summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Timo Gurr <tgurr@exherbo.org> 2020-10-22 16:55:34 +0200
committerAvatar Timo Gurr <tgurr@exherbo.org> 2020-10-22 16:55:34 +0200
commit6162c8ff5c8a9b9ca82be2b992962c44026ebd04 (patch)
tree4bef454a30e55a011386bc710c8d42f9a854bc9a
parentf4eea6b61f879540214bf0c36fdb77331a737e47 (diff)
downloadarbor-6162c8ff5c8a9b9ca82be2b992962c44026ebd04.tar.gz
arbor-6162c8ff5c8a9b9ca82be2b992962c44026ebd04.tar.xz
oniguruma: version bump to 6.9.5_p1, CVE-2020-26159
-rw-r--r--metadata/repository_mask.conf6
-rw-r--r--packages/dev-libs/oniguruma/files/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch25
-rw-r--r--packages/dev-libs/oniguruma/oniguruma-6.9.5_p1.exheres-0 (renamed from packages/dev-libs/oniguruma/oniguruma-6.9.4.exheres-0)8
3 files changed, 35 insertions, 4 deletions
diff --git a/metadata/repository_mask.conf b/metadata/repository_mask.conf
index dff4148e6..c739c254c 100644
--- a/metadata/repository_mask.conf
+++ b/metadata/repository_mask.conf
@@ -1051,11 +1051,11 @@ dev-libs/fribidi[<1.0.7-r1] [[
description = [ CVE-2019-18397 ]
]]
-dev-libs/oniguruma[<6.9.4] [[
+dev-libs/oniguruma[<6.9.5_p1] [[
author = [ Timo Gurr <tgurr@exherbo.org> ]
- date = [ 09 Dec 2019 ]
+ date = [ 22 Oct 2020 ]
token = security
- description = [ CVE-2019-19{012,203,204,246} ]
+ description = [ CVE-2020-26159 ]
]]
app-shells/zsh[<5.8] [[
diff --git a/packages/dev-libs/oniguruma/files/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch b/packages/dev-libs/oniguruma/files/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch
new file mode 100644
index 000000000..113012d17
--- /dev/null
+++ b/packages/dev-libs/oniguruma/files/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch
@@ -0,0 +1,25 @@
+Source/Upstream: Yes, fixed in git master
+Reason: CVE-2020-26159
+
+From cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0 Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kkosako0@gmail.com>
+Date: Mon, 21 Sep 2020 12:58:29 +0900
+Subject: [PATCH] #207: Out-of-bounds write
+
+---
+ src/regcomp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/regcomp.c b/src/regcomp.c
+index f6494b6d..a0a68561 100644
+--- a/src/regcomp.c
++++ b/src/regcomp.c
+@@ -6257,7 +6257,7 @@ concat_opt_exact_str(OptStr* to, UChar* s, UChar* end, OnigEncoding enc)
+
+ for (i = to->len, p = s; p < end && i < OPT_EXACT_MAXLEN; ) {
+ len = enclen(enc, p);
+- if (i + len > OPT_EXACT_MAXLEN) break;
++ if (i + len >= OPT_EXACT_MAXLEN) break;
+ for (j = 0; j < len && p < end; j++)
+ to->s[i++] = *p++;
+ }
diff --git a/packages/dev-libs/oniguruma/oniguruma-6.9.4.exheres-0 b/packages/dev-libs/oniguruma/oniguruma-6.9.5_p1.exheres-0
index f65daefe8..c0b4b3eaa 100644
--- a/packages/dev-libs/oniguruma/oniguruma-6.9.4.exheres-0
+++ b/packages/dev-libs/oniguruma/oniguruma-6.9.5_p1.exheres-0
@@ -2,7 +2,7 @@
# Copyright 2019 Danilo Spinella <danyspin97@protonmail.com>
# Distributed under the terms of the GNU General Public License v2
-require github [ user=kkos release=v${PV} pnv=${PNV/uruma} suffix=tar.gz ]
+require github [ user=kkos release=v${PV/p1/rev1} pnv=${PN/uruma}-${PV/p1/rev1} suffix=tar.gz ]
SUMMARY="A regular expressions library"
DESCRIPTION="
@@ -18,6 +18,12 @@ MYOPTIONS=""
DEPENDENCIES=""
+WORK=${WORKBASE}/${PN/uruma}-${PV/_p1}
+
+DEFAULT_SRC_PREPARE_PATCHES=(
+ "${FILES}"/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch
+)
+
DEFAULT_SRC_CONFIGURE_PARAMS=(
--enable-posix-api
--disable-static