summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorA. Wilcox <AWilcox@Wilcox-Tech.com>2019-08-17 21:46:30 +0000
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2019-08-17 21:46:30 +0000
commite990a6e7cbe72463a69aec037f7ede9facb716da (patch)
tree69b9f1aba42e8a0ef697b618462ecc391e810613
parent20aab3bf93e67dea45c5658149f77ee6fd00110f (diff)
downloadpackages-e990a6e7cbe72463a69aec037f7ede9facb716da.tar.gz
packages-e990a6e7cbe72463a69aec037f7ede9facb716da.tar.bz2
packages-e990a6e7cbe72463a69aec037f7ede9facb716da.tar.xz
packages-e990a6e7cbe72463a69aec037f7ede9facb716da.zip
user/oniguruma: bump to 6.9.3
-rw-r--r--user/oniguruma/APKBUILD12
-rw-r--r--user/oniguruma/CVE-2019-13224.patch41
-rw-r--r--user/oniguruma/CVE-2019-13225.patch69
3 files changed, 4 insertions, 118 deletions
diff --git a/user/oniguruma/APKBUILD b/user/oniguruma/APKBUILD
index b62084508..8c14250df 100644
--- a/user/oniguruma/APKBUILD
+++ b/user/oniguruma/APKBUILD
@@ -2,16 +2,14 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Samuel Holland <samuel@sholland.org>
pkgname=oniguruma
-pkgver=6.9.2
-pkgrel=1
+pkgver=6.9.3
+pkgrel=0
pkgdesc="A regular expression library"
url="https://github.com/kkos/oniguruma"
arch="all"
license="BSD-2-Clause"
subpackages="$pkgname-dev"
-source="https://github.com/kkos/$pkgname/releases/download/v$pkgver/onig-$pkgver.tar.gz
- CVE-2019-13224.patch
- CVE-2019-13225.patch"
+source="https://github.com/kkos/$pkgname/releases/download/v$pkgver/onig-$pkgver.tar.gz"
builddir="$srcdir/onig-$pkgver"
# secfixes:
@@ -39,6 +37,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="c10134e42a3c0b0eeae2027ffb7a3e1bcc9228dee286f6b6e997f8a73d717217fa74de0e19c40975d2e78044c8c4f029eb622f90c8eb4fdc4667eb4804e97001 onig-6.9.2.tar.gz
-7f1b42e1ceb6e9addf87bbd456848afd9db3b721352157e3a7362354c3a4cabd58fac202d199d9f9c2f08f0c5c98e3de8583367e7716028278dae96c3d6bb43a CVE-2019-13224.patch
-4c1df67369055f945c49d579c3f2ae5ffc41bb1c8a2510555908f07691c669b290accd9152f017e02a2a21f8a365c9ffd8fab42a3d11409150551f0c0c919dc7 CVE-2019-13225.patch"
+sha512sums="6b038879cb9cbe8cc756159eb53125e1d4dc7365ca434d07b99a59f3602987e573da120506bbd88d0f51dcdde5866bfa48d45803f8869503726c4d9a47d62861 onig-6.9.3.tar.gz"
diff --git a/user/oniguruma/CVE-2019-13224.patch b/user/oniguruma/CVE-2019-13224.patch
deleted file mode 100644
index 22bc6bd2f..000000000
--- a/user/oniguruma/CVE-2019-13224.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 Mon Sep 17 00:00:00 2001
-From: "K.Kosako" <kosako@sofnec.co.jp>
-Date: Thu, 27 Jun 2019 17:25:26 +0900
-Subject: [PATCH] Fix CVE-2019-13224: don't allow different encodings for
- onig_new_deluxe()
-
----
- src/regext.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/regext.c b/src/regext.c
-index fa4b360..965c793 100644
---- a/src/regext.c
-+++ b/src/regext.c
-@@ -29,6 +29,7 @@
-
- #include "regint.h"
-
-+#if 0
- static void
- conv_ext0be32(const UChar* s, const UChar* end, UChar* conv)
- {
-@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEncoding to, const UChar* s, const UChar* e
-
- return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
- }
-+#endif
-
- extern int
- onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,
-@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,
- if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL;
-
- if (ci->pattern_enc != ci->target_enc) {
-- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end,
-- &cpat, &cpat_end);
-- if (r != 0) return r;
-+ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
- }
- else {
- cpat = (UChar* )pattern;
diff --git a/user/oniguruma/CVE-2019-13225.patch b/user/oniguruma/CVE-2019-13225.patch
deleted file mode 100644
index 26e296d8d..000000000
--- a/user/oniguruma/CVE-2019-13225.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c Mon Sep 17 00:00:00 2001
-From: "K.Kosako" <kosako@sofnec.co.jp>
-Date: Thu, 27 Jun 2019 14:11:55 +0900
-Subject: [PATCH] Fix CVE-2019-13225: problem in converting if-then-else
- pattern to bytecode.
-
----
- src/regcomp.c | 25 +++++++++++++++++--------
- 1 file changed, 17 insertions(+), 8 deletions(-)
-
-diff --git a/src/regcomp.c b/src/regcomp.c
-index c2c04a4..ff3431f 100644
---- a/src/regcomp.c
-+++ b/src/regcomp.c
-@@ -1307,8 +1307,9 @@ compile_length_bag_node(BagNode* node, regex_t* reg)
- len += tlen;
- }
-
-+ len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END;
-+
- if (IS_NOT_NULL(Else)) {
-- len += SIZE_OP_JUMP;
- tlen = compile_length_tree(Else, reg);
- if (tlen < 0) return tlen;
- len += tlen;
-@@ -1455,7 +1456,7 @@ compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env)
-
- case BAG_IF_ELSE:
- {
-- int cond_len, then_len, jump_len;
-+ int cond_len, then_len, else_len, jump_len;
- Node* cond = NODE_BAG_BODY(node);
- Node* Then = node->te.Then;
- Node* Else = node->te.Else;
-@@ -1472,8 +1473,7 @@ compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env)
- else
- then_len = 0;
-
-- jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END;
-- if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP;
-+ jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP;
-
- r = add_op(reg, OP_PUSH);
- if (r != 0) return r;
-@@ -1490,11 +1490,20 @@ compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env)
- }
-
- if (IS_NOT_NULL(Else)) {
-- int else_len = compile_length_tree(Else, reg);
-- r = add_op(reg, OP_JUMP);
-- if (r != 0) return r;
-- COP(reg)->jump.addr = else_len + SIZE_INC_OP;
-+ else_len = compile_length_tree(Else, reg);
-+ if (else_len < 0) return else_len;
-+ }
-+ else
-+ else_len = 0;
-
-+ r = add_op(reg, OP_JUMP);
-+ if (r != 0) return r;
-+ COP(reg)->jump.addr = SIZE_OP_ATOMIC_END + else_len + SIZE_INC_OP;
-+
-+ r = add_op(reg, OP_ATOMIC_END);
-+ if (r != 0) return r;
-+
-+ if (IS_NOT_NULL(Else)) {
- r = compile_tree(Else, reg, env);
- }
- }