From 5c6a3e83d5b7f881d4162d2c8a0959d61c1081bb Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 1 Oct 2020 09:33:50 +0200 Subject: From Fedora: Apply upstream fix for CVE-2020-26159 --- oniguruma-XXX-CVE-2020-26159.patch | 22 ++++++++++++++++++++++ oniguruma.spec | 17 ++++++++++++++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 oniguruma-XXX-CVE-2020-26159.patch diff --git a/oniguruma-XXX-CVE-2020-26159.patch b/oniguruma-XXX-CVE-2020-26159.patch new file mode 100644 index 0000000..71a8ada --- /dev/null +++ b/oniguruma-XXX-CVE-2020-26159.patch @@ -0,0 +1,22 @@ +From cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0 Mon Sep 17 00:00:00 2001 +From: "K.Kosako" +Date: Mon, 21 Sep 2020 12:58:29 +0900 +Subject: [PATCH] #207: Out-of-bounds write + +--- + src/regcomp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/regcomp.c b/src/regcomp.c +index f6494b6d..a0a68561 100644 +--- a/src/regcomp.c ++++ b/src/regcomp.c +@@ -6257,7 +6257,7 @@ concat_opt_exact_str(OptStr* to, UChar* s, UChar* end, OnigEncoding enc) + + for (i = to->len, p = s; p < end && i < OPT_EXACT_MAXLEN; ) { + len = enclen(enc, p); +- if (i + len > OPT_EXACT_MAXLEN) break; ++ if (i + len >= OPT_EXACT_MAXLEN) break; + for (j = 0; j < len && p < end; j++) + to->s[i++] = *p++; + } diff --git a/oniguruma.spec b/oniguruma.spec index f8281d2..45d84bf 100644 --- a/oniguruma.spec +++ b/oniguruma.spec @@ -24,7 +24,7 @@ Name: %{libname}%{oldsoname}php Version: %{mainver}%{?postver:+%postver} -Release: 2%{?dist} +Release: 3%{?dist} Summary: Regular expressions library License: BSD @@ -33,6 +33,9 @@ Source0: https://github.com/kkos/oniguruma/releases/download/v%{mainver}%{?postv # Bump soname from 5 to 105 to allow parallel installation Patch0: onig-soname.patch +# https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0 +# https://github.com/kkos/oniguruma/issues/207 +Patch1: oniguruma-XXX-CVE-2020-26159.patch BuildRequires: gcc @@ -67,6 +70,7 @@ developing applications that use %{name}. %{__sed} -i.multilib -e 's|-L@libdir@||' onig-config.in %patch0 -p1 -b .bump +%patch1 -p1 -b .CVE-2020-26159 %if 0 for f in \ @@ -83,6 +87,11 @@ done %build +# This package fails its testsuite when compiled with LTO, but the real problem +# is that it ends up mixing and matching regexp bits between itself and glibc. +# Disable LTO +%define _lto_cflags %{nil} + %configure \ --enable-posix-api \ --disable-silent-rules \ @@ -147,6 +156,12 @@ sed -e '/^test_regset_LDADD/s/$/ -lrt/' -i test/Makefile %changelog +* Thu Oct 1 2020 Remi Collet -6.9.5+rev1-3 +- From Fedora: Apply upstream fix for CVE-2020-26159 + +* Thu Oct 1 2020 Mamoru TASAKA - 6.9.5-3.rev1 +- Apply upstream fix for CVE-2020-26159 + * Tue Jun 9 2020 Remi Collet -6.9.5+rev1-2 - osbolete oniguruna5 -- cgit