diff options
-rw-r--r-- | debian/changelog | 1 | ||||
-rw-r--r-- | debian/patches/001-changes_build_sys.diff | 44 | ||||
-rw-r--r-- | debian/patches/0500-CVE-2017-922[4-9].patch | 144 | ||||
-rw-r--r-- | debian/patches/series | 2 |
4 files changed, 1 insertions, 190 deletions
diff --git a/debian/changelog b/debian/changelog index e3fd850..d469f43 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ libonig (6.4.0-1) UNRELEASED; urgency=medium * New upstream release. + Refresh symbols file. + * Remove not longer needed patches. -- Jörg Frings-Fürst <debian@jff-webhosting.net> Sun, 23 Jul 2017 10:21:14 +0200 diff --git a/debian/patches/001-changes_build_sys.diff b/debian/patches/001-changes_build_sys.diff deleted file mode 100644 index 5750433..0000000 --- a/debian/patches/001-changes_build_sys.diff +++ /dev/null @@ -1,44 +0,0 @@ -Description: some buildsystem changes -Author: Jörg Frings-Fürst <debian@jff-webhosting.net> -Reviewed-by: -Last-Update: 2014-05-07 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: trunk/configure.in -=================================================================== ---- trunk.orig/configure.in -+++ trunk/configure.in -@@ -1,9 +1,11 @@ - dnl Process this file with autoconf to produce a configure script. - AC_INIT(onig, 5.9.6) - -+ -+AUTOMAKE_OPTIONS=subdir-objects - AC_CONFIG_MACRO_DIR([m4]) - --AM_INIT_AUTOMAKE -+AM_INIT_AUTOMAKE([foreign]) - AC_CONFIG_HEADER(config.h) - - -@@ -41,7 +43,7 @@ fi - dnl Checks for programs. - AC_PROG_CC - AM_PROG_LIBTOOL --LTVERSION="2:0:0" -+LTVERSION="2:1:0" - AC_SUBST(LTVERSION) - - AC_PROG_INSTALL -Index: trunk/Makefile.am -=================================================================== ---- trunk.orig/Makefile.am -+++ trunk/Makefile.am -@@ -3,6 +3,7 @@ encdir = $(top_srcdir)/enc - sampledir = $(top_srcdir)/sample - libname = libonig.la - -+AUTOMAKE_OPTIONS=subdir-objects - ACLOCAL_AMFLAGS = -I m4 - #AM_CFLAGS = -DNOT_RUBY - AM_CFLAGS = diff --git a/debian/patches/0500-CVE-2017-922[4-9].patch b/debian/patches/0500-CVE-2017-922[4-9].patch deleted file mode 100644 index d28b6ad..0000000 --- a/debian/patches/0500-CVE-2017-922[4-9].patch +++ /dev/null @@ -1,144 +0,0 @@ -Correct CVE-2017-922[4-9] - Fix mutilple invalid pointer dereference, out-of-bounds write memory - corruption and stack buffer overflow, -Origin: Cheerypicked from upstream -Bug: https://github.com/kkos/oniguruma/issues/[55|56|57|58|59|60] -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=86331[2|3|4|5|6|8] -Forwarded: not-needed -Last-Update: 2017-05-25 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: 6.1.3-1+deb9u1/src/regexec.c -=================================================================== ---- 6.1.3-1+deb9u1.orig/src/regexec.c -+++ 6.1.3-1+deb9u1/src/regexec.c -@@ -1463,14 +1463,9 @@ match_at(regex_t* reg, const UChar* str, - break; - - case OP_EXACT1: MOP_IN(OP_EXACT1); --#if 0 - DATA_ENSURE(1); - if (*p != *s) goto fail; - p++; s++; --#endif -- if (*p != *s++) goto fail; -- DATA_ENSURE(0); -- p++; - MOP_OUT; - break; - -@@ -3149,6 +3144,8 @@ forward_search_range(regex_t* reg, const - } - else { - UChar *q = p + reg->dmin; -+ -+ if (q >= end) return 0; /* fail */ - while (p < q) p += enclen(reg->enc, p); - } - } -@@ -3228,18 +3225,25 @@ forward_search_range(regex_t* reg, const - } - else { - if (reg->dmax != ONIG_INFINITE_DISTANCE) { -- *low = p - reg->dmax; -- if (*low > s) { -- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, -- *low, (const UChar** )low_prev); -- if (low_prev && IS_NULL(*low_prev)) -- *low_prev = onigenc_get_prev_char_head(reg->enc, -- (pprev ? pprev : s), *low); -- } -- else { -+ if (p - str < reg->dmax) { -+ *low = (UChar* )str; - if (low_prev) -- *low_prev = onigenc_get_prev_char_head(reg->enc, -- (pprev ? pprev : str), *low); -+ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low); -+ } -+ else { -+ *low = p - reg->dmax; -+ if (*low > s) { -+ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, -+ *low, (const UChar** )low_prev); -+ if (low_prev && IS_NULL(*low_prev)) -+ *low_prev = onigenc_get_prev_char_head(reg->enc, -+ (pprev ? pprev : s), *low); -+ } -+ else { -+ if (low_prev) -+ *low_prev = onigenc_get_prev_char_head(reg->enc, -+ (pprev ? pprev : str), *low); -+ } - } - } - } -Index: 6.1.3-1+deb9u1/src/regparse.c -=================================================================== ---- 6.1.3-1+deb9u1.orig/src/regparse.c -+++ 6.1.3-1+deb9u1/src/regparse.c -@@ -2986,7 +2986,7 @@ fetch_token_in_cc(OnigToken* tok, UChar* - PUNFETCH; - prev = p; - num = scan_unsigned_octal_number(&p, end, 3, enc); -- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; -+ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; - if (p == prev) { /* can't read nothing. */ - num = 0; /* but, it's not error */ - } -@@ -3358,7 +3358,7 @@ fetch_token(OnigToken* tok, UChar** src, - if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) { - prev = p; - num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc); -- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; -+ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; - if (p == prev) { /* can't read nothing. */ - num = 0; /* but, it's not error */ - } -@@ -3994,7 +3994,9 @@ next_state_class(CClassNode* cc, OnigCod - } - } - -- *state = CCS_VALUE; -+ if (*state != CCS_START) -+ *state = CCS_VALUE; -+ - *type = CCV_CLASS; - return 0; - } -@@ -4010,6 +4012,9 @@ next_state_val(CClassNode* cc, OnigCodeP - switch (*state) { - case CCS_VALUE: - if (*type == CCV_SB) { -+ if (*vs > 0xff) -+ return ONIGERR_INVALID_CODE_POINT_VALUE; -+ - BITSET_SET_BIT(cc->bs, (int )(*vs)); - } - else if (*type == CCV_CODE_POINT) { -Index: 6.1.3-1+deb9u1/src/gperf_unfold_key_conv.py -=================================================================== ---- 6.1.3-1+deb9u1.orig/src/gperf_unfold_key_conv.py -+++ 6.1.3-1+deb9u1/src/gperf_unfold_key_conv.py -@@ -36,7 +36,7 @@ def parse_line(s): - if r != s: return r - r = re.sub(REG_GET_CODE, 'OnigCodePoint gcode = wordlist[key].code;', s) - if r != s: return r -- r = re.sub(REG_CODE_CHECK, 'if (code == gcode)', s) -+ r = re.sub(REG_CODE_CHECK, 'if (code == gcode && wordlist[key].index >= 0)', s) - if r != s: return r - - return s -Index: 6.1.3-1+deb9u1/src/unicode_unfold_key.c -=================================================================== ---- 6.1.3-1+deb9u1.orig/src/unicode_unfold_key.c -+++ 6.1.3-1+deb9u1/src/unicode_unfold_key.c -@@ -2844,7 +2844,7 @@ unicode_unfold_key(OnigCodePoint code) - { - OnigCodePoint gcode = wordlist[key].code; - -- if (code == gcode) -+ if (code == gcode && wordlist[key].index >= 0) - return &wordlist[key]; - } - } diff --git a/debian/patches/series b/debian/patches/series index 2f55f57..ea79fff 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1 @@ -#001-changes_build_sys.diff 0100-source_typos.patch -#0500-CVE-2017-922[4-9].patch |