diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 19 | ||||
| -rw-r--r-- | debian/compat | 2 | ||||
| -rw-r--r-- | debian/control | 4 | ||||
| -rw-r--r-- | debian/patches/0100-source_typos.patch | 2 | ||||
| -rw-r--r-- | debian/patches/0105-CVE-2019-13224.patch | 38 | ||||
| -rw-r--r-- | debian/patches/0110-CVE-2019-13225.patch | 66 | ||||
| -rw-r--r-- | debian/patches/series | 2 | ||||
| -rwxr-xr-x | debian/rules | 2 | ||||
| -rw-r--r-- | debian/symbols | 4 | ||||
| -rw-r--r-- | debian/watch | 7 |
10 files changed, 138 insertions, 8 deletions
diff --git a/debian/changelog b/debian/changelog index 4d88084..2ae3106 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,22 @@ +libonig (6.9.2-1) unstable; urgency=medium + + * New upstream release: + - Refresh symbols file. + - Refresh debian/patches/0100-source_typos.patch. + * Rewrite debain/watch. + * New debian/patches/0105-CVE-2019-13224.patch and + debian/patches/0110-CVE-2019-13225.patch (Closes: #931878): + - Fixes CVE-2019-13224 A use-after-free in onig_new_deluxe() in regext.c. + - Fixes CVE-2019-13225 A NULL Pointer Dereference in match_at() + in regexec.c. + * Declare compliance with Debian Policy 4.4.0 (No changes needed). + * Migrate to debhelper 12: + - Change debian/compat to 12. + - Bump minimum debhelper version in debian/control to >= 12. + - debian/rules: Remove obsolete dh_install --fail-missing. + + -- Jörg Frings-Fürst <debian@jff.email> Fri, 12 Jul 2019 10:39:37 +0200 + libonig (6.9.1-1) unstable; urgency=medium * New upstream release: diff --git a/debian/compat b/debian/compat index b4de394..48082f7 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -11 +12 diff --git a/debian/control b/debian/control index 8999c88..bad90d6 100644 --- a/debian/control +++ b/debian/control @@ -3,8 +3,8 @@ Section: libs Priority: extra Maintainer: Jörg Frings-Fürst <debian@jff.email> Build-Depends: - debhelper (>= 11) -Standards-Version: 4.2.1 + debhelper (>= 12) +Standards-Version: 4.4.0 Homepage: https://github.com/kkos/oniguruma Vcs-Git: git://jff.email/opt/git/libonig.git Vcs-Browser: https://jff.email/cgit/libonig.git diff --git a/debian/patches/0100-source_typos.patch b/debian/patches/0100-source_typos.patch index ec96ad2..6444b65 100644 --- a/debian/patches/0100-source_typos.patch +++ b/debian/patches/0100-source_typos.patch @@ -7,7 +7,7 @@ Index: trunk/src/regerror.c =================================================================== --- trunk.orig/src/regerror.c +++ trunk/src/regerror.c -@@ -67,7 +67,7 @@ onig_error_code_to_format(int code) +@@ -63,7 +63,7 @@ onig_error_code_to_format(int code) case ONIGERR_UNEXPECTED_BYTECODE: p = "unexpected bytecode (bug)"; break; case ONIGERR_DEFAULT_ENCODING_IS_NOT_SETTED: diff --git a/debian/patches/0105-CVE-2019-13224.patch b/debian/patches/0105-CVE-2019-13224.patch new file mode 100644 index 0000000..6ea4f95 --- /dev/null +++ b/debian/patches/0105-CVE-2019-13224.patch @@ -0,0 +1,38 @@ +Description: CVE-2019-13224 + don't allow different encodings for onig_new_deluxe() +Origin: upstream, https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878 +Last-Update: 2019-07-12 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/regext.c +=================================================================== +--- trunk.orig/src/regext.c ++++ trunk/src/regext.c +@@ -29,6 +29,7 @@ + + #include "regint.h" + ++#if 0 + static void + conv_ext0be32(const UChar* s, const UChar* end, UChar* conv) + { +@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEnc + + return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; + } ++#endif + + extern int + onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, +@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UCh + if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL; + + if (ci->pattern_enc != ci->target_enc) { +- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end, +- &cpat, &cpat_end); +- if (r != 0) return r; ++ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; + } + else { + cpat = (UChar* )pattern; diff --git a/debian/patches/0110-CVE-2019-13225.patch b/debian/patches/0110-CVE-2019-13225.patch new file mode 100644 index 0000000..be9e152 --- /dev/null +++ b/debian/patches/0110-CVE-2019-13225.patch @@ -0,0 +1,66 @@ +Description: CVE-2019-13225 + problem in converting if-then-else pattern to bytecode. +Origin: upstream, https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931878 +Last-Update: 2019-07-12 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/regcomp.c +=================================================================== +--- trunk.orig/src/regcomp.c ++++ trunk/src/regcomp.c +@@ -1307,8 +1307,9 @@ compile_length_bag_node(BagNode* node, r + len += tlen; + } + ++ len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END; ++ + if (IS_NOT_NULL(Else)) { +- len += SIZE_OP_JUMP; + tlen = compile_length_tree(Else, reg); + if (tlen < 0) return tlen; + len += tlen; +@@ -1455,7 +1456,7 @@ compile_bag_node(BagNode* node, regex_t* + + case BAG_IF_ELSE: + { +- int cond_len, then_len, jump_len; ++ int cond_len, then_len, else_len, jump_len; + Node* cond = NODE_BAG_BODY(node); + Node* Then = node->te.Then; + Node* Else = node->te.Else; +@@ -1472,8 +1473,7 @@ compile_bag_node(BagNode* node, regex_t* + else + then_len = 0; + +- jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END; +- if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP; ++ jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP; + + r = add_op(reg, OP_PUSH); + if (r != 0) return r; +@@ -1490,11 +1490,20 @@ compile_bag_node(BagNode* node, regex_t* + } + + if (IS_NOT_NULL(Else)) { +- int else_len = compile_length_tree(Else, reg); +- r = add_op(reg, OP_JUMP); +- if (r != 0) return r; +- COP(reg)->jump.addr = else_len + SIZE_INC_OP; ++ else_len = compile_length_tree(Else, reg); ++ if (else_len < 0) return else_len; ++ } ++ else ++ else_len = 0; + ++ r = add_op(reg, OP_JUMP); ++ if (r != 0) return r; ++ COP(reg)->jump.addr = SIZE_OP_ATOMIC_END + else_len + SIZE_INC_OP; ++ ++ r = add_op(reg, OP_ATOMIC_END); ++ if (r != 0) return r; ++ ++ if (IS_NOT_NULL(Else)) { + r = compile_tree(Else, reg, env); + } + } diff --git a/debian/patches/series b/debian/patches/series index ea79fff..e924636 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,3 @@ 0100-source_typos.patch +0105-CVE-2019-13224.patch +0110-CVE-2019-13225.patch diff --git a/debian/rules b/debian/rules index aa976c6..ee95689 100755 --- a/debian/rules +++ b/debian/rules @@ -24,7 +24,7 @@ VERSION = $(shell head -n1 debian/changelog | sed -e 's/.*(//;s/-.*).*//;s/\+/\- override_dh_install: $(RM) debian/tmp/usr/bin/onig-config - dh_install --fail-missing -X.la -X.a + dh_install -X.la -X.a override_dh_makeshlibs: dh_makeshlibs diff --git a/debian/symbols b/debian/symbols index a102b4d..06628e7 100644 --- a/debian/symbols +++ b/debian/symbols @@ -51,7 +51,6 @@ libonig.so.5 libonig5 #MINVER# OnigUnicodeFolds2@Base 6.8.1 OnigUnicodeFolds3@Base 6.8.1 onig_add_end_call@Base 6.8.1 - onig_bbuf_init@Base 6.8.1 onig_builtin_cmp@Base 6.8.1 onig_builtin_count@Base 6.8.1 onig_builtin_error@Base 6.8.1 @@ -129,6 +128,7 @@ libonig.so.5 libonig5 #MINVER# onig_get_used_stack_size_in_callout@Base 6.8.1 onig_global_callout_names_free@Base 6.8.1 onig_init@Base 6.8.1 + onig_init_for_match_at@Base 6.9.2 onig_initialize@Base 6.8.1 onig_initialize_encoding@Base 6.8.1 onig_initialize_match_param@Base 6.8.1 @@ -227,7 +227,6 @@ libonig.so.5 libonig5 #MINVER# onig_st_lookup_strend@Base 6.8.1 onig_strcpy@Base 6.8.1 onig_strncmp@Base 6.8.1 - onig_transfer@Base 6.8.1 onig_unicode_define_user_property@Base 6.8.1 onig_version@Base 6.8.1 onig_warning@Base 6.8.1 @@ -287,6 +286,7 @@ libonig.so.5 libonig5 #MINVER# onigenc_unicode_property_name_to_ctype@Base 6.8.1 onigenc_unicode_unfold_key@Base 6.9.0 onigenc_utf16_32_get_ctype_code_range@Base 6.8.1 + onigenc_wb_is_break_position@Base 6.9.2 onigenc_with_ascii_strncmp@Base 6.8.1 re_adjust_startpos@Base 6.8.1 re_alloc_pattern@Base 6.8.1 diff --git a/debian/watch b/debian/watch index c6c26be..8a7b475 100644 --- a/debian/watch +++ b/debian/watch @@ -1,2 +1,7 @@ version=4 -https://github.com/kkos/oniguruma/tags .*/v?(\d\S*)\.tar\.gz +opts=\ +dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$//,\ +uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha)\d*)$/$1~$2/;s/RC/rc/;s/\-/\./g;s/\_/\./g,\ +filenamemangle=s/(?:.*?)?(?:rel|v|oniguruma|ONIGURUMA)?[\-\_]?(\d\S+)\.(tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))/oniguruma-$1.$2/ \ +https://github.com/kkos/oniguruma/tags \ +(?:.*?/)?(?:rel|v|oniguruma|ONIGURUMA)?[\-\_]?(\d\S+)\.(?:tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) \ |