Accepting request 1135742 from home:dirkmueller:Factory

- update to 0.60.8.1:
  * Fix memory leak in suggestion code introduced in 0.60.8.
  * Various documentation fixes.
  * Fix various warnings when compiling with -Wall.
  * Fix two buffer overflows found by Google’s OSS-Fuzz.
  * Other minor updates.
- drop aspell-CVE-2019-25051.patch (upstream)

- defining ncurses_wide library for configure to enable wide
- changed dict- and data-dir back to /usr/{%lib} because dictionary
- add ncurses-devel BuildRequires.
   * Updated to Gettext 0.16.1, Libtool 1.5.22, Automake 1.10,
   * Complain if more than one file is specified when checking
     files using the `aspell check' command, rather than ignoring
- removed virtual package dependency
- fix file list
- fix libdir usage
    * see more details in /usr/share/doc/packages/aspell/README
- libtoolize to build

OBS-URL: https://build.opensuse.org/request/show/1135742
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/aspell?expand=0&rev=48

aspell-0.60.8.1.tar.gz.sig

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iEYEABECAAYFAmWCJzkACgkQttnQzDizJ9ew/gCbBqdvWXclNZ2hIECBBGYXMdS/
+OeYAnRwaGNBAZ5lPa1YleoVMfZewi2k/
+=NgBu
+-----END PGP SIGNATURE-----

aspell-0.60.8.tar.gz.sig

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iEYEABECAAYFAl2iVDoACgkQttnQzDizJ9ekcACfWDC/8lwAPGiRtC+mTjSXc0Nx
-4xoAn24YScVIJ8Zk5yQ7lZ1fFX9Z8sMb
-=k99I
------END PGP SIGNATURE-----

aspell-CVE-2019-25051.patch

@@ -1,86 +0,0 @@
-diff --git a/common/objstack.hpp b/common/objstack.hpp
-index 3997bf7..bd97ccd 100644
---- a/common/objstack.hpp
-+++ b/common/objstack.hpp
-@@ -5,6 +5,7 @@
- #include "parm_string.hpp"
- #include <stdlib.h>
- #include <assert.h>
-+#include <stddef.h>
- 
- namespace acommon {
- 
-@@ -26,6 +27,12 @@ class ObjStack
-   byte * temp_end;
-   void setup_chunk();
-   void new_chunk();
-+  bool will_overflow(size_t sz) const {
-+    return offsetof(Node,data) + sz > chunk_size;
-+  }
-+  void check_size(size_t sz) {
-+    assert(!will_overflow(sz));
-+  }
- 
-   ObjStack(const ObjStack &);
-   void operator=(const ObjStack &);
-@@ -56,7 +63,7 @@ class ObjStack
-   void * alloc_bottom(size_t size)  {
-     byte * tmp = bottom;
-     bottom += size;
--    if (bottom > top) {new_chunk(); tmp = bottom; bottom += size;}
-+    if (bottom > top) {check_size(size); new_chunk(); tmp = bottom; bottom += size;}
-     return tmp;
-   }
-   // This alloc_bottom will insure that the object is aligned based on the
-@@ -66,7 +73,7 @@ class ObjStack
-     align_bottom(align);
-     byte * tmp = bottom;
-     bottom += size;
--    if (bottom > top) {new_chunk(); goto loop;}
-+    if (bottom > top) {check_size(size); new_chunk(); goto loop;}
-     return tmp;
-   }
-   char * dup_bottom(ParmString str) {
-@@ -79,7 +86,7 @@ class ObjStack
-   // always be aligned as such.
-   void * alloc_top(size_t size) {
-     top -= size;
--    if (top < bottom) {new_chunk(); top -= size;}
-+    if (top < bottom) {check_size(size); new_chunk(); top -= size;}
-     return top;
-   }
-   // This alloc_top will insure that the object is aligned based on
-@@ -88,7 +95,7 @@ class ObjStack
-   {loop:
-     top -= size;
-     align_top(align);
--    if (top < bottom) {new_chunk(); goto loop;}
-+    if (top < bottom) {check_size(size); new_chunk(); goto loop;}
-     return top;
-   }
-   char * dup_top(ParmString str) {
-@@ -117,6 +124,7 @@ class ObjStack
-   void * alloc_temp(size_t size) {
-     temp_end = bottom + size;
-     if (temp_end > top) {
-+      check_size(size);
-       new_chunk();
-       temp_end = bottom + size;
-     }
-@@ -131,6 +139,7 @@ class ObjStack
-     } else {
-       size_t s = temp_end - bottom;
-       byte * p = bottom;
-+      check_size(size);
-       new_chunk();
-       memcpy(bottom, p, s);
-       temp_end = bottom + size;
-@@ -150,6 +159,7 @@ class ObjStack
-     } else {
-       size_t s = temp_end - bottom;
-       byte * p = bottom;
-+      check_size(size);
-       new_chunk();
-       memcpy(bottom, p, s);
-       temp_end = bottom + size;
-

aspell.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Sat Dec 30 10:26:00 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.60.8.1:
+  * Fix memory leak in suggestion code introduced in 0.60.8.
+  * Various documentation fixes.
+  * Fix various warnings when compiling with -Wall.
+  * Fix two buffer overflows found by Google’s OSS-Fuzz.
+  * Other minor updates.
+- drop aspell-CVE-2019-25051.patch (upstream)
+
 -------------------------------------------------------------------
 Thu Jul  7 12:28:47 UTC 2022 - Marcus Meissner <meissner@suse.com>
 

aspell.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package aspell
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           aspell
-Version:        0.60.8
+Version:        0.60.8.1
 Release:        0
 Summary:        A Spell Checker
 License:        GFDL-1.1-or-later AND LGPL-2.1-only AND HPND AND SUSE-BSD-Mark-Modifications
@@ -31,8 +31,6 @@ Source100:      baselibs.conf
 Patch0:         aspell-strict-aliasing.patch
 # PATCH-FIX-OPENSUSE aspell-quotes.patch lmichnovic@suse.cz -- Fix command execution in script "run-with-aspell"
 Patch1:         aspell-quotes.patch
-# CVE-2019-25051 [bsc#1188576], heap-buffer-overflow in acommon:ObjStack:dup_top
-Patch2:         aspell-CVE-2019-25051.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libtool