Pullup ticket #6294 - requested by wiz textproc/hunspell: security fix Revisions pulled up: - textproc/hunspell/Makefile 1.32 - textproc/hunspell/distinfo 1.13 - textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx 1.1 --- Module Name: pkgsrc Committed By: wiz Date: Mon Aug 3 11:19:28 UTC 2020 Modified Files: pkgsrc/textproc/hunspell: Makefile distinfo Added Files: pkgsrc/textproc/hunspell/patches: patch-src_hunspell_suggestmgr.cxx Log Message: hunspell: fix CVE-2019-16707 using upstream patch Bump PKGREVISION.diff -r1.31 -r1.31.8.1 pkgsrc/textproc/hunspell/Makefile
(bsiegert)
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.31 2019/08/11 13:23:24 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.31.8.1 2020/08/14 17:07:02 bsiegert Exp $ | |
2 | 2 | |||
3 | DISTNAME= hunspell-1.7.0 | 3 | DISTNAME= hunspell-1.7.0 | |
4 | PKGREVISION= 1 | 4 | PKGREVISION= 2 | |
5 | CATEGORIES= textproc | 5 | CATEGORIES= textproc | |
6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=hunspell/} | 6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=hunspell/} | |
7 | GITHUB_TAG= v${PKGVERSION_NOREV} | 7 | GITHUB_TAG= v${PKGVERSION_NOREV} | |
8 | 8 | |||
9 | MAINTAINER= ahoka@NetBSD.org | 9 | MAINTAINER= ahoka@NetBSD.org | |
10 | HOMEPAGE= https://hunspell.github.io/ | 10 | HOMEPAGE= https://hunspell.github.io/ | |
11 | COMMENT= Improved spellchecker | 11 | COMMENT= Improved spellchecker | |
12 | LICENSE= mpl-1.1 OR gnu-lgpl-v2.1 OR gnu-gpl-v2 | 12 | LICENSE= mpl-1.1 OR gnu-lgpl-v2.1 OR gnu-gpl-v2 | |
13 | 13 | |||
14 | GNU_CONFIGURE= yes | 14 | GNU_CONFIGURE= yes | |
15 | USE_LIBTOOL= yes | 15 | USE_LIBTOOL= yes | |
16 | USE_TOOLS+= pkg-config perl:run autoreconf autoconf automake | 16 | USE_TOOLS+= pkg-config perl:run autoreconf autoconf automake | |
17 | USE_PKGLOCALEDIR= yes | 17 | USE_PKGLOCALEDIR= yes |
@@ -1,10 +1,11 @@ | @@ -1,10 +1,11 @@ | |||
1 | $NetBSD: distinfo,v 1.12 2018/11/16 13:02:20 bsiegert Exp $ | 1 | $NetBSD: distinfo,v 1.12.14.1 2020/08/14 17:07:02 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (hunspell-1.7.0.tar.gz) = e42ea8342a191b9cd7da57d0d6ad4ae1566c5dcc | 3 | SHA1 (hunspell-1.7.0.tar.gz) = e42ea8342a191b9cd7da57d0d6ad4ae1566c5dcc | |
4 | RMD160 (hunspell-1.7.0.tar.gz) = 52c7dbf21f460a0b61ea7d0378ef314773887fde | 4 | RMD160 (hunspell-1.7.0.tar.gz) = 52c7dbf21f460a0b61ea7d0378ef314773887fde | |
5 | SHA512 (hunspell-1.7.0.tar.gz) = 8149b2e8b703a0610c9ca5160c2dfad3cf3b85b16b3f0f5cfcb7ebb802473b2d499e8e2d0a637a97a37a24d62424e82d3880809210d3f043fa17a4970d47c903 | 5 | SHA512 (hunspell-1.7.0.tar.gz) = 8149b2e8b703a0610c9ca5160c2dfad3cf3b85b16b3f0f5cfcb7ebb802473b2d499e8e2d0a637a97a37a24d62424e82d3880809210d3f043fa17a4970d47c903 | |
6 | Size (hunspell-1.7.0.tar.gz) = 482156 bytes | 6 | Size (hunspell-1.7.0.tar.gz) = 482156 bytes | |
7 | SHA1 (patch-aa) = 8c6102ddb2e449b6f1abc23f679e0f6f38bfd0b5 | 7 | SHA1 (patch-aa) = 8c6102ddb2e449b6f1abc23f679e0f6f38bfd0b5 | |
8 | SHA1 (patch-ab) = ee127b1d8f55ceefa807c2fa440885b4fa5d029c | 8 | SHA1 (patch-ab) = ee127b1d8f55ceefa807c2fa440885b4fa5d029c | |
9 | SHA1 (patch-ac) = c25cdfe80452cb4ca9850354c9fa8581c787c086 | 9 | SHA1 (patch-ac) = c25cdfe80452cb4ca9850354c9fa8581c787c086 | |
10 | SHA1 (patch-src_hunspell_suggestmgr.cxx) = e1460987dd787720d9783cdf6cd2b060a68d74da | |||
10 | SHA1 (patch-src_tools_Makefile.am) = e5f67855c48e04fe12deb90904c9c27e2441a8cf | 11 | SHA1 (patch-src_tools_Makefile.am) = e5f67855c48e04fe12deb90904c9c27e2441a8cf |
$NetBSD: patch-src_hunspell_suggestmgr.cxx,v 1.1.2.2 2020/08/14 17:07:02 bsiegert Exp $
Fix CVE-2019-16707
https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b#diff-783289d6b6330291ec79bf507002106e
--- src/hunspell/suggestmgr.cxx.orig 2018-11-12 20:38:56.000000000 +0000
+++ src/hunspell/suggestmgr.cxx
@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring(
int l2 = su2.size();
// decapitalize dictionary word
if (complexprefixes) {
- if (su1[l1 - 1] == su2[l2 - 1])
+ if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
return 1;
} else {
unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;