-text/aspell/files/aspell-0.60.8-cve-2019-25051.patch
new file mode 100644
index 000000000000..2f15d380ec0b
--- /dev/null
+++ b/app-text/aspell/files/aspell-0.60.8-cve-2019-25051.patch
@@ -0,0 +1,96 @@
+From 0718b375425aad8e54e1150313b862e4c6fd324a Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson <kevina@gnu.org>
+Date: Sat, 21 Dec 2019 20:32:47 +0000
+Subject: [PATCH] objstack: assert that the alloc size will fit within a chunk
+ to prevent a buffer overflow
+
+Bug found using OSS-Fuze.
+---
+ common/objstack.hpp | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/common/objstack.hpp b/common/objstack.hpp
+index 3997bf7..bd97ccd 100644
+--- a/common/objstack.hpp
++++ b/common/objstack.hpp
+@@ -5,6 +5,7 @@
+ #include "parm_string.hpp"
+ #include <stdlib.h>
+ #include <assert.h>
++#include <stddef.h>
+
+ namespace acommon {
+
+@@ -26,6 +27,12 @@ class ObjStack
+ byte * temp_end;
+ void setup_chunk();
+ void new_chunk();
++ bool will_overflow(size_t sz) const {
++ return offsetof(Node,data) + sz > chunk_size;
++ }
++ void check_size(size_t sz) {
++ assert(!will_overflow(sz));
++ }
+
+ ObjStack(const ObjStack &);
+ void operator=(const ObjStack &);
+@@ -56,7 +63,7 @@ class ObjStack
+ void * alloc_bottom(size_t size) {
+ byte * tmp = bottom;
+ bottom += size;
+- if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;}
++ if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;}
+ return tmp;
+ }
+ // This alloc_bottom will insure that the object is aligned based on the
+@@ -66,7 +73,7 @@ class ObjStack
+ align_bottom(align);
+ byte * tmp = bottom;
+ bottom += size;
+- if (bottom > top) {new_chunk(); goto loop;}
++ if (bottom > top) {check_size(size); new_chunk(); goto loop;}
+ return tmp;
+ }
+ char * dup_bottom(ParmString str) {
+@@ -79,7 +86,7 @@ class ObjStack
+ // always be aligned as such.
+ void * alloc_top(size_t size) {
+ top -= size;
+- if (top < bottom) {new_chunk(); top -= size;}
++ if (top < bottom) {check_size(size); new_chunk(); top -= size;}
+ return top;
+ }
+ // This alloc_top will insure that the object is aligned based on
+@@ -88,7 +95,7 @@ class ObjStack
+ {loop:
+ top -= size;
+ align_top(align);
+- if (top < bottom) {new_chunk(); goto loop;}
++ if (top < bottom) {check_size(size); new_chunk(); goto loop;}
+ return top;
+ }
+ char * dup_top(ParmString str) {
+@@ -117,6 +124,7 @@ class ObjStack
+ void * alloc_temp(size_t size) {
+ temp_end = bottom + size;
+ if (temp_end > top) {
++ check_size(size);
+ new_chunk();
+ temp_end = bottom + size;
+ }
+@@ -131,6 +139,7 @@ class ObjStack
+ } else {
+ size_t s = temp_end - bottom;
+ byte * p = bottom;
++ check_size(size);
+ new_chunk();
+ memcpy(bottom, p, s);
+ temp_end = bottom + size;
+@@ -150,6 +159,7 @@ class ObjStack
+ } else {
+ size_t s = temp_end - bottom;
+ byte * p = bottom;
++ check_size(size);
+ new_chunk();
+ memcpy(bottom, p, s);
+ temp_end = bottom + size;
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-03 21:19:15 +0000