From 6fcb6686071e8bc3e8f9462539f2f9eb30e828a3 Mon Sep 17 00:00:00 2001
From: Thierry Thomas <thierry@FreeBSD.org>
Date: Sun, 20 Jun 2004 09:04:32 +0000
Subject: Security: fix  a buffer overflow in word-list-compress: 	-
 <http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2> 	-
 <http://nettwerked.mg2.org/advisories/wlc>

Since I'm there, switch from libtool 1.3 to 1.5, to cope with
PR ports/63944.

Obtained from:	Robert Nagy <robert@openbsd.org>.
---
 ports-mgmt/portaudit-db/database/portaudit.txt |  1 +
 security/portaudit-db/database/portaudit.txt   |  1 +
 textproc/aspell/Makefile                       |  4 +-
 textproc/aspell/files/patch-prog-compress.c    | 71 ++++++++++++++++++++++++++
 4 files changed, 75 insertions(+), 2 deletions(-)
 create mode 100644 textproc/aspell/files/patch-prog-compress.c

diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index 9f717030163b..5d9ea754f8ca 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -20,3 +20,4 @@ webmin<1.150|http://www.webmin.com/changes-1.150.html http://www.osvdb.org/6729
 racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d
 ircd-hybrid<=7.0_1|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
 ircd-hybrid-ru<=7.1_2|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
+*aspell<=0.50.5_2|http://nettwerked.mg2.org/advisories/wlc http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2|Buffer overflow in word-list-compress|b7b03bab-c296-11d8-bfb2-000bdb1444a4
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt
index 9f717030163b..5d9ea754f8ca 100644
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@@ -20,3 +20,4 @@ webmin<1.150|http://www.webmin.com/changes-1.150.html http://www.osvdb.org/6729
 racoon<20040617a|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022617.html http://www.securityfocus.com/archive/1/366023 http://securitytracker.com/alerts/2004/Jun/1010495.html http://orange.kame.net/dev/cvsweb.cgi/kame/kame/kame/racoon/crypto_openssl.c#rev1.86|Racoon may validate invalid certificates|a96c1d37-c033-11d8-b00e-000347a4fa7d
 ircd-hybrid<=7.0_1|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
 ircd-hybrid-ru<=7.1_2|http://lists.netsys.com/pipermail/full-disclosure/2004-June/022820.html http://www.securityfocus.com/archive/1/366486|ircd-hybrid-7 low-bandwidth DoS|23aafa20-c28a-11d8-864c-02e0185c0b53
+*aspell<=0.50.5_2|http://nettwerked.mg2.org/advisories/wlc http://marc.theaimsgroup.com/?l=bugtraq&m=108761564006503&w=2|Buffer overflow in word-list-compress|b7b03bab-c296-11d8-bfb2-000bdb1444a4
diff --git a/textproc/aspell/Makefile b/textproc/aspell/Makefile
index bcb0d1c29502..689ebb096db1 100644
--- a/textproc/aspell/Makefile
+++ b/textproc/aspell/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME?=	aspell
 PORTVERSION=	0.50.5
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES+=	textproc
 MASTER_SITES=	http://aspell.net/	\
 		${MASTER_SITE_GNU}
@@ -22,7 +22,7 @@ COMMENT?=	Spelling checker with better suggestion logic than ispell
 BUILD_DEPENDS+=	bzip2:${PORTSDIR}/archivers/bzip2
 .endif
 
-USE_LIBTOOL_VER=13
+USE_LIBTOOL_VER=	15
 CONFIGURE_TARGET=	--build=${ARCH}-portbld-freebsd${OSREL}
 CONFIGURE_ARGS=	--enable-dict-dir=${DATADIR} \
 		--enable-doc-dir=${DOCSDIR}
diff --git a/textproc/aspell/files/patch-prog-compress.c b/textproc/aspell/files/patch-prog-compress.c
new file mode 100644
index 000000000000..a416a33e8c19
--- /dev/null
+++ b/textproc/aspell/files/patch-prog-compress.c
@@ -0,0 +1,71 @@
+--- prog/compress.c.orig	Sat Aug 31 20:51:11 2002
++++ prog/compress.c	Sat Jun 19 16:10:04 2004
+@@ -28,6 +28,11 @@
+ 
+ #endif
+ 
++#define WORD_BUFF_SIZE 256
++
++int count = 0;
++
++
+ void usage () 
+ {
+   fputs("Compresses or uncompresses sorted word lists.\n"     , stderr);
+@@ -45,8 +50,9 @@
+   if (c == EOF) return 0;
+   do {
+     *w++ = (char)(c);
+-  } while (c = getc(in), c != EOF && c > 32);
++  } while (c = getc(in), c != EOF && c > 32 && count < (WORD_BUFF_SIZE - 1));
+   *w = '\0';
++  count++;
+   ungetc(c, in);
+   if (c == EOF) return 0;
+   else return 1;
+@@ -61,8 +67,8 @@
+     
+   } else if (argv[1][0] == 'c') {
+ 
+-    char s1[256];
+-    char s2[256];
++    char s1[WORD_BUFF_SIZE];
++    char s2[WORD_BUFF_SIZE];
+     char * prev = s2;
+     char * cur = s1;
+     *prev = '\0';
+@@ -69,6 +75,7 @@
+ 
+     SETBIN (stdout);
+ 
++	while (count < WORD_BUFF_SIZE) {
+     while (get_word(stdin, cur)) {
+       int i = 0;
+       /* get the length of the prefix */
+@@ -85,11 +92,12 @@
+ 	prev = s2; cur = s1;
+       }
+     }
++	}
+     return 0;
+ 
+   } else if (argv[1][0] == 'd') {
+     
+-    char cur[256];
++    char cur[WORD_BUFF_SIZE];
+     int i;
+     int c;
+ 
+@@ -100,8 +108,11 @@
+       if (i == 0)
+ 	i = getc(stdin);
+       --i;  
+-      while ((c = getc(stdin)) > 32)
++      while ((c = getc(stdin)) > 32 && i < (WORD_BUFF_SIZE -1)) {
+ 	cur[i++] = (char)c;
++	count++;
++	}
++
+       cur[i] = '\0';
+       fputs(cur, stdout);
+       putc('\n', stdout);
-- 
cgit