diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2020-08-14 17:07:02 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2020-08-14 17:07:02 +0000 |
commit | aac9b9cd6bf4eeaacb24d58b1688824559b9eab1 (patch) | |
tree | 5a51d28f0c21661f818665c0896e378a79f2029b | |
parent | 1b1d98c5608daf6945c2d54d1bfea116024806d1 (diff) | |
download | pkgsrc-aac9b9cd6bf4eeaacb24d58b1688824559b9eab1.tar.gz |
Pullup ticket #6294 - requested by wiz
textproc/hunspell: security fix
Revisions pulled up:
- textproc/hunspell/Makefile 1.32
- textproc/hunspell/distinfo 1.13
- textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Aug 3 11:19:28 UTC 2020
Modified Files:
pkgsrc/textproc/hunspell: Makefile distinfo
Added Files:
pkgsrc/textproc/hunspell/patches: patch-src_hunspell_suggestmgr.cxx
Log Message:
hunspell: fix CVE-2019-16707 using upstream patch
Bump PKGREVISION.
-rw-r--r-- | textproc/hunspell/Makefile | 4 | ||||
-rw-r--r-- | textproc/hunspell/distinfo | 3 | ||||
-rw-r--r-- | textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx | 16 |
3 files changed, 20 insertions, 3 deletions
diff --git a/textproc/hunspell/Makefile b/textproc/hunspell/Makefile index c23084992ee..537cdcbc3c3 100644 --- a/textproc/hunspell/Makefile +++ b/textproc/hunspell/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.31 2019/08/11 13:23:24 wiz Exp $ +# $NetBSD: Makefile,v 1.31.8.1 2020/08/14 17:07:02 bsiegert Exp $ DISTNAME= hunspell-1.7.0 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= textproc MASTER_SITES= ${MASTER_SITE_GITHUB:=hunspell/} GITHUB_TAG= v${PKGVERSION_NOREV} diff --git a/textproc/hunspell/distinfo b/textproc/hunspell/distinfo index d1b8d2401d1..0e099bbb7c0 100644 --- a/textproc/hunspell/distinfo +++ b/textproc/hunspell/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.12 2018/11/16 13:02:20 bsiegert Exp $ +$NetBSD: distinfo,v 1.12.14.1 2020/08/14 17:07:02 bsiegert Exp $ SHA1 (hunspell-1.7.0.tar.gz) = e42ea8342a191b9cd7da57d0d6ad4ae1566c5dcc RMD160 (hunspell-1.7.0.tar.gz) = 52c7dbf21f460a0b61ea7d0378ef314773887fde @@ -7,4 +7,5 @@ Size (hunspell-1.7.0.tar.gz) = 482156 bytes SHA1 (patch-aa) = 8c6102ddb2e449b6f1abc23f679e0f6f38bfd0b5 SHA1 (patch-ab) = ee127b1d8f55ceefa807c2fa440885b4fa5d029c SHA1 (patch-ac) = c25cdfe80452cb4ca9850354c9fa8581c787c086 +SHA1 (patch-src_hunspell_suggestmgr.cxx) = e1460987dd787720d9783cdf6cd2b060a68d74da SHA1 (patch-src_tools_Makefile.am) = e5f67855c48e04fe12deb90904c9c27e2441a8cf diff --git a/textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx b/textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx new file mode 100644 index 00000000000..fcd5609700d --- /dev/null +++ b/textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx @@ -0,0 +1,16 @@ +$NetBSD: patch-src_hunspell_suggestmgr.cxx,v 1.1.2.2 2020/08/14 17:07:02 bsiegert Exp $ + +Fix CVE-2019-16707 +https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b#diff-783289d6b6330291ec79bf507002106e + +--- src/hunspell/suggestmgr.cxx.orig 2018-11-12 20:38:56.000000000 +0000 ++++ src/hunspell/suggestmgr.cxx +@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring( + int l2 = su2.size(); + // decapitalize dictionary word + if (complexprefixes) { +- if (su1[l1 - 1] == su2[l2 - 1]) ++ if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1]) + return 1; + } else { + unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l; |