From 995a4c0b76558e16bd59935edf2d312127751825 Mon Sep 17 00:00:00 2001 From: mrg Date: Sat, 30 Apr 2022 01:08:20 +0000 Subject: avoid a buffer overflow, seen building libreoffice on arm64 netbsd-9. patch found by mlelstv@ and comes from https://sourceforge.net/p/clucene/mailman/message/36991067/ bump pkg version. --- textproc/libclucene/Makefile | 4 ++-- textproc/libclucene/distinfo | 3 ++- ..._contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp | 19 +++++++++++++++++++ 3 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 textproc/libclucene/patches/patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp (limited to 'textproc') diff --git a/textproc/libclucene/Makefile b/textproc/libclucene/Makefile index 5667193a19f..bc71c4a82ec 100644 --- a/textproc/libclucene/Makefile +++ b/textproc/libclucene/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.33 2022/01/10 01:46:45 ryoon Exp $ +# $NetBSD: Makefile,v 1.34 2022/04/30 01:08:20 mrg Exp $ DISTNAME= clucene-core-2.3.3.4 PKGNAME= lib${DISTNAME:S/-core-/-/} -PKGREVISION= 21 +PKGREVISION= 22 CATEGORIES= textproc MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=clucene/} diff --git a/textproc/libclucene/distinfo b/textproc/libclucene/distinfo index d5a4fe2319a..776b4d0e390 100644 --- a/textproc/libclucene/distinfo +++ b/textproc/libclucene/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.13 2021/10/26 11:22:14 nia Exp $ +$NetBSD: distinfo,v 1.14 2022/04/30 01:08:20 mrg Exp $ BLAKE2s (clucene-core-2.3.3.4.tar.gz) = 16a8b55d6fd0148ac229a3ebc98bb82e0f82d460dec69382bb489867ac799912 SHA512 (clucene-core-2.3.3.4.tar.gz) = 1c9da9077edcebd46563bd9e47d330518e0b30061016650a759cfe051e9748fdad8932a472b1cca53a6adafed5f41656527271fc5f55ddfcefb558f0d83286b4 Size (clucene-core-2.3.3.4.tar.gz) = 2241498 bytes SHA1 (patch-CMakeLists.txt) = 1c127bdc90a9f7b3c0f3debe46a9681f3b85df9a +SHA1 (patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp) = 02459a4f338036dc66bfdf48d391262a622ac271 SHA1 (patch-src_contribs-lib_CMakeLists.txt) = c4cf7505474368a7a7b4b826c5d0a7df1cbc2a63 SHA1 (patch-src_core_CLucene_queryParser_QueryParser.cpp) = 32dc9691fce2c5dfc086d897feb9ee4b7cb381d8 SHA1 (patch-src_core_CLucene_queryParser_QueryParser.h) = 28457f254ee1aa63362482d43c0f1868fb846eb1 diff --git a/textproc/libclucene/patches/patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp b/textproc/libclucene/patches/patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp new file mode 100644 index 00000000000..157b6aca8c0 --- /dev/null +++ b/textproc/libclucene/patches/patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp @@ -0,0 +1,19 @@ +$NetBSD: patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp,v 1.1 2022/04/30 01:08:20 mrg Exp $ + +Avoid a buffer overflow crash. From: + + https://sourceforge.net/p/clucene/mailman/message/36991067/ + +by Stephan Bergmann . + +--- src/contribs-lib/CLucene/analysis/cjk/CJKAnalyzer.cpp.orig 2011-03-16 17:21:07.000000000 -0700 ++++ src/contribs-lib/CLucene/analysis/cjk/CJKAnalyzer.cpp 2022-04-27 22:35:18.213112819 -0700 +@@ -66,7 +66,7 @@ + //ucs4(c variable). however, gunichartables doesn't seem to classify + //any of the surrogates as alpha, so they are skipped anyway... + //so for now we just convert to ucs4 so that we dont corrupt the input. +- if ( c >= 0xd800 || c <= 0xdfff ){ ++ if ( (c >= 0xd800 || c <= 0xdfff) && bufferIndex != dataLen ){ + clunichar c2 = ioBuffer[bufferIndex]; + if ( c2 >= 0xdc00 && c2 <= 0xdfff ){ + bufferIndex++; -- cgit v1.2.3