commit: 28d415d0c3fc62cce6c5395c2c3a99199361a53a Author: Akinori Hattori <hattya <AT> gentoo <DOT> org> AuthorDate: Thu Jul 20 15:35:09 2017 +0000 Commit: Akinori Hattori <hattya <AT> gentoo <DOT> org> CommitDate: Thu Jul 20 15:35:09 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28d415d0
dev-libs/oniguruma: fix CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, and CVE-2017-9229 Gentoo-Bug: 624060 Package-Manager: Portage-2.3.6, Repoman-2.3.1 .../files/oniguruma-5.9.6-CVE-2017-9224.patch | 22 ++++++++++ .../files/oniguruma-5.9.6-CVE-2017-9226.patch | 20 +++++++++ .../files/oniguruma-5.9.6-CVE-2017-9227.patch | 16 ++++++++ .../files/oniguruma-5.9.6-CVE-2017-9228.patch | 18 +++++++++ .../files/oniguruma-5.9.6-CVE-2017-9229.patch | 43 ++++++++++++++++++++ dev-libs/oniguruma/metadata.xml | 12 +++--- dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild | 47 ++++++++++++++++++++++ 7 files changed, 172 insertions(+), 6 deletions(-) diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch new file mode 100644 index 00000000000..b256e0df581 --- /dev/null +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9224.patch @@ -0,0 +1,22 @@ +https://github.com/kkos/oniguruma/issues/57 +https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b + +Author: K.Kosako <kos...@sofnec.co.jp> + +--- a/regexec.c ++++ b/regexec.c +@@ -1473,14 +1473,9 @@ + break; + + case OP_EXACT1: MOP_IN(OP_EXACT1); +-#if 0 + DATA_ENSURE(1); + if (*p != *s) goto fail; + p++; s++; +-#endif +- if (*p != *s++) goto fail; +- DATA_ENSURE(0); +- p++; + MOP_OUT; + break; + diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch new file mode 100644 index 00000000000..f28d5552e3a --- /dev/null +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9226.patch @@ -0,0 +1,20 @@ +https://github.com/kkos/oniguruma/issues/55 +https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a + +Author: K.Kosako <kos...@sofnec.co.jp> + +--- a/regparse.c ++++ b/regparse.c +@@ -4084,7 +4084,12 @@ + switch (*state) { + case CCS_VALUE: + if (*type == CCV_SB) ++ { ++ if (*vs > 0xff) ++ return ONIGERR_INVALID_CODE_POINT_VALUE; ++ + BITSET_SET_BIT(cc->bs, (int )(*vs)); ++ } + else if (*type == CCV_CODE_POINT) { + r = add_code_range(&(cc->mbuf), env, *vs, *vs); + if (r < 0) return r; diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch new file mode 100644 index 00000000000..580cc144679 --- /dev/null +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9227.patch @@ -0,0 +1,16 @@ +https://github.com/kkos/oniguruma/issues/58 +https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 + +Author: K.Kosako <kos...@sofnec.co.jp> + +--- a/regexec.c ++++ b/regexec.c +@@ -3154,6 +3154,8 @@ + } + else { + UChar *q = p + reg->dmin; ++ ++ if (q >= end) return 0; /* fail */ + while (p < q) p += enclen(reg->enc, p); + } + } diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch new file mode 100644 index 00000000000..523455c97f3 --- /dev/null +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9228.patch @@ -0,0 +1,18 @@ +https://github.com/kkos/oniguruma/issues/60 +https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b + +Author: K.Kosako <kos...@sofnec.co.jp> + +--- a/regparse.c ++++ b/regparse.c +@@ -4081,7 +4081,9 @@ + } + } + +- *state = CCS_VALUE; ++ if (*state != CCS_START) ++ *state = CCS_VALUE; ++ + *type = CCV_CLASS; + return 0; + } diff --git a/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch new file mode 100644 index 00000000000..f2dbc55d59a --- /dev/null +++ b/dev-libs/oniguruma/files/oniguruma-5.9.6-CVE-2017-9229.patch @@ -0,0 +1,43 @@ +https://github.com/kkos/oniguruma/issues/59 +https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d + +Author: K.Kosako <kos...@sofnec.co.jp> + +--- a/regexec.c ++++ b/regexec.c +@@ -3207,18 +3207,25 @@ + } + else { + if (reg->dmax != ONIG_INFINITE_DISTANCE) { +- *low = p - reg->dmax; +- if (*low > s) { +- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, +- *low, (const UChar** )low_prev); +- if (low_prev && IS_NULL(*low_prev)) +- *low_prev = onigenc_get_prev_char_head(reg->enc, +- (pprev ? pprev : s), *low); ++ if (p - str < reg->dmax) { ++ *low = (UChar* )str; ++ if (low_prev) ++ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low); + } + else { +- if (low_prev) +- *low_prev = onigenc_get_prev_char_head(reg->enc, +- (pprev ? pprev : str), *low); ++ *low = p - reg->dmax; ++ if (*low > s) { ++ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, ++ *low, (const UChar** )low_prev); ++ if (low_prev && IS_NULL(*low_prev)) ++ *low_prev = onigenc_get_prev_char_head(reg->enc, ++ (pprev ? pprev : s), *low); ++ } ++ else { ++ if (low_prev) ++ *low_prev = onigenc_get_prev_char_head(reg->enc, ++ (pprev ? pprev : str), *low); ++ } + } + } + } diff --git a/dev-libs/oniguruma/metadata.xml b/dev-libs/oniguruma/metadata.xml index dbfa93acff9..b9955e3e293 100644 --- a/dev-libs/oniguruma/metadata.xml +++ b/dev-libs/oniguruma/metadata.xml @@ -6,17 +6,17 @@ <name>Cjk</name> </maintainer> <longdescription> -Oniguruma is a regular expression library. The characteristics of -this library is that different character encoding for every regular -expression object can be specified. (Supported character encodings: -ASCII, UTF-8, EUC-JP, Shift_JIS) + Oniguruma is a regular expression library. The characteristics of + this library is that different character encoding for every regular + expression object can be specified. (Supported character encodings: + ASCII, UTF-8, EUC-JP, Shift_JIS) </longdescription> <use> <flag name="combination-explosion-check"> - enable combination explosion check + enable combination explosion check </flag> <flag name="crnl-as-line-terminator"> - enable CR+NL as line terminator + enable CR+NL as line terminator </flag> </use> <upstream> diff --git a/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild b/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild new file mode 100644 index 00000000000..d99146dd4f5 --- /dev/null +++ b/dev-libs/oniguruma/oniguruma-5.9.6_p1-r1.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit autotools ltprune multilib-minimal + +MY_P="onig-${PV}" + +DESCRIPTION="a regular expression library for different character encodings" +HOMEPAGE="https://github.com/kkos/oniguruma"; +SRC_URI="https://github.com/kkos/${PN}/releases/download/v${PV}/${MY_P}.tar.gz"; + +LICENSE="BSD-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x86-solaris" +IUSE="combination-explosion-check crnl-as-line-terminator static-libs" + +S="${WORKDIR}/${MY_P/_p1/}" + +PATCHES=( + "${FILESDIR}"/${PN}-5.9.3-makefile.patch + "${FILESDIR}"/${P/_p1/}-CVE-2017-9224.patch + "${FILESDIR}"/${P/_p1/}-CVE-2017-9226.patch + "${FILESDIR}"/${P/_p1/}-CVE-2017-9227.patch + "${FILESDIR}"/${P/_p1/}-CVE-2017-9228.patch + "${FILESDIR}"/${P/_p1/}-CVE-2017-9229.patch +) +DOCS=( AUTHORS HISTORY README{,.ja} doc/. ) + +src_prepare() { + default + mv configure.{in,ac} || die + eautoreconf +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + $(use_enable combination-explosion-check) \ + $(use_enable crnl-as-line-terminator) \ + $(use_enable static-libs static) +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files +}
