main/grep: upgrade to 2.22

2 files changed, 5 insertions, 148 deletions

diff --git a/main/grep/APKBUILD b/main/grep/APKBUILD
index 899dff048a..b7d15c29cc 100644
--- a/main/grep/APKBUILD
+++ b/main/grep/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Michael Mason <ms13sp@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=grep
-pkgver=2.21
-pkgrel=1
+pkgver=2.22
+pkgrel=0
 pkgdesc="Searches input files for lines containing a match to a specified pattern"
 url="http://www.gnu.org/software/grep/grep.html"
 arch="all"
@@ -12,7 +12,6 @@ makedepends="pcre-dev autoconf automake"
 install=
 subpackages="$pkgname-doc"
 source="http://mirrors.kernel.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz
-	CVE-2015-1345.patch
 	"
 
 _builddir="$srcdir/$pkgname-$pkgver"
@@ -24,7 +23,6 @@ prepare() {
 		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
 		esac
 	done
-	aclocal && autoconf && automake --add-missing
 }
 
 build() {
@@ -50,9 +48,6 @@ package() {
 	return 0
 }
 
-md5sums="43c48064d6409862b8a850db83c8038a  grep-2.21.tar.xz
-331c938bfb346f6f09553008548dccc6  CVE-2015-1345.patch"
-sha256sums="5244a11c00dee8e7e5e714b9aaa053ac6cbfa27e104abee20d3c778e4bb0e5de  grep-2.21.tar.xz
-e65dc3748044eafac90e7a0f14420b91c6ccb71d9fcbdf2a374f5b29d4bd5067  CVE-2015-1345.patch"
-sha512sums="bc894325f89d37413c773d4812cb24180560037ccc8d72c015462043ef3479ea7eefd62557e3a9d191d6d94c68262563d3c68e634acd4e77ba56e96c92805dfd  grep-2.21.tar.xz
-83c16cec05ca7d39ee455c3032d983cef8fe2d9cfd272ca55dbfee231a1782a69e92a8f528202e3a004b23fca27bd7fca331a019ab0a69d9cedeb5559c6dda11  CVE-2015-1345.patch"
+md5sums="e1015e951a49a82b02e38891026ef5df  grep-2.22.tar.xz"
+sha256sums="ca91d22f017bfcb503d4bc3b44295491c89a33a3df0c3d8b8614f2d3831836eb  grep-2.22.tar.xz"
+sha512sums="c0756e4aa360cc29b3123384eef654743df108cc606372142c79893a09a0c8053b03d048768e972221e0ed96f378b8564f848f9acc180fca499f0494fbe9113c  grep-2.22.tar.xz"
diff --git a/main/grep/CVE-2015-1345.patch b/main/grep/CVE-2015-1345.patch
deleted file mode 100644
index 2e2f59df42..0000000000
--- a/main/grep/CVE-2015-1345.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001
-From: Yuliy Pisetsky <ypisetsky@fb.com>
-Date: Thu, 01 Jan 2015 23:36:55 +0000
-Subject: grep -F: fix a heap buffer (read) overrun
-
-grep's read buffer is often filled to its full size, except when
-reading the final buffer of a file.  In that case, the number of
-bytes read may be far less than the size of the buffer.  However, for
-certain unusual pattern/text combinations, grep -F would mistakenly
-examine bytes in that uninitialized region of memory when searching
-for a match.  With carefully chosen inputs, one can cause grep -F to
-read beyond the end of that buffer altogether.  This problem arose via
-commit v2.18-90-g73893ff with the introduction of a more efficient
-heuristic using what is now the memchr_kwset function. The use of
-that function in bmexec_trans could leave TP much larger than EP,
-and the subsequent call to bm_delta2_search would mistakenly access
-beyond end of the main input read buffer.
-
-* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
-do not call bm_delta2_search.
-* tests/kwset-abuse: New file.
-* tests/Makefile.am (TESTS): Add it.
-* THANKS.in: Update.
-* NEWS (Bug fixes): Mention it.
-
-Prior to this patch, this command would trigger a UMR:
-
-  printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
-
-  Use of uninitialised value of size 8
-     at 0x4142BE: bmexec_trans (kwset.c:657)
-     by 0x4143CA: bmexec (kwset.c:678)
-     by 0x414973: kwsexec (kwset.c:848)
-     by 0x414DC4: Fexecute (kwsearch.c:128)
-     by 0x404E2E: grepbuf (grep.c:1238)
-     by 0x4054BF: grep (grep.c:1417)
-     by 0x405CEB: grepdesc (grep.c:1645)
-     by 0x405EC1: grep_command_line_arg (grep.c:1692)
-     by 0x4077D4: main (grep.c:2570)
-
-See the accompanying test for how to trigger the heap buffer overrun.
-
-Thanks to Nima Aghdaii for testing and finding numerous
-ways to break early iterations of this patch.
----
-diff --git a/NEWS b/NEWS
-index 975440d..3835d8d 100644
---- a/NEWS
-+++ b/NEWS
-@@ -2,6 +2,11 @@ GNU grep NEWS                                    -*- outline -*-
- 
- * Noteworthy changes in release ?.? (????-??-??) [?]
- 
-+** Bug fixes
-+
-+  grep no longer reads from uninitialized memory or from beyond the end
-+  of the heap-allocated input buffer.
-+
- 
- * Noteworthy changes in release 2.21 (2014-11-23) [stable]
- 
-diff --git a/THANKS.in b/THANKS.in
-index aeaf516..624478d 100644
---- a/THANKS.in
-+++ b/THANKS.in
-@@ -62,6 +62,7 @@ Michael Aichlmayr                   mikla@nx.com
- Miles Bader                         miles@ccs.mt.nec.co.jp
- Mirraz Mirraz                       mirraz1@rambler.ru
- Nelson H. F. Beebe                  beebe@math.utah.edu
-+Nima Aghdaii                        naghdaii@fb.com
- Olaf Kirch                          okir@ns.lst.de
- Paul Kimoto                         kimoto@spacenet.tn.cornell.edu
- Péter Radics                        mitchnull@gmail.com
-diff --git a/src/kwset.c b/src/kwset.c
-index 4003c8d..376f7c3 100644
---- a/src/kwset.c
-+++ b/src/kwset.c
-@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
-                     if (! tp)
-                       return -1;
-                     tp++;
-+                    if (ep <= tp)
-+                      break;
-                   }
-               }
-           }
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 2cba2cd..0508cd2 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -75,6 +75,7 @@ TESTS =						\
-   inconsistent-range				\
-   invalid-multibyte-infloop			\
-   khadafy					\
-+  kwset-abuse					\
-   long-line-vs-2GiB-read			\
-   match-lines					\
-   max-count-overread				\
-diff --git a/tests/kwset-abuse b/tests/kwset-abuse
-new file mode 100755
-index 0000000..6d8ec0c
---- a/dev/null
-+++ b/tests/kwset-abuse
-@@ -0,0 +1,32 @@
-+#! /bin/sh
-+# Evoke a segfault in a hard-to-reach code path of kwset.c.
-+# This bug affected grep versions 2.19 through 2.21.
-+#
-+# Copyright (C) 2015 Free Software Foundation, Inc.
-+#
-+# This program is free software: you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation, either version 3 of the License, or
-+# (at your option) any later version.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+# GNU General Public License for more details.
-+
-+# You should have received a copy of the GNU General Public License
-+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-+
-+. "${srcdir=.}/init.sh"; path_prepend_ ../src
-+
-+fail=0
-+
-+# This test case chooses a haystack of size 260,000, since prodding
-+# with gdb showed a reallocation slightly larger than that in fillbuf.
-+# To reach the buggy code, the needle must have length < 1/11 that of
-+# the haystack, and 10,000 is a nice round number that fits the bill.
-+printf '%0260000dXy\n' 0 | grep -F $(printf %010000dy 0)
-+
-+test $? = 1 || fail=1
-+
-+Exit $fail
---
-cgit v0.9.0.2