diff options
| author |   Trevor Gamblin <trevor.gamblin@windriver.com> | 2019-10-16 05:54:56 -0700 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2019-10-25 23:44:05 -0700 |
| commit | 7ed241ff1f93c623a3b3030249c09f7c3c429a46 (patch) | |
| tree | eff4cf22aff18cafe08e6e55973cdfd71770e7bb /meta | |
| parent | 948b0dd6d91eeed529c6983141ab80327fa4ae9c (diff) | |
| download | openembedded-core-contrib-7ed241ff1f93c623a3b3030249c09f7c3c429a46.tar.gz | |
aspell: fix CVE-2019-17544
Backport CVE-2019-17544 fix to zeus.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch | 56 | ||||
| -rw-r--r-- | meta/recipes-support/aspell/aspell_0.60.7.bb | 4 |
2 files changed, 59 insertions, 1 deletions
diff --git a/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch b/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch new file mode 100644 index 0000000000..259075b37c --- /dev/null +++ b/meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch @@ -0,0 +1,56 @@ +From 80fa26c74279fced8d778351cff19d1d8f44fe4e Mon Sep 17 00:00:00 2001 +From: Kevin Atkinson <kevina@gnu.org> +Date: Sun, 4 Aug 2019 04:20:29 -0400 +Subject: [PATCH] Fix various bugs found by OSS-Fuze. + +--- + common/config.cpp | 2 +- + common/file_util.cpp | 1 + + common/getdata.cpp | 2 +- + 3 files changed, 3 insertions(+), 2 deletions(-) + +Upstream-Status: Backport [https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e] +CVE: CVE-2019-17544 +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> + +diff --git a/common/config.cpp b/common/config.cpp +index 017e741..e117d3c 100644 +--- a/common/config.cpp ++++ b/common/config.cpp +@@ -763,7 +763,7 @@ namespace acommon { + } + res.append(':'); + } +- if (res.back() == ':') res.pop_back(); ++ if (!res.empty() && res.back() == ':') res.pop_back(); + } + + struct ListAddHelper : public AddableContainer +diff --git a/common/file_util.cpp b/common/file_util.cpp +index 8515832..56ea501 100644 +--- a/common/file_util.cpp ++++ b/common/file_util.cpp +@@ -181,6 +181,7 @@ namespace acommon { + while ( (dir = els.next()) != 0 ) + { + path = dir; ++ if (path.empty()) continue; + if (path.back() != '/') path += '/'; + unsigned dir_len = path.size(); + path += filename; +diff --git a/common/getdata.cpp b/common/getdata.cpp +index 7e822c9..1b04823 100644 +--- a/common/getdata.cpp ++++ b/common/getdata.cpp +@@ -64,7 +64,7 @@ namespace acommon { + char * unescape(char * dest, const char * src) + { + while (*src) { +- if (*src == '\\') { ++ if (*src == '\\' && src[1]) { + ++src; + switch (*src) { + case 'n': *dest = '\n'; break; +-- +2.17.1 + diff --git a/meta/recipes-support/aspell/aspell_0.60.7.bb b/meta/recipes-support/aspell/aspell_0.60.7.bb index da99d12630..b565cb3c6e 100644 --- a/meta/recipes-support/aspell/aspell_0.60.7.bb +++ b/meta/recipes-support/aspell/aspell_0.60.7.bb @@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34" PR = "r1" -SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz" +SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz \ + file://0001-Fix-various-bugs-found-by-OSS-Fuze.patch \ + " SRC_URI[md5sum] = "8ef2252609c511cd2bb26f3a3932ef28" SRC_URI[sha256sum] = "5ca8fc8cb0370cc6c9eb5b64c6d1bc5d57b3750dbf17887726c3407d833b70e4" |