Accepting request 812791 from devel:libraries:c_c++

- security update - added patches fix CVE-2019-16707 [bsc#1151867], invalid read operation in SuggestMgr:leftcommonsubstring in suggestmgr.cxx + hunspell-CVE-2019-16707.patch OBS-URL: https://build.opensuse.org/request/show/812791 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hunspell?expand=0&rev=53
2020-06-11 12:45:16 +00:00 · 2020-06-11 12:45:16 +00:00 · 7bc7ebefbd
commit 7bc7ebefbd
parent 680f51566c 0562ed34da
3 changed files with 26 additions and 1 deletions
--- a/hunspell-CVE-2019-16707.patch
+++ b/hunspell-CVE-2019-16707.patch
@ -0,0 +1,14 @@
+diff --git a/src/hunspell/suggestmgr.cxx b/src/hunspell/suggestmgr.cxx
+index dba084e9..c23f165a 100644
+--- a/src/hunspell/suggestmgr.cxx
+++ b/src/hunspell/suggestmgr.cxx
+@@ -2040,7 +2040,7 @@ int SuggestMgr::leftcommonsubstring(
+   int l2 = su2.size();
+   // decapitalize dictionary word
+   if (complexprefixes) {
+-    if (su1[l1 - 1] == su2[l2 - 1])
+    if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
+       return 1;
+   } else {
+     unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;
+
--- a/hunspell.changes
+++ b/hunspell.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jun  9 07:19:19 UTC 2020 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2019-16707 [bsc#1151867], invalid read operation in SuggestMgr:leftcommonsubstring in suggestmgr.cxx
+  + hunspell-CVE-2019-16707.patch
+
 -------------------------------------------------------------------
 Thu Nov 15 13:59:30 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>

--- a/hunspell.spec
+++ b/hunspell.spec
@ -1,7 +1,7 @@
 #
 # spec file for package hunspell
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -27,6 +27,8 @@ Group:          Productivity/Office/Other
 URL:            https://hunspell.github.io
 Source0:        https://github.com/%{name}/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        baselibs.conf
+# CVE-2019-16707 [bsc#1151867], invalid read operation in SuggestMgr:leftcommonsubstring in suggestmgr.cxx
+Patch0:         hunspell-CVE-2019-16707.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@ -80,6 +82,7 @@ Includes and definitions for developing with hunspell.

 %prep
 %setup -q
+%patch0 -p1

 %build
 # latest released tarball does not contain generated configure