Update to 5.4.2 for fix CVE-2023-28711

2023-09-01 15:40:29 +08:00 · 2023-09-01 15:40:29 +08:00 · f0e7f88e83
commit f0e7f88e83
parent 12d83135d8
7 changed files with 97 additions and 10708 deletions
--- a/CVE-2022-29486.patch
+++ b/CVE-2022-29486.patch
@ -1,23 +0,0 @@
-From 3070f11991cc2014685a28c0eaa1e033ffa8fe30 Mon Sep 17 00:00:00 2001
-From: "Hong, Yang A" <yang.a.hong@intel.com>
-Date: Thu, 28 Apr 2022 10:11:32 +0000
-Subject: [PATCH] bugfix: fix overflow risk of strlen function
-
---
- src/compiler/compiler.cpp | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/compiler/compiler.cpp b/src/compiler/compiler.cpp
-index 6f993ffe..35f46b3f 100644
--- a/src/compiler/compiler.cpp
-+++ b/src/compiler/compiler.cpp
-@@ -323,7 +323,8 @@ void addExpression(NG &ng, unsigned index, const char *expression,
-     }
- 
-     // Ensure that our pattern isn't too long (in characters).
-    if (strlen(expression) > cc.grey.limitPatternLength) {
-+    size_t maxlen = cc.grey.limitPatternLength + 1;
-+    if (strnlen(expression, maxlen) >= maxlen) {
-         throw CompileError("Pattern length exceeds limit.");
-     }
- 
--- a/Fix-build-error-on-x86_64.patch
+++ b/Fix-build-error-on-x86_64.patch
@ -1,25 +0,0 @@
-From f92e690190b51eb6bada384174887501f4c3f43f Mon Sep 17 00:00:00 2001
-From: wang_yue111 <648774160@qq.com>
-Date: Sat, 24 Jul 2021 10:21:03 +0800
-Subject: [PATCH] fix build error on X86
-
---
- cmake/build_wrapper.sh | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/cmake/build_wrapper.sh b/cmake/build_wrapper.sh
-index 1962813..895610c 100755
--- a/cmake/build_wrapper.sh
-+++ b/cmake/build_wrapper.sh
-@@ -17,7 +17,7 @@ KEEPSYMS=$(mktemp -p /tmp keep.syms.XXXXX)
- LIBC_SO=$("$@" --print-file-name=libc.so.6)
- cp ${KEEPSYMS_IN} ${KEEPSYMS}
- # get all symbols from libc and turn them into patterns
-nm -f p -g -D ${LIBC_SO} | sed -s 's/\([^ ]*\).*/^\1$/' >> ${KEEPSYMS}
-+nm -f p -g -D ${LIBC_SO} | sed -s 's/\([^ @]*\).*/^\1$/' >> ${KEEPSYMS}
- # build the object
- "$@"
- # rename the symbols in the object
-- 
-2.23.0
-
--- a/backport-Fix-segfaults-on-allocation-failure.patch
+++ b/backport-Fix-segfaults-on-allocation-failure.patch
@ -1,34 +0,0 @@
-From 7d644e7ba27eaadda753febf0b142faa9affbbca Mon Sep 17 00:00:00 2001
-From: hongyang7 <yang.a.hong@intel.com>
-Date: Thu, 16 Dec 2021 19:02:17 +0800
-Subject: [PATCH] Fix segfaults on allocation failure (#4)
-
-Throw std::bad_alloc instead of returning nullptr from
-ue2::AlignedAllocator. Allocators for STL containers are expected never
-to return with an invalid pointer, and instead must throw on failure.
-Violating this expectation can lead to invalid pointer dereferences.
-
-Co-authored-by: johanngan <johanngan.us@gmail.com>
-
-fixes github issue #317 (PR #320)
---
- src/util/alloc.h | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/alloc.h b/src/util/alloc.h
-index de20c8d02..49b4a824d 100644
--- a/src/util/alloc.h
-+++ b/src/util/alloc.h
-@@ -76,7 +76,11 @@ class AlignedAllocator {
- 
-     T *allocate(std::size_t size) const {
-         size_t alloc_size = size * sizeof(T);
-        return static_cast<T *>(aligned_malloc_internal(alloc_size, N));
-+        T *ptr = static_cast<T *>(aligned_malloc_internal(alloc_size, N));
-+        if (!ptr) {
-+            throw std::bad_alloc();
-+        }
-+        return ptr;
-     }
- 
-     void deallocate(T *x, std::size_t) const noexcept {
--- a/hyperscan-5.4.0.tar.gz
+++ b/hyperscan-5.4.0.tar.gz
--- a/hyperscan-5.4.2.tar.gz
+++ b/hyperscan-5.4.2.tar.gz
--- a/hyperscan-aarch64-support.patch
+++ b/hyperscan-aarch64-support.patch
--- a/hyperscan.spec
+++ b/hyperscan.spec
@ -1,6 +1,6 @@
 Name:    hyperscan
-Version: 5.4.0
-Release: 3
+Version: 5.4.2
+Release: 1
 Summary: High-performance regular expression matching library

 License: BSD
@ -8,11 +8,7 @@ URL:     https://www.hyperscan.io/
 Source0: https://github.com/intel/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz

 Patch0: hyperscan-aarch64-support.patch
-Patch1: Fix-build-error-on-x86_64.patch
-Patch2: Fix-hyperscan-gcc10.patch
-# https://github.com/intel/hyperscan/commit/7d644e7ba27eaadda753febf0b142faa9affbbca
-Patch3: backport-Fix-segfaults-on-allocation-failure.patch
-Patch4: CVE-2022-29486.patch
+Patch1: Fix-hyperscan-gcc10.patch

 BuildRequires:  gcc-c++
 BuildRequires:  boost-devel
@ -55,7 +51,15 @@ This package provides the libraries, include files and other resources
 needed for developing Hyperscan applications.

 %prep
-%autosetup -n %{name}-%{version} -p1
+%setup -q -n %{name}-%{version}
+cd %{_builddir}/%{name}-%{version}
+mv src/util/simd_utils.h src/util/simd_x86.h
+sed -i 's/SIMD_UTILS/SIMD_X86/' src/util/simd_x86.h
+sed -i 's/_mm_set_epi32/set32x4/' src/util/state_compress.c
+sed -i 's/_mm_set_epi64x/set64x2/' src/util/state_compress.c
+sed -i 's/_mm_srli_si128/rshiftbyte_m128/' src/util/state_compress.c
+cd -
+%autopatch -p1

 %build
 %cmake -DBUILD_SHARED_LIBS:BOOL=ON -DBUILD_STATIC_AND_SHARED:BOOL=OFF .
@ -81,6 +85,9 @@ needed for developing Hyperscan applications.
 %{_includedir}/hs/

 %changelog
+* Fri Sep 01 2023 wangkai <13474090681@163.com> - 5.4.2-1
+- Update to 5.4.2 for fix CVE-2023-28711
+
 * Thu Apr 20 2023 wangkai <13474090681@163.com> - 5.4.0-3
 - Fix CVE-2022-29486