diff options
author | Remi Collet <remi@remirepo.net> | 2019-09-26 13:49:02 +0200 |
---|---|---|
committer | Remi Collet <remi@remirepo.net> | 2019-09-26 13:49:02 +0200 |
commit | 878f8eba8157373b87c59b7178c200fd1ffae5bd (patch) | |
tree | 6707484c845cefebb5c38b5d23f029325cfca25a | |
parent | 82b2af94de0d1989c19ad9020aa5fe1b5f161e82 (diff) |
- fix heap-buffer-overflow using upstream patch
https://bugzilla.redhat.com/1755880
-rw-r--r-- | d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch | 21 | ||||
-rw-r--r-- | oniguruma.spec | 9 |
2 files changed, 29 insertions, 1 deletions
diff --git a/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch b/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch new file mode 100644 index 0000000..cb53825 --- /dev/null +++ b/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch @@ -0,0 +1,21 @@ +From d3e402928b6eb3327f8f7d59a9edfa622fec557b Mon Sep 17 00:00:00 2001 +From: "K.Kosako" <kosako@sofnec.co.jp> +Date: Tue, 13 Aug 2019 13:37:30 +0900 +Subject: [PATCH] fix heap-buffer-overflow + +--- + src/regexec.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/regexec.c b/src/regexec.c +index 0753b07..634ee42 100644 +--- a/src/regexec.c ++++ b/src/regexec.c +@@ -4196,6 +4196,7 @@ str_lower_case_match(OnigEncoding enc, int case_fold_flag, + lowlen = ONIGENC_MBC_CASE_FOLD(enc, case_fold_flag, &p, end, lowbuf); + q = lowbuf; + while (lowlen > 0) { ++ if (t >= tend) return 0; + if (*t++ != *q++) return 0; + lowlen--; + } diff --git a/oniguruma.spec b/oniguruma.spec index af076c0..17cdec2 100644 --- a/oniguruma.spec +++ b/oniguruma.spec @@ -24,13 +24,15 @@ Name: %{libname} Name: %{libname}%{soname} %endif Version: 6.9.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Regular expressions library License: BSD URL: https://github.com/kkos/oniguruma/ Source0: https://github.com/kkos/oniguruma/releases/download/v%{version}/onig-%{version}.tar.gz +Patch0: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch + BuildRequires: gcc %if "%{name}" == "%{libname}" @@ -66,6 +68,7 @@ developing applications that use %{name}. %prep %setup -q -n onig-%{version} %{__sed} -i.multilib -e 's|-L@libdir@||' onig-config.in +%patch0 -p1 -b .up %if 0 for f in \ @@ -141,6 +144,10 @@ find $RPM_BUILD_ROOT -name '*.la' \ %changelog +* Thu Sep 26 2019 Remi Collet <remi@remirepo.net> -6.9.3-2 +- fix heap-buffer-overflow using upstream patch + https://bugzilla.redhat.com/1755880 + * Tue Aug 27 2019 Remi Collet <remi@remirepo.net> -6.9.3-1 - update to 6.9.3 (from Fedora) |