diff options
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rw-r--r-- | debian/patches/0105-CVE-2019-13224.patch | 38 | ||||
| -rw-r--r-- | debian/patches/0110-CVE-2019-13225.patch | 66 | ||||
| -rw-r--r-- | debian/patches/series | 2 | ||||
| -rwxr-xr-x | debian/rules | 12 |
5 files changed, 6 insertions, 115 deletions
diff --git a/debian/changelog b/debian/changelog index 2f2eec7..4054c3d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,9 @@ libonig (6.9.5-1) UNRELEASED; urgency=medium * Declare compliance with Debian Policy 4.5.0 (No changes needed). * debian/copyright: - Add year 2020. + * Remove unused patches: + - debian/patches/0105-CVE-2019-13224.patch, + - debian/patches/0110-CVE-2019-13225.patch. -- Jörg Frings-Fürst <debian@jff.email> Mon, 20 Apr 2020 20:34:52 +0200 diff --git a/debian/patches/0105-CVE-2019-13224.patch b/debian/patches/0105-CVE-2019-13224.patch deleted file mode 100644 index 6ea4f95..0000000 --- a/debian/patches/0105-CVE-2019-13224.patch +++ /dev/null @@ -1,38 +0,0 @@ -Description: CVE-2019-13224 - don't allow different encodings for onig_new_deluxe() -Origin: upstream, https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878 -Last-Update: 2019-07-12 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: trunk/src/regext.c -=================================================================== ---- trunk.orig/src/regext.c -+++ trunk/src/regext.c -@@ -29,6 +29,7 @@ - - #include "regint.h" - -+#if 0 - static void - conv_ext0be32(const UChar* s, const UChar* end, UChar* conv) - { -@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEnc - - return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; - } -+#endif - - extern int - onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, -@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UCh - if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL; - - if (ci->pattern_enc != ci->target_enc) { -- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end, -- &cpat, &cpat_end); -- if (r != 0) return r; -+ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; - } - else { - cpat = (UChar* )pattern; diff --git a/debian/patches/0110-CVE-2019-13225.patch b/debian/patches/0110-CVE-2019-13225.patch deleted file mode 100644 index be9e152..0000000 --- a/debian/patches/0110-CVE-2019-13225.patch +++ /dev/null @@ -1,66 +0,0 @@ -Description: CVE-2019-13225 - problem in converting if-then-else pattern to bytecode. -Origin: upstream, https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878 -Last-Update: 2019-07-12 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: trunk/src/regcomp.c -=================================================================== ---- trunk.orig/src/regcomp.c -+++ trunk/src/regcomp.c -@@ -1307,8 +1307,9 @@ compile_length_bag_node(BagNode* node, r - len += tlen; - } - -+ len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END; -+ - if (IS_NOT_NULL(Else)) { -- len += SIZE_OP_JUMP; - tlen = compile_length_tree(Else, reg); - if (tlen < 0) return tlen; - len += tlen; -@@ -1455,7 +1456,7 @@ compile_bag_node(BagNode* node, regex_t* - - case BAG_IF_ELSE: - { -- int cond_len, then_len, jump_len; -+ int cond_len, then_len, else_len, jump_len; - Node* cond = NODE_BAG_BODY(node); - Node* Then = node->te.Then; - Node* Else = node->te.Else; -@@ -1472,8 +1473,7 @@ compile_bag_node(BagNode* node, regex_t* - else - then_len = 0; - -- jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END; -- if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP; -+ jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP; - - r = add_op(reg, OP_PUSH); - if (r != 0) return r; -@@ -1490,11 +1490,20 @@ compile_bag_node(BagNode* node, regex_t* - } - - if (IS_NOT_NULL(Else)) { -- int else_len = compile_length_tree(Else, reg); -- r = add_op(reg, OP_JUMP); -- if (r != 0) return r; -- COP(reg)->jump.addr = else_len + SIZE_INC_OP; -+ else_len = compile_length_tree(Else, reg); -+ if (else_len < 0) return else_len; -+ } -+ else -+ else_len = 0; - -+ r = add_op(reg, OP_JUMP); -+ if (r != 0) return r; -+ COP(reg)->jump.addr = SIZE_OP_ATOMIC_END + else_len + SIZE_INC_OP; -+ -+ r = add_op(reg, OP_ATOMIC_END); -+ if (r != 0) return r; -+ -+ if (IS_NOT_NULL(Else)) { - r = compile_tree(Else, reg, env); - } - } diff --git a/debian/patches/series b/debian/patches/series index 1c34712..ea79fff 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1 @@ 0100-source_typos.patch -#0105-CVE-2019-13224.patch -#0110-CVE-2019-13225.patch diff --git a/debian/rules b/debian/rules index ee95689..833094f 100755 --- a/debian/rules +++ b/debian/rules @@ -1,19 +1,13 @@ #!/usr/bin/make -f -# -*- makefile -*- -# Sample debian/rules that uses debhelper. -# This file was originally written by Joey Hess and Craig Small. -# As a special exception, when this file is copied by dh-make into a -# dh-make output file, you may use that output file without restriction. -# This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # -# Test for gcc-6 support +# Test for gcc-10 support # -#export CC=gcc-6 -#export CXX=g++-6 +#export CC=gcc-10 +#export CXX=g++-10 export DEB_BUILD_MAINT_OPTIONS = hardening=+all |