packages/aspell
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!3 CVE-2019-17544

Browse Source 
From: @houyingchao
Reviewed-by: @small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-07-27 03:31:00 +00:00 committed by Gitee
commit fae9a6dee4
2 changed files with 54 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
CVE-2019-17544.patch Normal file
View File

@ -0,0 +1,49 @@
From 80fa26c74279fced8d778351cff19d1d8f44fe4e Mon Sep 17 00:00:00 2001
From: Kevin Atkinson <kevina@gnu.org>
Date: Sun, 4 Aug 2019 04:20:29 -0400
Subject: [PATCH] Fix various bugs found by OSS-Fuze.
---
common/config.cpp | 2 +-
common/file_util.cpp | 1 +
common/getdata.cpp | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/common/config.cpp b/common/config.cpp
index 017e741..e117d3c 100644
--- a/common/config.cpp
+++ b/common/config.cpp
@@ -763,7 +763,7 @@ namespace acommon {
}
res.append(':');
}
- if (res.back() == ':') res.pop_back();
+ if (!res.empty() && res.back() == ':') res.pop_back();
}
struct ListAddHelper : public AddableContainer
diff --git a/common/file_util.cpp b/common/file_util.cpp
index 8515832..56ea501 100644
--- a/common/file_util.cpp
+++ b/common/file_util.cpp
@@ -181,6 +181,7 @@ namespace acommon {
while ( (dir = els.next()) != 0 )
{
path = dir;
+ if (path.empty()) continue;
if (path.back() != '/') path += '/';
unsigned dir_len = path.size();
path += filename;
diff --git a/common/getdata.cpp b/common/getdata.cpp
index 7e822c9..1b04823 100644
--- a/common/getdata.cpp
+++ b/common/getdata.cpp
@@ -64,7 +64,7 @@ namespace acommon {
char * unescape(char * dest, const char * src)
{
while (*src) {
- if (*src == '\\') {
+ if (*src == '\\' && src[1]) {
++src;
switch (*src) {
case 'n': *dest = '\n'; break;

6
aspell.spec
View File

@ -1,6 +1,6 @@
Name: aspell Name: aspell
Version: 0.60.6.1 Version: 0.60.6.1
Release: 26 Release: 27
Summary: Spell checker Summary: Spell checker
Epoch: 12 Epoch: 12
License: LGPLv2+ and LGPLv2 and GPLv2+ and BSD License: LGPLv2+ and LGPLv2 and GPLv2+ and BSD
@ -16,6 +16,7 @@ Patch0005: aspell-0.60.6.1-dump-personal-abort.patch
Patch0006: aspell-0.60.6.1-aarch64.patch Patch0006: aspell-0.60.6.1-aarch64.patch
Patch0007: aspell-0.60.6.1-gcc7-fixes.patch Patch0007: aspell-0.60.6.1-gcc7-fixes.patch
Patch0008: aspell-0.60.6.1-fix-back-on-empty-vector.patch Patch0008: aspell-0.60.6.1-fix-back-on-empty-vector.patch
Patch0009: CVE-2019-17544.patch
BuildRequires: chrpath gettext ncurses-devel pkgconfig perl-interpreter gcc-c++ BuildRequires: chrpath gettext ncurses-devel pkgconfig perl-interpreter gcc-c++
@ -110,6 +111,9 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man1/aspell-import.1
%{_mandir}/man1/pspell-config.1* %{_mandir}/man1/pspell-config.1*
%changelog %changelog
* Thu Jul 27 2021 houyingchao<houyingchao@huawei.com> - 12:0.60.6.1-27
- fix CVE-2019-17544
* Thu Dec 24 2020 Ge Wang<wangge20@huawei.com> - 12:0.60.6.1-26 * Thu Dec 24 2020 Ge Wang<wangge20@huawei.com> - 12:0.60.6.1-26
- Modify Source0 url - Modify Source0 url