head	1.2;
access;
symbols
	pkgsrc-2022Q2:1.1.0.18
	pkgsrc-2022Q2-base:1.1
	pkgsrc-2022Q1:1.1.0.16
	pkgsrc-2022Q1-base:1.1
	pkgsrc-2021Q4:1.1.0.14
	pkgsrc-2021Q4-base:1.1
	pkgsrc-2021Q3:1.1.0.12
	pkgsrc-2021Q3-base:1.1
	pkgsrc-2021Q2:1.1.0.10
	pkgsrc-2021Q2-base:1.1
	pkgsrc-2021Q1:1.1.0.8
	pkgsrc-2021Q1-base:1.1
	pkgsrc-2020Q4:1.1.0.6
	pkgsrc-2020Q4-base:1.1
	pkgsrc-2020Q3:1.1.0.4
	pkgsrc-2020Q3-base:1.1
	pkgsrc-2020Q2:1.1.0.2;
locks; strict;
comment	@// @;


1.2
date	2022.09.09.15.17.20;	author wiz;	state dead;
branches;
next	1.1;
commitid	2G0PpRvEBhMivcTD;

1.1
date	2020.08.03.11.19.28;	author wiz;	state Exp;
branches
	1.1.2.1;
next	;
commitid	AK6T4bAEIh7aQBiC;

1.1.2.1
date	2020.08.03.11.19.28;	author bsiegert;	state dead;
branches;
next	1.1.2.2;
commitid	1WB5xwmE3vBBp3kC;

1.1.2.2
date	2020.08.14.17.07.02;	author bsiegert;	state Exp;
branches;
next	;
commitid	1WB5xwmE3vBBp3kC;


desc
@@


1.2
log
@hunspell: update to 1.7.1.

2022-08-22: Hunspell 1.7.1 release:
  - Merge chromium fix for #714 OOB string write in hunspell
  - Merge firefox fix for #756 various issues parsing incomplete aff files
  - Fix #492 crash with hunspell -l -r
  - Merge in weblate translations
@
text
@$NetBSD: patch-src_hunspell_suggestmgr.cxx,v 1.1 2020/08/03 11:19:28 wiz Exp $

Fix CVE-2019-16707
https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b#diff-783289d6b6330291ec79bf507002106e

--- src/hunspell/suggestmgr.cxx.orig	2018-11-12 20:38:56.000000000 +0000
+++ src/hunspell/suggestmgr.cxx
@@@@ -2040,7 +2040,7 @@@@ int SuggestMgr::leftcommonsubstring(
   int l2 = su2.size();
   // decapitalize dictionary word
   if (complexprefixes) {
-    if (su1[l1 - 1] == su2[l2 - 1])
+    if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
       return 1;
   } else {
     unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;
@


1.1
log
@hunspell: fix CVE-2019-16707 using upstream patch

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-src_hunspell_suggestmgr.cxx was added on branch pkgsrc-2020Q2 on 2020-08-14 17:07:02 +0000
@
text
@d1 16
@


1.1.2.2
log
@Pullup ticket #6294 - requested by wiz
textproc/hunspell: security fix

Revisions pulled up:
- textproc/hunspell/Makefile                                    1.32
- textproc/hunspell/distinfo                                    1.13
- textproc/hunspell/patches/patch-src_hunspell_suggestmgr.cxx   1.1

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Aug  3 11:19:28 UTC 2020

   Modified Files:
   	pkgsrc/textproc/hunspell: Makefile distinfo
   Added Files:
   	pkgsrc/textproc/hunspell/patches: patch-src_hunspell_suggestmgr.cxx

   Log Message:
   hunspell: fix CVE-2019-16707 using upstream patch

   Bump PKGREVISION.
@
text
@a0 16
$NetBSD: patch-src_hunspell_suggestmgr.cxx,v 1.1 2020/08/03 11:19:28 wiz Exp $

Fix CVE-2019-16707
https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b#diff-783289d6b6330291ec79bf507002106e

--- src/hunspell/suggestmgr.cxx.orig	2018-11-12 20:38:56.000000000 +0000
+++ src/hunspell/suggestmgr.cxx
@@@@ -2040,7 +2040,7 @@@@ int SuggestMgr::leftcommonsubstring(
   int l2 = su2.size();
   // decapitalize dictionary word
   if (complexprefixes) {
-    if (su1[l1 - 1] == su2[l2 - 1])
+    if (l1 && l2 && su1[l1 - 1] == su2[l2 - 1])
       return 1;
   } else {
     unsigned short idx = su2.empty() ? 0 : (su2[0].h << 8) + su2[0].l;
@