!19 fix CVE-2019-20433

From: @starlet-dx Reviewed-by: @small_leek Signed-off-by: @small_leek
2021-09-29 01:26:18 +00:00 · 2021-09-29 01:26:18 +00:00 · a390485c50
commit a390485c50
parent 828fdfd586 48bc36d6d0
3 changed files with 1269 additions and 1 deletions
--- a/CVE-2019-20433-1.patch
+++ b/CVE-2019-20433-1.patch
--- a/CVE-2019-20433-2.patch
+++ b/CVE-2019-20433-2.patch
@ -0,0 +1,56 @@
+From cefd447e5528b08bb0cd6656bc52b4255692cefc Mon Sep 17 00:00:00 2001
+From: Kevin Atkinson <kevina@gnu.org>
+Date: Sat, 17 Aug 2019 20:25:21 -0400
+Subject: [PATCH] Increment library version to reflect API changes.
+
+---
+ Makefile.am | 24 +++++++++++++++++-------
+ 1 file changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 950319d..3bbadb7 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -93,10 +93,24 @@ libaspell_la_SOURCES =\
+ 
+ libaspell_la_LIBADD =  $(LTLIBINTL) $(PTHREAD_LIB)
+ 
+## The version string is current[:revision[:age]]
+##
+## Before a release that has changed the source code at all
+## increment revision.
+##
+## After merging changes that have changed the API in a backwards
+## comptable way set revision to 0 and bump both current and age.
+##
+## Do not change the API in a backwards incompatible way.
+##
+## See "Libtool: Updating version info"
+## (https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html)
+## for more into
+##
+ if INCREMENTED_SONAME
+-libaspell_la_LDFLAGS = -version-info 16:5:0 -no-undefined
+libaspell_la_LDFLAGS = -version-info 19:0:3 -no-undefined
+ else
+-libaspell_la_LDFLAGS = -version-info 16:5:1 -no-undefined
+libaspell_la_LDFLAGS = -version-info 18:0:3 -no-undefined
+ endif
+ 
+ if PSPELL_COMPATIBILITY
+@@ -104,11 +118,7 @@ libpspell_la_SOURCES = lib/dummy.cpp
+ 
+ libpspell_la_LIBADD = libaspell.la
+ 
+-if INCREMENTED_SONAME
+-libpspell_la_LDFLAGS = -version-info 16:5:0 -no-undefined
+-else
+-libpspell_la_LDFLAGS = -version-info 16:5:1 -no-undefined
+-endif
+libpspell_la_LDFLAGS = $(libaspell_la_LDFLAGS)
+ 
+ endif
+ 
+-- 
+2.27.0
+
--- a/aspell.spec
+++ b/aspell.spec
@ -1,6 +1,6 @@
 Name:          aspell
 Version:       0.60.6.1
-Release:       28
+Release:       29
 Summary:       Spell checker
 Epoch:         12
 License:       LGPLv2+ and LGPLv2 and GPLv2+ and BSD
@ -18,6 +18,8 @@ Patch0007:     aspell-0.60.6.1-gcc7-fixes.patch
 Patch0008:     aspell-0.60.6.1-fix-back-on-empty-vector.patch
 Patch0009:     CVE-2019-17544.patch
 Patch0010:     CVE-2019-25051.patch
+Patch0011:     CVE-2019-20433-1.patch
+Patch0012:     CVE-2019-20433-2.patch

 BuildRequires: chrpath gettext ncurses-devel pkgconfig perl-interpreter gcc-c++

@ -112,6 +114,9 @@ rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man1/aspell-import.1
 %{_mandir}/man1/pspell-config.1*

 %changelog
+* Tue Sep 28 2021 yaoxin<yaoxin30@huawei.com> - 12:0.60.6.1-29
+- fix CVE-2019-20433
+
 * Thu Sep 23 2021 liwu<liwu13@huawei.com> - 12:0.60.6.1-28
 - fix CVE-2019-25051