Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aspell for openSUSE:Factory checked in at 2021-08-04 22:28:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aspell (Old) and /work/SRC/openSUSE:Factory/.aspell.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aspell" Wed Aug 4 22:28:42 2021 rev:40 rq:909814 version:0.60.8 Changes: -------- --- /work/SRC/openSUSE:Factory/aspell/aspell.changes 2020-10-20 16:07:25.841925132 +0200 +++ /work/SRC/openSUSE:Factory/.aspell.new.1899/aspell.changes 2021-08-04 22:29:20.461768601 +0200 @@ -1,0 +2,11 @@ +Mon Aug 2 14:34:44 UTC 2021 - [email protected] + +- security update +- modified patches + % aspell-quotes.patch (p1) + % aspell-strict-aliasing.patch (p1) +- added patches + fix CVE-2019-25051 [bsc#1188576], heap-buffer-overflow in acommon:ObjStack:dup_top + + aspell-CVE-2019-25051.patch + +------------------------------------------------------------------- New: ---- aspell-CVE-2019-25051.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aspell.spec ++++++ --- /var/tmp/diff_new_pack.dxYGOI/_old 2021-08-04 22:29:20.937768020 +0200 +++ /var/tmp/diff_new_pack.dxYGOI/_new 2021-08-04 22:29:20.941768015 +0200 @@ -1,7 +1,7 @@ # # spec file for package aspell # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,12 +31,14 @@ Patch0: aspell-strict-aliasing.patch # PATCH-FIX-OPENSUSE aspell-quotes.patch [email protected] -- Fix command execution in script "run-with-aspell" Patch1: aspell-quotes.patch +# CVE-2019-25051 [bsc#1188576], heap-buffer-overflow in acommon:ObjStack:dup_top +Patch2: aspell-CVE-2019-25051.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: ncurses-devel Requires(post): info -Requires(preun): info +Requires(preun):info Recommends: aspell-en Suggests: aspell-ispell Suggests: aspell-spell @@ -61,7 +63,7 @@ Requires: libaspell15 = %{version} Requires: libpspell15 = %{version} Requires(post): info -Requires(preun): info +Requires(preun):info Provides: pspell-devel = %{version} Obsoletes: pspell-devel < %{version} @@ -117,7 +119,7 @@ This package contains the pspell compatibility library. %prep -%autosetup -p0 +%autosetup -p1 %build autoreconf -fiv ++++++ aspell-CVE-2019-25051.patch ++++++ diff --git a/common/objstack.hpp b/common/objstack.hpp index 3997bf7..bd97ccd 100644 --- a/common/objstack.hpp +++ b/common/objstack.hpp @@ -5,6 +5,7 @@ #include "parm_string.hpp" #include <stdlib.h> #include <assert.h> +#include <stddef.h> namespace acommon { @@ -26,6 +27,12 @@ class ObjStack byte * temp_end; void setup_chunk(); void new_chunk(); + bool will_overflow(size_t sz) const { + return offsetof(Node,data) + sz > chunk_size; + } + void check_size(size_t sz) { + assert(!will_overflow(sz)); + } ObjStack(const ObjStack &); void operator=(const ObjStack &); @@ -56,7 +63,7 @@ class ObjStack void * alloc_bottom(size_t size) { byte * tmp = bottom; bottom += size; - if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;} + if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;} return tmp; } // This alloc_bottom will insure that the object is aligned based on the @@ -66,7 +73,7 @@ class ObjStack align_bottom(align); byte * tmp = bottom; bottom += size; - if (bottom > top) {new_chunk(); goto loop;} + if (bottom > top) {check_size(size); new_chunk(); goto loop;} return tmp; } char * dup_bottom(ParmString str) { @@ -79,7 +86,7 @@ class ObjStack // always be aligned as such. void * alloc_top(size_t size) { top -= size; - if (top < bottom) {new_chunk(); top -= size;} + if (top < bottom) {check_size(size); new_chunk(); top -= size;} return top; } // This alloc_top will insure that the object is aligned based on @@ -88,7 +95,7 @@ class ObjStack {loop: top -= size; align_top(align); - if (top < bottom) {new_chunk(); goto loop;} + if (top < bottom) {check_size(size); new_chunk(); goto loop;} return top; } char * dup_top(ParmString str) { @@ -117,6 +124,7 @@ class ObjStack void * alloc_temp(size_t size) { temp_end = bottom + size; if (temp_end > top) { + check_size(size); new_chunk(); temp_end = bottom + size; } @@ -131,6 +139,7 @@ class ObjStack } else { size_t s = temp_end - bottom; byte * p = bottom; + check_size(size); new_chunk(); memcpy(bottom, p, s); temp_end = bottom + size; @@ -150,6 +159,7 @@ class ObjStack } else { size_t s = temp_end - bottom; byte * p = bottom; + check_size(size); new_chunk(); memcpy(bottom, p, s); temp_end = bottom + size; ++++++ aspell-quotes.patch ++++++ --- /var/tmp/diff_new_pack.dxYGOI/_old 2021-08-04 22:29:20.969767981 +0200 +++ /var/tmp/diff_new_pack.dxYGOI/_new 2021-08-04 22:29:20.969767981 +0200 @@ -1,5 +1,5 @@ ---- scripts/run-with-aspell.create -+++ scripts/run-with-aspell.create +--- a/scripts/run-with-aspell.create ++++ b/scripts/run-with-aspell.create @@ -3,5 +3,5 @@ echo "#!/bin/sh" echo "PATH=$1:\$PATH" ++++++ aspell-strict-aliasing.patch ++++++ --- /var/tmp/diff_new_pack.dxYGOI/_old 2021-08-04 22:29:20.977767971 +0200 +++ /var/tmp/diff_new_pack.dxYGOI/_new 2021-08-04 22:29:20.977767971 +0200 @@ -1,5 +1,5 @@ ---- modules/speller/default/writable.cpp -+++ modules/speller/default/writable.cpp +--- a/modules/speller/default/writable.cpp ++++ b/modules/speller/default/writable.cpp @@ -672,7 +672,7 @@ static void repl_next(WordEntry * w) @@ -9,8 +9,8 @@ const Str * end = (const Str * )(w->intr[1]); set_word(*w, *i); ++i; ---- modules/speller/default/writable.cpp -+++ modules/speller/default/writable.cpp +--- a/modules/speller/default/writable.cpp ++++ b/modules/speller/default/writable.cpp @@ -246,7 +246,7 @@ static void soundslike_next(WordEntry * w)
