OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 15-Sep-2004 15:31:44
Branch: OPENPKG_2_1_SOLID Handle: 2004091514314300
Modified files: (Branch: OPENPKG_2_1_SOLID)
openpkg-src/aspell aspell.patch aspell.spec
Log:
Security Fixes (OpenPKG-SA-2004.042-aspell; CAN-2004-0548)
Summary:
Revision Changes Path
1.3.4.1 +90 -0 openpkg-src/aspell/aspell.patch
1.31.2.2 +1 -1 openpkg-src/aspell/aspell.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/aspell/aspell.patch
============================================================================
$ cvs diff -u -r1.3 -r1.3.4.1 aspell.patch
--- openpkg-src/aspell/aspell.patch 12 Feb 2004 07:25:01 -0000 1.3
+++ openpkg-src/aspell/aspell.patch 15 Sep 2004 13:31:43 -0000 1.3.4.1
@@ -21,4 +21,94 @@
+SUBDIRS = auto common modules lib prog data scripts interfaces manual
EXTRA_DIST = README suncc/* win32/*
all: all-recursive
+
+-----------------------------------------------------------------------------
+Security Fixes (OpenPKG-SA-2004.042-aspell; CAN-2004-0548)
+
+Index: modules/filter/email.cpp
+--- modules/filter/email.cpp.orig 2002-08-21 01:47:28 +0200
++++ modules/filter/email.cpp 2004-09-15 15:14:33 +0200
+@@ -33,7 +33,8 @@
+ memset(data, 0, sizeof(bool)*256);
+ return no_err;
+ }
+- bool have(char c) {
++ bool have(FilterChar::Chr c) {
++ if (c > 255) return false;
+ return data[static_cast<unsigned char>(c)];
+ }
+ QuoteChars() {clear();}
+Index: prog/compress.c
+--- prog/compress.c.orig 2002-08-31 20:51:11 +0200
++++ prog/compress.c 2004-09-15 15:14:47 +0200
+@@ -28,6 +28,8 @@
+
+ #endif
+
++#define BUFSIZE 256
++
+ void usage ()
+ {
+ fputs("Compresses or uncompresses sorted word lists.\n" , stderr);
+@@ -38,14 +40,15 @@
+ fputs("Usage: word-list-compress c[ompress]|d[ecompress]\n" , stderr);
+ }
+
+-static int get_word(FILE * in, char * w)
++static int get_word(FILE * in, char * w, size_t bufsize)
+ {
+ int c;
+ while (c = getc(in), c != EOF && c <= 32);
+ if (c == EOF) return 0;
+ do {
+ *w++ = (char)(c);
+- } while (c = getc(in), c != EOF && c > 32);
++ --bufsize;
++ } while (c = getc(in), c != EOF && c > 32 && bufsize > 1);
+ *w = '\0';
+ ungetc(c, in);
+ if (c == EOF) return 0;
+@@ -61,15 +64,15 @@
+
+ } else if (argv[1][0] == 'c') {
+
+- char s1[256];
+- char s2[256];
++ char s1[BUFSIZE];
++ char s2[BUFSIZE];
+ char * prev = s2;
+ char * cur = s1;
+ *prev = '\0';
+
+ SETBIN (stdout);
+
+- while (get_word(stdin, cur)) {
++ while (get_word(stdin, cur, BUFSIZE)) {
+ int i = 0;
+ /* get the length of the prefix */
+ while (prev[i] != '\0' && cur[i] != '\0' && prev[i] == cur[i])
+@@ -99,9 +102,10 @@
+ while (i != -1 ) {
+ if (i == 0)
+ i = getc(stdin);
+- --i;
+- while ((c = getc(stdin)) > 32)
++ --i; if (i < 0) goto error;
++ while ((c = getc(stdin)) > 32 && i < BUFSIZE)
+ cur[i++] = (char)c;
++ if (i >= BUFSIZE) goto error;
+ cur[i] = '\0';
+ fputs(cur, stdout);
+ putc('\n', stdout);
+@@ -109,6 +113,10 @@
+ }
+ return 0;
+
++error:
++ fputs("ERROR: Corrupt Input.\n", stderr);
++ return 2;
++
+ } else {
+
+ usage();
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/aspell/aspell.spec
============================================================================
$ cvs diff -u -r1.31.2.1 -r1.31.2.2 aspell.spec
--- openpkg-src/aspell/aspell.spec 2 Jul 2004 15:23:55 -0000 1.31.2.1
+++ openpkg-src/aspell/aspell.spec 15 Sep 2004 13:31:43 -0000 1.31.2.2
@@ -40,7 +40,7 @@
Group: Text
License: GPL
Version: %{V_aspell}
-Release: 2.1.0
+Release: 2.1.1
# package options
%option with_perl no
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
