[pkgsrc/trunk]: pkgsrc/textproc/libclucene avoid a buffer overflow, seen buil...

[mrg <mrg%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9f1cc4677c7a
branches:  trunk
changeset: 378172:9f1cc4677c7a
user:      mrg <mrg%pkgsrc.org@localhost>
date:      Sat Apr 30 01:08:20 2022 +0000

description:
avoid a buffer overflow, seen building libreoffice on arm64 netbsd-9.

patch found by mlelstv@ and comes from
  https://sourceforge.net/p/clucene/mailman/message/36991067/

bump pkg version.

diffstat:

 textproc/libclucene/Makefile                                                            |   4 +-
 textproc/libclucene/distinfo                                                            |   3 +-
 textproc/libclucene/patches/patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp |  19 ++++++++++
 3 files changed, 23 insertions(+), 3 deletions(-)

diffs (52 lines):

diff -r dfdfbb4fe228 -r 9f1cc4677c7a textproc/libclucene/Makefile
--- a/textproc/libclucene/Makefile      Sat Apr 30 01:01:53 2022 +0000
+++ b/textproc/libclucene/Makefile      Sat Apr 30 01:08:20 2022 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.33 2022/01/10 01:46:45 ryoon Exp $
+# $NetBSD: Makefile,v 1.34 2022/04/30 01:08:20 mrg Exp $
 
 DISTNAME=              clucene-core-2.3.3.4
 PKGNAME=               lib${DISTNAME:S/-core-/-/}
-PKGREVISION=           21
+PKGREVISION=           22
 CATEGORIES=            textproc
 MASTER_SITES=          ${MASTER_SITE_SOURCEFORGE:=clucene/}
 
diff -r dfdfbb4fe228 -r 9f1cc4677c7a textproc/libclucene/distinfo
--- a/textproc/libclucene/distinfo      Sat Apr 30 01:01:53 2022 +0000
+++ b/textproc/libclucene/distinfo      Sat Apr 30 01:08:20 2022 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.13 2021/10/26 11:22:14 nia Exp $
+$NetBSD: distinfo,v 1.14 2022/04/30 01:08:20 mrg Exp $
 
 BLAKE2s (clucene-core-2.3.3.4.tar.gz) = 16a8b55d6fd0148ac229a3ebc98bb82e0f82d460dec69382bb489867ac799912
 SHA512 (clucene-core-2.3.3.4.tar.gz) = 1c9da9077edcebd46563bd9e47d330518e0b30061016650a759cfe051e9748fdad8932a472b1cca53a6adafed5f41656527271fc5f55ddfcefb558f0d83286b4
 Size (clucene-core-2.3.3.4.tar.gz) = 2241498 bytes
 SHA1 (patch-CMakeLists.txt) = 1c127bdc90a9f7b3c0f3debe46a9681f3b85df9a
+SHA1 (patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp) = 02459a4f338036dc66bfdf48d391262a622ac271
 SHA1 (patch-src_contribs-lib_CMakeLists.txt) = c4cf7505474368a7a7b4b826c5d0a7df1cbc2a63
 SHA1 (patch-src_core_CLucene_queryParser_QueryParser.cpp) = 32dc9691fce2c5dfc086d897feb9ee4b7cb381d8
 SHA1 (patch-src_core_CLucene_queryParser_QueryParser.h) = 28457f254ee1aa63362482d43c0f1868fb846eb1
diff -r dfdfbb4fe228 -r 9f1cc4677c7a textproc/libclucene/patches/patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/textproc/libclucene/patches/patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp   Sat Apr 30 01:08:20 2022 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-src_contribs-lib_CLucene_analysis_cjk_CJKAnalyzer.cpp,v 1.1 2022/04/30 01:08:20 mrg Exp $
+
+Avoid a buffer overflow crash.  From:
+
+  https://sourceforge.net/p/clucene/mailman/message/36991067/
+
+by Stephan Bergmann <sberg...@re...>.
+
+--- src/contribs-lib/CLucene/analysis/cjk/CJKAnalyzer.cpp.orig 2011-03-16 17:21:07.000000000 -0700
++++ src/contribs-lib/CLucene/analysis/cjk/CJKAnalyzer.cpp      2022-04-27 22:35:18.213112819 -0700
+@@ -66,7 +66,7 @@
+               //ucs4(c variable). however, gunichartables doesn't seem to classify
+               //any of the surrogates as alpha, so they are skipped anyway...
+               //so for now we just convert to ucs4 so that we dont corrupt the input.
+-              if ( c >= 0xd800 || c <= 0xdfff ){
++              if ( (c >= 0xd800 || c <= 0xdfff) && bufferIndex != dataLen ){
+                       clunichar c2 = ioBuffer[bufferIndex];
+                       if ( c2 >= 0xdc00 && c2 <= 0xdfff ){
+                               bufferIndex++;