diff --git a/aspell-0.60.8.1.tar.gz b/aspell-0.60.8.1.tar.gz new file mode 100644 index 0000000..7c06f4e --- /dev/null +++ b/aspell-0.60.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d6da12b34d42d457fa604e435ad484a74b2effcd120ff40acd6bb3fb2887d21b +size 3567205 diff --git a/aspell-0.60.8.1.tar.gz.sig b/aspell-0.60.8.1.tar.gz.sig new file mode 100644 index 0000000..34e1241 --- /dev/null +++ b/aspell-0.60.8.1.tar.gz.sig @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iEYEABECAAYFAmWCJzkACgkQttnQzDizJ9ew/gCbBqdvWXclNZ2hIECBBGYXMdS/ +OeYAnRwaGNBAZ5lPa1YleoVMfZewi2k/ +=NgBu +-----END PGP SIGNATURE----- diff --git a/aspell-0.60.8.tar.gz b/aspell-0.60.8.tar.gz deleted file mode 100644 index 727be0b..0000000 --- a/aspell-0.60.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f9b77e515334a751b2e60daab5db23499e26c9209f5e7b7443b05235ad0226f2 -size 3486448 diff --git a/aspell-0.60.8.tar.gz.sig b/aspell-0.60.8.tar.gz.sig deleted file mode 100644 index 424ba76..0000000 --- a/aspell-0.60.8.tar.gz.sig +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iEYEABECAAYFAl2iVDoACgkQttnQzDizJ9ekcACfWDC/8lwAPGiRtC+mTjSXc0Nx -4xoAn24YScVIJ8Zk5yQ7lZ1fFX9Z8sMb -=k99I ------END PGP SIGNATURE----- diff --git a/aspell-CVE-2019-25051.patch b/aspell-CVE-2019-25051.patch deleted file mode 100644 index 4f4e3d8..0000000 --- a/aspell-CVE-2019-25051.patch +++ /dev/null @@ -1,86 +0,0 @@ -diff --git a/common/objstack.hpp b/common/objstack.hpp -index 3997bf7..bd97ccd 100644 ---- a/common/objstack.hpp -+++ b/common/objstack.hpp -@@ -5,6 +5,7 @@ - #include "parm_string.hpp" - #include - #include -+#include - - namespace acommon { - -@@ -26,6 +27,12 @@ class ObjStack - byte * temp_end; - void setup_chunk(); - void new_chunk(); -+ bool will_overflow(size_t sz) const { -+ return offsetof(Node,data) + sz > chunk_size; -+ } -+ void check_size(size_t sz) { -+ assert(!will_overflow(sz)); -+ } - - ObjStack(const ObjStack &); - void operator=(const ObjStack &); -@@ -56,7 +63,7 @@ class ObjStack - void * alloc_bottom(size_t size) { - byte * tmp = bottom; - bottom += size; -- if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;} -+ if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;} - return tmp; - } - // This alloc_bottom will insure that the object is aligned based on the -@@ -66,7 +73,7 @@ class ObjStack - align_bottom(align); - byte * tmp = bottom; - bottom += size; -- if (bottom > top) {new_chunk(); goto loop;} -+ if (bottom > top) {check_size(size); new_chunk(); goto loop;} - return tmp; - } - char * dup_bottom(ParmString str) { -@@ -79,7 +86,7 @@ class ObjStack - // always be aligned as such. - void * alloc_top(size_t size) { - top -= size; -- if (top < bottom) {new_chunk(); top -= size;} -+ if (top < bottom) {check_size(size); new_chunk(); top -= size;} - return top; - } - // This alloc_top will insure that the object is aligned based on -@@ -88,7 +95,7 @@ class ObjStack - {loop: - top -= size; - align_top(align); -- if (top < bottom) {new_chunk(); goto loop;} -+ if (top < bottom) {check_size(size); new_chunk(); goto loop;} - return top; - } - char * dup_top(ParmString str) { -@@ -117,6 +124,7 @@ class ObjStack - void * alloc_temp(size_t size) { - temp_end = bottom + size; - if (temp_end > top) { -+ check_size(size); - new_chunk(); - temp_end = bottom + size; - } -@@ -131,6 +139,7 @@ class ObjStack - } else { - size_t s = temp_end - bottom; - byte * p = bottom; -+ check_size(size); - new_chunk(); - memcpy(bottom, p, s); - temp_end = bottom + size; -@@ -150,6 +159,7 @@ class ObjStack - } else { - size_t s = temp_end - bottom; - byte * p = bottom; -+ check_size(size); - new_chunk(); - memcpy(bottom, p, s); - temp_end = bottom + size; - diff --git a/aspell.changes b/aspell.changes index 904582c..d0b3b51 100644 --- a/aspell.changes +++ b/aspell.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Sat Dec 30 10:26:00 UTC 2023 - Dirk Müller + +- update to 0.60.8.1: + * Fix memory leak in suggestion code introduced in 0.60.8. + * Various documentation fixes. + * Fix various warnings when compiling with -Wall. + * Fix two buffer overflows found by Google’s OSS-Fuzz. + * Other minor updates. +- drop aspell-CVE-2019-25051.patch (upstream) + ------------------------------------------------------------------- Thu Jul 7 12:28:47 UTC 2022 - Marcus Meissner @@ -243,7 +254,7 @@ Fri Oct 26 18:55:18 CEST 2007 - nadvornik@suse.cz ------------------------------------------------------------------- Wed Aug 22 15:29:31 CEST 2007 - lmichnovic@suse.cz -- defining ncurses_wide library for configure to enable wide +- defining ncurses_wide library for configure to enable wide UTF-8 characters [#266153] ------------------------------------------------------------------- @@ -255,7 +266,7 @@ Thu Aug 16 16:38:45 CEST 2007 - lmichnovic@suse.cz ------------------------------------------------------------------- Thu Aug 16 14:38:45 CEST 2007 - lmichnovic@suse.cz -- changed dict- and data-dir back to /usr/{%lib} because dictionary +- changed dict- and data-dir back to /usr/{%lib} because dictionary files depends on endian. - fixed command execution in script "run-with-aspell" (quotes.patch) @@ -270,7 +281,7 @@ Wed Aug 15 13:26:44 CEST 2007 - lmichnovic@suse.cz ------------------------------------------------------------------- Sat Mar 31 19:23:54 CEST 2007 - rguenther@suse.de -- add ncurses-devel BuildRequires. +- add ncurses-devel BuildRequires. ------------------------------------------------------------------- Sat Mar 31 15:19:36 CEST 2007 - aj@suse.de @@ -287,11 +298,11 @@ Thu Jan 11 12:28:38 CET 2007 - lmichnovic@suse.cz - update to version 0.60.5 * Compile fix for gcc 4.1 (obsoletes gcc-warning.patch) - * Updated to Gettext 0.16.1, Libtool 1.5.22, Automake 1.10, + * Updated to Gettext 0.16.1, Libtool 1.5.22, Automake 1.10, Autoconf 2.61 * Documentation improvements, including an updated `man' page. - * Complain if more than one file is specified when checking - files using the `aspell check' command, rather than ignoring + * Complain if more than one file is specified when checking + files using the `aspell check' command, rather than ignoring the other files. * Large number of bug fixes. @@ -314,7 +325,7 @@ Fri Jun 30 14:56:21 CEST 2006 - pnemec@suse.cz ------------------------------------------------------------------- Mon Mar 20 13:34:06 CET 2006 - pnemec@suse.cz -- removed virtual package dependency +- removed virtual package dependency - added aspell-en to Requires #158675 ------------------------------------------------------------------- @@ -366,12 +377,12 @@ Tue Mar 15 15:34:11 CET 2005 - ltinkl@suse.cz ------------------------------------------------------------------- Tue Nov 30 02:42:55 CET 2004 - ro@suse.de -- fix file list +- fix file list ------------------------------------------------------------------- Mon Nov 29 18:22:05 CET 2004 - ro@suse.de -- fix libdir usage +- fix libdir usage ------------------------------------------------------------------- Mon Nov 29 13:49:36 CET 2004 - ltinkl@suse.cz @@ -453,7 +464,7 @@ Fri Nov 01 19:28:21 CET 2002 - pmladek@suse.cz * the name of the language-tag option has changed to lang * backward compatible the language-tag option will still work * english dictionaries are built from separate package - * see more details in /usr/share/doc/packages/aspell/README + * see more details in /usr/share/doc/packages/aspell/README - removed obsolete config files - removed obsolete patches for automake, gcc3.x and x86_64 - fixed list of documentation to install @@ -532,7 +543,7 @@ Tue Jun 26 15:23:26 CEST 2001 - schwab@suse.de ------------------------------------------------------------------- Mon Jun 11 17:55:05 CEST 2001 - ro@suse.de -- libtoolize to build +- libtoolize to build ------------------------------------------------------------------- Wed May 30 10:51:32 CEST 2001 - pmladek@suse.cz diff --git a/aspell.spec b/aspell.spec index 88a8b28..3c1ab0b 100644 --- a/aspell.spec +++ b/aspell.spec @@ -1,7 +1,7 @@ # # spec file for package aspell # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: aspell -Version: 0.60.8 +Version: 0.60.8.1 Release: 0 Summary: A Spell Checker License: GFDL-1.1-or-later AND LGPL-2.1-only AND HPND AND SUSE-BSD-Mark-Modifications @@ -31,8 +31,6 @@ Source100: baselibs.conf Patch0: aspell-strict-aliasing.patch # PATCH-FIX-OPENSUSE aspell-quotes.patch lmichnovic@suse.cz -- Fix command execution in script "run-with-aspell" Patch1: aspell-quotes.patch -# CVE-2019-25051 [bsc#1188576], heap-buffer-overflow in acommon:ObjStack:dup_top -Patch2: aspell-CVE-2019-25051.patch BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: libtool