diff --git a/SOURCES/oniguruma-6.8.2-CVE-2019-13225-fix.patch b/SOURCES/oniguruma-6.8.2-CVE-2019-13225-fix.patch new file mode 100644 index 0000000..ecddbd3 --- /dev/null +++ b/SOURCES/oniguruma-6.8.2-CVE-2019-13225-fix.patch @@ -0,0 +1,57 @@ +diff --git a/src/regcomp.c b/src/regcomp.c +index f953ed1..ae2caeb 100644 +--- a/src/regcomp.c ++++ b/src/regcomp.c +@@ -1131,8 +1131,9 @@ compile_length_enclosure_node(EnclosureNode* node, regex_t* reg) + len += tlen; + } + ++ len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END; ++ + if (IS_NOT_NULL(Else)) { +- len += SIZE_OP_JUMP; + tlen = compile_length_tree(Else, reg); + if (tlen < 0) return tlen; + len += tlen; +@@ -1274,7 +1275,7 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env) + + case ENCLOSURE_IF_ELSE: + { +- int cond_len, then_len, jump_len; ++ int cond_len, then_len, else_len, jump_len; + Node* cond = NODE_ENCLOSURE_BODY(node); + Node* Then = node->te.Then; + Node* Else = node->te.Else; +@@ -1291,8 +1292,7 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env) + else + then_len = 0; + +- jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END; +- if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP; ++ jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP; + + r = add_opcode_rel_addr(reg, OP_PUSH, jump_len); + if (r != 0) return r; +@@ -1307,9 +1307,19 @@ compile_enclosure_node(EnclosureNode* node, regex_t* reg, ScanEnv* env) + } + + if (IS_NOT_NULL(Else)) { +- int else_len = compile_length_tree(Else, reg); +- r = add_opcode_rel_addr(reg, OP_JUMP, else_len); +- if (r != 0) return r; ++ else_len = compile_length_tree(Else, reg); ++ if (else_len < 0) return else_len; ++ } ++ else ++ else_len = 0; ++ ++ r = add_opcode_rel_addr(reg, OP_JUMP, SIZE_OP_ATOMIC_END + else_len); ++ if (r != 0) return r; ++ ++ r = add_opcode(reg, OP_ATOMIC_END); ++ if (r != 0) return r; ++ ++ if (IS_NOT_NULL(Else)) { + r = compile_tree(Else, reg, env); + } + } diff --git a/SPECS/oniguruma.spec b/SPECS/oniguruma.spec index 9a77f9c..7d4c4a7 100644 --- a/SPECS/oniguruma.spec +++ b/SPECS/oniguruma.spec @@ -1,12 +1,15 @@ Name: oniguruma Version: 6.8.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Regular expressions library Group: System Environment/Libraries License: BSD URL: https://github.com/kkos/oniguruma/ Source0: https://github.com/kkos/oniguruma/releases/download/v%{version}/onig-%{version}.tar.gz +# Backport https://src.fedoraproject.org/rpms/oniguruma/blob/f29/f/0100-Apply-CVE-2019-13325-fix-to-6.9.1.patch +# (upstream: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c) +Patch100: oniguruma-6.8.2-CVE-2019-13225-fix.patch %description Oniguruma is a regular expressions library. @@ -42,6 +45,8 @@ for f in \ done %endif +%patch100 -p1 -b .CVE-2019-13225 + %build %configure \ --disable-silent-rules \ @@ -97,6 +102,10 @@ find $RPM_BUILD_ROOT -name '*.la' \ %{_libdir}/pkgconfig/%{name}.pc %changelog +* Fri Jun 26 2020 Jiri Kucera - 6.8.2-2 +- Fix CVE-2019-13225 + Resolves: #1771052 + * Mon Apr 23 2018 Mamoru TASAKA - 6.8.2-1 - 6.8.2