rpms
/
oniguruma
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI oniguruma-6.8.2-2.1.el8_9

This commit is contained in:
eabdullin 2024-02-20 13:36:19 +00:00
parent 9a12b2e7cd
commit f633e92125
6 changed files with 413 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
SOURCES/oniguruma-6.8.2-CVE-2019-13224-fix.patch Normal file
View File

@ -0,0 +1,18 @@
diff -up onig-6.8.2/src/regext.c.orig onig-6.8.2/src/regext.c
--- onig-6.8.2/src/regext.c.orig 2017-12-11 01:08:17.000000000 +0100
+++ onig-6.8.2/src/regext.c 2023-10-30 11:10:45.018894014 +0100
@@ -196,7 +196,13 @@ onig_new_deluxe(regex_t** reg, const UCh
}
err2:
- if (cpat != pattern) xfree(cpat);
+ if (cpat != pattern) {
+ xfree(cpat);
+ if (r) {
+ einfo->par = (UChar* )NULL;
+ einfo->par_end = (UChar* )NULL;
+ }
+ }
return r;
}

42
SOURCES/oniguruma-6.8.2-CVE-2019-16163-fix.patch Normal file
View File

@ -0,0 +1,42 @@
diff -up onig-6.8.2/src/regparse.c.orig onig-6.8.2/src/regparse.c
--- onig-6.8.2/src/regparse.c.orig 2023-11-22 10:28:14.536985966 +0100
+++ onig-6.8.2/src/regparse.c 2023-11-22 10:32:19.677112046 +0100
@@ -6198,6 +6198,7 @@ parse_char_class(Node** np, OnigToken* t
env->parse_depth++;
if (env->parse_depth > ParseDepthLimit)
return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
+
prev_cc = (CClassNode* )NULL;
r = fetch_token_in_cc(tok, src, end, env);
if (r == TK_CHAR && tok->u.c == '^' && tok->escaped == 0) {
@@ -7723,14 +7724,18 @@ static int
parse_exp(Node** np, OnigToken* tok, int term, UChar** src, UChar* end,
ScanEnv* env)
{
- int r, len, group = 0;
+ int r, len, group;
Node* qn;
Node** targetp;
+ unsigned int parse_depth;
+ group = 0;
*np = NULL;
if (tok->type == (enum TokenSyms )term)
goto end_of_token;
+ parse_depth = env->parse_depth;
+
switch (tok->type) {
case TK_ALT:
case TK_EOT:
@@ -8037,6 +8042,10 @@ parse_exp(Node** np, OnigToken* tok, int
if (is_invalid_quantifier_target(*targetp))
return ONIGERR_TARGET_OF_REPEAT_OPERATOR_INVALID;
+ parse_depth++;
+ if (parse_depth > ParseDepthLimit)
+ return ONIGERR_PARSE_DEPTH_LIMIT_OVER;
+
qn = node_new_quantifier(tok->u.repeat.lower, tok->u.repeat.upper,
(r == TK_INTERVAL ? 1 : 0));
CHECK_NULL_RETURN_MEMERR(qn);

204
SOURCES/oniguruma-6.8.2-CVE-2019-19012-fix.patch Normal file
View File

@ -0,0 +1,204 @@
diff -up onig-6.8.2/src/regexec.c.orig onig-6.8.2/src/regexec.c
--- onig-6.8.2/src/regexec.c.orig 2018-04-17 02:08:37.000000000 +0200
+++ onig-6.8.2/src/regexec.c 2023-12-07 15:39:01.502781873 +0100
@@ -4384,14 +4384,14 @@ forward_search_range(regex_t* reg, const
#endif
p = s;
- if (reg->dmin > 0) {
+ if (reg->dmin != 0) {
+ if (end - p <= reg->dmin)
+ return 0; /* fail */
if (ONIGENC_IS_SINGLEBYTE(reg->enc)) {
p += reg->dmin;
}
else {
UChar *q = p + reg->dmin;
-
- if (q >= end) return 0; /* fail */
while (p < q) p += enclen(reg->enc, p);
}
}
@@ -4420,7 +4420,7 @@ forward_search_range(regex_t* reg, const
}
if (p && p < range) {
- if (p - reg->dmin < s) {
+ if (p - s < reg->dmin) {
retry_gate:
pprev = p;
p += enclen(reg->enc, p);
@@ -4468,6 +4468,7 @@ forward_search_range(regex_t* reg, const
*low_prev = onigenc_get_prev_char_head(reg->enc,
(pprev ? pprev : str), p);
}
+ *high = p;
}
else {
if (reg->dmax != INFINITE_LEN) {
@@ -4492,9 +4493,12 @@ forward_search_range(regex_t* reg, const
}
}
}
+ /* no needs to adjust *high, *high is used as range check only */
+ if (p - str < reg->dmin)
+ *high = (UChar* )str;
+ else
+ *high = p - reg->dmin;
}
- /* no needs to adjust *high, *high is used as range check only */
- *high = p - reg->dmin;
#ifdef ONIG_DEBUG_SEARCH
fprintf(stderr,
@@ -4517,7 +4521,6 @@ backward_search_range(regex_t* reg, cons
{
UChar *p;
- range += reg->dmin;
p = s;
retry:
@@ -4598,10 +4601,22 @@ backward_search_range(regex_t* reg, cons
}
}
- /* no needs to adjust *high, *high is used as range check only */
if (reg->dmax != INFINITE_LEN) {
- *low = p - reg->dmax;
- *high = p - reg->dmin;
+ if (p - str < reg->dmax)
+ *low = (UChar* )str;
+ else
+ *low = p - reg->dmax;
+
+ if (reg->dmin != 0) {
+ if (p - str < reg->dmin)
+ *high = (UChar* )str;
+ else
+ *high = p - reg->dmin;
+ }
+ else {
+ *high = p;
+ }
+
*high = onigenc_get_right_adjust_char_head(reg->enc, adjrange, *high);
}
@@ -4731,13 +4746,16 @@ onig_search_with_param(regex_t* reg, con
goto mismatch_no_msa;
if (range > start) {
- if ((OnigLen )(min_semi_end - start) > reg->anchor_dmax) {
+ if (min_semi_end - start > reg->anchor_dmax) {
start = min_semi_end - reg->anchor_dmax;
if (start < end)
start = onigenc_get_right_adjust_char_head(reg->enc, str, start);
}
- if ((OnigLen )(max_semi_end - (range - 1)) < reg->anchor_dmin) {
- range = max_semi_end - reg->anchor_dmin + 1;
+ if (max_semi_end - (range - 1) < reg->anchor_dmin) {
+ if (max_semi_end - str + 1 < reg->anchor_dmin)
+ goto mismatch_no_msa;
+ else
+ range = max_semi_end - reg->anchor_dmin + 1;
}
if (start > range) goto mismatch_no_msa;
@@ -4745,12 +4763,16 @@ onig_search_with_param(regex_t* reg, con
Backward search is used. */
}
else {
- if ((OnigLen )(min_semi_end - range) > reg->anchor_dmax) {
+ if (min_semi_end - range > reg->anchor_dmax) {
range = min_semi_end - reg->anchor_dmax;
}
- if ((OnigLen )(max_semi_end - start) < reg->anchor_dmin) {
- start = max_semi_end - reg->anchor_dmin;
- start = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc, str, start);
+ if (max_semi_end - start < reg->anchor_dmin) {
+ if (max_semi_end - str < reg->anchor_dmin)
+ goto mismatch_no_msa;
+ else {
+ start = max_semi_end - reg->anchor_dmin;
+ start = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc, str, start);
+ }
}
if (range > start) goto mismatch_no_msa;
}
@@ -4818,15 +4840,19 @@ onig_search_with_param(regex_t* reg, con
if (reg->optimize != OPTIMIZE_NONE) {
UChar *sch_range, *low, *high, *low_prev;
- sch_range = (UChar* )range;
if (reg->dmax != 0) {
if (reg->dmax == INFINITE_LEN)
sch_range = (UChar* )end;
else {
- sch_range += reg->dmax;
- if (sch_range > end) sch_range = (UChar* )end;
+ if ((end - range) < reg->dmax)
+ sch_range = (UChar* )end;
+ else {
+ sch_range = (UChar* )range + reg->dmax;
+ }
}
}
+ else
+ sch_range = (UChar* )range;
if ((end - start) < reg->threshold_len)
goto mismatch;
@@ -4885,18 +4911,28 @@ onig_search_with_param(regex_t* reg, con
if (reg->optimize != OPTIMIZE_NONE) {
UChar *low, *high, *adjrange, *sch_start;
+ const UChar *min_range;
if (range < end)
adjrange = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc, str, range);
else
adjrange = (UChar* )end;
+ if (end - range > reg->dmin)
+ min_range = range + reg->dmin;
+ else
+ min_range = end;
+
if (reg->dmax != INFINITE_LEN &&
(end - range) >= reg->threshold_len) {
do {
- sch_start = s + reg->dmax;
- if (sch_start > end) sch_start = (UChar* )end;
- if (backward_search_range(reg, str, end, sch_start, range, adjrange,
+ if (end - s > reg->dmax)
+ sch_start = s + reg->dmax;
+ else {
+ sch_start = (UChar* )end;
+ }
+
+ if (backward_search_range(reg, str, end, sch_start, min_range, adjrange,
&low, &high) <= 0)
goto mismatch;
@@ -4914,19 +4950,7 @@ onig_search_with_param(regex_t* reg, con
else { /* check only. */
if ((end - range) < reg->threshold_len) goto mismatch;
- sch_start = s;
- if (reg->dmax != 0) {
- if (reg->dmax == INFINITE_LEN)
- sch_start = (UChar* )end;
- else {
- sch_start += reg->dmax;
- if (sch_start > end) sch_start = (UChar* )end;
- else
- sch_start = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc,
- start, sch_start);
- }
- }
- if (backward_search_range(reg, str, end, sch_start, range, adjrange,
+ if (backward_search_range(reg, str, end, sch_start, min_range, adjrange,
&low, &high) <= 0) goto mismatch;
}
}

114
SOURCES/oniguruma-6.8.2-CVE-2019-19203-fix.patch Normal file
View File

@ -0,0 +1,114 @@
diff -up onig-6.8.2/src/gb18030.c.orig onig-6.8.2/src/gb18030.c
--- onig-6.8.2/src/gb18030.c.orig 2023-10-17 12:12:44.944352236 +0200
+++ onig-6.8.2/src/gb18030.c 2023-10-17 12:14:52.188483869 +0200
@@ -76,6 +76,20 @@ gb18030_mbc_enc_len(const UChar* p)
}
static int
+gb18030_code_to_mbclen(OnigCodePoint code)
+{
+ if ((code & 0xff000000) != 0) return 4;
+ else if ((code & 0xff0000) != 0) return ONIGERR_INVALID_CODE_POINT_VALUE;
+ else if ((code & 0xff00) != 0) return 2;
+ else {
+ if (GB18030_MAP[(int )(code & 0xff)] == CM)
+ return ONIGERR_INVALID_CODE_POINT_VALUE;
+
+ return 1;
+ }
+}
+
+static int
is_valid_mbc_string(const UChar* p, const UChar* end)
{
while (p < end) {
@@ -522,7 +536,7 @@ OnigEncodingType OnigEncodingGB18030 = {
1, /* min enc length */
onigenc_is_mbc_newline_0x0a,
gb18030_mbc_to_code,
- onigenc_mb4_code_to_mbclen,
+ gb18030_code_to_mbclen,
gb18030_code_to_mbc,
gb18030_mbc_case_fold,
onigenc_ascii_apply_all_case_fold,
diff -up onig-6.8.2/src/regparse.c.orig onig-6.8.2/src/regparse.c
--- onig-6.8.2/src/regparse.c.orig 2023-10-17 12:17:56.661666528 +0200
+++ onig-6.8.2/src/regparse.c 2023-10-17 12:29:57.807302184 +0200
@@ -5839,6 +5839,7 @@ add_ctype_to_cc(CClassNode* cc, int ctyp
int c, r;
int ascii_mode;
+ int is_single;
const OnigCodePoint *ranges;
OnigCodePoint limit;
OnigCodePoint sb_out;
@@ -5860,6 +5861,7 @@ add_ctype_to_cc(CClassNode* cc, int ctyp
}
r = 0;
+ is_single = ONIGENC_IS_SINGLEBYTE(enc);
limit = ascii_mode ? ASCII_LIMIT : SINGLE_BYTE_SIZE;
switch (ctype) {
@@ -5876,19 +5878,25 @@ add_ctype_to_cc(CClassNode* cc, int ctyp
case ONIGENC_CTYPE_ALNUM:
if (not != 0) {
for (c = 0; c < (int )limit; c++) {
- if (! ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
- BITSET_SET_BIT(cc->bs, c);
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1) {
+ if (! ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
+ BITSET_SET_BIT(cc->bs, c);
+ }
}
for (c = limit; c < SINGLE_BYTE_SIZE; c++) {
- BITSET_SET_BIT(cc->bs, c);
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
+ BITSET_SET_BIT(cc->bs, c);
}
- ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
+ if (is_single == 0)
+ ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
}
else {
for (c = 0; c < (int )limit; c++) {
- if (ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
- BITSET_SET_BIT(cc->bs, c);
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1) {
+ if (ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
+ BITSET_SET_BIT(cc->bs, c);
+ }
}
}
break;
@@ -5898,21 +5906,25 @@ add_ctype_to_cc(CClassNode* cc, int ctyp
case ONIGENC_CTYPE_WORD:
if (not != 0) {
for (c = 0; c < (int )limit; c++) {
- if (ONIGENC_CODE_TO_MBCLEN(enc, c) > 0 /* check invalid code point */
+ /* check invalid code point */
+ if ((is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
&& ! ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
BITSET_SET_BIT(cc->bs, c);
}
for (c = limit; c < SINGLE_BYTE_SIZE; c++) {
- if (ONIGENC_CODE_TO_MBCLEN(enc, c) > 0)
+ if (is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
BITSET_SET_BIT(cc->bs, c);
}
+ if (ascii_mode != 0 && is_single == 0)
+ ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
}
else {
for (c = 0; c < (int )limit; c++) {
- if (ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
+ if ((is_single != 0 || ONIGENC_CODE_TO_MBCLEN(enc, c) == 1)
+ && ONIGENC_IS_CODE_CTYPE(enc, (OnigCodePoint )c, ctype))
BITSET_SET_BIT(cc->bs, c);
}
- if (ascii_mode == 0)
+ if (ascii_mode == 0 && is_single == 0)
ADD_ALL_MULTI_BYTE_RANGE(enc, cc->mbuf);
}
break;

12
SOURCES/oniguruma-6.8.2-CVE-2019-19204-fix.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up onig-6.8.2/src/regparse.c.orig onig-6.8.2/src/regparse.c
--- onig-6.8.2/src/regparse.c.orig 2023-10-13 10:22:48.882495157 +0200
+++ onig-6.8.2/src/regparse.c 2023-10-13 10:23:11.096529668 +0200
@@ -4132,7 +4132,7 @@ fetch_range_quantifier(UChar** src, UCha
if (PEND) goto invalid;
PFETCH(c);
if (IS_SYNTAX_OP(env->syntax, ONIG_SYN_OP_ESC_BRACE_INTERVAL)) {
- if (c != MC_ESC(env->syntax)) goto invalid;
+ if (c != MC_ESC(env->syntax) || PEND) goto invalid;
PFETCH(c);
}
if (c != '}') goto invalid;

24
SPECS/oniguruma.spec
View File

@ -1,6 +1,6 @@
Name: oniguruma
Version: 6.8.2
Release: 2%{?dist}
Release: 2.1%{?dist}
Summary: Regular expressions library
Group: System Environment/Libraries
@ -10,6 +10,11 @@ Source0: https://github.com/kkos/oniguruma/releases/download/v%{version}/onig-%{
# Backport https://src.fedoraproject.org/rpms/oniguruma/blob/f29/f/0100-Apply-CVE-2019-13325-fix-to-6.9.1.patch
# (upstream: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c)
Patch100: oniguruma-6.8.2-CVE-2019-13225-fix.patch
Patch101: oniguruma-6.8.2-CVE-2019-13224-fix.patch
Patch102: oniguruma-6.8.2-CVE-2019-16163-fix.patch
Patch103: oniguruma-6.8.2-CVE-2019-19012-fix.patch
Patch104: oniguruma-6.8.2-CVE-2019-19203-fix.patch
Patch105: oniguruma-6.8.2-CVE-2019-19204-fix.patch
%description
Oniguruma is a regular expressions library.
@ -46,6 +51,11 @@ done
%endif
%patch100 -p1 -b .CVE-2019-13225
%patch101 -p1 -b .CVE-2019-13224
%patch102 -p1 -b .CVE-2019-16163
%patch103 -p1 -b .CVE-2019-19012
%patch104 -p1 -b .CVE-2019-19203
%patch105 -p1 -b .CVE-2019-19204
%build
%configure \
@ -102,6 +112,18 @@ find $RPM_BUILD_ROOT -name '*.la' \
%{_libdir}/pkgconfig/%{name}.pc
%changelog
* Fri Jan 05 2024 Vitezslav Crhonek <vcrhonek@redhat.com> - 6.8.2-2.1
- Fix CVE-2019-13224
Resolves: RHEL-20648
- Fix CVE-2019-16163
Resolves: RHEL-20642
- Fix CVE-2019-19012
Resolves: RHEL-20636
- Fix CVE-2019-19203
Resolves: RHEL-20630
- Fix CVE-2019-19204
Resolves: RHEL-20624
* Fri Jun 26 2020 Jiri Kucera <jkucera@redhat.com> - 6.8.2-2
- Fix CVE-2019-13225
Resolves: #1771052