summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore32
-rw-r--r--debian/NEWS.Debian6
-rw-r--r--debian/changelog222
-rw-r--r--debian/compat1
-rw-r--r--debian/control57
-rw-r--r--debian/copyright52
-rw-r--r--debian/libonig-dev.doc-base17
-rw-r--r--debian/libonig-dev.docs11
-rw-r--r--debian/libonig-dev.examples1
-rw-r--r--debian/libonig-dev.install3
-rw-r--r--debian/libonig4-dbg.dirs1
-rw-r--r--debian/libonig4.install1
-rw-r--r--debian/patches/001-changes_build_sys.diff44
-rw-r--r--debian/patches/0100-source_typos.patch18
-rw-r--r--debian/patches/0500-CVE-2017-922[4-9].patch144
-rw-r--r--debian/patches/series3
-rwxr-xr-xdebian/rules34
-rw-r--r--debian/source/format1
-rw-r--r--debian/symbols230
-rw-r--r--debian/watch2
20 files changed, 853 insertions, 27 deletions
diff --git a/.gitignore b/.gitignore
index 99f5e71..7c1b9c7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,27 +1,5 @@
-Makefile
-autom4te.cache/
-ltmain.sh
-stamp-h1
-configure
-config.status
-config.log
-config.h
-config.h.in
-onig-config
-libtool
-aclocal.m4
-Makefile.in
-*.o
-*.obj
-*.so
-*.lo
-*.la
-*.pc
-*~
-.libs/
-.deps/
-testc
-testcu
-testp
-/build
-m4/*.m4
+.bzr
+.bzrignore
+.pc
+.gitignore
+debian/files \ No newline at end of file
diff --git a/debian/NEWS.Debian b/debian/NEWS.Debian
new file mode 100644
index 0000000..e58552a
--- /dev/null
+++ b/debian/NEWS.Debian
@@ -0,0 +1,6 @@
+libonig (6.0.0-1) unstable; urgency=medium
+
+ The file /usr/bin/onig-config is not Multi-Arch conform. So it is removed
+ in this release. You can use pkg-config instead.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Tue, 06 Jan 2015 11:09:12 +0100
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..7a8155d
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,222 @@
+libonig (6.2.0-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Update symbols file.
+ * Drop dh-autoreconf from both build-depends and dh --with arguments
+ because this is all defaults when using dh compat 10.
+ * debian/copyright: Add year 2017.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 09 Apr 2017 20:00:40 +0200
+
+libonig (6.1.3-2) unstable; urgency=high
+
+ * New debian/patches/0500-CVE-2017-922[4-9].patch:
+ - Cherrypicked from upstream to correct:
+ + CVE-2017-9224 (Closes: #863312)
+ + CVE-2017-9225 (Closes: #863313)
+ + CVE-2017-9226 (Closes: #863314)
+ + CVE-2017-9227 (Closes: #863315)
+ + CVE-2017-9228 (Closes: #863316)
+ + CVE-2017-9229 (Closes: #863318)
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 27 May 2017 12:05:50 +0200
+
+libonig (6.1.3-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Thu, 15 Dec 2016 09:23:30 +0100
+
+libonig (6.1.2-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/control:
+ - Bump debhelper B-D minimum version to 10.
+ * New debian/patches/0100-source_typos.patch.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Wed, 09 Nov 2016 23:16:44 +0100
+
+libonig (6.1.1-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 04 Sep 2016 21:26:20 +0200
+
+libonig (6.1.1-1) experimental; urgency=medium
+
+ * New upstream release.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 03 Sep 2016 02:42:58 +0200
+
+libonig (6.1.0-1) experimental; urgency=medium
+
+ * New upstream release.
+ - NEW API: onig_scan().
+ * debian/control:
+ - To match with the soname rename packages from liboing3 to libonig4.
+ * debian/rules:
+ - Rename liboing3 to libonig4.
+ * Renew debian/symbols.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Wed, 31 Aug 2016 04:18:16 +0200
+
+libonig (6.0.0-1) experimental; urgency=medium
+
+ * New upstream release.
+ * debian/control:
+ - Remove dpkg from libonig2-dbg Pre-Depends because redundance
+ with ${misc:Pre-Depends}.
+ - Replace homepage to the new loacation.
+ - To match with the soname rename packages from liboing2 to libonig3.
+ - Bump Standards-Version to 3.9.8 (no changes required).
+ - Change Vcs-* to secure URIs.
+ * debian/rules:
+ - Rename liboing2 to libonig3.
+ * debian/watch:
+ - Move to github.
+ - Bump version to 4 (no changes required).
+ * debian/copyright:
+ - Replace homepage and upstream mail address.
+ - Add year 2016.
+ * Remove the not Multi-Arch conform file /usr/bin/onig-config and
+ the man page.
+ * Remove now useless debian/libonig3-dbg.maintscript.
+ * Set compat level to 10.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sat, 14 May 2016 17:53:39 +0200
+
+libonig (5.9.6-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Refresh debian/patches/001-changes_build_sys.diff.
+ * Refresh debian/symbols.
+ * debian/rules:
+ - rewrite override_dh_strip.
+ - Add dpkg-gensymbols to generate symbol file(s)
+ on every build.
+ * debian/copyright:
+ Add year 2015 to my entry at debian/*.
+ * debian/control:
+ - Remove useless Depends ${shlibs:Depends} from libonig2-dbg
+ and libonig-dev
+ - Add dpkg and ${misc:Pre-Depends} to Depends of libonig2-dbg
+ to prevent error on upgrade wheezy to jessie (Closes: #769556).
+ - Bump Standards-Version to 3.9.6 (no changes required).
+ - Add Vcs-* fields pointed to alioth.
+ - Remove deprecated hardening-wrapper from Build-Depends
+ (Closes: #774485).
+ - Rewrite Descriptions (Closes: #774520).
+ * debian/*.postrm, debian/*.postinst, debian/*.preinst:
+ - Delete them and move the dpkg-maintscript-helper to
+ debian/libonig2-dbg.maintscript.
+ * New debian/libonig2-dbg.maintscript:
+ - Add symlink_to_dir calls.
+ - Change version in calls of symlink_to_dir to 5.9.6-1~.
+ * Add Vcs
+ * Add missing MNU changelog entries. Both don't provide a patch with
+ the changes and the first one causes a new RC-Bug.
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Mon, 05 Jan 2015 10:49:52 +0100
+
+libonig (5.9.5-3.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix version for calls to dpkg-maintscript-helper symlink_to_dir.
+ (closes: #769556).
+
+ -- Ivo De Decker <ivodd@debian.org> Sun, 28 Dec 2014 12:11:12 +0100
+
+libonig (5.9.5-3.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Add missing pre-dependency on dpkg for dpkg-maintscript-helper
+ symlink_to_dir (closes: #769556).
+
+ -- Julien Cristau <jcristau@debian.org> Sat, 15 Nov 2014 11:53:45 +0100
+
+libonig (5.9.5-3) unstable; urgency=medium
+
+ * Add debian/libonig2-dbg.(preinst|postinst|postrm) to prevent
+ error on upgrade wheezy to jessie. (Closes: #768267)
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Thu, 06 Nov 2014 21:32:20 +0100
+
+libonig (5.9.5-2) unstable; urgency=medium
+
+ * rename debian/*.doc-base
+ * add html files to doc
+ * change debian/rules for hardening
+ * remove Multi-Arch from libonig-dev (Closes: #747897)
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Tue, 13 May 2014 10:25:38 +0200
+
+libonig (5.9.5-1) unstable; urgency=medium
+
+ * remove *.so.* files from libonig2-dbg
+ (same files as in libonig2)
+ * add debian/libonig-dev.doc-base
+ * add debian/symbols
+ * rewrite debian/copyright
+ * rewrite debian/rules (Closes: #645940)
+ * patch buildsystem (Closes: #734683)
+ * change lib version to 2.1.0
+ * Bump compat to 9
+ * Update to upstream version 5.9.5 (Closes: #661616)
+ * Bump Standarts to 3.9.5
+ * New Maintainer (Closes: #747187)
+
+ -- Jörg Frings-Fürst <debian@jff-webhosting.net> Wed, 07 May 2014 16:39:54 +0200
+
+libonig (5.9.1-1) unstable; urgency=low
+
+ [ Max Kellermann ]
+ * new upstream release
+ * acknowledge NMU, thanks Laurent (closes: #426355)
+ * run test suite after build
+ * added watch file
+ * bumped Standards-Version to 3.7.3
+ * added homepage header to debian/control
+ * priority "extra"
+
+ -- Alexander Wirt <formorer@debian.org> Mon, 07 Jan 2008 11:46:27 +0100
+
+libonig (5.9.0-0.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * New upstream release (Closes: #426355)
+ * debian/control:
+ - Use binary:Version instead of Source-Version
+ * debian/rules:
+ - Don't hide make distclean error
+ - Fix copy of config.{sub,guess}
+ - Remove deprecated DH_COMPAT and use compat file instead
+
+ -- Laurent Bigonville <bigon@bigon.be> Sat, 04 Aug 2007 15:07:34 +0200
+
+libonig (5.5.2-1) unstable; urgency=low
+
+ * new upstream release
+
+ -- Max Kellermann <max@duempel.org> Wed, 14 Feb 2007 23:12:29 +0100
+
+libonig (5.5.0-1) unstable; urgency=low
+
+ [ Max Kellermann ]
+ * new upstream release
+ * update config.{sub,guess} in debian/rules
+ * removed libonig.la
+
+ -- Alexander Wirt <formorer@debian.org> Wed, 6 Dec 2006 20:51:10 +0100
+
+libonig (5.2.0-1) unstable; urgency=low
+
+ * new upstream release
+ * updated copyright file since license has been changed to BSD
+
+ -- Max Kellermann <max@duempel.org> Wed, 15 Nov 2006 09:32:24 +0100
+
+libonig (4.4.4-1) unstable; urgency=low
+
+ * initial debian release (Closes: #388412)
+
+ -- Max Kellermann <max@duempel.org> Wed, 20 Sep 2006 12:17:40 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..f599e28
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..c5fbb3d
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,57 @@
+Source: libonig
+Section: libs
+Priority: extra
+Maintainer: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Build-Depends:
+ debhelper (>= 10)
+Standards-Version: 3.9.8
+Homepage: https://github.com/kkos/oniguruma
+Vcs-Git: https://anonscm.debian.org/cgit/collab-maint/libonig.git
+Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/libonig.git
+
+Package: libonig4
+Priority: optional
+Architecture: any
+Multi-Arch: same
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends}
+Pre-Depends:
+ ${misc:Pre-Depends}
+Description: regular expressions library
+ Oniguruma is a library for working with regular expressions.
+ .
+ Different character encoding for every regular expression object can
+ be specified.
+
+Package: libonig4-dbg
+Section: debug
+Architecture: any
+Multi-Arch: same
+Depends:
+ ${misc:Depends},
+ libonig4 (= ${binary:Version})
+Pre-Depends:
+ ${misc:Pre-Depends}
+Description: regular expressions library — debugging symbols
+ Oniguruma is a library for working with regular expressions.
+ .
+ Different character encoding for every regular expression object can
+ be specified.
+ .
+ This package provides the debugging symbols.
+
+Package: libonig-dev
+Section: libdevel
+Priority: optional
+Architecture: any
+Depends:
+ ${misc:Depends},
+ libonig4 (= ${binary:Version})
+Description: regular expressions library — development files
+ Oniguruma is a library for working with regular expressions.
+ .
+ Different character encoding for every regular expression object can
+ be specified.
+ .
+ This package provides development files and static libraries.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..a57a2e3
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,52 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0
+Source: https://github.com/kkos/oniguruma
+
+Files: *
+Copyright: 2002-2017 K.Kosako <kkosako0@gmail.com>
+License: BSD-2-clause
+
+License: BSD-2-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+
+Files: debian/*
+Copyright: 2006-2008 Max Kellermann <max@duempel.org>
+ 2014-2017 Jörg Frings-Fürst <debian@jff-webhosting.net>
+License: GPL-2+
+
+License: GPL-2+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ .
+ On Debian systems, the full text of the GNU General Public License version 2
+ can be found in the file `/usr/share/common-licenses/GPL-2'.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
diff --git a/debian/libonig-dev.doc-base b/debian/libonig-dev.doc-base
new file mode 100644
index 0000000..2c6bcf7
--- /dev/null
+++ b/debian/libonig-dev.doc-base
@@ -0,0 +1,17 @@
+Document: libonig2
+Title: Oniguruma Library Documentation
+Section: Programming/C++
+
+Format: Text
+Files: /usr/share/doc/libonig-dev/API.gz
+ /usr/share/doc/libonig-dev/API.ja.gz
+ /usr/share/doc/libonig-dev/FAQ
+ /usr/share/doc/libonig-dev/FAQ.ja
+ /usr/share/doc/libonig-dev/RE.gz
+ /usr/share/doc/libonig-dev/RE.ja.gz
+ /usr/share/doc/libonig-dev/README.gz
+ /usr/share/doc/libonig-dev/README.ja.gz
+
+Format: HTML
+Index: /usr/share/doc/libonig-dev/index.html
+Files: /usr/share/doc/libonig-dev/*.html
diff --git a/debian/libonig-dev.docs b/debian/libonig-dev.docs
new file mode 100644
index 0000000..856bacd
--- /dev/null
+++ b/debian/libonig-dev.docs
@@ -0,0 +1,11 @@
+AUTHORS
+README
+README.ja
+doc/API
+doc/API.ja
+doc/FAQ
+doc/FAQ.ja
+doc/RE
+doc/RE.ja
+index.html
+index_ja.html
diff --git a/debian/libonig-dev.examples b/debian/libonig-dev.examples
new file mode 100644
index 0000000..cfdeec6
--- /dev/null
+++ b/debian/libonig-dev.examples
@@ -0,0 +1 @@
+sample/*.c
diff --git a/debian/libonig-dev.install b/debian/libonig-dev.install
new file mode 100644
index 0000000..1ec5d42
--- /dev/null
+++ b/debian/libonig-dev.install
@@ -0,0 +1,3 @@
+usr/lib/*/lib*.so
+usr/include
+usr/lib/*/pkgconfig/*
diff --git a/debian/libonig4-dbg.dirs b/debian/libonig4-dbg.dirs
new file mode 100644
index 0000000..7276ecd
--- /dev/null
+++ b/debian/libonig4-dbg.dirs
@@ -0,0 +1 @@
+usr/share/doc
diff --git a/debian/libonig4.install b/debian/libonig4.install
new file mode 100644
index 0000000..3ddde58
--- /dev/null
+++ b/debian/libonig4.install
@@ -0,0 +1 @@
+usr/lib/*/lib*.so.*
diff --git a/debian/patches/001-changes_build_sys.diff b/debian/patches/001-changes_build_sys.diff
new file mode 100644
index 0000000..5750433
--- /dev/null
+++ b/debian/patches/001-changes_build_sys.diff
@@ -0,0 +1,44 @@
+Description: some buildsystem changes
+Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Reviewed-by:
+Last-Update: 2014-05-07
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/configure.in
+===================================================================
+--- trunk.orig/configure.in
++++ trunk/configure.in
+@@ -1,9 +1,11 @@
+ dnl Process this file with autoconf to produce a configure script.
+ AC_INIT(onig, 5.9.6)
+
++
++AUTOMAKE_OPTIONS=subdir-objects
+ AC_CONFIG_MACRO_DIR([m4])
+
+-AM_INIT_AUTOMAKE
++AM_INIT_AUTOMAKE([foreign])
+ AC_CONFIG_HEADER(config.h)
+
+
+@@ -41,7 +43,7 @@ fi
+ dnl Checks for programs.
+ AC_PROG_CC
+ AM_PROG_LIBTOOL
+-LTVERSION="2:0:0"
++LTVERSION="2:1:0"
+ AC_SUBST(LTVERSION)
+
+ AC_PROG_INSTALL
+Index: trunk/Makefile.am
+===================================================================
+--- trunk.orig/Makefile.am
++++ trunk/Makefile.am
+@@ -3,6 +3,7 @@ encdir = $(top_srcdir)/enc
+ sampledir = $(top_srcdir)/sample
+ libname = libonig.la
+
++AUTOMAKE_OPTIONS=subdir-objects
+ ACLOCAL_AMFLAGS = -I m4
+ #AM_CFLAGS = -DNOT_RUBY
+ AM_CFLAGS =
diff --git a/debian/patches/0100-source_typos.patch b/debian/patches/0100-source_typos.patch
new file mode 100644
index 0000000..fe1bca0
--- /dev/null
+++ b/debian/patches/0100-source_typos.patch
@@ -0,0 +1,18 @@
+Description: Fix typos
+Author: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Last-Update: 2016-11-09
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/src/regerror.c
+===================================================================
+--- trunk.orig/src/regerror.c
++++ trunk/src/regerror.c
+@@ -65,7 +65,7 @@ onig_error_code_to_format(int code)
+ case ONIGERR_UNEXPECTED_BYTECODE:
+ p = "unexpected bytecode (bug)"; break;
+ case ONIGERR_DEFAULT_ENCODING_IS_NOT_SETTED:
+- p = "default multibyte-encoding is not setted"; break;
++ p = "default multibyte-encoding is not set"; break;
+ case ONIGERR_SPECIFIED_ENCODING_CANT_CONVERT_TO_WIDE_CHAR:
+ p = "can't convert to wide-char on specified multibyte-encoding"; break;
+ case ONIGERR_FAIL_TO_INITIALIZE:
diff --git a/debian/patches/0500-CVE-2017-922[4-9].patch b/debian/patches/0500-CVE-2017-922[4-9].patch
new file mode 100644
index 0000000..d28b6ad
--- /dev/null
+++ b/debian/patches/0500-CVE-2017-922[4-9].patch
@@ -0,0 +1,144 @@
+Correct CVE-2017-922[4-9]
+ Fix mutilple invalid pointer dereference, out-of-bounds write memory
+ corruption and stack buffer overflow,
+Origin: Cheerypicked from upstream
+Bug: https://github.com/kkos/oniguruma/issues/[55|56|57|58|59|60]
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=86331[2|3|4|5|6|8]
+Forwarded: not-needed
+Last-Update: 2017-05-25
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: 6.1.3-1+deb9u1/src/regexec.c
+===================================================================
+--- 6.1.3-1+deb9u1.orig/src/regexec.c
++++ 6.1.3-1+deb9u1/src/regexec.c
+@@ -1463,14 +1463,9 @@ match_at(regex_t* reg, const UChar* str,
+ break;
+
+ case OP_EXACT1: MOP_IN(OP_EXACT1);
+-#if 0
+ DATA_ENSURE(1);
+ if (*p != *s) goto fail;
+ p++; s++;
+-#endif
+- if (*p != *s++) goto fail;
+- DATA_ENSURE(0);
+- p++;
+ MOP_OUT;
+ break;
+
+@@ -3149,6 +3144,8 @@ forward_search_range(regex_t* reg, const
+ }
+ else {
+ UChar *q = p + reg->dmin;
++
++ if (q >= end) return 0; /* fail */
+ while (p < q) p += enclen(reg->enc, p);
+ }
+ }
+@@ -3228,18 +3225,25 @@ forward_search_range(regex_t* reg, const
+ }
+ else {
+ if (reg->dmax != ONIG_INFINITE_DISTANCE) {
+- *low = p - reg->dmax;
+- if (*low > s) {
+- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
+- *low, (const UChar** )low_prev);
+- if (low_prev && IS_NULL(*low_prev))
+- *low_prev = onigenc_get_prev_char_head(reg->enc,
+- (pprev ? pprev : s), *low);
+- }
+- else {
++ if (p - str < reg->dmax) {
++ *low = (UChar* )str;
+ if (low_prev)
+- *low_prev = onigenc_get_prev_char_head(reg->enc,
+- (pprev ? pprev : str), *low);
++ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low);
++ }
++ else {
++ *low = p - reg->dmax;
++ if (*low > s) {
++ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
++ *low, (const UChar** )low_prev);
++ if (low_prev && IS_NULL(*low_prev))
++ *low_prev = onigenc_get_prev_char_head(reg->enc,
++ (pprev ? pprev : s), *low);
++ }
++ else {
++ if (low_prev)
++ *low_prev = onigenc_get_prev_char_head(reg->enc,
++ (pprev ? pprev : str), *low);
++ }
+ }
+ }
+ }
+Index: 6.1.3-1+deb9u1/src/regparse.c
+===================================================================
+--- 6.1.3-1+deb9u1.orig/src/regparse.c
++++ 6.1.3-1+deb9u1/src/regparse.c
+@@ -2986,7 +2986,7 @@ fetch_token_in_cc(OnigToken* tok, UChar*
+ PUNFETCH;
+ prev = p;
+ num = scan_unsigned_octal_number(&p, end, 3, enc);
+- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
++ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
+ if (p == prev) { /* can't read nothing. */
+ num = 0; /* but, it's not error */
+ }
+@@ -3358,7 +3358,7 @@ fetch_token(OnigToken* tok, UChar** src,
+ if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
+ prev = p;
+ num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
+- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
++ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
+ if (p == prev) { /* can't read nothing. */
+ num = 0; /* but, it's not error */
+ }
+@@ -3994,7 +3994,9 @@ next_state_class(CClassNode* cc, OnigCod
+ }
+ }
+
+- *state = CCS_VALUE;
++ if (*state != CCS_START)
++ *state = CCS_VALUE;
++
+ *type = CCV_CLASS;
+ return 0;
+ }
+@@ -4010,6 +4012,9 @@ next_state_val(CClassNode* cc, OnigCodeP
+ switch (*state) {
+ case CCS_VALUE:
+ if (*type == CCV_SB) {
++ if (*vs > 0xff)
++ return ONIGERR_INVALID_CODE_POINT_VALUE;
++
+ BITSET_SET_BIT(cc->bs, (int )(*vs));
+ }
+ else if (*type == CCV_CODE_POINT) {
+Index: 6.1.3-1+deb9u1/src/gperf_unfold_key_conv.py
+===================================================================
+--- 6.1.3-1+deb9u1.orig/src/gperf_unfold_key_conv.py
++++ 6.1.3-1+deb9u1/src/gperf_unfold_key_conv.py
+@@ -36,7 +36,7 @@ def parse_line(s):
+ if r != s: return r
+ r = re.sub(REG_GET_CODE, 'OnigCodePoint gcode = wordlist[key].code;', s)
+ if r != s: return r
+- r = re.sub(REG_CODE_CHECK, 'if (code == gcode)', s)
++ r = re.sub(REG_CODE_CHECK, 'if (code == gcode && wordlist[key].index >= 0)', s)
+ if r != s: return r
+
+ return s
+Index: 6.1.3-1+deb9u1/src/unicode_unfold_key.c
+===================================================================
+--- 6.1.3-1+deb9u1.orig/src/unicode_unfold_key.c
++++ 6.1.3-1+deb9u1/src/unicode_unfold_key.c
+@@ -2844,7 +2844,7 @@ unicode_unfold_key(OnigCodePoint code)
+ {
+ OnigCodePoint gcode = wordlist[key].code;
+
+- if (code == gcode)
++ if (code == gcode && wordlist[key].index >= 0)
+ return &wordlist[key];
+ }
+ }
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..06ee93d
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,3 @@
+#001-changes_build_sys.diff
+0100-source_typos.patch
+0500-CVE-2017-922[4-9].patch
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..69ed6ac
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,34 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+#
+# Test for gcc-6 support
+#
+#export CC=gcc-6
+#export CXX=g++-6
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+VERSION = $(shell head -n1 debian/changelog | sed -e 's/.*(//;s/-.*).*//;s/\+/\-/')
+
+%:
+ dh $@
+
+override_dh_strip:
+ dh_strip --dbg-package=libonig4-dbg
+
+override_dh_install:
+ $(RM) debian/tmp/usr/bin/onig-config
+ dh_install --fail-missing -X.la -X.a
+
+override_dh_makeshlibs:
+ dh_makeshlibs
+ dpkg-gensymbols -v$(VERSION) -plibonig4
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/symbols b/debian/symbols
new file mode 100644
index 0000000..086e86c
--- /dev/null
+++ b/debian/symbols
@@ -0,0 +1,230 @@
+libonig.so.4 libonig4 #MINVER#
+ OnigAsciiLowerMap@Base 5.9.5
+ OnigDefaultCaseFoldFlag@Base 5.9.5
+ OnigDefaultSyntax@Base 5.9.5
+ OnigEncAsciiCtypeTable@Base 5.9.5
+ OnigEncAsciiToLowerCaseTable@Base 5.9.5
+ OnigEncDefaultCharEncoding@Base 5.9.5
+ OnigEncISO_8859_1_ToLowerCaseTable@Base 5.9.5
+ OnigEncodingASCII@Base 5.9.5
+ OnigEncodingBIG5@Base 5.9.5
+ OnigEncodingCP1251@Base 5.9.5
+ OnigEncodingEUC_CN@Base 5.9.5
+ OnigEncodingEUC_JP@Base 5.9.5
+ OnigEncodingEUC_KR@Base 5.9.5
+ OnigEncodingEUC_TW@Base 5.9.5
+ OnigEncodingGB18030@Base 5.9.5
+ OnigEncodingISO_8859_10@Base 5.9.5
+ OnigEncodingISO_8859_11@Base 5.9.5
+ OnigEncodingISO_8859_13@Base 5.9.5
+ OnigEncodingISO_8859_14@Base 5.9.5
+ OnigEncodingISO_8859_15@Base 5.9.5
+ OnigEncodingISO_8859_16@Base 5.9.5
+ OnigEncodingISO_8859_1@Base 5.9.5
+ OnigEncodingISO_8859_2@Base 5.9.5
+ OnigEncodingISO_8859_3@Base 5.9.5
+ OnigEncodingISO_8859_4@Base 5.9.5
+ OnigEncodingISO_8859_5@Base 5.9.5
+ OnigEncodingISO_8859_6@Base 5.9.5
+ OnigEncodingISO_8859_7@Base 5.9.5
+ OnigEncodingISO_8859_8@Base 5.9.5
+ OnigEncodingISO_8859_9@Base 5.9.5
+ OnigEncodingKOI8_R@Base 5.9.5
+ OnigEncodingSJIS@Base 5.9.5
+ OnigEncodingUTF16_BE@Base 5.9.5
+ OnigEncodingUTF16_LE@Base 5.9.5
+ OnigEncodingUTF32_BE@Base 5.9.5
+ OnigEncodingUTF32_LE@Base 5.9.5
+ OnigEncodingUTF8@Base 5.9.5
+ OnigSyntaxASIS@Base 5.9.5
+ OnigSyntaxEmacs@Base 5.9.5
+ OnigSyntaxGnuRegex@Base 5.9.5
+ OnigSyntaxGrep@Base 5.9.5
+ OnigSyntaxJava@Base 5.9.5
+ OnigSyntaxPerl@Base 5.9.5
+ OnigSyntaxPerl_NG@Base 5.9.5
+ OnigSyntaxPosixBasic@Base 5.9.5
+ OnigSyntaxPosixExtended@Base 5.9.5
+ OnigSyntaxRuby@Base 5.9.5
+ OnigUnicodeFolds1@Base 6.0.0
+ OnigUnicodeFolds2@Base 6.0.0
+ OnigUnicodeFolds3@Base 6.0.0
+ euc_jp_lookup_property_name@Base 6.0.0
+ onig_add_end_call@Base 5.9.6
+ onig_bbuf_init@Base 5.9.5
+ onig_capture_tree_traverse@Base 5.9.5
+ onig_codes_byte_at@Base 6.0.0
+ onig_codes_cmp@Base 6.0.0
+ onig_compile@Base 5.9.5
+ onig_copy_encoding@Base 5.9.5
+ onig_copy_syntax@Base 5.9.5
+ onig_copyright@Base 5.9.5
+ onig_end@Base 5.9.5
+ onig_error_code_to_format@Base 5.9.5
+ onig_error_code_to_str@Base 5.9.5
+ onig_foreach_name@Base 5.9.5
+ onig_free@Base 5.9.5
+ onig_free_body@Base 5.9.5
+ onig_get_capture_tree@Base 5.9.5
+ onig_get_case_fold_flag@Base 5.9.5
+ onig_get_default_case_fold_flag@Base 5.9.5
+ onig_get_encoding@Base 5.9.5
+ onig_get_match_stack_limit_size@Base 5.9.5
+ onig_get_options@Base 5.9.5
+ onig_get_parse_depth_limit@Base 6.2.0
+ onig_get_syntax@Base 5.9.5
+ onig_get_syntax_behavior@Base 5.9.5
+ onig_get_syntax_op2@Base 5.9.5
+ onig_get_syntax_op@Base 5.9.5
+ onig_get_syntax_options@Base 5.9.5
+ onig_init@Base 5.9.5
+ onig_initialize@Base 6.0.0
+ onig_initialize_encoding@Base 6.0.0
+ onig_is_code_in_cc@Base 5.9.5
+ onig_is_code_in_cc_len@Base 5.9.5
+ onig_is_in_code_range@Base 5.9.5
+ onig_match@Base 5.9.5
+ onig_name_to_backref_number@Base 5.9.5
+ onig_name_to_group_numbers@Base 5.9.5
+ onig_names_free@Base 5.9.5
+ onig_new@Base 5.9.5
+ onig_new_deluxe@Base 5.9.5
+ onig_new_without_alloc@Base 5.9.5
+ onig_node_conv_to_str_node@Base 5.9.5
+ onig_node_free@Base 5.9.5
+ onig_node_list_add@Base 5.9.5
+ onig_node_new_alt@Base 5.9.5
+ onig_node_new_anchor@Base 5.9.5
+ onig_node_new_enclose@Base 5.9.5
+ onig_node_new_list@Base 5.9.5
+ onig_node_new_str@Base 5.9.5
+ onig_node_str_cat@Base 5.9.5
+ onig_node_str_clear@Base 5.9.5
+ onig_node_str_set@Base 5.9.5
+ onig_noname_group_capture_is_active@Base 5.9.5
+ onig_null_warn@Base 5.9.5
+ onig_number_of_capture_histories@Base 5.9.5
+ onig_number_of_captures@Base 5.9.5
+ onig_number_of_names@Base 5.9.5
+ onig_parse_make_tree@Base 5.9.5
+ onig_reduce_nested_quantifier@Base 5.9.5
+ onig_reg_init@Base 5.9.5
+ onig_region_clear@Base 5.9.5
+ onig_region_copy@Base 5.9.5
+ onig_region_free@Base 5.9.5
+ onig_region_init@Base 5.9.5
+ onig_region_new@Base 5.9.5
+ onig_region_resize@Base 5.9.5
+ onig_region_set@Base 5.9.5
+ onig_renumber_name_table@Base 5.9.5
+ onig_scan@Base 6.1.0
+ onig_scan_env_set_error_string@Base 5.9.5
+ onig_scan_unsigned_number@Base 5.9.5
+ onig_search@Base 5.9.5
+ onig_set_capture_num_limit@Base 6.2.0
+ onig_set_default_case_fold_flag@Base 5.9.5
+ onig_set_default_syntax@Base 5.9.5
+ onig_set_match_stack_limit_size@Base 5.9.5
+ onig_set_meta_char@Base 5.9.5
+ onig_set_parse_depth_limit@Base 6.2.0
+ onig_set_syntax_behavior@Base 5.9.5
+ onig_set_syntax_op2@Base 5.9.5
+ onig_set_syntax_op@Base 5.9.5
+ onig_set_syntax_options@Base 5.9.5
+ onig_set_verb_warn_func@Base 5.9.5
+ onig_set_warn_func@Base 5.9.5
+ onig_snprintf_with_pattern@Base 5.9.5
+ onig_st_add_direct@Base 5.9.5
+ onig_st_cleanup_safe@Base 5.9.5
+ onig_st_copy@Base 5.9.5
+ onig_st_delete@Base 5.9.5
+ onig_st_delete_safe@Base 5.9.5
+ onig_st_foreach@Base 5.9.5
+ onig_st_free_table@Base 5.9.5
+ onig_st_init_numtable@Base 5.9.5
+ onig_st_init_numtable_with_size@Base 5.9.5
+ onig_st_init_strend_table_with_size@Base 5.9.5
+ onig_st_init_strtable@Base 5.9.5
+ onig_st_init_strtable_with_size@Base 5.9.5
+ onig_st_init_table@Base 5.9.5
+ onig_st_init_table_with_size@Base 5.9.5
+ onig_st_insert@Base 5.9.5
+ onig_st_insert_strend@Base 5.9.5
+ onig_st_lookup@Base 5.9.5
+ onig_st_lookup_strend@Base 5.9.5
+ onig_strcpy@Base 5.9.5
+ onig_strncmp@Base 5.9.5
+ onig_transfer@Base 5.9.5
+ onig_unicode_define_user_property@Base 6.0.0
+ onig_version@Base 5.9.5
+ onig_warning@Base 6.1.0
+ onigenc_always_false_is_allowed_reverse_match@Base 5.9.5
+ onigenc_always_true_is_allowed_reverse_match@Base 5.9.5
+ onigenc_always_true_is_valid_mbc_string@Base 6.1.0
+ onigenc_apply_all_case_fold_with_map@Base 5.9.5
+ onigenc_ascii_apply_all_case_fold@Base 5.9.5
+ onigenc_ascii_get_case_fold_codes_by_str@Base 5.9.5
+ onigenc_ascii_mbc_case_fold@Base 5.9.5
+ onigenc_get_case_fold_codes_by_str_with_map@Base 5.9.5
+ onigenc_get_default_encoding@Base 5.9.5
+ onigenc_get_left_adjust_char_head@Base 5.9.5
+ onigenc_get_prev_char_head@Base 5.9.5
+ onigenc_get_right_adjust_char_head@Base 5.9.5
+ onigenc_get_right_adjust_char_head_with_prev@Base 5.9.5
+ onigenc_init@Base 5.9.5
+ onigenc_is_mbc_newline_0x0a@Base 5.9.5
+ onigenc_is_valid_mbc_string@Base 6.1.0
+ onigenc_length_check_is_valid_mbc_string@Base 6.1.0
+ onigenc_mb2_code_to_mbc@Base 5.9.5
+ onigenc_mb2_code_to_mbclen@Base 5.9.5
+ onigenc_mb2_is_code_ctype@Base 5.9.5
+ onigenc_mb4_code_to_mbc@Base 5.9.5
+ onigenc_mb4_code_to_mbclen@Base 5.9.5
+ onigenc_mb4_is_code_ctype@Base 5.9.5
+ onigenc_mbn_mbc_case_fold@Base 5.9.5
+ onigenc_mbn_mbc_to_code@Base 5.9.5
+ onigenc_minimum_property_name_to_ctype@Base 5.9.5
+ onigenc_not_support_get_ctype_code_range@Base 5.9.5
+ onigenc_set_default_caseconv_table@Base 5.9.5
+ onigenc_set_default_encoding@Base 5.9.5
+ onigenc_single_byte_code_to_mbc@Base 5.9.5
+ onigenc_single_byte_code_to_mbclen@Base 5.9.5
+ onigenc_single_byte_left_adjust_char_head@Base 5.9.5
+ onigenc_single_byte_mbc_enc_len@Base 5.9.5
+ onigenc_single_byte_mbc_to_code@Base 5.9.5
+ onigenc_step@Base 5.9.5
+ onigenc_step_back@Base 5.9.5
+ onigenc_str_bytelen_null@Base 5.9.5
+ onigenc_strlen@Base 5.9.5
+ onigenc_strlen_null@Base 5.9.5
+ onigenc_unicode_apply_all_case_fold@Base 5.9.5
+ onigenc_unicode_ctype_code_range@Base 5.9.5
+ onigenc_unicode_get_case_fold_codes_by_str@Base 5.9.5
+ onigenc_unicode_is_code_ctype@Base 5.9.5
+ onigenc_unicode_mbc_case_fold@Base 5.9.5
+ onigenc_unicode_property_name_to_ctype@Base 5.9.5
+ onigenc_utf16_32_get_ctype_code_range@Base 5.9.5
+ onigenc_with_ascii_strncmp@Base 5.9.5
+ re_adjust_startpos@Base 5.9.5
+ re_alloc_pattern@Base 5.9.5
+ re_compile_pattern@Base 5.9.5
+ re_free_pattern@Base 5.9.5
+ re_free_registers@Base 5.9.5
+ re_match@Base 5.9.5
+ re_mbcinit@Base 5.9.5
+ re_search@Base 5.9.5
+ re_set_casetable@Base 5.9.5
+ reg_foreach_name@Base 5.9.5
+ reg_name_to_group_numbers@Base 5.9.5
+ reg_number_of_names@Base 5.9.5
+ reg_set_encoding@Base 5.9.5
+ regcomp@Base 5.9.5
+ regerror@Base 5.9.5
+ regexec@Base 5.9.5
+ regfree@Base 5.9.5
+ sjis_lookup_property_name@Base 6.0.0
+ unicode_fold1_key@Base 6.0.0
+ unicode_fold2_key@Base 6.0.0
+ unicode_fold3_key@Base 6.0.0
+ unicode_lookup_property_name@Base 6.0.0
+ unicode_unfold_key@Base 6.0.0
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..c6c26be
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,2 @@
+version=4
+https://github.com/kkos/oniguruma/tags .*/v?(\d\S*)\.tar\.gz