From 2c7655105475ad81ad07eedc9dded1924afb154f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Fri, 12 Jul 2019 10:25:50 +0200 Subject: Fix CVE-2019-1322[4-5] --- debian/patches/0105-CVE-2019-13224.patch | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 debian/patches/0105-CVE-2019-13224.patch (limited to 'debian/patches/0105-CVE-2019-13224.patch') diff --git a/debian/patches/0105-CVE-2019-13224.patch b/debian/patches/0105-CVE-2019-13224.patch new file mode 100644 index 0000000..6ea4f95 --- /dev/null +++ b/debian/patches/0105-CVE-2019-13224.patch @@ -0,0 +1,38 @@ +Description: CVE-2019-13224 + don't allow different encodings for onig_new_deluxe() +Origin: upstream, https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878 +Last-Update: 2019-07-12 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/regext.c +=================================================================== +--- trunk.orig/src/regext.c ++++ trunk/src/regext.c +@@ -29,6 +29,7 @@ + + #include "regint.h" + ++#if 0 + static void + conv_ext0be32(const UChar* s, const UChar* end, UChar* conv) + { +@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEnc + + return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; + } ++#endif + + extern int + onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, +@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UCh + if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL; + + if (ci->pattern_enc != ci->target_enc) { +- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end, +- &cpat, &cpat_end); +- if (r != 0) return r; ++ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; + } + else { + cpat = (UChar* )pattern; -- cgit v1.2.3