diff options
-rw-r--r-- | user/oniguruma/APKBUILD | 12 | ||||
-rw-r--r-- | user/oniguruma/CVE-2019-13224.patch | 41 | ||||
-rw-r--r-- | user/oniguruma/CVE-2019-13225.patch | 69 |
3 files changed, 4 insertions, 118 deletions
diff --git a/user/oniguruma/APKBUILD b/user/oniguruma/APKBUILD index b62084508..8c14250df 100644 --- a/user/oniguruma/APKBUILD +++ b/user/oniguruma/APKBUILD @@ -2,16 +2,14 @@ # Contributor: Francesco Colista <fcolista@alpinelinux.org> # Maintainer: Samuel Holland <samuel@sholland.org> pkgname=oniguruma -pkgver=6.9.2 -pkgrel=1 +pkgver=6.9.3 +pkgrel=0 pkgdesc="A regular expression library" url="https://github.com/kkos/oniguruma" arch="all" license="BSD-2-Clause" subpackages="$pkgname-dev" -source="https://github.com/kkos/$pkgname/releases/download/v$pkgver/onig-$pkgver.tar.gz - CVE-2019-13224.patch - CVE-2019-13225.patch" +source="https://github.com/kkos/$pkgname/releases/download/v$pkgver/onig-$pkgver.tar.gz" builddir="$srcdir/onig-$pkgver" # secfixes: @@ -39,6 +37,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="c10134e42a3c0b0eeae2027ffb7a3e1bcc9228dee286f6b6e997f8a73d717217fa74de0e19c40975d2e78044c8c4f029eb622f90c8eb4fdc4667eb4804e97001 onig-6.9.2.tar.gz -7f1b42e1ceb6e9addf87bbd456848afd9db3b721352157e3a7362354c3a4cabd58fac202d199d9f9c2f08f0c5c98e3de8583367e7716028278dae96c3d6bb43a CVE-2019-13224.patch -4c1df67369055f945c49d579c3f2ae5ffc41bb1c8a2510555908f07691c669b290accd9152f017e02a2a21f8a365c9ffd8fab42a3d11409150551f0c0c919dc7 CVE-2019-13225.patch" +sha512sums="6b038879cb9cbe8cc756159eb53125e1d4dc7365ca434d07b99a59f3602987e573da120506bbd88d0f51dcdde5866bfa48d45803f8869503726c4d9a47d62861 onig-6.9.3.tar.gz" diff --git a/user/oniguruma/CVE-2019-13224.patch b/user/oniguruma/CVE-2019-13224.patch deleted file mode 100644 index 22bc6bd2f..000000000 --- a/user/oniguruma/CVE-2019-13224.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 Mon Sep 17 00:00:00 2001 -From: "K.Kosako" <kosako@sofnec.co.jp> -Date: Thu, 27 Jun 2019 17:25:26 +0900 -Subject: [PATCH] Fix CVE-2019-13224: don't allow different encodings for - onig_new_deluxe() - ---- - src/regext.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/regext.c b/src/regext.c -index fa4b360..965c793 100644 ---- a/src/regext.c -+++ b/src/regext.c -@@ -29,6 +29,7 @@ - - #include "regint.h" - -+#if 0 - static void - conv_ext0be32(const UChar* s, const UChar* end, UChar* conv) - { -@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEncoding to, const UChar* s, const UChar* e - - return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; - } -+#endif - - extern int - onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, -@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, - if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL; - - if (ci->pattern_enc != ci->target_enc) { -- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end, -- &cpat, &cpat_end); -- if (r != 0) return r; -+ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; - } - else { - cpat = (UChar* )pattern; diff --git a/user/oniguruma/CVE-2019-13225.patch b/user/oniguruma/CVE-2019-13225.patch deleted file mode 100644 index 26e296d8d..000000000 --- a/user/oniguruma/CVE-2019-13225.patch +++ /dev/null @@ -1,69 +0,0 @@ -From c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c Mon Sep 17 00:00:00 2001 -From: "K.Kosako" <kosako@sofnec.co.jp> -Date: Thu, 27 Jun 2019 14:11:55 +0900 -Subject: [PATCH] Fix CVE-2019-13225: problem in converting if-then-else - pattern to bytecode. - ---- - src/regcomp.c | 25 +++++++++++++++++-------- - 1 file changed, 17 insertions(+), 8 deletions(-) - -diff --git a/src/regcomp.c b/src/regcomp.c -index c2c04a4..ff3431f 100644 ---- a/src/regcomp.c -+++ b/src/regcomp.c -@@ -1307,8 +1307,9 @@ compile_length_bag_node(BagNode* node, regex_t* reg) - len += tlen; - } - -+ len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END; -+ - if (IS_NOT_NULL(Else)) { -- len += SIZE_OP_JUMP; - tlen = compile_length_tree(Else, reg); - if (tlen < 0) return tlen; - len += tlen; -@@ -1455,7 +1456,7 @@ compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env) - - case BAG_IF_ELSE: - { -- int cond_len, then_len, jump_len; -+ int cond_len, then_len, else_len, jump_len; - Node* cond = NODE_BAG_BODY(node); - Node* Then = node->te.Then; - Node* Else = node->te.Else; -@@ -1472,8 +1473,7 @@ compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env) - else - then_len = 0; - -- jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END; -- if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP; -+ jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP; - - r = add_op(reg, OP_PUSH); - if (r != 0) return r; -@@ -1490,11 +1490,20 @@ compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env) - } - - if (IS_NOT_NULL(Else)) { -- int else_len = compile_length_tree(Else, reg); -- r = add_op(reg, OP_JUMP); -- if (r != 0) return r; -- COP(reg)->jump.addr = else_len + SIZE_INC_OP; -+ else_len = compile_length_tree(Else, reg); -+ if (else_len < 0) return else_len; -+ } -+ else -+ else_len = 0; - -+ r = add_op(reg, OP_JUMP); -+ if (r != 0) return r; -+ COP(reg)->jump.addr = SIZE_OP_ATOMIC_END + else_len + SIZE_INC_OP; -+ -+ r = add_op(reg, OP_ATOMIC_END); -+ if (r != 0) return r; -+ -+ if (IS_NOT_NULL(Else)) { - r = compile_tree(Else, reg, env); - } - } |