Received: by mail.netbsd.org (Postfix, from userid 605)
	id 2D92184E5B; Fri, 14 Aug 2020 17:07:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id A9A2284DC0
	for <pkgsrc-changes@NetBSD.org>; Fri, 14 Aug 2020 17:07:03 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id ieIHgoLDBXuB for <pkgsrc-changes@netbsd.org>;
	Fri, 14 Aug 2020 17:07:03 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 1DA7984CE1
	for <pkgsrc-changes@NetBSD.org>; Fri, 14 Aug 2020 17:07:03 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 1B9EEFB28; Fri, 14 Aug 2020 17:07:03 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1597424823118370"
MIME-Version: 1.0
Date: Fri, 14 Aug 2020 17:07:03 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: [pkgsrc-2020Q2] pkgsrc/textproc/hunspell
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
X-Mailer: log_accum
Message-Id: <20200814170703.1B9EEFB28@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1597424823118370
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Fri Aug 14 17:07:03 UTC 2020

Modified Files:
	pkgsrc/textproc/hunspell [pkgsrc-2020Q2]: Makefile distinfo
Added Files:
	pkgsrc/textproc/hunspell/patches [pkgsrc-2020Q2]:
	    patch-src_hunspell_suggestmgr.cxx

Log Message:
Pullup ticket #6294 - requested by wiz
textproc/hunspell: security fix

Revisions pulled up:
- textproc/hunspell/Makefile                                    1.32
- textproc/hunspell/distinfo                                    1.13
- textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx   1.1

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Aug  3 11:19:28 UTC 2020

   Modified Files:
   	pkgsrc/textproc/hunspell: Makefile distinfo
   Added Files:
   	pkgsrc/textproc/hunspell/patches: patch-src_hunspell_suggestmgr.cxx

   Log Message:
   hunspell: fix CVE-2019-16707 using upstream patch

   Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.31.8.1 pkgsrc/textproc/hunspell/Makefile
cvs rdiff -u -r1.12 -r1.12.14.1 pkgsrc/textproc/hunspell/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1597424823118370
Content-Disposition: inline
Content-Length: 2561
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/textproc/hunspell/Makefile
diff -u pkgsrc/textproc/hunspell/Makefile:1.31 pkgsrc/textproc/hunspell/Makefile:1.31.8.1
--- pkgsrc/textproc/hunspell/Makefile:1.31	Sun Aug 11 13:23:24 2019
+++ pkgsrc/textproc/hunspell/Makefile	Fri Aug 14 17:07:02 2020
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.31 2019/08/11 13:23:24 wiz Exp $
+# $NetBSD: Makefile,v 1.31.8.1 2020/08/14 17:07:02 bsiegert Exp $
 
 DISTNAME=	hunspell-1.7.0
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	textproc
 MASTER_SITES=	${MASTER_SITE_GITHUB:=hunspell/}
 GITHUB_TAG=	v${PKGVERSION_NOREV}

Index: pkgsrc/textproc/hunspell/distinfo
diff -u pkgsrc/textproc/hunspell/distinfo:1.12 pkgsrc/textproc/hunspell/distinfo:1.12.14.1
--- pkgsrc/textproc/hunspell/distinfo:1.12	Fri Nov 16 13:02:20 2018
+++ pkgsrc/textproc/hunspell/distinfo	Fri Aug 14 17:07:02 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.12 2018/11/16 13:02:20 bsiegert Exp $
+$NetBSD: distinfo,v 1.12.14.1 2020/08/14 17:07:02 bsiegert Exp $
 
 SHA1 (hunspell-1.7.0.tar.gz) = e42ea8342a191b9cd7da57d0d6ad4ae1566c5dcc
 RMD160 (hunspell-1.7.0.tar.gz) = 52c7dbf21f460a0b61ea7d0378ef314773887fde
@@ -7,4 +7,5 @@ Size (hunspell-1.7.0.tar.gz) = 482156 by
 SHA1 (patch-aa) = 8c6102ddb2e449b6f1abc23f679e0f6f38bfd0b5
 SHA1 (patch-ab) = ee127b1d8f55ceefa807c2fa440885b4fa5d029c
 SHA1 (patch-ac) = c25cdfe80452cb4ca9850354c9fa8581c787c086
+SHA1 (patch-src_hunspell_suggestmgr.cxx) = e1460987dd787720d9783cdf6cd2b060a68d74da
 SHA1 (patch-src_tools_Makefile.am) = e5f67855c48e04fe12deb90904c9c27e2441a8cf

Added files:

Index: pkgsrc/textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx
diff -u /dev/null pkgsrc/textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx:1.1.2.2
--- /dev/null	Fri Aug 14 17:07:03 2020
+++ pkgsrc/textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx	Fri Aug 14 17:07:02 2020
@@ -0,0 +1,16 @@
+$NetBSD: patch-src_hunspell_suggestmgr.cxx,v 1.1.2.2 2020/08/14 17:07:02 bsiegert Exp $
+
+Fix CVE-2019-16707
+https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b#diff-783289d6b6330291ec79bf507002106e
+
+--- src/hunspell/suggestmgr.cxx.orig	2018-11-12 20:38:56.000000000 +0000
++++ src/hunspell/suggestmgr.cxx
+@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring(
+   int l2 = su2.size();
+   // decapitalize dictionary word
+   if (complexprefixes) {
+-    if (su1[l1 - 1] == su2[l2 - 1])
++    if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
+       return 1;
+   } else {
+     unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;


--_----------=_1597424823118370--