packages/oniguruma
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:f15a986a8a6c8fe782d956f7a6beb4c88fad0bb8
Branches Tags
packages:main
...
compare: packages:43b1ec84a4fdc96d9806a395395a4d9f2a3261ab
Branches Tags
packages:main

10 Commits
f15a986a8a ... 43b1ec84a4

Author SHA1 Message Date
openeuler-ci-bot
43b1ec84a4
!17 upgrade version to 6.9.9 
From: @zhangkea 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-01-02 02:54:43 +00:00
ut001695
cd22533872 upgrade version 6.9.9 2023-12-28 11:02:54 +08:00
openeuler-ci-bot
6bf718240f
!12 update to 6.9.8 
From: @dillon_chen 
Reviewed-by: @overweight 
Signed-off-by: @overweight
 2022-06-27 06:50:37 +00:00
dillon_chen
660be6cfa0 update to 6.9.8 2022-06-27 14:27:07 +08:00
openeuler-ci-bot
6f3d3ce76b !10 update version to 6.9.7.1 
Merge pull request !10 from panxh_purple/master
 2021-12-31 08:05:11 +00:00
panxiaohe
884aa2db17 update version to 6.9.7.1 2021-12-31 15:12:33 +08:00
openeuler-ci-bot
2636edbab1 !9 update version to 6.9.6 
From: @zou_lin77
Reviewed-by: @hanxinke,@licihua,@small_leek
Signed-off-by: @hanxinke,@licihua,@small_leek
 2021-01-27 17:59:49 +08:00
zou_lin77
67478cd5ea update version to 6.9.6 2021-01-23 14:50:44 +08:00
openeuler-ci-bot
0e0973a106 !4 fix CVE-2019-19012 
From: @wangxiao65
Reviewed-by: @zhanghua1831,@small_leek
Signed-off-by: @small_leek
 2021-01-05 14:59:00 +08:00
wangxiao65
94b40df318 fix CVE-2019-19012 2021-01-04 16:37:28 +08:00
10 changed files with 20 additions and 379 deletions
Show Stats Expand all files Collapse all files

28
CVE-2017-9228.patch
View File

@ -1,28 +0,0 @@
From 5c8ed2a12935501759ebf1792ee4949b429c195b Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Wed, 24 May 2017 13:43:25 +0900
Subject: [PATCH] fix #60 : invalid state(CCS_VALUE) in parse_char_class()
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
src/regparse.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/regparse.c b/src/regparse.c
index fcc05cf..3689519 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -6071,7 +6071,9 @@ next_state_class(CClassNode* cc, OnigCodePoint* vs, enum CCVALTYPE* type,
}
}
- *state = CCS_VALUE;
+ if (*state != CCS_START)
+ *state = CCS_VALUE;
+
*type = CCV_CLASS;
return 0;
}
--
2.0.1

45
CVE-2019-13224.patch
View File

@ -1,45 +0,0 @@
From ad793dcb677988667b2d23e3fd4480b44113fdd1 Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Thu, 27 Jun 2019 17:25:26 +0900
Subject: [PATCH] Fix CVE-2019-13224: don't allow different encodings for
onig_new_deluxe()
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
src/regext.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/regext.c b/src/regext.c
index 996d043..de122c7 100644
--- a/src/regext.c
+++ b/src/regext.c
@@ -29,6 +29,7 @@
#include "regint.h"
+#if 0
static void
conv_ext0be32(const UChar* s, const UChar* end, UChar* conv)
{
@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEncoding to, const UChar* s, const UChar* e
return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
}
+#endif
extern int
onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,
@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,
if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL;
if (ci->pattern_enc != ci->target_enc) {
- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end,
- &cpat, &cpat_end);
- if (r != 0) return r;
+ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
}
else {
cpat = (UChar* )pattern;
--
2.0.1

71
CVE-2019-13225.patch
View File

@ -1,71 +0,0 @@
From 5ed8bad6a362c8a77cbd40196cd8867681029bcd Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Thu, 27 Jun 2019 14:11:55 +0900
Subject: [PATCH] Fix CVE-2019-13225: problem in converting if-then-else
pattern to bytecode.
Signed-off-by: hanxinke <hanxinke@huawei.com>
---
src/regcomp.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/src/regcomp.c b/src/regcomp.c
index 83b9252..6c9da7e 100644
--- a/src/regcomp.c
+++ b/src/regcomp.c
@@ -1100,8 +1100,9 @@ compile_length_enclosure_node(EnclosureNode* node, regex_t* reg)
len += tlen;
}
+ len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END;
+
if (IS_NOT_NULL(Else)) {
- len += SIZE_OP_JUMP;
tlen = compile_length_tree(Else, reg);
if (tlen < 0) return tlen;
len += tlen;
@@ -1243,7 +1244,7 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env)
case ENCLOSURE_IF_ELSE:
{
- int cond_len, then_len, jump_len;
+ int cond_len, then_len, else_len, jump_len;
Node* cond = NODE_ENCLOSURE_BODY(node);
Node* Then = node->te.Then;
Node* Else = node->te.Else;
@@ -1260,8 +1261,7 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env)
else
then_len = 0;
- jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END;
- if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP;
+ jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP;
r = add_opcode_rel_addr(reg, OP_PUSH, jump_len);
if (r != 0) return r;
@@ -1276,9 +1276,19 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env)
}
if (IS_NOT_NULL(Else)) {
- int else_len = compile_length_tree(Else, reg);
- r = add_opcode_rel_addr(reg, OP_JUMP, else_len);
- if (r != 0) return r;
+ else_len = compile_length_tree(Else, reg);
+ if (else_len < 0) return else_len;
+ }
+ else
+ else_len = 0;
+
+ r = add_opcode_rel_addr(reg, OP_JUMP, else_len + SIZE_OP_ATOMIC_END);
+ if (r != 0) return r;
+
+ r = add_opcode(reg, OP_ATOMIC_END);
+ if (r != 0) return r;
+
+ if (IS_NOT_NULL(Else)) {
r = compile_tree(Else, reg, env);
}
}
--
2.0.1

55
CVE-2019-16163.patch
View File

@ -1,55 +0,0 @@
From 4097828d7cc87589864fecf452f2cd46c5f37180 Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Mon, 29 Jul 2019 12:52:56 +0900
Subject: [PATCH] fix #147: Stack Exhaustion Problem caused by some parsing
functions in regcomp.c making recursive calls to themselves.
---
src/regparse.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/regparse.c b/src/regparse.c
index 3689519..9652bfd 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -6190,6 +6190,7 @@ parse_char_class(Node** np, OnigToken* tok, UChar** src, UChar* end, ScanEnv* en
env->parse_depth++;
if (env->parse_depth > ParseDepthLimit)
return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
+
prev_cc = (CClassNode* )NULL;
r = fetch_token_in_cc(tok, src, end, env);
if (r == TK_CHAR && tok->u.c == '^' && tok->escaped == 0) {
@@ -7714,13 +7715,17 @@ static int
parse_exp(Node** np, OnigToken* tok, int term, UChar** src, UChar* end,
ScanEnv* env)
{
- int r, len, group = 0;
+ int r, len, group;
Node* qn;
Node** targetp;
+ unsigned int parse_depth;
+ group = 0;
*np = NULL;
if (tok->type == (enum TokenSyms )term)
goto end_of_token;
+
+ parse_depth = env->parse_depth;
switch (tok->type) {
case TK_ALT:
@@ -8028,6 +8033,10 @@ parse_exp(Node** np, OnigToken* tok, int term, UChar** src, UChar* end,
if (is_invalid_quantifier_target(*targetp))
return ONIGERR_TARGET_OF_REPEAT_OPERATOR_INVALID;
+ parse_depth++;
+ if (parse_depth > ParseDepthLimit)
+ return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
+
qn = node_new_quantifier(tok->u.repeat.lower, tok->u.repeat.upper,
(r == TK_INTERVAL ? 1 : 0));
CHECK_NULL_RETURN_MEMERR(qn);
--
2.19.1

126
CVE-2019-19203.patch
View File

@ -1,126 +0,0 @@
From aa0188eaedc056dca8374ac03d0177429b495515 Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Thu, 7 Nov 2019 14:13:55 +0900
Subject: [PATCH] fix #163: heap-buffer-overflow in gb18030_mbc_enc_len
---
src/gb18030.c | 16 +++++++++++++++-
src/regparse.c | 32 ++++++++++++++++++++++----------
2 files changed, 37 insertions(+), 11 deletions(-)
diff --git a/src/gb18030.c b/src/gb18030.c
index ad5bf96..da6cfab 100644
--- a/src/gb18030.c
+++ b/src/gb18030.c
@@ -75,6 +75,20 @@ gb18030_mbc_enc_len(const UChar* p)
return 2;
}
+static int
+gb18030_code_to_mbclen(OnigCodePoint code)
+{
+ if ((code & 0xff000000) != 0) return 4;
+ else if ((code & 0xff0000) != 0) return ONIGERR_INVALID_CODE_POINT_VALUE;
+ else if ((code & 0xff00) != 0) return 2;
+ else {
+ if (GB18030_MAP[(int )(code & 0xff)] == CM)
+ return ONIGERR_INVALID_CODE_POINT_VALUE;
+
+ return 1;
+ }
+}
+
static int
is_valid_mbc_string(const UChar* p, const UChar* end)
{
@@ -513,7 +527,7 @@ OnigEncodingType OnigEncodingGB18030 = {
1, /* min enc length */
onigenc_is_mbc_newline_0x0a,
gb18030_mbc_to_code,
- onigenc_mb4_code_to_mbclen,
+ gb18030_code_to_mbclen,
gb18030_code_to_mbc,
gb18030_mbc_case_fold,
onigenc_ascii_apply_all_case_fold,
diff --git a/src/regparse.c b/src/regparse.c
index 70c36d5..5bf25e8 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -5885,6 +5885,7 @@ add_ctype_to_cc(CClassNode* cc, int ctype, int not, ScanEnv* env)
int c, r;
int ascii_mode;
+ int is_single;
const OnigCodePoint *ranges;
OnigCodePoint limit;
OnigCodePoint sb_out;
@@ -5906,6 +5907,7 @@ add_ctype_to_cc(CClassNode* cc, int ctype, int not, ScanEnv* env)
}
r = 0;
+ is_single = ONIGENC_IS_SINGLEBYTE(enc);
limit = ascii_mode ? ASCII_LIMIT : SINGLE_BYTE_SIZE;
switch (ctype) {
@@ -5922,19 +5924,25 @@ add_ctype_to_cc(CClassNode* cc, int ctype, int not, ScanEnv* env)
case ONIGENC_CTYPE_ALNUM:
if (not != 0) {
for (c = 0; c < (int )limit; c++) {
- if (! ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
- BITSET_SET_BIT(cc->bs, c);
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1) {
+ if (! ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
+ BITSET_SET_BIT(cc->bs, c);
+ }
}
for (c = limit; c < SINGLE_BYTE_SIZE; c++) {
- BITSET_SET_BIT(cc->bs, c);
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
+ BITSET_SET_BIT(cc->bs, c);
}
- ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
+ if (is_single == 0)
+ ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
}
else {
for (c = 0; c < (int )limit; c++) {
- if (ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
- BITSET_SET_BIT(cc->bs, c);
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1) {
+ if (ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
+ BITSET_SET_BIT(cc->bs, c);
+ }
}
}
break;
@@ -5944,21 +5952,25 @@ add_ctype_to_cc(CClassNode* cc, int ctype, int not, ScanEnv* env)
case ONIGENC_CTYPE_WORD:
if (not != 0) {
for (c = 0; c < (int )limit; c++) {
- if (ONIGENC_CODE_TO_MBCLEN(enc, c) > 0 /* check invalid code point */
+ /* check invalid code point */
+ if ((is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
&& ! ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
BITSET_SET_BIT(cc->bs, c);
}
for (c = limit; c < SINGLE_BYTE_SIZE; c++) {
- if (ONIGENC_CODE_TO_MBCLEN(enc, c) > 0)
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
BITSET_SET_BIT(cc->bs, c);
}
+ if (ascii_mode != 0 && is_single == 0)
+ ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
}
else {
for (c = 0; c < (int )limit; c++) {
- if (ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
+ if ((is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
+ && ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
BITSET_SET_BIT(cc->bs, c);
}
- if (ascii_mode == 0)
+ if (ascii_mode == 0 && is_single == 0)
ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
}
break;

23
CVE-2019-19204.patch
View File

@ -1,23 +0,0 @@
From 6eb4aca6a7f2f60f473580576d86686ed6a6ebec Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Wed, 6 Nov 2019 17:32:29 +0900
Subject: [PATCH] fix #162: heap-buffer-overflow in fetch_interval_quantifier
due to double PFETCH
---
src/regparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/regparse.c b/src/regparse.c
index 324c414..70c36d5 100644
--- a/src/regparse.c
+++ b/src/regparse.c
@@ -4178,7 +4178,7 @@ fetch_interval_quantifier(UChar** src, UChar* end, PToken* tok, ScanEnv* env)
if (PEND) goto invalid;
PFETCH(c);
if (IS_SYNTAX_OP(env->syntax, ONIG_SYN_OP_ESC_BRACE_INTERVAL)) {
- if (c != MC_ESC(env->syntax)) goto invalid;
+ if (c != MC_ESC(env->syntax) || PEND) goto invalid;
PFETCH(c);
}
if (c != '}') goto invalid;

21
CVE-2019-19246.patch
View File

@ -1,21 +0,0 @@
From d3e402928b6eb3327f8f7d59a9edfa622fec557b Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Tue, 13 Aug 2019 13:37:30 +0900
Subject: [PATCH] fix heap-buffer-overflow
---
src/regexec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/regexec.c b/src/regexec.c
index 0753b07..634ee42 100644
--- a/src/regexec.c
+++ b/src/regexec.c
@@ -4196,6 +4196,7 @@ str_lower_case_match(OnigEncoding enc, int case_fold_flag,
lowlen = ONIGENC_MBC_CASE_FOLD(enc, case_fold_flag, &p, end, lowbuf);
q = lowbuf;
while (lowlen > 0) {
+ if (t >= tend) return 0;
if (*t++ != *q++) return 0;
lowlen--;
}

BIN
onig-6.9.0.tar.gz
View File

Binary file not shown.

BIN
onig-6.9.9.tar.gz Normal file
View File

Binary file not shown.

30
oniguruma.spec
View File

@ -1,6 +1,8 @@
%global mainver 6.9.9
Name: oniguruma
Version: 6.9.0
Release: 2
Version: 6.9.9
Release: 1
Summary: Regular expressions library
License: BSD
URL: https://github.com/kkos/oniguruma/
@ -8,13 +10,6 @@ Source0: https://github.com/kkos/oniguruma/releases/download/v%{version}/oni
BuildRequires: gcc
Patch0001: CVE-2017-9228.patch
Patch0002: CVE-2019-13224.patch
Patch0003: CVE-2019-13225.patch
Patch0004: CVE-2019-16163.patch
Patch0005: CVE-2019-19203.patch
Patch0006: CVE-2019-19204.patch
Patch0007: CVE-2019-19246.patch
%description
Oniguruma is a regular expressions library.
@ -33,7 +28,7 @@ developing applications that use %{name}.
%package_help
%prep
%autosetup -n onig-%{version} -p1
%autosetup -n onig-%{mainver} -p1
%{__sed} -i.multilib -e 's|-L@libdir@||' onig-config.in
%build
@ -70,6 +65,21 @@ make check
%doc HISTORY README.md index.html doc/API doc/CALLOUTS.API doc/CALLOUTS.BUILTIN doc/FAQ doc/RE
%changelog
* Thu Dec 28 2023 zhangkea <zhangkea@uniontech.com> - 6.9.9-1
- update to 6.9.9
* Mon Jun 27 2022 dillon chen <dillon.chen@gmail.com>
- update to 6.9.8
* Thu Dec 30 2021 panxiaohe <panxiaohe@huawei.com> - 6.9.7.1-1
- update version to 6.9.7.1
* Sat Jan 23 2021 zoulin <zoulin13@huawei.com> - 6.9.6-1
- update version to 6.9.6
* Sat Jan 04 2020 wangxiao <wangxiao65@huawei.com> - 6.9.0-3
- fix CVE-2019-19012
* Thu Mar 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 6.9.0-2
- Add CVE patches