Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Akinori Hattori <hattya@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-libs/oniguruma/, dev-libs/oniguruma/files/
Date: Thu, 20 Jul 2017 15:38:36
Message-Id: 1500564909.28d415d0c3fc62cce6c5395c2c3a99199361a53a.hattya@gentoo
1 commit: 28d415d0c3fc62cce6c5395c2c3a99199361a53a
2 Author: Akinori Hattori <hattya <AT> gentoo <DOT> org>
3 AuthorDate: Thu Jul 20 15:35:09 2017 +0000
4 Commit: Akinori Hattori <hattya <AT> gentoo <DOT> org>
5 CommitDate: Thu Jul 20 15:35:09 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28d415d0
7
8 dev-libs/oniguruma: fix CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, and CVE-2017-9229
9
10 Gentoo-Bug: 624060
11
12 Package-Manager: Portage-2.3.6, Repoman-2.3.1
13
14 .../files/oniguruma-5.9.6-CVE-2017-9224.patch | 22 ++++++++++
15 .../files/oniguruma-5.9.6-CVE-2017-9226.patch | 20 +++++++++
16 .../files/oniguruma-5.9.6-CVE-2017-9227.patch | 16 ++++++++
17 .../files/oniguruma-5.9.6-CVE-2017-9228.patch | 18 +++++++++
18 .../files/oniguruma-5.9.6-CVE-2017-9229.patch | 43 ++++++++++++++++++++
19 dev-libs/oniguruma/metadata.xml | 12 +++---
20 dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild | 47 ++++++++++++++++++++++
21 7 files changed, 172 insertions(+), 6 deletions(-)
22
23 diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch
24 new file mode 100644
25 index 00000000000..b256e0df581
26 --- /dev/null
27 +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch
28 @@ -0,0 +1,22 @@
29 +https://github.com/kkos/oniguruma/issues/57
30 +https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
31 +
32 +Author: K.Kosako <kosako@×××××××××.jp>
33 +
34 +--- a/regexec.c
35 ++++ b/regexec.c
36 +@@ -1473,14 +1473,9 @@
37 + break;
38 +
39 + case OP_EXACT1: MOP_IN(OP_EXACT1);
40 +-#if 0
41 + DATA_ENSURE(1);
42 + if (*p != *s) goto fail;
43 + p++; s++;
44 +-#endif
45 +- if (*p != *s++) goto fail;
46 +- DATA_ENSURE(0);
47 +- p++;
48 + MOP_OUT;
49 + break;
50 +
51
52 diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch
53 new file mode 100644
54 index 00000000000..f28d5552e3a
55 --- /dev/null
56 +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch
57 @@ -0,0 +1,20 @@
58 +https://github.com/kkos/oniguruma/issues/55
59 +https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a
60 +
61 +Author: K.Kosako <kosako@×××××××××.jp>
62 +
63 +--- a/regparse.c
64 ++++ b/regparse.c
65 +@@ -4084,7 +4084,12 @@
66 + switch (*state) {
67 + case CCS_VALUE:
68 + if (*type == CCV_SB)
69 ++ {
70 ++ if (*vs > 0xff)
71 ++ return ONIGERR_INVALID_CODE_POINT_VALUE;
72 ++
73 + BITSET_SET_BIT(cc->bs, (int )(*vs));
74 ++ }
75 + else if (*type == CCV_CODE_POINT) {
76 + r = add_code_range(&(cc->mbuf), env, *vs, *vs);
77 + if (r < 0) return r;
78
79 diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch
80 new file mode 100644
81 index 00000000000..580cc144679
82 --- /dev/null
83 +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch
84 @@ -0,0 +1,16 @@
85 +https://github.com/kkos/oniguruma/issues/58
86 +https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
87 +
88 +Author: K.Kosako <kosako@×××××××××.jp>
89 +
90 +--- a/regexec.c
91 ++++ b/regexec.c
92 +@@ -3154,6 +3154,8 @@
93 + }
94 + else {
95 + UChar *q = p + reg->dmin;
96 ++
97 ++ if (q >= end) return 0; /* fail */
98 + while (p < q) p += enclen(reg->enc, p);
99 + }
100 + }
101
102 diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch
103 new file mode 100644
104 index 00000000000..523455c97f3
105 --- /dev/null
106 +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch
107 @@ -0,0 +1,18 @@
108 +https://github.com/kkos/oniguruma/issues/60
109 +https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
110 +
111 +Author: K.Kosako <kosako@×××××××××.jp>
112 +
113 +--- a/regparse.c
114 ++++ b/regparse.c
115 +@@ -4081,7 +4081,9 @@
116 + }
117 + }
118 +
119 +- *state = CCS_VALUE;
120 ++ if (*state != CCS_START)
121 ++ *state = CCS_VALUE;
122 ++
123 + *type = CCV_CLASS;
124 + return 0;
125 + }
126
127 diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch
128 new file mode 100644
129 index 00000000000..f2dbc55d59a
130 --- /dev/null
131 +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch
132 @@ -0,0 +1,43 @@
133 +https://github.com/kkos/oniguruma/issues/59
134 +https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
135 +
136 +Author: K.Kosako <kosako@×××××××××.jp>
137 +
138 +--- a/regexec.c
139 ++++ b/regexec.c
140 +@@ -3207,18 +3207,25 @@
141 + }
142 + else {
143 + if (reg->dmax != ONIG_INFINITE_DISTANCE) {
144 +- *low = p - reg->dmax;
145 +- if (*low > s) {
146 +- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
147 +- *low, (const UChar** )low_prev);
148 +- if (low_prev && IS_NULL(*low_prev))
149 +- *low_prev = onigenc_get_prev_char_head(reg->enc,
150 +- (pprev ? pprev : s), *low);
151 ++ if (p - str < reg->dmax) {
152 ++ *low = (UChar* )str;
153 ++ if (low_prev)
154 ++ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low);
155 + }
156 + else {
157 +- if (low_prev)
158 +- *low_prev = onigenc_get_prev_char_head(reg->enc,
159 +- (pprev ? pprev : str), *low);
160 ++ *low = p - reg->dmax;
161 ++ if (*low > s) {
162 ++ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
163 ++ *low, (const UChar** )low_prev);
164 ++ if (low_prev && IS_NULL(*low_prev))
165 ++ *low_prev = onigenc_get_prev_char_head(reg->enc,
166 ++ (pprev ? pprev : s), *low);
167 ++ }
168 ++ else {
169 ++ if (low_prev)
170 ++ *low_prev = onigenc_get_prev_char_head(reg->enc,
171 ++ (pprev ? pprev : str), *low);
172 ++ }
173 + }
174 + }
175 + }
176
177 diff --git a/dev-libs/oniguruma/metadata.xml b/dev-libs/oniguruma/metadata.xml
178 index dbfa93acff9..b9955e3e293 100644
179 --- a/dev-libs/oniguruma/metadata.xml
180 +++ b/dev-libs/oniguruma/metadata.xml
181 @@ -6,17 +6,17 @@
182 <name>Cjk</name>
183 </maintainer>
184 <longdescription>
185 -Oniguruma is a regular expression library. The characteristics of
186 -this library is that different character encoding for every regular
187 -expression object can be specified. (Supported character encodings:
188 -ASCII, UTF-8, EUC-JP, Shift_JIS)
189 + Oniguruma is a regular expression library. The characteristics of
190 + this library is that different character encoding for every regular
191 + expression object can be specified. (Supported character encodings:
192 + ASCII, UTF-8, EUC-JP, Shift_JIS)
193 </longdescription>
194 <use>
195 <flag name="combination-explosion-check">
196 - enable combination explosion check
197 + enable combination explosion check
198 </flag>
199 <flag name="crnl-as-line-terminator">
200 - enable CR+NL as line terminator
201 + enable CR+NL as line terminator
202 </flag>
203 </use>
204 <upstream>
205
206 diff --git a/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild b/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild
207 new file mode 100644
208 index 00000000000..d99146dd4f5
209 --- /dev/null
210 +++ b/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild
211 @@ -0,0 +1,47 @@
212 +# Copyright 1999-2017 Gentoo Foundation
213 +# Distributed under the terms of the GNU General Public License v2
214 +
215 +EAPI="6"
216 +
217 +inherit autotools ltprune multilib-minimal
218 +
219 +MY_P="onig-${PV}"
220 +
221 +DESCRIPTION="a regular expression library for different character encodings"
222 +HOMEPAGE="https://github.com/kkos/oniguruma"
223 +SRC_URI="https://github.com/kkos/${PN}/releases/download/v${PV}/${MY_P}.tar.gz"
224 +
225 +LICENSE="BSD-2"
226 +SLOT="0"
227 +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x86-solaris"
228 +IUSE="combination-explosion-check crnl-as-line-terminator static-libs"
229 +
230 +S="${WORKDIR}/${MY_P/_p1/}"
231 +
232 +PATCHES=(
233 + "${FILESDIR}"/${PN}-5.9.3-makefile.patch
234 + "${FILESDIR}"/${P/_p1/}-CVE-2017-9224.patch
235 + "${FILESDIR}"/${P/_p1/}-CVE-2017-9226.patch
236 + "${FILESDIR}"/${P/_p1/}-CVE-2017-9227.patch
237 + "${FILESDIR}"/${P/_p1/}-CVE-2017-9228.patch
238 + "${FILESDIR}"/${P/_p1/}-CVE-2017-9229.patch
239 +)
240 +DOCS=( AUTHORS HISTORY README{,.ja} doc/. )
241 +
242 +src_prepare() {
243 + default
244 + mv configure.{in,ac} || die
245 + eautoreconf
246 +}
247 +
248 +multilib_src_configure() {
249 + ECONF_SOURCE="${S}" econf \
250 + $(use_enable combination-explosion-check) \
251 + $(use_enable crnl-as-line-terminator) \
252 + $(use_enable static-libs static)
253 +}
254 +
255 +multilib_src_install_all() {
256 + einstalldocs
257 + prune_libtool_files
258 +}
Report Message
Find on MARC Find on Google Groups