From 878f8eba8157373b87c59b7178c200fd1ffae5bd Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 26 Sep 2019 13:49:02 +0200
Subject: - fix heap-buffer-overflow using upstream patch  
 https://bugzilla.redhat.com/1755880

---
 d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch | 21 +++++++++++++++++++++
 oniguruma.spec                                 |  9 ++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch

diff --git a/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch b/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch
new file mode 100644
index 0000000..cb53825
--- /dev/null
+++ b/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch
@@ -0,0 +1,21 @@
+From d3e402928b6eb3327f8f7d59a9edfa622fec557b Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Tue, 13 Aug 2019 13:37:30 +0900
+Subject: [PATCH] fix heap-buffer-overflow
+
+---
+ src/regexec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/regexec.c b/src/regexec.c
+index 0753b07..634ee42 100644
+--- a/src/regexec.c
++++ b/src/regexec.c
+@@ -4196,6 +4196,7 @@ str_lower_case_match(OnigEncoding enc, int case_fold_flag,
+     lowlen = ONIGENC_MBC_CASE_FOLD(enc, case_fold_flag, &p, end, lowbuf);
+     q = lowbuf;
+     while (lowlen > 0) {
++      if (t >= tend)    return 0;
+       if (*t++ != *q++) return 0;
+       lowlen--;
+     }
diff --git a/oniguruma.spec b/oniguruma.spec
index af076c0..17cdec2 100644
--- a/oniguruma.spec
+++ b/oniguruma.spec
@@ -24,13 +24,15 @@ Name:       %{libname}
 Name:       %{libname}%{soname}
 %endif
 Version:	6.9.3
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Regular expressions library
 
 License:	BSD
 URL:		https://github.com/kkos/oniguruma/
 Source0:	https://github.com/kkos/oniguruma/releases/download/v%{version}/onig-%{version}.tar.gz
 
+Patch0:     https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b.patch
+
 BuildRequires:	gcc
 
 %if "%{name}" == "%{libname}"
@@ -66,6 +68,7 @@ developing applications that use %{name}.
 %prep
 %setup -q -n onig-%{version}
 %{__sed} -i.multilib -e 's|-L@libdir@||' onig-config.in
+%patch0 -p1 -b .up
 
 %if 0
 for f in \
@@ -141,6 +144,10 @@ find $RPM_BUILD_ROOT -name '*.la' \
 
 
 %changelog
+* Thu Sep 26 2019 Remi Collet <remi@remirepo.net> -6.9.3-2
+- fix heap-buffer-overflow using upstream patch
+  https://bugzilla.redhat.com/1755880
+
 * Tue Aug 27 2019 Remi Collet <remi@remirepo.net> -6.9.3-1
 - update to 6.9.3 (from Fedora)
 
-- 
cgit