!64 [sync] PR-60: Fix CVE-2019-25051

From: @openeuler-sync-bot 
Reviewed-by: @wk333 
Signed-off-by: @wk333

CVE-2019-17544.patch

@@ -0,0 +1,49 @@
+From 80fa26c74279fced8d778351cff19d1d8f44fe4e Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson <kevina@gnu.org>
+Date: Sun, 4 Aug 2019 04:20:29 -0400
+Subject: [PATCH] Fix various bugs found by OSS-Fuze.
+
+---
+ common/config.cpp    | 2 +-
+ common/file_util.cpp | 1 +
+ common/getdata.cpp   | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/common/config.cpp b/common/config.cpp
+index 017e741..e117d3c 100644
+--- a/common/config.cpp
++++ b/common/config.cpp
+@@ -763,7 +763,7 @@ namespace acommon {
+       }
+       res.append(':');
+     }
+-    if (res.back() == ':') res.pop_back();
++    if (!res.empty() && res.back() == ':') res.pop_back();
+   }
+ 
+   struct ListAddHelper : public AddableContainer 
+diff --git a/common/file_util.cpp b/common/file_util.cpp
+index 8515832..56ea501 100644
+--- a/common/file_util.cpp
++++ b/common/file_util.cpp
+@@ -181,6 +181,7 @@ namespace acommon {
+     while ( (dir = els.next()) != 0 ) 
+     {
+       path = dir;
++      if (path.empty()) continue;
+       if (path.back() != '/') path += '/';
+       unsigned dir_len = path.size();
+       path += filename;
+diff --git a/common/getdata.cpp b/common/getdata.cpp
+index 7e822c9..1b04823 100644
+--- a/common/getdata.cpp
++++ b/common/getdata.cpp
+@@ -64,7 +64,7 @@ namespace acommon {
+   char * unescape(char * dest, const char * src)
+   {
+     while (*src) {
+-      if (*src == '\\') {
++      if (*src == '\\' && src[1]) {
+ 	++src;
+ 	switch (*src) {
+ 	case 'n': *dest = '\n'; break;

CVE-2019-20433-2.patch

@@ -0,0 +1,56 @@
+From cefd447e5528b08bb0cd6656bc52b4255692cefc Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson <kevina@gnu.org>
+Date: Sat, 17 Aug 2019 20:25:21 -0400
+Subject: [PATCH] Increment library version to reflect API changes.
+
+---
+ Makefile.am | 24 +++++++++++++++++-------
+ 1 file changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 950319d..3bbadb7 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -93,10 +93,24 @@ libaspell_la_SOURCES =\
+ 
+ libaspell_la_LIBADD =  $(LTLIBINTL) $(PTHREAD_LIB)
+ 
++## The version string is current[:revision[:age]]
++##
++## Before a release that has changed the source code at all
++## increment revision.
++##
++## After merging changes that have changed the API in a backwards
++## comptable way set revision to 0 and bump both current and age.
++##
++## Do not change the API in a backwards incompatible way.
++##
++## See "Libtool: Updating version info"
++## (https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html)
++## for more into
++##
+ if INCREMENTED_SONAME
+-libaspell_la_LDFLAGS = -version-info 16:5:0 -no-undefined
++libaspell_la_LDFLAGS = -version-info 19:0:3 -no-undefined
+ else
+-libaspell_la_LDFLAGS = -version-info 16:5:1 -no-undefined
++libaspell_la_LDFLAGS = -version-info 18:0:3 -no-undefined
+ endif
+ 
+ if PSPELL_COMPATIBILITY
+@@ -104,11 +118,7 @@ libpspell_la_SOURCES = lib/dummy.cpp
+ 
+ libpspell_la_LIBADD = libaspell.la
+ 
+-if INCREMENTED_SONAME
+-libpspell_la_LDFLAGS = -version-info 16:5:0 -no-undefined
+-else
+-libpspell_la_LDFLAGS = -version-info 16:5:1 -no-undefined
+-endif
++libpspell_la_LDFLAGS = $(libaspell_la_LDFLAGS)
+ 
+ endif
+ 
+-- 
+2.27.0
+

CVE-2019-25051.patch

@@ -0,0 +1,98 @@
+From 0718b375425aad8e54e1150313b862e4c6fd324a Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson <kevina@gnu.org>
+Date: Sat, 21 Dec 2019 20:32:47 +0000
+Subject: [PATCH] objstack: assert that the alloc size will fit within a chunk
+ to prevent a buffer overflow
+
+Origin: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
+
+Bug found using OSS-Fuze.
+---
+ common/objstack.hpp | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/common/objstack.hpp b/common/objstack.hpp
+index 3997bf7..bd97ccd 100644
+--- a/common/objstack.hpp
++++ b/common/objstack.hpp
+@@ -5,6 +5,7 @@
+ #include "parm_string.hpp"
+ #include <stdlib.h>
+ #include <assert.h>
++#include <stddef.h>
+ 
+ namespace acommon {
+ 
+@@ -26,6 +27,12 @@ class ObjStack
+   byte * temp_end;
+   void setup_chunk();
+   void new_chunk();
++  bool will_overflow(size_t sz) const {
++    return offsetof(Node,data) + sz > chunk_size;
++  }
++  void check_size(size_t sz) {
++    assert(!will_overflow(sz));
++  }
+ 
+   ObjStack(const ObjStack &);
+   void operator=(const ObjStack &);
+@@ -56,7 +63,7 @@ class ObjStack
+   void * alloc_bottom(size_t size)  {
+     byte * tmp = bottom;
+     bottom += size;
+-    if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;}
++    if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;}
+     return tmp;
+   }
+   // This alloc_bottom will insure that the object is aligned based on the
+@@ -66,7 +73,7 @@ class ObjStack
+     align_bottom(align);
+     byte * tmp = bottom;
+     bottom += size;
+-    if (bottom > top) {new_chunk(); goto loop;}
++    if (bottom > top) {check_size(size); new_chunk(); goto loop;}
+     return tmp;
+   }
+   char * dup_bottom(ParmString str) {
+@@ -79,7 +86,7 @@ class ObjStack
+   // always be aligned as such.
+   void * alloc_top(size_t size) {
+     top -= size;
+-    if (top < bottom) {new_chunk(); top -= size;}
++    if (top < bottom) {check_size(size); new_chunk(); top -= size;}
+     return top;
+   }
+   // This alloc_top will insure that the object is aligned based on
+@@ -88,7 +95,7 @@ class ObjStack
+   {loop:
+     top -= size;
+     align_top(align);
+-    if (top < bottom) {new_chunk(); goto loop;}
++    if (top < bottom) {check_size(size); new_chunk(); goto loop;}
+     return top;
+   }
+   char * dup_top(ParmString str) {
+@@ -117,6 +124,7 @@ class ObjStack
+   void * alloc_temp(size_t size) {
+     temp_end = bottom + size;
+     if (temp_end > top) {
++      check_size(size);
+       new_chunk();
+       temp_end = bottom + size;
+     }
+@@ -131,6 +139,7 @@ class ObjStack
+     } else {
+       size_t s = temp_end - bottom;
+       byte * p = bottom;
++      check_size(size);
+       new_chunk();
+       memcpy(bottom, p, s);
+       temp_end = bottom + size;
+@@ -150,6 +159,7 @@ class ObjStack
+     } else {
+       size_t s = temp_end - bottom;
+       byte * p = bottom;
++      check_size(size);
+       new_chunk();
+       memcpy(bottom, p, s);
+       temp_end = bottom + size;

aspell-0.60.6.1-sw.patch

@@ -0,0 +1,12 @@
+diff -Naur aspell-0.60.6.1.org/m4/intdiv0.m4 aspell-0.60.6.1.sw/m4/intdiv0.m4
+--- aspell-0.60.6.1.org/m4/intdiv0.m4	2022-02-25 16:17:38.620000000 +0000
++++ aspell-0.60.6.1.sw/m4/intdiv0.m4	2022-02-25 16:18:08.210000000 +0000
+@@ -54,7 +54,7 @@
+         [
+           # Guess based on the CPU.
+           case "$host_cpu" in
+-            alpha* | i[34567]86 | m68k | s390*)
++            sw_64* | alpha* | i[34567]86 | m68k | s390*)
+               gt_cv_int_divbyzero_sigfpe="guessing yes";;
+             *)
+               gt_cv_int_divbyzero_sigfpe="guessing no";;

aspell.spec

@@ -1,11 +1,11 @@
 Name:          aspell
 Version:       0.60.6.1
-Release:       25
+Release:       30
 Summary:       Spell checker
 Epoch:         12
 License:       LGPLv2+ and LGPLv2 and GPLv2+ and BSD
 URL:           http://aspell.net/
-Source:        ftp://ftp.gnu.org/gnu/aspell/aspell-%{version}.tar.gz
+Source:        http://mirrors.ustc.edu.cn/gnu/aspell/aspell-%{version}.tar.gz
 
 Patch0000:     aspell-0.60.3-install_info.patch
 Patch0001:     aspell-0.60.5-fileconflict.patch
@@ -16,6 +16,11 @@ Patch0005:     aspell-0.60.6.1-dump-personal-abort.patch
 Patch0006:     aspell-0.60.6.1-aarch64.patch
 Patch0007:     aspell-0.60.6.1-gcc7-fixes.patch
 Patch0008:     aspell-0.60.6.1-fix-back-on-empty-vector.patch
+Patch0009:     CVE-2019-17544.patch
+Patch0010:     CVE-2019-20433-1.patch
+Patch0011:     CVE-2019-20433-2.patch
+Patch0012:     aspell-0.60.6.1-sw.patch
+Patch0013:     CVE-2019-25051.patch
 
 BuildRequires: chrpath gettext ncurses-devel pkgconfig perl-interpreter gcc-c++
 
@@ -110,5 +115,20 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man1/aspell-import.1
 %{_mandir}/man1/pspell-config.1*
 
 %changelog
+* Mon Mar 18 2024 wangkai <13474090681@163.com> - 12:0.60.6.1-30
+- Fix CVE-2019-25051
+
+* Thu Jul 28 2022 wuzx<wuzx1226@qq.com> - 12:0.60.6.1-29
+- add sw64 patch
+
+* Wed Sep 29 2021 yaoxin<yaoxin30@huawei.com> - 12:0.60.6.1-28
+- fix CVE-2019-20433
+
+* Thu Jul 27 2021 houyingchao<houyingchao@huawei.com> - 12:0.60.6.1-27
+- fix CVE-2019-17544
+
+* Thu Dec 24 2020 Ge Wang<wangge20@huawei.com> - 12:0.60.6.1-26
+- Modify Source0 url
+ 
 * Wed Nov 27 2019 yangjian<yangjian79@huawei.com> - 12:0.60.6.1-25
 - Package init