diff options
-rw-r--r-- | .gitignore | 32 | ||||
-rw-r--r-- | debian/NEWS.Debian | 6 | ||||
-rw-r--r-- | debian/changelog | 222 | ||||
-rw-r--r-- | debian/compat | 1 | ||||
-rw-r--r-- | debian/control | 57 | ||||
-rw-r--r-- | debian/copyright | 52 | ||||
-rw-r--r-- | debian/libonig-dev.doc-base | 17 | ||||
-rw-r--r-- | debian/libonig-dev.docs | 11 | ||||
-rw-r--r-- | debian/libonig-dev.examples | 1 | ||||
-rw-r--r-- | debian/libonig-dev.install | 3 | ||||
-rw-r--r-- | debian/libonig4-dbg.dirs | 1 | ||||
-rw-r--r-- | debian/libonig4.install | 1 | ||||
-rw-r--r-- | debian/patches/001-changes_build_sys.diff | 44 | ||||
-rw-r--r-- | debian/patches/0100-source_typos.patch | 18 | ||||
-rw-r--r-- | debian/patches/0500-CVE-2017-922[4-9].patch | 144 | ||||
-rw-r--r-- | debian/patches/series | 3 | ||||
-rwxr-xr-x | debian/rules | 34 | ||||
-rw-r--r-- | debian/source/format | 1 | ||||
-rw-r--r-- | debian/symbols | 230 | ||||
-rw-r--r-- | debian/watch | 2 |
20 files changed, 853 insertions, 27 deletions
@@ -1,27 +1,5 @@ -Makefile -autom4te.cache/ -ltmain.sh -stamp-h1 -configure -config.status -config.log -config.h -config.h.in -onig-config -libtool -aclocal.m4 -Makefile.in -*.o -*.obj -*.so -*.lo -*.la -*.pc -*~ -.libs/ -.deps/ -testc -testcu -testp -/build -m4/*.m4 +.bzr +.bzrignore +.pc +.gitignore +debian/files
\ No newline at end of file diff --git a/debian/NEWS.Debian b/debian/NEWS.Debian new file mode 100644 index 0000000..e58552a --- /dev/null +++ b/debian/NEWS.Debian @@ -0,0 +1,6 @@ +libonig (6.0.0-1) unstable; urgency=medium + + The file /usr/bin/onig-config is not Multi-Arch conform. So it is removed + in this release. You can use pkg-config instead. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Tue, 06 Jan 2015 11:09:12 +0100 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..7a8155d --- /dev/null +++ b/debian/changelog @@ -0,0 +1,222 @@ +libonig (6.2.0-1) unstable; urgency=medium + + * New upstream release. + - Update symbols file. + * Drop dh-autoreconf from both build-depends and dh --with arguments + because this is all defaults when using dh compat 10. + * debian/copyright: Add year 2017. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 09 Apr 2017 20:00:40 +0200 + +libonig (6.1.3-2) unstable; urgency=high + + * New debian/patches/0500-CVE-2017-922[4-9].patch: + - Cherrypicked from upstream to correct: + + CVE-2017-9224 (Closes: #863312) + + CVE-2017-9225 (Closes: #863313) + + CVE-2017-9226 (Closes: #863314) + + CVE-2017-9227 (Closes: #863315) + + CVE-2017-9228 (Closes: #863316) + + CVE-2017-9229 (Closes: #863318) + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 27 May 2017 12:05:50 +0200 + +libonig (6.1.3-1) unstable; urgency=medium + + * New upstream release. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Thu, 15 Dec 2016 09:23:30 +0100 + +libonig (6.1.2-1) unstable; urgency=medium + + * New upstream release. + * debian/control: + - Bump debhelper B-D minimum version to 10. + * New debian/patches/0100-source_typos.patch. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Wed, 09 Nov 2016 23:16:44 +0100 + +libonig (6.1.1-2) unstable; urgency=medium + + * Upload to unstable. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 04 Sep 2016 21:26:20 +0200 + +libonig (6.1.1-1) experimental; urgency=medium + + * New upstream release. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 03 Sep 2016 02:42:58 +0200 + +libonig (6.1.0-1) experimental; urgency=medium + + * New upstream release. + - NEW API: onig_scan(). + * debian/control: + - To match with the soname rename packages from liboing3 to libonig4. + * debian/rules: + - Rename liboing3 to libonig4. + * Renew debian/symbols. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Wed, 31 Aug 2016 04:18:16 +0200 + +libonig (6.0.0-1) experimental; urgency=medium + + * New upstream release. + * debian/control: + - Remove dpkg from libonig2-dbg Pre-Depends because redundance + with ${misc:Pre-Depends}. + - Replace homepage to the new loacation. + - To match with the soname rename packages from liboing2 to libonig3. + - Bump Standards-Version to 3.9.8 (no changes required). + - Change Vcs-* to secure URIs. + * debian/rules: + - Rename liboing2 to libonig3. + * debian/watch: + - Move to github. + - Bump version to 4 (no changes required). + * debian/copyright: + - Replace homepage and upstream mail address. + - Add year 2016. + * Remove the not Multi-Arch conform file /usr/bin/onig-config and + the man page. + * Remove now useless debian/libonig3-dbg.maintscript. + * Set compat level to 10. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 14 May 2016 17:53:39 +0200 + +libonig (5.9.6-1) unstable; urgency=medium + + * New upstream release. + * Refresh debian/patches/001-changes_build_sys.diff. + * Refresh debian/symbols. + * debian/rules: + - rewrite override_dh_strip. + - Add dpkg-gensymbols to generate symbol file(s) + on every build. + * debian/copyright: + Add year 2015 to my entry at debian/*. + * debian/control: + - Remove useless Depends ${shlibs:Depends} from libonig2-dbg + and libonig-dev + - Add dpkg and ${misc:Pre-Depends} to Depends of libonig2-dbg + to prevent error on upgrade wheezy to jessie (Closes: #769556). + - Bump Standards-Version to 3.9.6 (no changes required). + - Add Vcs-* fields pointed to alioth. + - Remove deprecated hardening-wrapper from Build-Depends + (Closes: #774485). + - Rewrite Descriptions (Closes: #774520). + * debian/*.postrm, debian/*.postinst, debian/*.preinst: + - Delete them and move the dpkg-maintscript-helper to + debian/libonig2-dbg.maintscript. + * New debian/libonig2-dbg.maintscript: + - Add symlink_to_dir calls. + - Change version in calls of symlink_to_dir to 5.9.6-1~. + * Add Vcs + * Add missing MNU changelog entries. Both don't provide a patch with + the changes and the first one causes a new RC-Bug. + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Mon, 05 Jan 2015 10:49:52 +0100 + +libonig (5.9.5-3.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix version for calls to dpkg-maintscript-helper symlink_to_dir. + (closes: #769556). + + -- Ivo De Decker <ivodd@debian.org> Sun, 28 Dec 2014 12:11:12 +0100 + +libonig (5.9.5-3.1) unstable; urgency=high + + * Non-maintainer upload. + * Add missing pre-dependency on dpkg for dpkg-maintscript-helper + symlink_to_dir (closes: #769556). + + -- Julien Cristau <jcristau@debian.org> Sat, 15 Nov 2014 11:53:45 +0100 + +libonig (5.9.5-3) unstable; urgency=medium + + * Add debian/libonig2-dbg.(preinst|postinst|postrm) to prevent + error on upgrade wheezy to jessie. (Closes: #768267) + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Thu, 06 Nov 2014 21:32:20 +0100 + +libonig (5.9.5-2) unstable; urgency=medium + + * rename debian/*.doc-base + * add html files to doc + * change debian/rules for hardening + * remove Multi-Arch from libonig-dev (Closes: #747897) + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Tue, 13 May 2014 10:25:38 +0200 + +libonig (5.9.5-1) unstable; urgency=medium + + * remove *.so.* files from libonig2-dbg + (same files as in libonig2) + * add debian/libonig-dev.doc-base + * add debian/symbols + * rewrite debian/copyright + * rewrite debian/rules (Closes: #645940) + * patch buildsystem (Closes: #734683) + * change lib version to 2.1.0 + * Bump compat to 9 + * Update to upstream version 5.9.5 (Closes: #661616) + * Bump Standarts to 3.9.5 + * New Maintainer (Closes: #747187) + + -- Jörg Frings-Fürst <debian@jff-webhosting.net> Wed, 07 May 2014 16:39:54 +0200 + +libonig (5.9.1-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + * acknowledge NMU, thanks Laurent (closes: #426355) + * run test suite after build + * added watch file + * bumped Standards-Version to 3.7.3 + * added homepage header to debian/control + * priority "extra" + + -- Alexander Wirt <formorer@debian.org> Mon, 07 Jan 2008 11:46:27 +0100 + +libonig (5.9.0-0.1) unstable; urgency=low + + * Non-maintainer upload. + * New upstream release (Closes: #426355) + * debian/control: + - Use binary:Version instead of Source-Version + * debian/rules: + - Don't hide make distclean error + - Fix copy of config.{sub,guess} + - Remove deprecated DH_COMPAT and use compat file instead + + -- Laurent Bigonville <bigon@bigon.be> Sat, 04 Aug 2007 15:07:34 +0200 + +libonig (5.5.2-1) unstable; urgency=low + + * new upstream release + + -- Max Kellermann <max@duempel.org> Wed, 14 Feb 2007 23:12:29 +0100 + +libonig (5.5.0-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + * update config.{sub,guess} in debian/rules + * removed libonig.la + + -- Alexander Wirt <formorer@debian.org> Wed, 6 Dec 2006 20:51:10 +0100 + +libonig (5.2.0-1) unstable; urgency=low + + * new upstream release + * updated copyright file since license has been changed to BSD + + -- Max Kellermann <max@duempel.org> Wed, 15 Nov 2006 09:32:24 +0100 + +libonig (4.4.4-1) unstable; urgency=low + + * initial debian release (Closes: #388412) + + -- Max Kellermann <max@duempel.org> Wed, 20 Sep 2006 12:17:40 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..c5fbb3d --- /dev/null +++ b/debian/control @@ -0,0 +1,57 @@ +Source: libonig +Section: libs +Priority: extra +Maintainer: Jörg Frings-Fürst <debian@jff-webhosting.net> +Build-Depends: + debhelper (>= 10) +Standards-Version: 3.9.8 +Homepage: https://github.com/kkos/oniguruma +Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/libonig.git +Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/libonig.git + +Package: libonig4 +Priority: optional +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + ${shlibs:Depends} +Pre-Depends: + ${misc:Pre-Depends} +Description: regular expressions library + Oniguruma is a library for working with regular expressions. + . + Different character encoding for every regular expression object can + be specified. + +Package: libonig4-dbg +Section: debug +Architecture: any +Multi-Arch: same +Depends: + ${misc:Depends}, + libonig4 (= ${binary:Version}) +Pre-Depends: + ${misc:Pre-Depends} +Description: regular expressions library — debugging symbols + Oniguruma is a library for working with regular expressions. + . + Different character encoding for every regular expression object can + be specified. + . + This package provides the debugging symbols. + +Package: libonig-dev +Section: libdevel +Priority: optional +Architecture: any +Depends: + ${misc:Depends}, + libonig4 (= ${binary:Version}) +Description: regular expressions library — development files + Oniguruma is a library for working with regular expressions. + . + Different character encoding for every regular expression object can + be specified. + . + This package provides development files and static libraries. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..a57a2e3 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,52 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0 +Source: https://github.com/kkos/oniguruma + +Files: * +Copyright: 2002-2017 K.Kosako <kkosako0@gmail.com> +License: BSD-2-clause + +License: BSD-2-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + + +Files: debian/* +Copyright: 2006-2008 Max Kellermann <max@duempel.org> + 2014-2017 Jörg Frings-Fürst <debian@jff-webhosting.net> +License: GPL-2+ + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + . + On Debian systems, the full text of the GNU General Public License version 2 + can be found in the file `/usr/share/common-licenses/GPL-2'. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. diff --git a/debian/libonig-dev.doc-base b/debian/libonig-dev.doc-base new file mode 100644 index 0000000..2c6bcf7 --- /dev/null +++ b/debian/libonig-dev.doc-base @@ -0,0 +1,17 @@ +Document: libonig2 +Title: Oniguruma Library Documentation +Section: Programming/C++ + +Format: Text +Files: /usr/share/doc/libonig-dev/API.gz + /usr/share/doc/libonig-dev/API.ja.gz + /usr/share/doc/libonig-dev/FAQ + /usr/share/doc/libonig-dev/FAQ.ja + /usr/share/doc/libonig-dev/RE.gz + /usr/share/doc/libonig-dev/RE.ja.gz + /usr/share/doc/libonig-dev/README.gz + /usr/share/doc/libonig-dev/README.ja.gz + +Format: HTML +Index: /usr/share/doc/libonig-dev/index.html +Files: /usr/share/doc/libonig-dev/*.html diff --git a/debian/libonig-dev.docs b/debian/libonig-dev.docs new file mode 100644 index 0000000..856bacd --- /dev/null +++ b/debian/libonig-dev.docs @@ -0,0 +1,11 @@ +AUTHORS +README +README.ja +doc/API +doc/API.ja +doc/FAQ +doc/FAQ.ja +doc/RE +doc/RE.ja +index.html +index_ja.html diff --git a/debian/libonig-dev.examples b/debian/libonig-dev.examples new file mode 100644 index 0000000..cfdeec6 --- /dev/null +++ b/debian/libonig-dev.examples @@ -0,0 +1 @@ +sample/*.c diff --git a/debian/libonig-dev.install b/debian/libonig-dev.install new file mode 100644 index 0000000..1ec5d42 --- /dev/null +++ b/debian/libonig-dev.install @@ -0,0 +1,3 @@ +usr/lib/*/lib*.so +usr/include +usr/lib/*/pkgconfig/* diff --git a/debian/libonig4-dbg.dirs b/debian/libonig4-dbg.dirs new file mode 100644 index 0000000..7276ecd --- /dev/null +++ b/debian/libonig4-dbg.dirs @@ -0,0 +1 @@ +usr/share/doc diff --git a/debian/libonig4.install b/debian/libonig4.install new file mode 100644 index 0000000..3ddde58 --- /dev/null +++ b/debian/libonig4.install @@ -0,0 +1 @@ +usr/lib/*/lib*.so.* diff --git a/debian/patches/001-changes_build_sys.diff b/debian/patches/001-changes_build_sys.diff new file mode 100644 index 0000000..5750433 --- /dev/null +++ b/debian/patches/001-changes_build_sys.diff @@ -0,0 +1,44 @@ +Description: some buildsystem changes +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Reviewed-by: +Last-Update: 2014-05-07 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/configure.in +=================================================================== +--- trunk.orig/configure.in ++++ trunk/configure.in +@@ -1,9 +1,11 @@ + dnl Process this file with autoconf to produce a configure script. + AC_INIT(onig, 5.9.6) + ++ ++AUTOMAKE_OPTIONS=subdir-objects + AC_CONFIG_MACRO_DIR([m4]) + +-AM_INIT_AUTOMAKE ++AM_INIT_AUTOMAKE([foreign]) + AC_CONFIG_HEADER(config.h) + + +@@ -41,7 +43,7 @@ fi + dnl Checks for programs. + AC_PROG_CC + AM_PROG_LIBTOOL +-LTVERSION="2:0:0" ++LTVERSION="2:1:0" + AC_SUBST(LTVERSION) + + AC_PROG_INSTALL +Index: trunk/Makefile.am +=================================================================== +--- trunk.orig/Makefile.am ++++ trunk/Makefile.am +@@ -3,6 +3,7 @@ encdir = $(top_srcdir)/enc + sampledir = $(top_srcdir)/sample + libname = libonig.la + ++AUTOMAKE_OPTIONS=subdir-objects + ACLOCAL_AMFLAGS = -I m4 + #AM_CFLAGS = -DNOT_RUBY + AM_CFLAGS = diff --git a/debian/patches/0100-source_typos.patch b/debian/patches/0100-source_typos.patch new file mode 100644 index 0000000..fe1bca0 --- /dev/null +++ b/debian/patches/0100-source_typos.patch @@ -0,0 +1,18 @@ +Description: Fix typos +Author: Jörg Frings-Fürst <debian@jff-webhosting.net> +Last-Update: 2016-11-09 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/regerror.c +=================================================================== +--- trunk.orig/src/regerror.c ++++ trunk/src/regerror.c +@@ -65,7 +65,7 @@ onig_error_code_to_format(int code) + case ONIGERR_UNEXPECTED_BYTECODE: + p = "unexpected bytecode (bug)"; break; + case ONIGERR_DEFAULT_ENCODING_IS_NOT_SETTED: +- p = "default multibyte-encoding is not setted"; break; ++ p = "default multibyte-encoding is not set"; break; + case ONIGERR_SPECIFIED_ENCODING_CANT_CONVERT_TO_WIDE_CHAR: + p = "can't convert to wide-char on specified multibyte-encoding"; break; + case ONIGERR_FAIL_TO_INITIALIZE: diff --git a/debian/patches/0500-CVE-2017-922[4-9].patch b/debian/patches/0500-CVE-2017-922[4-9].patch new file mode 100644 index 0000000..d28b6ad --- /dev/null +++ b/debian/patches/0500-CVE-2017-922[4-9].patch @@ -0,0 +1,144 @@ +Correct CVE-2017-922[4-9] + Fix mutilple invalid pointer dereference, out-of-bounds write memory + corruption and stack buffer overflow, +Origin: Cheerypicked from upstream +Bug: https://github.com/kkos/oniguruma/issues/[55|56|57|58|59|60] +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=86331[2|3|4|5|6|8] +Forwarded: not-needed +Last-Update: 2017-05-25 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: 6.1.3-1+deb9u1/src/regexec.c +=================================================================== +--- 6.1.3-1+deb9u1.orig/src/regexec.c ++++ 6.1.3-1+deb9u1/src/regexec.c +@@ -1463,14 +1463,9 @@ match_at(regex_t* reg, const UChar* str, + break; + + case OP_EXACT1: MOP_IN(OP_EXACT1); +-#if 0 + DATA_ENSURE(1); + if (*p != *s) goto fail; + p++; s++; +-#endif +- if (*p != *s++) goto fail; +- DATA_ENSURE(0); +- p++; + MOP_OUT; + break; + +@@ -3149,6 +3144,8 @@ forward_search_range(regex_t* reg, const + } + else { + UChar *q = p + reg->dmin; ++ ++ if (q >= end) return 0; /* fail */ + while (p < q) p += enclen(reg->enc, p); + } + } +@@ -3228,18 +3225,25 @@ forward_search_range(regex_t* reg, const + } + else { + if (reg->dmax != ONIG_INFINITE_DISTANCE) { +- *low = p - reg->dmax; +- if (*low > s) { +- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, +- *low, (const UChar** )low_prev); +- if (low_prev && IS_NULL(*low_prev)) +- *low_prev = onigenc_get_prev_char_head(reg->enc, +- (pprev ? pprev : s), *low); +- } +- else { ++ if (p - str < reg->dmax) { ++ *low = (UChar* )str; + if (low_prev) +- *low_prev = onigenc_get_prev_char_head(reg->enc, +- (pprev ? pprev : str), *low); ++ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low); ++ } ++ else { ++ *low = p - reg->dmax; ++ if (*low > s) { ++ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, ++ *low, (const UChar** )low_prev); ++ if (low_prev && IS_NULL(*low_prev)) ++ *low_prev = onigenc_get_prev_char_head(reg->enc, ++ (pprev ? pprev : s), *low); ++ } ++ else { ++ if (low_prev) ++ *low_prev = onigenc_get_prev_char_head(reg->enc, ++ (pprev ? pprev : str), *low); ++ } + } + } + } +Index: 6.1.3-1+deb9u1/src/regparse.c +=================================================================== +--- 6.1.3-1+deb9u1.orig/src/regparse.c ++++ 6.1.3-1+deb9u1/src/regparse.c +@@ -2986,7 +2986,7 @@ fetch_token_in_cc(OnigToken* tok, UChar* + PUNFETCH; + prev = p; + num = scan_unsigned_octal_number(&p, end, 3, enc); +- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; ++ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; + if (p == prev) { /* can't read nothing. */ + num = 0; /* but, it's not error */ + } +@@ -3358,7 +3358,7 @@ fetch_token(OnigToken* tok, UChar** src, + if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) { + prev = p; + num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc); +- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; ++ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; + if (p == prev) { /* can't read nothing. */ + num = 0; /* but, it's not error */ + } +@@ -3994,7 +3994,9 @@ next_state_class(CClassNode* cc, OnigCod + } + } + +- *state = CCS_VALUE; ++ if (*state != CCS_START) ++ *state = CCS_VALUE; ++ + *type = CCV_CLASS; + return 0; + } +@@ -4010,6 +4012,9 @@ next_state_val(CClassNode* cc, OnigCodeP + switch (*state) { + case CCS_VALUE: + if (*type == CCV_SB) { ++ if (*vs > 0xff) ++ return ONIGERR_INVALID_CODE_POINT_VALUE; ++ + BITSET_SET_BIT(cc->bs, (int )(*vs)); + } + else if (*type == CCV_CODE_POINT) { +Index: 6.1.3-1+deb9u1/src/gperf_unfold_key_conv.py +=================================================================== +--- 6.1.3-1+deb9u1.orig/src/gperf_unfold_key_conv.py ++++ 6.1.3-1+deb9u1/src/gperf_unfold_key_conv.py +@@ -36,7 +36,7 @@ def parse_line(s): + if r != s: return r + r = re.sub(REG_GET_CODE, 'OnigCodePoint gcode = wordlist[key].code;', s) + if r != s: return r +- r = re.sub(REG_CODE_CHECK, 'if (code == gcode)', s) ++ r = re.sub(REG_CODE_CHECK, 'if (code == gcode && wordlist[key].index >= 0)', s) + if r != s: return r + + return s +Index: 6.1.3-1+deb9u1/src/unicode_unfold_key.c +=================================================================== +--- 6.1.3-1+deb9u1.orig/src/unicode_unfold_key.c ++++ 6.1.3-1+deb9u1/src/unicode_unfold_key.c +@@ -2844,7 +2844,7 @@ unicode_unfold_key(OnigCodePoint code) + { + OnigCodePoint gcode = wordlist[key].code; + +- if (code == gcode) ++ if (code == gcode && wordlist[key].index >= 0) + return &wordlist[key]; + } + } diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..06ee93d --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +#001-changes_build_sys.diff +0100-source_typos.patch +0500-CVE-2017-922[4-9].patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..69ed6ac --- /dev/null +++ b/debian/rules @@ -0,0 +1,34 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# +# Test for gcc-6 support +# +#export CC=gcc-6 +#export CXX=g++-6 + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +VERSION = $(shell head -n1 debian/changelog | sed -e 's/.*(//;s/-.*).*//;s/\+/\-/') + +%: + dh $@ + +override_dh_strip: + dh_strip --dbg-package=libonig4-dbg + +override_dh_install: + $(RM) debian/tmp/usr/bin/onig-config + dh_install --fail-missing -X.la -X.a + +override_dh_makeshlibs: + dh_makeshlibs + dpkg-gensymbols -v$(VERSION) -plibonig4 diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/symbols b/debian/symbols new file mode 100644 index 0000000..086e86c --- /dev/null +++ b/debian/symbols @@ -0,0 +1,230 @@ +libonig.so.4 libonig4 #MINVER# + OnigAsciiLowerMap@Base 5.9.5 + OnigDefaultCaseFoldFlag@Base 5.9.5 + OnigDefaultSyntax@Base 5.9.5 + OnigEncAsciiCtypeTable@Base 5.9.5 + OnigEncAsciiToLowerCaseTable@Base 5.9.5 + OnigEncDefaultCharEncoding@Base 5.9.5 + OnigEncISO_8859_1_ToLowerCaseTable@Base 5.9.5 + OnigEncodingASCII@Base 5.9.5 + OnigEncodingBIG5@Base 5.9.5 + OnigEncodingCP1251@Base 5.9.5 + OnigEncodingEUC_CN@Base 5.9.5 + OnigEncodingEUC_JP@Base 5.9.5 + OnigEncodingEUC_KR@Base 5.9.5 + OnigEncodingEUC_TW@Base 5.9.5 + OnigEncodingGB18030@Base 5.9.5 + OnigEncodingISO_8859_10@Base 5.9.5 + OnigEncodingISO_8859_11@Base 5.9.5 + OnigEncodingISO_8859_13@Base 5.9.5 + OnigEncodingISO_8859_14@Base 5.9.5 + OnigEncodingISO_8859_15@Base 5.9.5 + OnigEncodingISO_8859_16@Base 5.9.5 + OnigEncodingISO_8859_1@Base 5.9.5 + OnigEncodingISO_8859_2@Base 5.9.5 + OnigEncodingISO_8859_3@Base 5.9.5 + OnigEncodingISO_8859_4@Base 5.9.5 + OnigEncodingISO_8859_5@Base 5.9.5 + OnigEncodingISO_8859_6@Base 5.9.5 + OnigEncodingISO_8859_7@Base 5.9.5 + OnigEncodingISO_8859_8@Base 5.9.5 + OnigEncodingISO_8859_9@Base 5.9.5 + OnigEncodingKOI8_R@Base 5.9.5 + OnigEncodingSJIS@Base 5.9.5 + OnigEncodingUTF16_BE@Base 5.9.5 + OnigEncodingUTF16_LE@Base 5.9.5 + OnigEncodingUTF32_BE@Base 5.9.5 + OnigEncodingUTF32_LE@Base 5.9.5 + OnigEncodingUTF8@Base 5.9.5 + OnigSyntaxASIS@Base 5.9.5 + OnigSyntaxEmacs@Base 5.9.5 + OnigSyntaxGnuRegex@Base 5.9.5 + OnigSyntaxGrep@Base 5.9.5 + OnigSyntaxJava@Base 5.9.5 + OnigSyntaxPerl@Base 5.9.5 + OnigSyntaxPerl_NG@Base 5.9.5 + OnigSyntaxPosixBasic@Base 5.9.5 + OnigSyntaxPosixExtended@Base 5.9.5 + OnigSyntaxRuby@Base 5.9.5 + OnigUnicodeFolds1@Base 6.0.0 + OnigUnicodeFolds2@Base 6.0.0 + OnigUnicodeFolds3@Base 6.0.0 + euc_jp_lookup_property_name@Base 6.0.0 + onig_add_end_call@Base 5.9.6 + onig_bbuf_init@Base 5.9.5 + onig_capture_tree_traverse@Base 5.9.5 + onig_codes_byte_at@Base 6.0.0 + onig_codes_cmp@Base 6.0.0 + onig_compile@Base 5.9.5 + onig_copy_encoding@Base 5.9.5 + onig_copy_syntax@Base 5.9.5 + onig_copyright@Base 5.9.5 + onig_end@Base 5.9.5 + onig_error_code_to_format@Base 5.9.5 + onig_error_code_to_str@Base 5.9.5 + onig_foreach_name@Base 5.9.5 + onig_free@Base 5.9.5 + onig_free_body@Base 5.9.5 + onig_get_capture_tree@Base 5.9.5 + onig_get_case_fold_flag@Base 5.9.5 + onig_get_default_case_fold_flag@Base 5.9.5 + onig_get_encoding@Base 5.9.5 + onig_get_match_stack_limit_size@Base 5.9.5 + onig_get_options@Base 5.9.5 + onig_get_parse_depth_limit@Base 6.2.0 + onig_get_syntax@Base 5.9.5 + onig_get_syntax_behavior@Base 5.9.5 + onig_get_syntax_op2@Base 5.9.5 + onig_get_syntax_op@Base 5.9.5 + onig_get_syntax_options@Base 5.9.5 + onig_init@Base 5.9.5 + onig_initialize@Base 6.0.0 + onig_initialize_encoding@Base 6.0.0 + onig_is_code_in_cc@Base 5.9.5 + onig_is_code_in_cc_len@Base 5.9.5 + onig_is_in_code_range@Base 5.9.5 + onig_match@Base 5.9.5 + onig_name_to_backref_number@Base 5.9.5 + onig_name_to_group_numbers@Base 5.9.5 + onig_names_free@Base 5.9.5 + onig_new@Base 5.9.5 + onig_new_deluxe@Base 5.9.5 + onig_new_without_alloc@Base 5.9.5 + onig_node_conv_to_str_node@Base 5.9.5 + onig_node_free@Base 5.9.5 + onig_node_list_add@Base 5.9.5 + onig_node_new_alt@Base 5.9.5 + onig_node_new_anchor@Base 5.9.5 + onig_node_new_enclose@Base 5.9.5 + onig_node_new_list@Base 5.9.5 + onig_node_new_str@Base 5.9.5 + onig_node_str_cat@Base 5.9.5 + onig_node_str_clear@Base 5.9.5 + onig_node_str_set@Base 5.9.5 + onig_noname_group_capture_is_active@Base 5.9.5 + onig_null_warn@Base 5.9.5 + onig_number_of_capture_histories@Base 5.9.5 + onig_number_of_captures@Base 5.9.5 + onig_number_of_names@Base 5.9.5 + onig_parse_make_tree@Base 5.9.5 + onig_reduce_nested_quantifier@Base 5.9.5 + onig_reg_init@Base 5.9.5 + onig_region_clear@Base 5.9.5 + onig_region_copy@Base 5.9.5 + onig_region_free@Base 5.9.5 + onig_region_init@Base 5.9.5 + onig_region_new@Base 5.9.5 + onig_region_resize@Base 5.9.5 + onig_region_set@Base 5.9.5 + onig_renumber_name_table@Base 5.9.5 + onig_scan@Base 6.1.0 + onig_scan_env_set_error_string@Base 5.9.5 + onig_scan_unsigned_number@Base 5.9.5 + onig_search@Base 5.9.5 + onig_set_capture_num_limit@Base 6.2.0 + onig_set_default_case_fold_flag@Base 5.9.5 + onig_set_default_syntax@Base 5.9.5 + onig_set_match_stack_limit_size@Base 5.9.5 + onig_set_meta_char@Base 5.9.5 + onig_set_parse_depth_limit@Base 6.2.0 + onig_set_syntax_behavior@Base 5.9.5 + onig_set_syntax_op2@Base 5.9.5 + onig_set_syntax_op@Base 5.9.5 + onig_set_syntax_options@Base 5.9.5 + onig_set_verb_warn_func@Base 5.9.5 + onig_set_warn_func@Base 5.9.5 + onig_snprintf_with_pattern@Base 5.9.5 + onig_st_add_direct@Base 5.9.5 + onig_st_cleanup_safe@Base 5.9.5 + onig_st_copy@Base 5.9.5 + onig_st_delete@Base 5.9.5 + onig_st_delete_safe@Base 5.9.5 + onig_st_foreach@Base 5.9.5 + onig_st_free_table@Base 5.9.5 + onig_st_init_numtable@Base 5.9.5 + onig_st_init_numtable_with_size@Base 5.9.5 + onig_st_init_strend_table_with_size@Base 5.9.5 + onig_st_init_strtable@Base 5.9.5 + onig_st_init_strtable_with_size@Base 5.9.5 + onig_st_init_table@Base 5.9.5 + onig_st_init_table_with_size@Base 5.9.5 + onig_st_insert@Base 5.9.5 + onig_st_insert_strend@Base 5.9.5 + onig_st_lookup@Base 5.9.5 + onig_st_lookup_strend@Base 5.9.5 + onig_strcpy@Base 5.9.5 + onig_strncmp@Base 5.9.5 + onig_transfer@Base 5.9.5 + onig_unicode_define_user_property@Base 6.0.0 + onig_version@Base 5.9.5 + onig_warning@Base 6.1.0 + onigenc_always_false_is_allowed_reverse_match@Base 5.9.5 + onigenc_always_true_is_allowed_reverse_match@Base 5.9.5 + onigenc_always_true_is_valid_mbc_string@Base 6.1.0 + onigenc_apply_all_case_fold_with_map@Base 5.9.5 + onigenc_ascii_apply_all_case_fold@Base 5.9.5 + onigenc_ascii_get_case_fold_codes_by_str@Base 5.9.5 + onigenc_ascii_mbc_case_fold@Base 5.9.5 + onigenc_get_case_fold_codes_by_str_with_map@Base 5.9.5 + onigenc_get_default_encoding@Base 5.9.5 + onigenc_get_left_adjust_char_head@Base 5.9.5 + onigenc_get_prev_char_head@Base 5.9.5 + onigenc_get_right_adjust_char_head@Base 5.9.5 + onigenc_get_right_adjust_char_head_with_prev@Base 5.9.5 + onigenc_init@Base 5.9.5 + onigenc_is_mbc_newline_0x0a@Base 5.9.5 + onigenc_is_valid_mbc_string@Base 6.1.0 + onigenc_length_check_is_valid_mbc_string@Base 6.1.0 + onigenc_mb2_code_to_mbc@Base 5.9.5 + onigenc_mb2_code_to_mbclen@Base 5.9.5 + onigenc_mb2_is_code_ctype@Base 5.9.5 + onigenc_mb4_code_to_mbc@Base 5.9.5 + onigenc_mb4_code_to_mbclen@Base 5.9.5 + onigenc_mb4_is_code_ctype@Base 5.9.5 + onigenc_mbn_mbc_case_fold@Base 5.9.5 + onigenc_mbn_mbc_to_code@Base 5.9.5 + onigenc_minimum_property_name_to_ctype@Base 5.9.5 + onigenc_not_support_get_ctype_code_range@Base 5.9.5 + onigenc_set_default_caseconv_table@Base 5.9.5 + onigenc_set_default_encoding@Base 5.9.5 + onigenc_single_byte_code_to_mbc@Base 5.9.5 + onigenc_single_byte_code_to_mbclen@Base 5.9.5 + onigenc_single_byte_left_adjust_char_head@Base 5.9.5 + onigenc_single_byte_mbc_enc_len@Base 5.9.5 + onigenc_single_byte_mbc_to_code@Base 5.9.5 + onigenc_step@Base 5.9.5 + onigenc_step_back@Base 5.9.5 + onigenc_str_bytelen_null@Base 5.9.5 + onigenc_strlen@Base 5.9.5 + onigenc_strlen_null@Base 5.9.5 + onigenc_unicode_apply_all_case_fold@Base 5.9.5 + onigenc_unicode_ctype_code_range@Base 5.9.5 + onigenc_unicode_get_case_fold_codes_by_str@Base 5.9.5 + onigenc_unicode_is_code_ctype@Base 5.9.5 + onigenc_unicode_mbc_case_fold@Base 5.9.5 + onigenc_unicode_property_name_to_ctype@Base 5.9.5 + onigenc_utf16_32_get_ctype_code_range@Base 5.9.5 + onigenc_with_ascii_strncmp@Base 5.9.5 + re_adjust_startpos@Base 5.9.5 + re_alloc_pattern@Base 5.9.5 + re_compile_pattern@Base 5.9.5 + re_free_pattern@Base 5.9.5 + re_free_registers@Base 5.9.5 + re_match@Base 5.9.5 + re_mbcinit@Base 5.9.5 + re_search@Base 5.9.5 + re_set_casetable@Base 5.9.5 + reg_foreach_name@Base 5.9.5 + reg_name_to_group_numbers@Base 5.9.5 + reg_number_of_names@Base 5.9.5 + reg_set_encoding@Base 5.9.5 + regcomp@Base 5.9.5 + regerror@Base 5.9.5 + regexec@Base 5.9.5 + regfree@Base 5.9.5 + sjis_lookup_property_name@Base 6.0.0 + unicode_fold1_key@Base 6.0.0 + unicode_fold2_key@Base 6.0.0 + unicode_fold3_key@Base 6.0.0 + unicode_lookup_property_name@Base 6.0.0 + unicode_unfold_key@Base 6.0.0 diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..c6c26be --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +version=4 +https://github.com/kkos/oniguruma/tags .*/v?(\d\S*)\.tar\.gz |