!28 [sync] PR-26: Update to 5.4.2 for fix CVE-2023-28711

From: @openeuler-sync-bot Reviewed-by: @lyn1001 Signed-off-by: @lyn1001
2023-09-04 01:06:38 +00:00 · 2023-09-04 01:06:38 +00:00 · d345852815
commit d345852815
parent 7b47bc9080 0e9006c2e5
6 changed files with 170 additions and 10585 deletions
--- a/CVE-2022-29486.patch
+++ b/CVE-2022-29486.patch
@ -1,23 +0,0 @@
-From 3070f11991cc2014685a28c0eaa1e033ffa8fe30 Mon Sep 17 00:00:00 2001
-From: "Hong, Yang A" <yang.a.hong@intel.com>
-Date: Thu, 28 Apr 2022 10:11:32 +0000
-Subject: [PATCH] bugfix: fix overflow risk of strlen function
-
---
- src/compiler/compiler.cpp | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/compiler/compiler.cpp b/src/compiler/compiler.cpp
-index 6f993ffe..35f46b3f 100644
--- a/src/compiler/compiler.cpp
-+++ b/src/compiler/compiler.cpp
-@@ -323,7 +323,8 @@ void addExpression(NG &ng, unsigned index, const char *expression,
-     }
- 
-     // Ensure that our pattern isn't too long (in characters).
-    if (strlen(expression) > cc.grey.limitPatternLength) {
-+    size_t maxlen = cc.grey.limitPatternLength + 1;
-+    if (strnlen(expression, maxlen) >= maxlen) {
-         throw CompileError("Pattern length exceeds limit.");
-     }
- 
--- a/Fix-hyperscan-gcc10.patch
+++ b/Fix-hyperscan-gcc10.patch
@ -0,0 +1,37 @@
+From f6f765b3c022cbf01c86dac7f9875cf18e9f9980 Mon Sep 17 00:00:00 2001
+From: sdlzx <hdu_sdlzx@163.com>
+Date: Wed, 6 Oct 2021 10:25:36 +0800
+Subject: [PATCH] Fix hyperscan build error
+
+The command "gcc -Q --help=target" outputs nothing during obs build,
+so we manually set "GNUCC_ARCH" to "native" to avoid string manipulation errors.
+
+Signed-off-by: sdlzx <hdu_sdlzx@163.com>
+---
+ CMakeLists.txt | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index b5f8fb4..5cf41ef 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -197,9 +197,13 @@ else()
+             execute_process(COMMAND ${CMAKE_C_COMPILER} ${EXEC_ARGS}
+                 OUTPUT_VARIABLE _GCC_OUTPUT)
+             string(FIND "${_GCC_OUTPUT}" "march" POS)
+-            string(SUBSTRING "${_GCC_OUTPUT}" ${POS} -1 _GCC_OUTPUT)
+-            string(REGEX REPLACE "march=[ \t]*([^ \n]*)[ \n].*" "\\1"
+-                GNUCC_ARCH "${_GCC_OUTPUT}")
+            if (POS EQUAL -1)
+                set (GNUCC_ARCH "native")
+            else()
+                string(SUBSTRING "${_GCC_OUTPUT}" ${POS} -1 _GCC_OUTPUT)
+                string(REGEX REPLACE "march=[ \t]*([^ \n]*)[ \n].*" "\\1"
+                    GNUCC_ARCH "${_GCC_OUTPUT}")
+            endif()
+ 
+             # test the parsed flag
+             set (EXEC_ARGS ${CC_ARG1} -E - -mtune=${GNUCC_ARCH})
+-- 
+2.31.1
+
--- a/hyperscan-5.2.1.tar.gz
+++ b/hyperscan-5.2.1.tar.gz
--- a/hyperscan-5.4.2.tar.gz
+++ b/hyperscan-5.4.2.tar.gz
--- a/hyperscan-aarch64-support.patch
+++ b/hyperscan-aarch64-support.patch
--- a/hyperscan.spec
+++ b/hyperscan.spec
@ -1,6 +1,6 @@
 Name:    hyperscan
-Version: 5.2.1
-Release: 3
+Version: 5.4.2
+Release: 1
 Summary: High-performance regular expression matching library

 License: BSD
@ -8,7 +8,7 @@ URL:     https://www.hyperscan.io/
 Source0: https://github.com/intel/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz

 Patch0: hyperscan-aarch64-support.patch
-Patch1: CVE-2022-29486.patch
+Patch1: Fix-hyperscan-gcc10.patch

 BuildRequires:  gcc-c++
 BuildRequires:  boost-devel
@ -51,7 +51,15 @@ This package provides the libraries, include files and other resources
 needed for developing Hyperscan applications.

 %prep
-%autosetup -n %{name}-%{version} -p1
+%setup -q -n %{name}-%{version}
+cd %{_builddir}/%{name}-%{version}
+mv src/util/simd_utils.h src/util/simd_x86.h
+sed -i 's/SIMD_UTILS/SIMD_X86/' src/util/simd_x86.h
+sed -i 's/_mm_set_epi32/set32x4/' src/util/state_compress.c
+sed -i 's/_mm_set_epi64x/set64x2/' src/util/state_compress.c
+sed -i 's/_mm_srli_si128/rshiftbyte_m128/' src/util/state_compress.c
+cd -
+%autopatch -p1

 %build
 %cmake -DBUILD_SHARED_LIBS:BOOL=ON -DBUILD_STATIC_AND_SHARED:BOOL=OFF .
@ -60,6 +68,9 @@ needed for developing Hyperscan applications.
 %install
 %make_install

+%check
+./bin/unit-hyperscan
+
 %files
 %doc %{_defaultdocdir}/%{name}/examples/README.md
 %doc %{_defaultdocdir}/%{name}/examples/*.cc
@ -74,6 +85,9 @@ needed for developing Hyperscan applications.
 %{_includedir}/hs/

 %changelog
+* Fri Sep 01 2023 wangkai <13474090681@163.com> - 5.4.2-1
+- Update to 5.4.2 for fix CVE-2023-28711
+
 * Thu Apr 20 2023 wangkai <13474090681@163.com> - 5.2.1-3
 - Fix CVE-2022-29486