rpms/aspell
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to version 0.60.8.1

Browse Source
This commit is contained in:
Peter Oliver 2024-05-20 12:13:45 +01:00 committed by Parag Nemade
parent 0006ad9edc
commit 8d766c5bf5
No known key found for this signature in database
GPG Key ID: 71932951EB71E972
5 changed files with 12 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
/aspell-0.60.6.1.tar.gz /aspell-0.60.6.1.tar.gz
/aspell-0.60.7.tar.gz /aspell-0.60.7.tar.gz
/aspell-0.60.8.tar.gz /aspell-0.60.8.tar.gz
/aspell-0.60.8.1.tar.gz

6
aspell-0.60.7-mp.patch
View File

@ -2,10 +2,9 @@ diff --git a/manual/aspell.1 b/manual/aspell.1
index 854debf..b1106ca 100644 index 854debf..b1106ca 100644
--- a/manual/aspell.1 --- a/manual/aspell.1
+++ b/manual/aspell.1 +++ b/manual/aspell.1
@@ -328,7 +328,6 @@ are also allowed. The \fI/etc/aspell.conf\fR file is a good example of @@ -328,6 +328,5 @@ are also allowed. The \fI/etc/aspell.conf\fR file is a good example of
how to set these options and the Aspell Manual has more detailed info. how to set these options and the Aspell Manual has more detailed info.
.SH SEE ALSO .SH SEE ALSO
.PP
-.BR aspell\-import (1), -.BR aspell\-import (1),
.BR prezip\-bin (1), .BR prezip\-bin (1),
.BR run\-with\-aspell (1), .BR run\-with\-aspell (1),
@ -26,9 +25,8 @@ diff --git a/manual/run-with-aspell.1 b/manual/run-with-aspell.1
index 8dea131..67f3117 100644 index 8dea131..67f3117 100644
--- a/manual/run-with-aspell.1 --- a/manual/run-with-aspell.1
+++ b/manual/run-with-aspell.1 +++ b/manual/run-with-aspell.1
@@ -28,7 +28,6 @@ such as ispell's own scripts. @@ -28,6 +28,5 @@ such as ispell's own scripts.
.SH SEE ALSO .SH SEE ALSO
.PP
.BR aspell (1), .BR aspell (1),
-.BR aspell\-import (1), -.BR aspell\-import (1),
.BR word\-list\-compress (1) .BR word\-list\-compress (1)

99
aspell-0.60.8-CVE-2019-25051.patch
View File

@ -1,99 +0,0 @@
From d60fc73a370c64209bd0ae6fc6d002f55be6eac9 Mon Sep 17 00:00:00 2001
From: Kevin Atkinson <kevina@gnu.org>
Date: Sat, 21 Dec 2019 20:32:47 +0000
Subject: [PATCH] objstack: assert that the alloc size will fit within a chunk
to prevent a buffer overflow
Bug found using OSS-Fuze.
---
common/objstack.hpp | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/common/objstack.hpp b/common/objstack.hpp
index 3997bf7..bd97ccd 100644
--- a/common/objstack.hpp
+++ b/common/objstack.hpp
@@ -5,6 +5,7 @@
#include "parm_string.hpp"
#include <stdlib.h>
#include <assert.h>
+#include <stddef.h>
namespace acommon {
@@ -26,6 +27,12 @@ class ObjStack
byte * temp_end;
void setup_chunk();
void new_chunk();
+ bool will_overflow(size_t sz) const {
+ return offsetof(Node,data) + sz > chunk_size;
+ }
+ void check_size(size_t sz) {
+ assert(!will_overflow(sz));
+ }
ObjStack(const ObjStack &);
void operator=(const ObjStack &);
@@ -56,7 +63,7 @@ public:
void * alloc_bottom(size_t size) {
byte * tmp = bottom;
bottom += size;
- if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;}
+ if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;}
return tmp;
}
// This alloc_bottom will insure that the object is aligned based on the
@@ -66,7 +73,7 @@ public:
align_bottom(align);
byte * tmp = bottom;
bottom += size;
- if (bottom > top) {new_chunk(); goto loop;}
+ if (bottom > top) {check_size(size); new_chunk(); goto loop;}
return tmp;
}
char * dup_bottom(ParmString str) {
@@ -79,7 +86,7 @@ public:
// always be aligned as such.
void * alloc_top(size_t size) {
top -= size;
- if (top < bottom) {new_chunk(); top -= size;}
+ if (top < bottom) {check_size(size); new_chunk(); top -= size;}
return top;
}
// This alloc_top will insure that the object is aligned based on
@@ -88,7 +95,7 @@ public:
{loop:
top -= size;
align_top(align);
- if (top < bottom) {new_chunk(); goto loop;}
+ if (top < bottom) {check_size(size); new_chunk(); goto loop;}
return top;
}
char * dup_top(ParmString str) {
@@ -117,6 +124,7 @@ public:
void * alloc_temp(size_t size) {
temp_end = bottom + size;
if (temp_end > top) {
+ check_size(size);
new_chunk();
temp_end = bottom + size;
}
@@ -131,6 +139,7 @@ public:
} else {
size_t s = temp_end - bottom;
byte * p = bottom;
+ check_size(size);
new_chunk();
memcpy(bottom, p, s);
temp_end = bottom + size;
@@ -150,6 +159,7 @@ public:
} else {
size_t s = temp_end - bottom;
byte * p = bottom;
+ check_size(size);
new_chunk();
memcpy(bottom, p, s);
temp_end = bottom + size;
--
2.31.1

15
aspell.spec
View File

@ -1,7 +1,7 @@
Summary: Spell checker Summary: Spell checker
Name: aspell Name: aspell
Version: 0.60.8 Version: 0.60.8.1
Release: 14%{?dist} Release: 1%{?dist}
Epoch: 12 Epoch: 12
# LGPLv2+ .. common/gettext.h # LGPLv2+ .. common/gettext.h
# LGPLv2 .. modules/speller/default/phonet.hpp, # LGPLv2 .. modules/speller/default/phonet.hpp,
@ -11,17 +11,16 @@ Epoch: 12
# BSD .. myspell/munch.c # BSD .. myspell/munch.c
License: LGPL-2.0-or-later AND LGPL-2.1-only AND GPL-2.0-or-later AND BSD-2-Clause License: LGPL-2.0-or-later AND LGPL-2.1-only AND GPL-2.0-or-later AND BSD-2-Clause
URL: http://aspell.net/ URL: http://aspell.net/
Source: ftp://ftp.gnu.org/gnu/aspell/aspell-%{version}.tar.gz Source: https://ftp.gnu.org/gnu/aspell/aspell-%{version}.tar.gz
Patch0: aspell-0.60.7-fileconflict.patch Patch0: aspell-0.60.7-fileconflict.patch
Patch1: aspell-0.60.7-pspell_conf.patch Patch1: aspell-0.60.7-pspell_conf.patch
Patch2: aspell-0.60.7-mp.patch Patch2: aspell-0.60.7-mp.patch
Patch3: aspell-0.60.8-CVE-2019-25051.patch
# IMPORTANT # IMPORTANT
# This package has been deprecated since Fedora 39 # This package has been deprecated since Fedora 39
# The reason behind this is that upstream has been inactive for more than 4 years # The reason behind this was that there were no upstream releases for 4 years
# and there are other variants like hunspell or enchant which has active upstream # and there are other variants like hunspell or enchant which had active upstream
# FESCo approval is located here: https://pagure.io/fesco/issue/3009 # FESCo approval is located here: https://pagure.io/fesco/issue/3009
# Change proposal is located here: https://fedoraproject.org/wiki/Changes/AspellDeprecation # Change proposal is located here: https://fedoraproject.org/wiki/Changes/AspellDeprecation
Provides: deprecated() Provides: deprecated()
@ -57,7 +56,6 @@ and header files needed for Aspell development.
%patch0 -p1 -b .fc %patch0 -p1 -b .fc
%patch1 -p1 -b .mlib %patch1 -p1 -b .mlib
%patch2 -p1 -b .ai %patch2 -p1 -b .ai
%patch3 -p1 -b .CVE-2019-25051
iconv -f iso-8859-2 -t utf-8 < manual/aspell.info > manual/aspell.info.aux iconv -f iso-8859-2 -t utf-8 < manual/aspell.info > manual/aspell.info.aux
mv manual/aspell.info.aux manual/aspell.info mv manual/aspell.info.aux manual/aspell.info
@ -124,6 +122,9 @@ rm -f ${RPM_BUILD_ROOT}%{_infodir}/dir
%{_mandir}/man1/pspell-config.1* %{_mandir}/man1/pspell-config.1*
%changelog %changelog
* Mon May 20 2024 Peter Oliver <rpm@mavit.org.uk> - 12:0.60.8.1-1
- Update to version 0.60.8.1
* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 12:0.60.8-14 * Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 12:0.60.8-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (aspell-0.60.8.tar.gz) = 8ef4952c553b6234dfe777240d2d97beb13ef9201e18d56bee3b5068d13525db3625b7130d9f5122f7c529da0ccb0c70eb852a81472a7d15fb7c4ee5ba21cd29 SHA512 (aspell-0.60.8.1.tar.gz) = 80fa9d7f5f4b8bf66388825ae28403713a2e3eda81fc31f2f452c3e2fe8349cd0fa8f0e4d0d3f8cffe215817229af25aa7be2dba358cb9cdc97e9d2834ba5ca7