mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-20 08:29:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

aspell: fix CVE-2019-17544

Browse Source 
Backport CVE-2019-17544 fix to zeus.

(From OE-Core rev: 7ed241ff1f93c623a3b3030249c09f7c3c429a46)

Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Trevor Gamblin
2019-10-16 05:54:56 -07:00
committed by Richard Purdie
parent 4f5919d899
commit 6da9997056
2 changed files with 59 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
meta/recipes-support/aspell/aspell/0001-Fix-various-bugs-found-by-OSS-Fuze.patch Normal file
View File

@@ -0,0 +1,56 @@
From 80fa26c74279fced8d778351cff19d1d8f44fe4e Mon Sep 17 00:00:00 2001
From: Kevin Atkinson <kevina@gnu.org>
Date: Sun, 4 Aug 2019 04:20:29 -0400
Subject: [PATCH] Fix various bugs found by OSS-Fuze.
---
common/config.cpp | 2 +-
common/file_util.cpp | 1 +
common/getdata.cpp | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
Upstream-Status: Backport [https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e]
CVE: CVE-2019-17544
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
diff --git a/common/config.cpp b/common/config.cpp
index 017e741..e117d3c 100644
--- a/common/config.cpp
+++ b/common/config.cpp
@@ -763,7 +763,7 @@ namespace acommon {
}
res.append(':');
}
- if (res.back() == ':') res.pop_back();
+ if (!res.empty() && res.back() == ':') res.pop_back();
}
struct ListAddHelper : public AddableContainer
diff --git a/common/file_util.cpp b/common/file_util.cpp
index 8515832..56ea501 100644
--- a/common/file_util.cpp
+++ b/common/file_util.cpp
@@ -181,6 +181,7 @@ namespace acommon {
while ( (dir = els.next()) != 0 )
{
path = dir;
+ if (path.empty()) continue;
if (path.back() != '/') path += '/';
unsigned dir_len = path.size();
path += filename;
diff --git a/common/getdata.cpp b/common/getdata.cpp
index 7e822c9..1b04823 100644
--- a/common/getdata.cpp
+++ b/common/getdata.cpp
@@ -64,7 +64,7 @@ namespace acommon {
char * unescape(char * dest, const char * src)
{
while (*src) {
- if (*src == '\\') {
+ if (*src == '\\' && src[1]) {
++src;
switch (*src) {
case 'n': *dest = '\n'; break;
--
2.17.1

4
meta/recipes-support/aspell/aspell_0.60.7.bb
View File

@@ -6,7 +6,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=7fbc338309ac38fefcd64b04bb903e34"
PR = "r1"
SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz"
SRC_URI = "${GNU_MIRROR}/aspell/aspell-${PV}.tar.gz \
file://0001-Fix-various-bugs-found-by-OSS-Fuze.patch \
"
SRC_URI[md5sum] = "8ef2252609c511cd2bb26f3a3932ef28"
SRC_URI[sha256sum] = "5ca8fc8cb0370cc6c9eb5b64c6d1bc5d57b3750dbf17887726c3407d833b70e4"