* [Buildroot] [PATCH 1/1] package/oniguruma: security bump to version 6.9.6
@ 2020-11-05 6:36 Fabrice Fontaine
2020-11-05 8:40 ` Peter Korsgaard
2020-11-09 9:37 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2020-11-05 6:36 UTC (permalink / raw)
To: buildroot
Drop patch (already in version)
Fixed many problems found by OSS-Fuzz
Fixed many problems found by Coverity
https://github.com/kkos/oniguruma/releases/tag/v6.9.6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
.../0001-207-Out-of-bounds-write.patch | 25 -------------------
package/oniguruma/oniguruma.hash | 2 +-
package/oniguruma/oniguruma.mk | 5 +---
3 files changed, 2 insertions(+), 30 deletions(-)
delete mode 100644 package/oniguruma/0001-207-Out-of-bounds-write.patch
diff --git a/package/oniguruma/0001-207-Out-of-bounds-write.patch b/package/oniguruma/0001-207-Out-of-bounds-write.patch
deleted file mode 100644
index 3317449702..0000000000
--- a/package/oniguruma/0001-207-Out-of-bounds-write.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0 Mon Sep 17 00:00:00 2001
-From: "K.Kosako" <kkosako0@gmail.com>
-Date: Mon, 21 Sep 2020 12:58:29 +0900
-Subject: [PATCH] #207: Out-of-bounds write
-
-[Retrieved from:
-https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- src/regcomp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/regcomp.c b/src/regcomp.c
-index f6494b6d..a0a68561 100644
---- a/src/regcomp.c
-+++ b/src/regcomp.c
-@@ -6257,7 +6257,7 @@ concat_opt_exact_str(OptStr* to, UChar* s, UChar* end, OnigEncoding enc)
-
- for (i = to->len, p = s; p < end && i < OPT_EXACT_MAXLEN; ) {
- len = enclen(enc, p);
-- if (i + len > OPT_EXACT_MAXLEN) break;
-+ if (i + len >= OPT_EXACT_MAXLEN) break;
- for (j = 0; j < len && p < end; j++)
- to->s[i++] = *p++;
- }
diff --git a/package/oniguruma/oniguruma.hash b/package/oniguruma/oniguruma.hash
index 82354d4b9e..668f21d37f 100644
--- a/package/oniguruma/oniguruma.hash
+++ b/package/oniguruma/oniguruma.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 2f25cc3165e6da4b12dcabdb6b77c48f436d835e127ec2e3cad7abae9ea8e9a6 onig-6.9.5.tar.gz
+sha256 bd0faeb887f748193282848d01ec2dad8943b5dfcb8dc03ed52dcc963549e819 onig-6.9.6.tar.gz
sha256 6c7038393e8f30fee16257e713f77e383712f1465d6d25929596746b10b42bd3 COPYING
diff --git a/package/oniguruma/oniguruma.mk b/package/oniguruma/oniguruma.mk
index c2330c7380..e7aaa43c2f 100644
--- a/package/oniguruma/oniguruma.mk
+++ b/package/oniguruma/oniguruma.mk
@@ -4,7 +4,7 @@
#
################################################################################
-ONIGURUMA_VERSION = 6.9.5
+ONIGURUMA_VERSION = 6.9.6
ONIGURUMA_SITE = \
https://github.com/kkos/oniguruma/releases/download/v$(ONIGURUMA_VERSION)
ONIGURUMA_SOURCE = onig-$(ONIGURUMA_VERSION).tar.gz
@@ -12,7 +12,4 @@ ONIGURUMA_LICENSE = BSD-2-Clause
ONIGURUMA_LICENSE_FILES = COPYING
ONIGURUMA_INSTALL_STAGING = YES
-# 0001-207-Out-of-bounds-write.patch
-ONIGURUMA_IGNORE_CVES += CVE-2020-26159
-
$(eval $(autotools-package))
--
2.28.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/oniguruma: security bump to version 6.9.6
2020-11-05 6:36 [Buildroot] [PATCH 1/1] package/oniguruma: security bump to version 6.9.6 Fabrice Fontaine
@ 2020-11-05 8:40 ` Peter Korsgaard
2020-11-09 9:37 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-11-05 8:40 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Drop patch (already in version)
> Fixed many problems found by OSS-Fuzz
> Fixed many problems found by Coverity
> https://github.com/kkos/oniguruma/releases/tag/v6.9.6
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/oniguruma: security bump to version 6.9.6
2020-11-05 6:36 [Buildroot] [PATCH 1/1] package/oniguruma: security bump to version 6.9.6 Fabrice Fontaine
2020-11-05 8:40 ` Peter Korsgaard
@ 2020-11-09 9:37 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2020-11-09 9:37 UTC (permalink / raw)
To: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Drop patch (already in version)
> Fixed many problems found by OSS-Fuzz
> Fixed many problems found by Coverity
> https://github.com/kkos/oniguruma/releases/tag/v6.9.6
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2020.02.x and 2020.08.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-11-09 9:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-05 6:36 [Buildroot] [PATCH 1/1] package/oniguruma: security bump to version 6.9.6 Fabrice Fontaine
2020-11-05 8:40 ` Peter Korsgaard
2020-11-09 9:37 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.