diff options
| author |   Conrad Kostecki <conikost@gentoo.org> | 2021-07-21 01:26:08 +0200 |
|---|---|---|
| committer | Conrad Kostecki <conikost@gentoo.org> | 2021-07-21 01:26:08 +0200 |
| commit | 0e8adb6ed480c4538fc561c348f5bab3d4410baa (patch) | |
| tree | 33da7783fd7376fecb02e256bee03a077fc02e8a /app-text/aspell | |
| parent | dev-perl/OLE-StorageLite: EAPI=8 bump (diff) | |
| download | gentoo-0e8adb6ed480c4538fc561c348f5bab3d4410baa.tar.gz gentoo-0e8adb6ed480c4538fc561c348f5bab3d4410baa.tar.bz2 gentoo-0e8adb6ed480c4538fc561c348f5bab3d4410baa.zip | |
app-text/aspell: fix CVE-2019-25051
Debian also applied this upstream patch to their aspell package.
Bug: https://bugs.gentoo.org/803113
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Conrad Kostecki <conikost@gentoo.org>
Diffstat (limited to 'app-text/aspell')
| -rw-r--r-- | app-text/aspell/aspell-0.60.8-r3.ebuild | 113 | ||||
| -rw-r--r-- | app-text/aspell/files/aspell-0.60.8-cve-2019-25051.patch | 96 |
2 files changed, 209 insertions, 0 deletions
diff --git a/app-text/aspell/aspell-0.60.8-r3.ebuild b/app-text/aspell/aspell-0.60.8-r3.ebuild new file mode 100644 index 000000000000..499e003d437d --- /dev/null +++ b/app-text/aspell/aspell-0.60.8-r3.ebuild @@ -0,0 +1,113 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic libtool toolchain-funcs + +MY_P="${P/_/-}" + +DESCRIPTION="Free and Open Source spell checker designed to replace Ispell" +HOMEPAGE="http://aspell.net/" +SRC_URI="mirror://gnu/aspell/${MY_P}.tar.gz" +S="${WORKDIR}/${MY_P}" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~x86-solaris" +IUSE="nls unicode" + +# All available language app-dicts/aspell-* packages. +LANGUAGES=( af am ar ast az be bg bn br ca cs csb cy da de de-1901 el en eo es et fa + fi fo fr fy ga gd gl grc gu gv he hi hil hr hsb hu hus hy ia id is it kn ku + ky la lt lv mg mi mk ml mn mr ms mt nb nds nl nn no ny or pa pl pt-PT pt-BR + qu ro ru rw sc sk sl sr sv sw ta te tet tk tl tn tr uk uz vi wa yi zu +) + +for LANG in ${LANGUAGES[@]}; do + IUSE+=" l10n_${LANG}" + + case ${LANG} in + de-1901) + DICT="de-alt" + ;; + pt-BR) + DICT="pt-br" + ;; + pt-PT) + DICT="pt" + ;; + *) + DICT="${LANG}" + ;; + esac + + PDEPEND+=" l10n_${LANG}? ( app-dicts/aspell-${DICT} )" +done +unset DICT LANG LANGUAGES + +RDEPEND=" + sys-libs/ncurses:=[unicode(+)?] + nls? ( virtual/libintl ) +" + +DEPEND="${RDEPEND}" + +BDEPEND=" + virtual/pkgconfig + nls? ( sys-devel/gettext ) +" + +HTML_DOCS=( manual/aspell{,-dev}.html ) + +PATCHES=( + "${FILESDIR}/${PN}-0.60.5-nls.patch" + "${FILESDIR}/${PN}-0.60.5-solaris.patch" + "${FILESDIR}/${PN}-0.60.6-darwin-bundles.patch" + "${FILESDIR}/${PN}-0.60.6.1-clang.patch" + "${FILESDIR}/${PN}-0.60.6.1-unicode.patch" + "${FILESDIR}/${PN}-0.60.8-cve-2019-25051.patch" +) + +src_prepare() { + default + + rm m4/lt* m4/libtool.m4 || die + eautoreconf + elibtoolize --reverse-deps + + # Parallel install of libtool libraries doesn't always work. + # https://lists.gnu.org/archive/html/libtool/2011-03/msg00003.html + # This has to be after automake has run so that we don't clobber + # the default target that automake creates for us. + echo 'install-filterLTLIBRARIES: install-libLTLIBRARIES' >> Makefile.in || die + + # The unicode patch breaks on Darwin as NCURSES_WIDECHAR won't get set any more. + [[ ${CHOST} == *-darwin* ]] || [[ ${CHOST} == *-musl* ]] && use unicode && append-cppflags -DNCURSES_WIDECHAR=1 +} + +src_configure() { + local myeconfargs=( + --disable-static + $(use_enable nls) + $(use_enable unicode) + --sysconfdir="${EPREFIX}"/etc/aspell + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + + docinto examples + dodoc "${S}"/examples/*.c + + # Install Aspell/Ispell compatibility scripts. + newbin scripts/ispell ispell-aspell + newbin scripts/spell spell-aspell + + # As static build has been disabled, + # all .la files can be deleted unconditionally. + find "${ED}" -type f -name '*.la' -delete || die +} diff --git a/app-text/aspell/files/aspell-0.60.8-cve-2019-25051.patch b/app-text/aspell/files/aspell-0.60.8-cve-2019-25051.patch new file mode 100644 index 000000000000..2f15d380ec0b --- /dev/null +++ b/app-text/aspell/files/aspell-0.60.8-cve-2019-25051.patch @@ -0,0 +1,96 @@ +From 0718b375425aad8e54e1150313b862e4c6fd324a Mon Sep 17 00:00:00 2001 +From: Kevin Atkinson <kevina@gnu.org> +Date: Sat, 21 Dec 2019 20:32:47 +0000 +Subject: [PATCH] objstack: assert that the alloc size will fit within a chunk + to prevent a buffer overflow + +Bug found using OSS-Fuze. +--- + common/objstack.hpp | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/common/objstack.hpp b/common/objstack.hpp +index 3997bf7..bd97ccd 100644 +--- a/common/objstack.hpp ++++ b/common/objstack.hpp +@@ -5,6 +5,7 @@ + #include "parm_string.hpp" + #include <stdlib.h> + #include <assert.h> ++#include <stddef.h> + + namespace acommon { + +@@ -26,6 +27,12 @@ class ObjStack + byte * temp_end; + void setup_chunk(); + void new_chunk(); ++ bool will_overflow(size_t sz) const { ++ return offsetof(Node,data) + sz > chunk_size; ++ } ++ void check_size(size_t sz) { ++ assert(!will_overflow(sz)); ++ } + + ObjStack(const ObjStack &); + void operator=(const ObjStack &); +@@ -56,7 +63,7 @@ class ObjStack + void * alloc_bottom(size_t size) { + byte * tmp = bottom; + bottom += size; +- if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;} ++ if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;} + return tmp; + } + // This alloc_bottom will insure that the object is aligned based on the +@@ -66,7 +73,7 @@ class ObjStack + align_bottom(align); + byte * tmp = bottom; + bottom += size; +- if (bottom > top) {new_chunk(); goto loop;} ++ if (bottom > top) {check_size(size); new_chunk(); goto loop;} + return tmp; + } + char * dup_bottom(ParmString str) { +@@ -79,7 +86,7 @@ class ObjStack + // always be aligned as such. + void * alloc_top(size_t size) { + top -= size; +- if (top < bottom) {new_chunk(); top -= size;} ++ if (top < bottom) {check_size(size); new_chunk(); top -= size;} + return top; + } + // This alloc_top will insure that the object is aligned based on +@@ -88,7 +95,7 @@ class ObjStack + {loop: + top -= size; + align_top(align); +- if (top < bottom) {new_chunk(); goto loop;} ++ if (top < bottom) {check_size(size); new_chunk(); goto loop;} + return top; + } + char * dup_top(ParmString str) { +@@ -117,6 +124,7 @@ class ObjStack + void * alloc_temp(size_t size) { + temp_end = bottom + size; + if (temp_end > top) { ++ check_size(size); + new_chunk(); + temp_end = bottom + size; + } +@@ -131,6 +139,7 @@ class ObjStack + } else { + size_t s = temp_end - bottom; + byte * p = bottom; ++ check_size(size); + new_chunk(); + memcpy(bottom, p, s); + temp_end = bottom + size; +@@ -150,6 +159,7 @@ class ObjStack + } else { + size_t s = temp_end - bottom; + byte * p = bottom; ++ check_size(size); + new_chunk(); + memcpy(bottom, p, s); + temp_end = bottom + size; |