summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2020-10-20 15:28:11 +0200
committerRemi Collet <remi@remirepo.net>2020-10-20 15:28:11 +0200
commit9bd4bafbc2d43862bb24e1c1458ffe856798d0b9 (patch)
tree843f9714405637eaadd1128d4141f6050186d3bf
parent5c6a3e83d5b7f881d4162d2c8a0959d61c1081bb (diff)
From Fedora: Revert fix for CVE-2020-26159, marked as false
https://github.com/kkos/oniguruma/issues/221
-rw-r--r--oniguruma-XXX-CVE-2020-26159.patch22
-rw-r--r--oniguruma.spec10
2 files changed, 5 insertions, 27 deletions
diff --git a/oniguruma-XXX-CVE-2020-26159.patch b/oniguruma-XXX-CVE-2020-26159.patch
deleted file mode 100644
index 71a8ada..0000000
--- a/oniguruma-XXX-CVE-2020-26159.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0 Mon Sep 17 00:00:00 2001
-From: "K.Kosako" <kkosako0@gmail.com>
-Date: Mon, 21 Sep 2020 12:58:29 +0900
-Subject: [PATCH] #207: Out-of-bounds write
-
----
- src/regcomp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/regcomp.c b/src/regcomp.c
-index f6494b6d..a0a68561 100644
---- a/src/regcomp.c
-+++ b/src/regcomp.c
-@@ -6257,7 +6257,7 @@ concat_opt_exact_str(OptStr* to, UChar* s, UChar* end, OnigEncoding enc)
-
- for (i = to->len, p = s; p < end && i < OPT_EXACT_MAXLEN; ) {
- len = enclen(enc, p);
-- if (i + len > OPT_EXACT_MAXLEN) break;
-+ if (i + len >= OPT_EXACT_MAXLEN) break;
- for (j = 0; j < len && p < end; j++)
- to->s[i++] = *p++;
- }
diff --git a/oniguruma.spec b/oniguruma.spec
index 45d84bf..12f49c7 100644
--- a/oniguruma.spec
+++ b/oniguruma.spec
@@ -24,7 +24,7 @@
Name: %{libname}%{oldsoname}php
Version: %{mainver}%{?postver:+%postver}
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Regular expressions library
License: BSD
@@ -33,9 +33,6 @@ Source0: https://github.com/kkos/oniguruma/releases/download/v%{mainver}%{?postv
# Bump soname from 5 to 105 to allow parallel installation
Patch0: onig-soname.patch
-# https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
-# https://github.com/kkos/oniguruma/issues/207
-Patch1: oniguruma-XXX-CVE-2020-26159.patch
BuildRequires: gcc
@@ -70,7 +67,6 @@ developing applications that use %{name}.
%{__sed} -i.multilib -e 's|-L@libdir@||' onig-config.in
%patch0 -p1 -b .bump
-%patch1 -p1 -b .CVE-2020-26159
%if 0
for f in \
@@ -156,6 +152,10 @@ sed -e '/^test_regset_LDADD/s/$/ -lrt/' -i test/Makefile
%changelog
+* Tue Oct 20 2020 Remi Collet <remi@remirepo.net> -6.9.5+rev1-4
+- From Fedora: Revert fix for CVE-2020-26159, marked as false
+ https://github.com/kkos/oniguruma/issues/221
+
* Thu Oct 1 2020 Remi Collet <remi@remirepo.net> -6.9.5+rev1-3
- From Fedora: Apply upstream fix for CVE-2020-26159