[DRE-maint] Bug#935128: aspell: potentially unbounded buffer over-read in GNU Aspell 0.60.*
Agustin Martin
agmartin at debian.org
Thu Aug 29 11:26:59 BST 2019
On Wed, Aug 28, 2019 at 07:32:35PM -0400, Kevin Atkinson wrote:
> On Thu, 29 Aug 2019, Agustin Martin wrote:
>
> > This message is sent to all packages that depend in some way on
> > libaspell15 (pdo addresses bcc'ed)
> >
> > A potentially unbounded buffer over-read has been found in in GNU
> > Aspell 0.60.*. Package aspell 0.60.7-1 has been uploaded to Debian
> > experimental, including upstream patch to deal with this problem.
>
> It looks like you just applied the patches from Git. This will not work
> with a release as Aspell uses a lot of generated source files which are not
> checked into git. You need to run 'maintainer/autogen' to update them after
> applying the patch. Assuming the normal Debian build process rebuilds the
> automake/conf related bits then you can likely get away with just doing a:
>
> cd auto/
> perl -I ./ mk-src.pl
> perl -I ./ mk-doc.pl
> touch auto
> cd ..
Thanks a lot for the info,
aspell 0.60.7-2 just uploaded to Debian experimental. Build for the
different arches should start soon.
> There are some tests in test/. There not very expensive and will make sure
> that that Aspell is correctly patched with the new interface intended for
> working with wide-characters You should be able to run the tests by doing a
>
> make -C test
Unfortunately, this seems to need more that just the two git patches to work
with plain 0.60.7 (only part of test/ is created), like an updated test dir,
the aspell filter command and some new filters. Will try to extract the
relevant patches and try.
Regards,
--
Agustin
More information about the Pkg-ruby-extras-maintainers
mailing list