1 |
commit: 28d415d0c3fc62cce6c5395c2c3a99199361a53a |
2 |
Author: Akinori Hattori <hattya <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Jul 20 15:35:09 2017 +0000 |
4 |
Commit: Akinori Hattori <hattya <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jul 20 15:35:09 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28d415d0 |
7 |
|
8 |
dev-libs/oniguruma: fix CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, and CVE-2017-9229 |
9 |
|
10 |
Gentoo-Bug: 624060 |
11 |
|
12 |
Package-Manager: Portage-2.3.6, Repoman-2.3.1 |
13 |
|
14 |
.../files/oniguruma-5.9.6-CVE-2017-9224.patch | 22 ++++++++++ |
15 |
.../files/oniguruma-5.9.6-CVE-2017-9226.patch | 20 +++++++++ |
16 |
.../files/oniguruma-5.9.6-CVE-2017-9227.patch | 16 ++++++++ |
17 |
.../files/oniguruma-5.9.6-CVE-2017-9228.patch | 18 +++++++++ |
18 |
.../files/oniguruma-5.9.6-CVE-2017-9229.patch | 43 ++++++++++++++++++++ |
19 |
dev-libs/oniguruma/metadata.xml | 12 +++--- |
20 |
dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild | 47 ++++++++++++++++++++++ |
21 |
7 files changed, 172 insertions(+), 6 deletions(-) |
22 |
|
23 |
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch |
24 |
new file mode 100644 |
25 |
index 00000000000..b256e0df581 |
26 |
--- /dev/null |
27 |
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch |
28 |
@@ -0,0 +1,22 @@ |
29 |
+https://github.com/kkos/oniguruma/issues/57 |
30 |
+https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b |
31 |
+ |
32 |
+Author: K.Kosako <kosako@×××××××××.jp> |
33 |
+ |
34 |
+--- a/regexec.c |
35 |
++++ b/regexec.c |
36 |
+@@ -1473,14 +1473,9 @@ |
37 |
+ break; |
38 |
+ |
39 |
+ case OP_EXACT1: MOP_IN(OP_EXACT1); |
40 |
+-#if 0 |
41 |
+ DATA_ENSURE(1); |
42 |
+ if (*p != *s) goto fail; |
43 |
+ p++; s++; |
44 |
+-#endif |
45 |
+- if (*p != *s++) goto fail; |
46 |
+- DATA_ENSURE(0); |
47 |
+- p++; |
48 |
+ MOP_OUT; |
49 |
+ break; |
50 |
+ |
51 |
|
52 |
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch |
53 |
new file mode 100644 |
54 |
index 00000000000..f28d5552e3a |
55 |
--- /dev/null |
56 |
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch |
57 |
@@ -0,0 +1,20 @@ |
58 |
+https://github.com/kkos/oniguruma/issues/55 |
59 |
+https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a |
60 |
+ |
61 |
+Author: K.Kosako <kosako@×××××××××.jp> |
62 |
+ |
63 |
+--- a/regparse.c |
64 |
++++ b/regparse.c |
65 |
+@@ -4084,7 +4084,12 @@ |
66 |
+ switch (*state) { |
67 |
+ case CCS_VALUE: |
68 |
+ if (*type == CCV_SB) |
69 |
++ { |
70 |
++ if (*vs > 0xff) |
71 |
++ return ONIGERR_INVALID_CODE_POINT_VALUE; |
72 |
++ |
73 |
+ BITSET_SET_BIT(cc->bs, (int )(*vs)); |
74 |
++ } |
75 |
+ else if (*type == CCV_CODE_POINT) { |
76 |
+ r = add_code_range(&(cc->mbuf), env, *vs, *vs); |
77 |
+ if (r < 0) return r; |
78 |
|
79 |
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch |
80 |
new file mode 100644 |
81 |
index 00000000000..580cc144679 |
82 |
--- /dev/null |
83 |
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch |
84 |
@@ -0,0 +1,16 @@ |
85 |
+https://github.com/kkos/oniguruma/issues/58 |
86 |
+https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 |
87 |
+ |
88 |
+Author: K.Kosako <kosako@×××××××××.jp> |
89 |
+ |
90 |
+--- a/regexec.c |
91 |
++++ b/regexec.c |
92 |
+@@ -3154,6 +3154,8 @@ |
93 |
+ } |
94 |
+ else { |
95 |
+ UChar *q = p + reg->dmin; |
96 |
++ |
97 |
++ if (q >= end) return 0; /* fail */ |
98 |
+ while (p < q) p += enclen(reg->enc, p); |
99 |
+ } |
100 |
+ } |
101 |
|
102 |
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch |
103 |
new file mode 100644 |
104 |
index 00000000000..523455c97f3 |
105 |
--- /dev/null |
106 |
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch |
107 |
@@ -0,0 +1,18 @@ |
108 |
+https://github.com/kkos/oniguruma/issues/60 |
109 |
+https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b |
110 |
+ |
111 |
+Author: K.Kosako <kosako@×××××××××.jp> |
112 |
+ |
113 |
+--- a/regparse.c |
114 |
++++ b/regparse.c |
115 |
+@@ -4081,7 +4081,9 @@ |
116 |
+ } |
117 |
+ } |
118 |
+ |
119 |
+- *state = CCS_VALUE; |
120 |
++ if (*state != CCS_START) |
121 |
++ *state = CCS_VALUE; |
122 |
++ |
123 |
+ *type = CCV_CLASS; |
124 |
+ return 0; |
125 |
+ } |
126 |
|
127 |
diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch |
128 |
new file mode 100644 |
129 |
index 00000000000..f2dbc55d59a |
130 |
--- /dev/null |
131 |
+++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch |
132 |
@@ -0,0 +1,43 @@ |
133 |
+https://github.com/kkos/oniguruma/issues/59 |
134 |
+https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d |
135 |
+ |
136 |
+Author: K.Kosako <kosako@×××××××××.jp> |
137 |
+ |
138 |
+--- a/regexec.c |
139 |
++++ b/regexec.c |
140 |
+@@ -3207,18 +3207,25 @@ |
141 |
+ } |
142 |
+ else { |
143 |
+ if (reg->dmax != ONIG_INFINITE_DISTANCE) { |
144 |
+- *low = p - reg->dmax; |
145 |
+- if (*low > s) { |
146 |
+- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, |
147 |
+- *low, (const UChar** )low_prev); |
148 |
+- if (low_prev && IS_NULL(*low_prev)) |
149 |
+- *low_prev = onigenc_get_prev_char_head(reg->enc, |
150 |
+- (pprev ? pprev : s), *low); |
151 |
++ if (p - str < reg->dmax) { |
152 |
++ *low = (UChar* )str; |
153 |
++ if (low_prev) |
154 |
++ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low); |
155 |
+ } |
156 |
+ else { |
157 |
+- if (low_prev) |
158 |
+- *low_prev = onigenc_get_prev_char_head(reg->enc, |
159 |
+- (pprev ? pprev : str), *low); |
160 |
++ *low = p - reg->dmax; |
161 |
++ if (*low > s) { |
162 |
++ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, |
163 |
++ *low, (const UChar** )low_prev); |
164 |
++ if (low_prev && IS_NULL(*low_prev)) |
165 |
++ *low_prev = onigenc_get_prev_char_head(reg->enc, |
166 |
++ (pprev ? pprev : s), *low); |
167 |
++ } |
168 |
++ else { |
169 |
++ if (low_prev) |
170 |
++ *low_prev = onigenc_get_prev_char_head(reg->enc, |
171 |
++ (pprev ? pprev : str), *low); |
172 |
++ } |
173 |
+ } |
174 |
+ } |
175 |
+ } |
176 |
|
177 |
diff --git a/dev-libs/oniguruma/metadata.xml b/dev-libs/oniguruma/metadata.xml |
178 |
index dbfa93acff9..b9955e3e293 100644 |
179 |
--- a/dev-libs/oniguruma/metadata.xml |
180 |
+++ b/dev-libs/oniguruma/metadata.xml |
181 |
@@ -6,17 +6,17 @@ |
182 |
<name>Cjk</name> |
183 |
</maintainer> |
184 |
<longdescription> |
185 |
-Oniguruma is a regular expression library. The characteristics of |
186 |
-this library is that different character encoding for every regular |
187 |
-expression object can be specified. (Supported character encodings: |
188 |
-ASCII, UTF-8, EUC-JP, Shift_JIS) |
189 |
+ Oniguruma is a regular expression library. The characteristics of |
190 |
+ this library is that different character encoding for every regular |
191 |
+ expression object can be specified. (Supported character encodings: |
192 |
+ ASCII, UTF-8, EUC-JP, Shift_JIS) |
193 |
</longdescription> |
194 |
<use> |
195 |
<flag name="combination-explosion-check"> |
196 |
- enable combination explosion check |
197 |
+ enable combination explosion check |
198 |
</flag> |
199 |
<flag name="crnl-as-line-terminator"> |
200 |
- enable CR+NL as line terminator |
201 |
+ enable CR+NL as line terminator |
202 |
</flag> |
203 |
</use> |
204 |
<upstream> |
205 |
|
206 |
diff --git a/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild b/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild |
207 |
new file mode 100644 |
208 |
index 00000000000..d99146dd4f5 |
209 |
--- /dev/null |
210 |
+++ b/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild |
211 |
@@ -0,0 +1,47 @@ |
212 |
+# Copyright 1999-2017 Gentoo Foundation |
213 |
+# Distributed under the terms of the GNU General Public License v2 |
214 |
+ |
215 |
+EAPI="6" |
216 |
+ |
217 |
+inherit autotools ltprune multilib-minimal |
218 |
+ |
219 |
+MY_P="onig-${PV}" |
220 |
+ |
221 |
+DESCRIPTION="a regular expression library for different character encodings" |
222 |
+HOMEPAGE="https://github.com/kkos/oniguruma" |
223 |
+SRC_URI="https://github.com/kkos/${PN}/releases/download/v${PV}/${MY_P}.tar.gz" |
224 |
+ |
225 |
+LICENSE="BSD-2" |
226 |
+SLOT="0" |
227 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x86-solaris" |
228 |
+IUSE="combination-explosion-check crnl-as-line-terminator static-libs" |
229 |
+ |
230 |
+S="${WORKDIR}/${MY_P/_p1/}" |
231 |
+ |
232 |
+PATCHES=( |
233 |
+ "${FILESDIR}"/${PN}-5.9.3-makefile.patch |
234 |
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9224.patch |
235 |
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9226.patch |
236 |
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9227.patch |
237 |
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9228.patch |
238 |
+ "${FILESDIR}"/${P/_p1/}-CVE-2017-9229.patch |
239 |
+) |
240 |
+DOCS=( AUTHORS HISTORY README{,.ja} doc/. ) |
241 |
+ |
242 |
+src_prepare() { |
243 |
+ default |
244 |
+ mv configure.{in,ac} || die |
245 |
+ eautoreconf |
246 |
+} |
247 |
+ |
248 |
+multilib_src_configure() { |
249 |
+ ECONF_SOURCE="${S}" econf \ |
250 |
+ $(use_enable combination-explosion-check) \ |
251 |
+ $(use_enable crnl-as-line-terminator) \ |
252 |
+ $(use_enable static-libs static) |
253 |
+} |
254 |
+ |
255 |
+multilib_src_install_all() { |
256 |
+ einstalldocs |
257 |
+ prune_libtool_files |
258 |
+} |