summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog19
-rw-r--r--debian/compat2
-rw-r--r--debian/control4
-rw-r--r--debian/patches/0100-source_typos.patch2
-rw-r--r--debian/patches/0105-CVE-2019-13224.patch38
-rw-r--r--debian/patches/0110-CVE-2019-13225.patch66
-rw-r--r--debian/patches/series2
-rwxr-xr-xdebian/rules2
-rw-r--r--debian/symbols4
-rw-r--r--debian/watch7
10 files changed, 138 insertions, 8 deletions
diff --git a/debian/changelog b/debian/changelog
index 4d88084..2ae3106 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
+libonig (6.9.2-1) unstable; urgency=medium
+
+ * New upstream release:
+ - Refresh symbols file.
+ - Refresh debian/patches/0100-source_typos.patch.
+ * Rewrite debain/watch.
+ * New debian/patches/0105-CVE-2019-13224.patch and
+ debian/patches/0110-CVE-2019-13225.patch (Closes: #931878):
+ - Fixes CVE-2019-13224 A use-after-free in onig_new_deluxe() in regext.c.
+ - Fixes CVE-2019-13225 A NULL Pointer Dereference in match_at()
+ in regexec.c.
+ * Declare compliance with Debian Policy 4.4.0 (No changes needed).
+ * Migrate to debhelper 12:
+ - Change debian/compat to 12.
+ - Bump minimum debhelper version in debian/control to >= 12.
+ - debian/rules: Remove obsolete dh_install --fail-missing.
+
+ -- Jörg Frings-Fürst <debian@jff.email> Fri, 12 Jul 2019 10:39:37 +0200
+
libonig (6.9.1-1) unstable; urgency=medium
* New upstream release:
diff --git a/debian/compat b/debian/compat
index b4de394..48082f7 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-11
+12
diff --git a/debian/control b/debian/control
index 8999c88..bad90d6 100644
--- a/debian/control
+++ b/debian/control
@@ -3,8 +3,8 @@ Section: libs
Priority: extra
Maintainer: Jörg Frings-Fürst <debian@jff.email>
Build-Depends:
- debhelper (>= 11)
-Standards-Version: 4.2.1
+ debhelper (>= 12)
+Standards-Version: 4.4.0
Homepage: https://github.com/kkos/oniguruma
Vcs-Git: git://jff.email/opt/git/libonig.git
Vcs-Browser: https://jff.email/cgit/libonig.git
diff --git a/debian/patches/0100-source_typos.patch b/debian/patches/0100-source_typos.patch
index ec96ad2..6444b65 100644
--- a/debian/patches/0100-source_typos.patch
+++ b/debian/patches/0100-source_typos.patch
@@ -7,7 +7,7 @@ Index: trunk/src/regerror.c
===================================================================
--- trunk.orig/src/regerror.c
+++ trunk/src/regerror.c
-@@ -67,7 +67,7 @@ onig_error_code_to_format(int code)
+@@ -63,7 +63,7 @@ onig_error_code_to_format(int code)
case ONIGERR_UNEXPECTED_BYTECODE:
p = "unexpected bytecode (bug)"; break;
case ONIGERR_DEFAULT_ENCODING_IS_NOT_SETTED:
diff --git a/debian/patches/0105-CVE-2019-13224.patch b/debian/patches/0105-CVE-2019-13224.patch
new file mode 100644
index 0000000..6ea4f95
--- /dev/null
+++ b/debian/patches/0105-CVE-2019-13224.patch
@@ -0,0 +1,38 @@
+Description: CVE-2019-13224
+ don't allow different encodings for onig_new_deluxe()
+Origin: upstream, https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878
+Last-Update: 2019-07-12
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/src/regext.c
+===================================================================
+--- trunk.orig/src/regext.c
++++ trunk/src/regext.c
+@@ -29,6 +29,7 @@
+
+ #include "regint.h"
+
++#if 0
+ static void
+ conv_ext0be32(const UChar* s, const UChar* end, UChar* conv)
+ {
+@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEnc
+
+ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
+ }
++#endif
+
+ extern int
+ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,
+@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UCh
+ if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL;
+
+ if (ci->pattern_enc != ci->target_enc) {
+- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end,
+- &cpat, &cpat_end);
+- if (r != 0) return r;
++ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
+ }
+ else {
+ cpat = (UChar* )pattern;
diff --git a/debian/patches/0110-CVE-2019-13225.patch b/debian/patches/0110-CVE-2019-13225.patch
new file mode 100644
index 0000000..be9e152
--- /dev/null
+++ b/debian/patches/0110-CVE-2019-13225.patch
@@ -0,0 +1,66 @@
+Description: CVE-2019-13225
+ problem in converting if-then-else pattern to bytecode.
+Origin: upstream, https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878
+Last-Update: 2019-07-12
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/src/regcomp.c
+===================================================================
+--- trunk.orig/src/regcomp.c
++++ trunk/src/regcomp.c
+@@ -1307,8 +1307,9 @@ compile_length_bag_node(BagNode* node, r
+ len += tlen;
+ }
+
++ len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END;
++
+ if (IS_NOT_NULL(Else)) {
+- len += SIZE_OP_JUMP;
+ tlen = compile_length_tree(Else, reg);
+ if (tlen < 0) return tlen;
+ len += tlen;
+@@ -1455,7 +1456,7 @@ compile_bag_node(BagNode* node, regex_t*
+
+ case BAG_IF_ELSE:
+ {
+- int cond_len, then_len, jump_len;
++ int cond_len, then_len, else_len, jump_len;
+ Node* cond = NODE_BAG_BODY(node);
+ Node* Then = node->te.Then;
+ Node* Else = node->te.Else;
+@@ -1472,8 +1473,7 @@ compile_bag_node(BagNode* node, regex_t*
+ else
+ then_len = 0;
+
+- jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END;
+- if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP;
++ jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP;
+
+ r = add_op(reg, OP_PUSH);
+ if (r != 0) return r;
+@@ -1490,11 +1490,20 @@ compile_bag_node(BagNode* node, regex_t*
+ }
+
+ if (IS_NOT_NULL(Else)) {
+- int else_len = compile_length_tree(Else, reg);
+- r = add_op(reg, OP_JUMP);
+- if (r != 0) return r;
+- COP(reg)->jump.addr = else_len + SIZE_INC_OP;
++ else_len = compile_length_tree(Else, reg);
++ if (else_len < 0) return else_len;
++ }
++ else
++ else_len = 0;
+
++ r = add_op(reg, OP_JUMP);
++ if (r != 0) return r;
++ COP(reg)->jump.addr = SIZE_OP_ATOMIC_END + else_len + SIZE_INC_OP;
++
++ r = add_op(reg, OP_ATOMIC_END);
++ if (r != 0) return r;
++
++ if (IS_NOT_NULL(Else)) {
+ r = compile_tree(Else, reg, env);
+ }
+ }
diff --git a/debian/patches/series b/debian/patches/series
index ea79fff..e924636 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,3 @@
0100-source_typos.patch
+0105-CVE-2019-13224.patch
+0110-CVE-2019-13225.patch
diff --git a/debian/rules b/debian/rules
index aa976c6..ee95689 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,7 +24,7 @@ VERSION = $(shell head -n1 debian/changelog | sed -e 's/.*(//;s/-.*).*//;s/\+/\-
override_dh_install:
$(RM) debian/tmp/usr/bin/onig-config
- dh_install --fail-missing -X.la -X.a
+ dh_install -X.la -X.a
override_dh_makeshlibs:
dh_makeshlibs
diff --git a/debian/symbols b/debian/symbols
index a102b4d..06628e7 100644
--- a/debian/symbols
+++ b/debian/symbols
@@ -51,7 +51,6 @@ libonig.so.5 libonig5 #MINVER#
OnigUnicodeFolds2@Base 6.8.1
OnigUnicodeFolds3@Base 6.8.1
onig_add_end_call@Base 6.8.1
- onig_bbuf_init@Base 6.8.1
onig_builtin_cmp@Base 6.8.1
onig_builtin_count@Base 6.8.1
onig_builtin_error@Base 6.8.1
@@ -129,6 +128,7 @@ libonig.so.5 libonig5 #MINVER#
onig_get_used_stack_size_in_callout@Base 6.8.1
onig_global_callout_names_free@Base 6.8.1
onig_init@Base 6.8.1
+ onig_init_for_match_at@Base 6.9.2
onig_initialize@Base 6.8.1
onig_initialize_encoding@Base 6.8.1
onig_initialize_match_param@Base 6.8.1
@@ -227,7 +227,6 @@ libonig.so.5 libonig5 #MINVER#
onig_st_lookup_strend@Base 6.8.1
onig_strcpy@Base 6.8.1
onig_strncmp@Base 6.8.1
- onig_transfer@Base 6.8.1
onig_unicode_define_user_property@Base 6.8.1
onig_version@Base 6.8.1
onig_warning@Base 6.8.1
@@ -287,6 +286,7 @@ libonig.so.5 libonig5 #MINVER#
onigenc_unicode_property_name_to_ctype@Base 6.8.1
onigenc_unicode_unfold_key@Base 6.9.0
onigenc_utf16_32_get_ctype_code_range@Base 6.8.1
+ onigenc_wb_is_break_position@Base 6.9.2
onigenc_with_ascii_strncmp@Base 6.8.1
re_adjust_startpos@Base 6.8.1
re_alloc_pattern@Base 6.8.1
diff --git a/debian/watch b/debian/watch
index c6c26be..8a7b475 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,2 +1,7 @@
version=4
-https://github.com/kkos/oniguruma/tags .*/v?(\d\S*)\.tar\.gz
+opts=\
+dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$//,\
+uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/;s/RC/rc/;s/\-/\./g;s/\_/\./g,\
+filenamemangle=s/(?:.*?)?(?:rel|v|oniguruma|ONIGURUMA)?[\-\_]?(\d\S+)\.(tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))/oniguruma-$1.$2/ \
+https://github.com/kkos/oniguruma/tags \
+(?:.*?/)?(?:rel|v|oniguruma|ONIGURUMA)?[\-\_]?(\d\S+)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) \