packages/hyperscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!27 Update to 5.4.2 for fix CVE-2023-28711

Browse Source 
From: @wk333 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001
This commit is contained in:
openeuler-ci-bot 2023-09-01 09:06:58 +00:00 committed by Gitee
commit 16585a6d23
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
7 changed files with 97 additions and 10708 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
CVE-2022-29486.patch
View File

@ -1,23 +0,0 @@
From 3070f11991cc2014685a28c0eaa1e033ffa8fe30 Mon Sep 17 00:00:00 2001
From: "Hong, Yang A" <yang.a.hong@intel.com>
Date: Thu, 28 Apr 2022 10:11:32 +0000
Subject: [PATCH] bugfix: fix overflow risk of strlen function
---
src/compiler/compiler.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/compiler/compiler.cpp b/src/compiler/compiler.cpp
index 6f993ffe..35f46b3f 100644
--- a/src/compiler/compiler.cpp
+++ b/src/compiler/compiler.cpp
@@ -323,7 +323,8 @@ void addExpression(NG &ng, unsigned index, const char *expression,
}
// Ensure that our pattern isn't too long (in characters).
- if (strlen(expression) > cc.grey.limitPatternLength) {
+ size_t maxlen = cc.grey.limitPatternLength + 1;
+ if (strnlen(expression, maxlen) >= maxlen) {
throw CompileError("Pattern length exceeds limit.");
}

25
Fix-build-error-on-x86_64.patch
View File

@ -1,25 +0,0 @@
From f92e690190b51eb6bada384174887501f4c3f43f Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Sat, 24 Jul 2021 10:21:03 +0800
Subject: [PATCH] fix build error on X86
---
cmake/build_wrapper.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmake/build_wrapper.sh b/cmake/build_wrapper.sh
index 1962813..895610c 100755
--- a/cmake/build_wrapper.sh
+++ b/cmake/build_wrapper.sh
@@ -17,7 +17,7 @@ KEEPSYMS=$(mktemp -p /tmp keep.syms.XXXXX)
LIBC_SO=$("$@" --print-file-name=libc.so.6)
cp ${KEEPSYMS_IN} ${KEEPSYMS}
# get all symbols from libc and turn them into patterns
-nm -f p -g -D ${LIBC_SO} | sed -s 's/\([^ ]*\).*/^\1$/' >> ${KEEPSYMS}
+nm -f p -g -D ${LIBC_SO} | sed -s 's/\([^ @]*\).*/^\1$/' >> ${KEEPSYMS}
# build the object
"$@"
# rename the symbols in the object
--
2.23.0

34
backport-Fix-segfaults-on-allocation-failure.patch
View File

@ -1,34 +0,0 @@
From 7d644e7ba27eaadda753febf0b142faa9affbbca Mon Sep 17 00:00:00 2001
From: hongyang7 <yang.a.hong@intel.com>
Date: Thu, 16 Dec 2021 19:02:17 +0800
Subject: [PATCH] Fix segfaults on allocation failure (#4)
Throw std::bad_alloc instead of returning nullptr from
ue2::AlignedAllocator. Allocators for STL containers are expected never
to return with an invalid pointer, and instead must throw on failure.
Violating this expectation can lead to invalid pointer dereferences.
Co-authored-by: johanngan <johanngan.us@gmail.com>
fixes github issue #317 (PR #320)
---
src/util/alloc.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/util/alloc.h b/src/util/alloc.h
index de20c8d02..49b4a824d 100644
--- a/src/util/alloc.h
+++ b/src/util/alloc.h
@@ -76,7 +76,11 @@ class AlignedAllocator {
T *allocate(std::size_t size) const {
size_t alloc_size = size * sizeof(T);
- return static_cast<T *>(aligned_malloc_internal(alloc_size, N));
+ T *ptr = static_cast<T *>(aligned_malloc_internal(alloc_size, N));
+ if (!ptr) {
+ throw std::bad_alloc();
+ }
+ return ptr;
}
void deallocate(T *x, std::size_t) const noexcept {

BIN
hyperscan-5.4.0.tar.gz
View File

Binary file not shown.

BIN
hyperscan-5.4.2.tar.gz Normal file
View File

Binary file not shown.

10700
hyperscan-aarch64-support.patch
View File

File diff suppressed because it is too large Load Diff

23
hyperscan.spec
View File

@ -1,6 +1,6 @@
Name: hyperscan Name: hyperscan
Version: 5.4.0 Version: 5.4.2
Release: 3 Release: 1
Summary: High-performance regular expression matching library Summary: High-performance regular expression matching library
License: BSD License: BSD
@ -8,11 +8,7 @@ URL: https://www.hyperscan.io/
Source0: https://github.com/intel/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: https://github.com/intel/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch0: hyperscan-aarch64-support.patch Patch0: hyperscan-aarch64-support.patch
Patch1: Fix-build-error-on-x86_64.patch Patch1: Fix-hyperscan-gcc10.patch
Patch2: Fix-hyperscan-gcc10.patch
# https://github.com/intel/hyperscan/commit/7d644e7ba27eaadda753febf0b142faa9affbbca
Patch3: backport-Fix-segfaults-on-allocation-failure.patch
Patch4: CVE-2022-29486.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: boost-devel BuildRequires: boost-devel
@ -55,7 +51,15 @@ This package provides the libraries, include files and other resources
needed for developing Hyperscan applications. needed for developing Hyperscan applications.
%prep %prep
%autosetup -n %{name}-%{version} -p1 %setup -q -n %{name}-%{version}
cd %{_builddir}/%{name}-%{version}
mv src/util/simd_utils.h src/util/simd_x86.h
sed -i 's/SIMD_UTILS/SIMD_X86/' src/util/simd_x86.h
sed -i 's/_mm_set_epi32/set32x4/' src/util/state_compress.c
sed -i 's/_mm_set_epi64x/set64x2/' src/util/state_compress.c
sed -i 's/_mm_srli_si128/rshiftbyte_m128/' src/util/state_compress.c
cd -
%autopatch -p1
%build %build
%cmake -DBUILD_SHARED_LIBS:BOOL=ON -DBUILD_STATIC_AND_SHARED:BOOL=OFF . %cmake -DBUILD_SHARED_LIBS:BOOL=ON -DBUILD_STATIC_AND_SHARED:BOOL=OFF .
@ -81,6 +85,9 @@ needed for developing Hyperscan applications.
%{_includedir}/hs/ %{_includedir}/hs/
%changelog %changelog
* Fri Sep 01 2023 wangkai <13474090681@163.com> - 5.4.2-1
- Update to 5.4.2 for fix CVE-2023-28711
* Thu Apr 20 2023 wangkai <13474090681@163.com> - 5.4.0-3 * Thu Apr 20 2023 wangkai <13474090681@163.com> - 5.4.0-3
- Fix CVE-2022-29486 - Fix CVE-2022-29486