summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-09-26 13:49:02 +0200
committerRemi Collet <remi@remirepo.net>2019-09-26 13:49:02 +0200
commit878f8eba8157373b87c59b7178c200fd1ffae5bd (patch)
tree6707484c845cefebb5c38b5d23f029325cfca25a
parent82b2af94de0d1989c19ad9020aa5fe1b5f161e82 (diff)
- fix heap-buffer-overflow using upstream patch
https://bugzilla.redhat.com/1755880
-rw-r--r--d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch21
-rw-r--r--oniguruma.spec9
2 files changed, 29 insertions, 1 deletions
diff --git a/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch b/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch
new file mode 100644
index 0000000..cb53825
--- /dev/null
+++ b/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch
@@ -0,0 +1,21 @@
+From d3e402928b6eb3327f8f7d59a9edfa622fec557b Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Tue, 13 Aug 2019 13:37:30 +0900
+Subject: [PATCH] fix heap-buffer-overflow
+
+---
+ src/regexec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/regexec.c b/src/regexec.c
+index 0753b07..634ee42 100644
+--- a/src/regexec.c
++++ b/src/regexec.c
+@@ -4196,6 +4196,7 @@ str_lower_case_match(OnigEncoding enc, int case_fold_flag,
+ lowlen = ONIGENC_MBC_CASE_FOLD(enc, case_fold_flag, &p, end, lowbuf);
+ q = lowbuf;
+ while (lowlen > 0) {
++ if (t >= tend) return 0;
+ if (*t++ != *q++) return 0;
+ lowlen--;
+ }
diff --git a/oniguruma.spec b/oniguruma.spec
index af076c0..17cdec2 100644
--- a/oniguruma.spec
+++ b/oniguruma.spec
@@ -24,13 +24,15 @@ Name: %{libname}
Name: %{libname}%{soname}
%endif
Version: 6.9.3
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Regular expressions library
License: BSD
URL: https://github.com/kkos/oniguruma/
Source0: https://github.com/kkos/oniguruma/releases/download/v%{version}/onig-%{version}.tar.gz
+Patch0: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch
+
BuildRequires: gcc
%if "%{name}" == "%{libname}"
@@ -66,6 +68,7 @@ developing applications that use %{name}.
%prep
%setup -q -n onig-%{version}
%{__sed} -i.multilib -e 's|-L@libdir@||' onig-config.in
+%patch0 -p1 -b .up
%if 0
for f in \
@@ -141,6 +144,10 @@ find $RPM_BUILD_ROOT -name '*.la' \
%changelog
+* Thu Sep 26 2019 Remi Collet <remi@remirepo.net> -6.9.3-2
+- fix heap-buffer-overflow using upstream patch
+ https://bugzilla.redhat.com/1755880
+
* Tue Aug 27 2019 Remi Collet <remi@remirepo.net> -6.9.3-1
- update to 6.9.3 (from Fedora)