diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-10-24 09:24:05 -0300 |
|---|---|---|
| committer | Kevin Daudt <kdaudt@alpinelinux.org> | 2019-10-31 16:40:26 +0000 |
| commit | b536611ee6298539033c380cc5f69a7e7a433e8e (patch) | |
| tree | bf01970caf054cf568c266c1def4cb807ef7610b /main | |
| parent | 10154706bf344955d0bcd1e5ecb1ef7a7aeec2e5 (diff) | |
| download | aports-b536611ee6298539033c380cc5f69a7e7a433e8e.tar.bz2 aports-b536611ee6298539033c380cc5f69a7e7a433e8e.tar.xz | |
main/aspell: fix CVE-2019-17544
ref #10898
Closes !773
Diffstat (limited to 'main')
| -rw-r--r-- | main/aspell/APKBUILD | 15 | ||||
| -rw-r--r-- | main/aspell/CVE-2019-17544.patch | 39 |
2 files changed, 49 insertions, 5 deletions
diff --git a/main/aspell/APKBUILD b/main/aspell/APKBUILD index 7fe214a495..096c0546b3 100644 --- a/main/aspell/APKBUILD +++ b/main/aspell/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Valery Kartel <valery.kartel@gmail.com> pkgname=aspell pkgver=0.60.6.1 -pkgrel=12 +pkgrel=13 pkgdesc="A spell checker designed to eventually replace Ispell" url="http://aspell.net/" arch="all" @@ -13,9 +13,15 @@ depends= depends_dev="$pkgname-utils" makedepends="ncurses-dev perl gettext-dev" install= -source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz" +source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz + CVE-2019-17544.patch + " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 0.60.6.1-r13: +# - CVE-2019-17544 + prepare() { cd "$builddir" default_prepare @@ -67,6 +73,5 @@ libs() { rm -fr "$pkgdir"/usr/lib } -md5sums="e66a9c9af6a60dc46134fdacf6ce97d7 aspell-0.60.6.1.tar.gz" -sha256sums="f52583a83a63633701c5f71db3dc40aab87b7f76b29723aeb27941eff42df6e1 aspell-0.60.6.1.tar.gz" -sha512sums="f310c7590be98406589b5c26ca36a2ecfe4733f0b40fd6c176b96b7955ef2b5cd0ec9a3d770cf132146ae7a896042b4b698945112995ee1ae66adcfa5542247f aspell-0.60.6.1.tar.gz" +sha512sums="f310c7590be98406589b5c26ca36a2ecfe4733f0b40fd6c176b96b7955ef2b5cd0ec9a3d770cf132146ae7a896042b4b698945112995ee1ae66adcfa5542247f aspell-0.60.6.1.tar.gz +8df739702cc7591344359721eb7fff247b02404a60666cc94b1e8da063c711d87df5f97dcf22af05efdb54f4e2a38bbc0b6b2bb60386fc6e9c68e15fe2fa9535 CVE-2019-17544.patch" diff --git a/main/aspell/CVE-2019-17544.patch b/main/aspell/CVE-2019-17544.patch new file mode 100644 index 0000000000..5bdb439151 --- /dev/null +++ b/main/aspell/CVE-2019-17544.patch @@ -0,0 +1,39 @@ +diff --git a/common/config.cpp b/common/config.cpp +index b1e919b..51486a7 100644 +--- a/common/config.cpp ++++ b/common/config.cpp +@@ -763,7 +763,7 @@ namespace acommon { + } + res.append(':'); + } +- if (res.back() == ':') res.pop_back(); ++ if (!res.empty() && res.back() == ':') res.pop_back(); + } + + struct ListAddHelper : public AddableContainer +diff --git a/common/file_util.cpp b/common/file_util.cpp +index 8515832..56ea501 100644 +--- a/common/file_util.cpp ++++ b/common/file_util.cpp +@@ -181,6 +181,7 @@ namespace acommon { + while ( (dir = els.next()) != 0 ) + { + path = dir; ++ if (path.empty()) continue; + if (path.back() != '/') path += '/'; + unsigned dir_len = path.size(); + path += filename; +diff --git a/common/getdata.cpp b/common/getdata.cpp +index 7e822c9..1b04823 100644 +--- a/common/getdata.cpp ++++ b/common/getdata.cpp +@@ -64,7 +64,7 @@ namespace acommon { + char * unescape(char * dest, const char * src) + { + while (*src) { +- if (*src == '\\') { ++ if (*src == '\\' && src[1]) { + ++src; + switch (*src) { + case 'n': *dest = '\n'; break; + |