From: "Akinori Hattori" <hattya@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/oniguruma/, dev-libs/oniguruma/files/
Date: Thu, 20 Jul 2017 15:38:32 +0000 (UTC) [thread overview]
Message-ID: <1500564909.28d415d0c3fc62cce6c5395c2c3a99199361a53a.hattya@gentoo> (raw)
commit: 28d415d0c3fc62cce6c5395c2c3a99199361a53a
Author: Akinori Hattori <hattya <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 20 15:35:09 2017 +0000
Commit: Akinori Hattori <hattya <AT> gentoo <DOT> org>
CommitDate: Thu Jul 20 15:35:09 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28d415d0
dev-libs/oniguruma: fix CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, and CVE-2017-9229
Gentoo-Bug: 624060
Package-Manager: Portage-2.3.6, Repoman-2.3.1
.../files/oniguruma-5.9.6-CVE-2017-9224.patch | 22 ++++++++++
.../files/oniguruma-5.9.6-CVE-2017-9226.patch | 20 +++++++++
.../files/oniguruma-5.9.6-CVE-2017-9227.patch | 16 ++++++++
.../files/oniguruma-5.9.6-CVE-2017-9228.patch | 18 +++++++++
.../files/oniguruma-5.9.6-CVE-2017-9229.patch | 43 ++++++++++++++++++++
dev-libs/oniguruma/metadata.xml | 12 +++---
dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild | 47 ++++++++++++++++++++++
7 files changed, 172 insertions(+), 6 deletions(-)
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch
new file mode 100644
index 00000000000..b256e0df581
--- /dev/null
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch
@@ -0,0 +1,22 @@
+https://github.com/kkos/oniguruma/issues/57
+https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
+
+Author: K.Kosako <kosako@sofnec.co.jp>
+
+--- a/regexec.c
++++ b/regexec.c
+@@ -1473,14 +1473,9 @@
+ break;
+
+ case OP_EXACT1: MOP_IN(OP_EXACT1);
+-#if 0
+ DATA_ENSURE(1);
+ if (*p != *s) goto fail;
+ p++; s++;
+-#endif
+- if (*p != *s++) goto fail;
+- DATA_ENSURE(0);
+- p++;
+ MOP_OUT;
+ break;
+
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch
new file mode 100644
index 00000000000..f28d5552e3a
--- /dev/null
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch
@@ -0,0 +1,20 @@
+https://github.com/kkos/oniguruma/issues/55
+https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a
+
+Author: K.Kosako <kosako@sofnec.co.jp>
+
+--- a/regparse.c
++++ b/regparse.c
+@@ -4084,7 +4084,12 @@
+ switch (*state) {
+ case CCS_VALUE:
+ if (*type == CCV_SB)
++ {
++ if (*vs > 0xff)
++ return ONIGERR_INVALID_CODE_POINT_VALUE;
++
+ BITSET_SET_BIT(cc->bs, (int )(*vs));
++ }
+ else if (*type == CCV_CODE_POINT) {
+ r = add_code_range(&(cc->mbuf), env, *vs, *vs);
+ if (r < 0) return r;
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch
new file mode 100644
index 00000000000..580cc144679
--- /dev/null
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch
@@ -0,0 +1,16 @@
+https://github.com/kkos/oniguruma/issues/58
+https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
+
+Author: K.Kosako <kosako@sofnec.co.jp>
+
+--- a/regexec.c
++++ b/regexec.c
+@@ -3154,6 +3154,8 @@
+ }
+ else {
+ UChar *q = p + reg->dmin;
++
++ if (q >= end) return 0; /* fail */
+ while (p < q) p += enclen(reg->enc, p);
+ }
+ }
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch
new file mode 100644
index 00000000000..523455c97f3
--- /dev/null
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch
@@ -0,0 +1,18 @@
+https://github.com/kkos/oniguruma/issues/60
+https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
+
+Author: K.Kosako <kosako@sofnec.co.jp>
+
+--- a/regparse.c
++++ b/regparse.c
+@@ -4081,7 +4081,9 @@
+ }
+ }
+
+- *state = CCS_VALUE;
++ if (*state != CCS_START)
++ *state = CCS_VALUE;
++
+ *type = CCV_CLASS;
+ return 0;
+ }
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch
new file mode 100644
index 00000000000..f2dbc55d59a
--- /dev/null
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch
@@ -0,0 +1,43 @@
+https://github.com/kkos/oniguruma/issues/59
+https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
+
+Author: K.Kosako <kosako@sofnec.co.jp>
+
+--- a/regexec.c
++++ b/regexec.c
+@@ -3207,18 +3207,25 @@
+ }
+ else {
+ if (reg->dmax != ONIG_INFINITE_DISTANCE) {
+- *low = p - reg->dmax;
+- if (*low > s) {
+- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
+- *low, (const UChar** )low_prev);
+- if (low_prev && IS_NULL(*low_prev))
+- *low_prev = onigenc_get_prev_char_head(reg->enc,
+- (pprev ? pprev : s), *low);
++ if (p - str < reg->dmax) {
++ *low = (UChar* )str;
++ if (low_prev)
++ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low);
+ }
+ else {
+- if (low_prev)
+- *low_prev = onigenc_get_prev_char_head(reg->enc,
+- (pprev ? pprev : str), *low);
++ *low = p - reg->dmax;
++ if (*low > s) {
++ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
++ *low, (const UChar** )low_prev);
++ if (low_prev && IS_NULL(*low_prev))
++ *low_prev = onigenc_get_prev_char_head(reg->enc,
++ (pprev ? pprev : s), *low);
++ }
++ else {
++ if (low_prev)
++ *low_prev = onigenc_get_prev_char_head(reg->enc,
++ (pprev ? pprev : str), *low);
++ }
+ }
+ }
+ }
diff --git a/dev-libs/oniguruma/metadata.xml b/dev-libs/oniguruma/metadata.xml
index dbfa93acff9..b9955e3e293 100644
--- a/dev-libs/oniguruma/metadata.xml
+++ b/dev-libs/oniguruma/metadata.xml
@@ -6,17 +6,17 @@
<name>Cjk</name>
</maintainer>
<longdescription>
-Oniguruma is a regular expression library. The characteristics of
-this library is that different character encoding for every regular
-expression object can be specified. (Supported character encodings:
-ASCII, UTF-8, EUC-JP, Shift_JIS)
+ Oniguruma is a regular expression library. The characteristics of
+ this library is that different character encoding for every regular
+ expression object can be specified. (Supported character encodings:
+ ASCII, UTF-8, EUC-JP, Shift_JIS)
</longdescription>
<use>
<flag name="combination-explosion-check">
- enable combination explosion check
+ enable combination explosion check
</flag>
<flag name="crnl-as-line-terminator">
- enable CR+NL as line terminator
+ enable CR+NL as line terminator
</flag>
</use>
<upstream>
diff --git a/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild b/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild
new file mode 100644
index 00000000000..d99146dd4f5
--- /dev/null
+++ b/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit autotools ltprune multilib-minimal
+
+MY_P="onig-${PV}"
+
+DESCRIPTION="a regular expression library for different character encodings"
+HOMEPAGE="https://github.com/kkos/oniguruma"
+SRC_URI="https://github.com/kkos/${PN}/releases/download/v${PV}/${MY_P}.tar.gz"
+
+LICENSE="BSD-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x86-solaris"
+IUSE="combination-explosion-check crnl-as-line-terminator static-libs"
+
+S="${WORKDIR}/${MY_P/_p1/}"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-5.9.3-makefile.patch
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9224.patch
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9226.patch
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9227.patch
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9228.patch
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9229.patch
+)
+DOCS=( AUTHORS HISTORY README{,.ja} doc/. )
+
+src_prepare() {
+ default
+ mv configure.{in,ac} || die
+ eautoreconf
+}
+
+multilib_src_configure() {
+ ECONF_SOURCE="${S}" econf \
+ $(use_enable combination-explosion-check) \
+ $(use_enable crnl-as-line-terminator) \
+ $(use_enable static-libs static)
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files
+}
next reply other threads:[~2017-07-20 15:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-20 15:38 Akinori Hattori [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-11-22 1:52 [gentoo-commits] repo/gentoo:master commit in: dev-libs/oniguruma/, dev-libs/oniguruma/files/ Sam James
2019-09-26 13:20 Thomas Deutschmann
2018-06-13 14:36 Mike Gilbert
2016-09-08 8:27 Patrice Clement
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1500564909.28d415d0c3fc62cce6c5395c2c3a99199361a53a.hattya@gentoo \
--to=hattya@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox