wok rev 24362

aspell: apply patch CVE-2019-25051
author Hans-G?nter Theisgen
date Fri Feb 04 15:05:05 2022 +0100 (2022-02-04)
parents 370da83187ab
children 4af5a3ba8ed3
files aspell/description.txt aspell/receipt aspell/stuff/patches/CVE-2019-25051
line diff
     1.1 --- a/aspell/description.txt	Fri Feb 04 09:24:50 2022 +0000
     1.2 +++ b/aspell/description.txt	Fri Feb 04 15:05:05 2022 +0100
     1.3 @@ -1,4 +1,5 @@
     1.4 -GNU Aspell is a Free and Open Source spell checker. It can either be used as a 
     1.5 -library or as an independent spell checker. Its main feature is that it does a 
     1.6 -superior job of suggesting possible replacements for a misspelled word than just
     1.7 -about any other spell checker out there for the English language.
     1.8 +GNU Aspell is a Free and Open Source spell checker.
     1.9 +It can either be used as a library or as an independent spell checker.
    1.10 +Its main feature is that it does a superior job of suggesting possible
    1.11 +replacements for a misspelled word than just about any other spell
    1.12 +checker out there for the English language.

     2.1 --- a/aspell/receipt	Fri Feb 04 09:24:50 2022 +0000
     2.2 +++ b/aspell/receipt	Fri Feb 04 15:05:05 2022 +0100
     2.3 @@ -27,8 +27,10 @@
     2.4  # Rules to configure and make the package.
     2.5  compile_rules()
     2.6  {
     2.7 -	export LDFLAGS="$LDFLAGS -ltinfo"
     2.8 -	./configure $CONFIGURE_ARGS &&
     2.9 +	patch --strip=1 --input=$stuff/patches/CVE-2019-25051 &&
    2.10 +	./configure				\
    2.11 +		LDFLAGS="$LDFLAGS -ltinfo"	\
    2.12 +		$CONFIGURE_ARGS &&
    2.13  	make &&
    2.14  	make install
    2.15  }

     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/aspell/stuff/patches/CVE-2019-25051	Fri Feb 04 15:05:05 2022 +0100
     3.3 @@ -0,0 +1,96 @@
     3.4 +From 0718b375425aad8e54e1150313b862e4c6fd324a Mon Sep 17 00:00:00 2001
     3.5 +From: Kevin Atkinson <kevina@gnu.org>
     3.6 +Date: Sat, 21 Dec 2019 20:32:47 +0000
     3.7 +Subject: [PATCH] objstack: assert that the alloc size will fit within a chunk
     3.8 + to prevent a buffer overflow
     3.9 +
    3.10 +Bug found using OSS-Fuze.
    3.11 +---
    3.12 + common/objstack.hpp | 18 ++++++++++++++----
    3.13 + 1 file changed, 14 insertions(+), 4 deletions(-)
    3.14 +
    3.15 +diff --git a/common/objstack.hpp b/common/objstack.hpp
    3.16 +index 3997bf7..bd97ccd 100644
    3.17 +--- a/common/objstack.hpp
    3.18 ++++ b/common/objstack.hpp
    3.19 +@@ -5,6 +5,7 @@
    3.20 + #include "parm_string.hpp"
    3.21 + #include <stdlib.h>
    3.22 + #include <assert.h>
    3.23 ++#include <stddef.h>
    3.24 + 
    3.25 + namespace acommon {
    3.26 + 
    3.27 +@@ -26,6 +27,12 @@ class ObjStack
    3.28 +   byte * temp_end;
    3.29 +   void setup_chunk();
    3.30 +   void new_chunk();
    3.31 ++  bool will_overflow(size_t sz) const {
    3.32 ++    return offsetof(Node,data) + sz > chunk_size;
    3.33 ++  }
    3.34 ++  void check_size(size_t sz) {
    3.35 ++    assert(!will_overflow(sz));
    3.36 ++  }
    3.37 + 
    3.38 +   ObjStack(const ObjStack &);
    3.39 +   void operator=(const ObjStack &);
    3.40 +@@ -56,7 +63,7 @@ class ObjStack
    3.41 +   void * alloc_bottom(size_t size)  {
    3.42 +     byte * tmp = bottom;
    3.43 +     bottom += size;
    3.44 +-    if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;}
    3.45 ++    if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;}
    3.46 +     return tmp;
    3.47 +   }
    3.48 +   // This alloc_bottom will insure that the object is aligned based on the
    3.49 +@@ -66,7 +73,7 @@ class ObjStack
    3.50 +     align_bottom(align);
    3.51 +     byte * tmp = bottom;
    3.52 +     bottom += size;
    3.53 +-    if (bottom > top) {new_chunk(); goto loop;}
    3.54 ++    if (bottom > top) {check_size(size); new_chunk(); goto loop;}
    3.55 +     return tmp;
    3.56 +   }
    3.57 +   char * dup_bottom(ParmString str) {
    3.58 +@@ -79,7 +86,7 @@ class ObjStack
    3.59 +   // always be aligned as such.
    3.60 +   void * alloc_top(size_t size) {
    3.61 +     top -= size;
    3.62 +-    if (top < bottom) {new_chunk(); top -= size;}
    3.63 ++    if (top < bottom) {check_size(size); new_chunk(); top -= size;}
    3.64 +     return top;
    3.65 +   }
    3.66 +   // This alloc_top will insure that the object is aligned based on
    3.67 +@@ -88,7 +95,7 @@ class ObjStack
    3.68 +   {loop:
    3.69 +     top -= size;
    3.70 +     align_top(align);
    3.71 +-    if (top < bottom) {new_chunk(); goto loop;}
    3.72 ++    if (top < bottom) {check_size(size); new_chunk(); goto loop;}
    3.73 +     return top;
    3.74 +   }
    3.75 +   char * dup_top(ParmString str) {
    3.76 +@@ -117,6 +124,7 @@ class ObjStack
    3.77 +   void * alloc_temp(size_t size) {
    3.78 +     temp_end = bottom + size;
    3.79 +     if (temp_end > top) {
    3.80 ++      check_size(size);
    3.81 +       new_chunk();
    3.82 +       temp_end = bottom + size;
    3.83 +     }
    3.84 +@@ -131,6 +139,7 @@ class ObjStack
    3.85 +     } else {
    3.86 +       size_t s = temp_end - bottom;
    3.87 +       byte * p = bottom;
    3.88 ++      check_size(size);
    3.89 +       new_chunk();
    3.90 +       memcpy(bottom, p, s);
    3.91 +       temp_end = bottom + size;
    3.92 +@@ -150,6 +159,7 @@ class ObjStack
    3.93 +     } else {
    3.94 +       size_t s = temp_end - bottom;
    3.95 +       byte * p = bottom;
    3.96 ++      check_size(size);
    3.97 +       new_chunk();
    3.98 +       memcpy(bottom, p, s);
    3.99 +       temp_end = bottom + size;