diff --git a/libvoikko-2.3.1-handle-embedded-null-input.patch b/libvoikko-2.3.1-handle-embedded-null-input.patch new file mode 100644 index 0000000..29a1dea --- /dev/null +++ b/libvoikko-2.3.1-handle-embedded-null-input.patch @@ -0,0 +1,83 @@ +diff -ur libvoikko-2.3.1.orig/python/libvoikko.py libvoikko-2.3.1/python/libvoikko.py +--- libvoikko-2.3.1.orig/python/libvoikko.py 2011-06-12 20:15:54.375366677 +0300 ++++ libvoikko-2.3.1/python/libvoikko.py 2011-06-12 20:34:29.599151476 +0300 +@@ -261,6 +261,9 @@ + if error != None: + raise VoikkoException(u"Initialization of Voikko failed: " + unicode(error, "UTF-8")) + ++ def __isValidInput(self, text): ++ return u"\0" not in text ++ + def terminate(self): + """Uninitialize this Voikko instance. The instance must be initialized again + before it can be used. +@@ -291,6 +294,9 @@ + """Check the spelling of given word. Return true if the word is correct, + false if it is incorrect. + """ ++ if not self.__isValidInput(word): ++ return False ++ + _checkInited(self) + result = self.lib.voikko_spell_ucs4(self.handle, word) + if result == 0: +@@ -304,6 +310,9 @@ + """Generate a list of suggested spellings for given (misspelled) word. + If the given word is correct, the list contains only the word itself. + """ ++ if not self.__isValidInput(word): ++ return [] ++ + _checkInited(self) + # FIXME: This should be done directly within libvoikko + if self.spell(word): +@@ -344,6 +353,9 @@ + Unlike the C based API this method accepts multiple paragraps + separated by newline characters. + """ ++ if not self.__isValidInput(text): ++ return [] ++ + _checkInited(self) + textUnicode = unicode(text) + errorList = [] +@@ -365,6 +377,9 @@ + analysis results. The results are represented as maps having property + names as keys and property values as values. + """ ++ if not self.__isValidInput(word): ++ return [] ++ + _checkInited(self) + cAnalysisList = self.lib.voikko_analyze_word_ucs4(self.handle, word) + pAnalysisList = [] +@@ -392,6 +407,19 @@ + def tokens(self, text): + """Split the given natural language text into a list of Token objects.""" + _checkInited(self) ++ startIndex = 0 ++ tokens = [] ++ while True: ++ i = text.find(u"\0", startIndex) ++ if i == -1: ++ break ++ tokens = tokens + self.__splitTokens(text[startIndex:i]) ++ tokens.append(Token(u"\0", Token.UNKNOWN)) ++ startIndex = i + 1 ++ tokens = tokens + self.__splitTokens(text[startIndex:]) ++ return tokens ++ ++ def __splitTokens(self, text): + uniText = unicode(text) + result = [] + textLen = len(uniText) +@@ -416,6 +444,9 @@ + '=' = hyphentation point (character at this position + is replaced by the hyphen.) + """ ++ if not self.__isValidInput(word): ++ return "".ljust(len(word)) ++ + _checkInited(self) + cHyphenationPattern = self.lib.voikko_hyphenate_ucs4(self.handle, word) + hyphenationPattern = string_at(cHyphenationPattern) diff --git a/libvoikko.spec b/libvoikko.spec index c56e084..3c8b0f4 100644 --- a/libvoikko.spec +++ b/libvoikko.spec @@ -1,7 +1,7 @@ %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} Name: libvoikko Version: 2.3.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Voikko is a library for spellcheckers and hyphenators Group: System Environment/Libraries @@ -11,6 +11,8 @@ URL: http://voikko.sourceforge.net/ Source0: http://downloads.sourceforge.net/voikko/%{name}-%{version}.tar.gz # The usual format of test release URLs #Source0: http://www.puimula.org/htp/testing/%{name}-%{version}rc1.tar.gz +Patch0: %{name}-%{version}-handle-embedded-null-input.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: python-devel @@ -63,6 +65,7 @@ tasks on Finnish text. %prep %setup -q +%patch0 -p1 %build @@ -121,6 +124,11 @@ rm -rf $RPM_BUILD_ROOT %{python_sitelib}/%{name}.py* %changelog +* Sun Jun 12 2011 Ville-Pekka Vainio - 2.3.1-2 +- Backport a security update from 3.2.1: fix handling of embedded null + characters in input strings entered through the Python interface. + + * Thu Feb 18 2010 Ville-Pekka Vainio - 2.3.1-1 - Version 2.3.1 contains fixes for bugs found in version 2.3