0001-Remove-broken-agrep-test-entry.patch

@@ -0,0 +1,112 @@
+From 35f61f40d6b68928ca5d409fa9fc204ea77e2199 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fvogt@suse.de>
+Date: Tue, 11 Oct 2022 11:35:53 +0200
+Subject: [PATCH] Remove broken agrep test entry
+
+It's meant to cause agrep to return with exit code 2, but asserts that it's
+exit code 1 instead.
+
+It's meant to ensure that using ".*" as pattern results in exit code 2 because
+it matches also an empty string. However, glob expansion results in ".*"
+picking up files such as "." and ".." from the CWD, which get interpreted as
+valid pattern. This results in exit status 1 (no match found) which is what
+the .ok file expects, but that's invalid.
+
+With bash 5.2, glob expansion no longer matches "." and ".." by default, so
+the test works as intended by accident, causing a mismatch with the expected
+wrong exit code.
+
+It's unfortunately not easily possible to avoid glob expansion in this case.
+
+Just remove the test for now.
+---
+ tests/agrep/exitstatus.args |  1 -
+ tests/agrep/exitstatus.ok   | 61 -------------------------------------
+ 2 files changed, 62 deletions(-)
+
+diff --git a/tests/agrep/exitstatus.args b/tests/agrep/exitstatus.args
+index 808ae77..2f53e97 100644
+--- a/tests/agrep/exitstatus.args
++++ b/tests/agrep/exitstatus.args
+@@ -5,6 +5,5 @@ this-wont-be-found
+ .
+ -v .
+ # Some errors which should give exit status 2.
+--d .* dummy
+ -d {1 dummy
+ \
+diff --git a/tests/agrep/exitstatus.ok b/tests/agrep/exitstatus.ok
+index 28427bb..bd23b4c 100644
+--- a/tests/agrep/exitstatus.ok
++++ b/tests/agrep/exitstatus.ok
+@@ -521,67 +521,6 @@ Exit status 1.
+ Exit status 1.
+ #### TEST: agrep -H -n -s --color --show-position -v . < exitstatus.in
+ 
+-Exit status 1.
+-#### TEST: agrep  -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep  -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -c -d .* dummy exitstatus.in
+-exitstatus.in:0
+-
+-Exit status 1.
+-#### TEST: agrep -c -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -H -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -H -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -l -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -l -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -n -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -n -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -s -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -s -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -M -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -M -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep --show-position -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep --show-position -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep --color -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep --color -d .* dummy < exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -H -n -s --color --show-position -d .* dummy exitstatus.in
+-
+-Exit status 1.
+-#### TEST: agrep -H -n -s --color --show-position -d .* dummy < exitstatus.in
+-
+ Exit status 1.
+ #### TEST: agrep  -d {1 dummy exitstatus.in
+ 
+-- 
+2.36.1
+

CVE-2016-8859.patch

@@ -0,0 +1,73 @@
+From c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Thu, 6 Oct 2016 18:34:58 -0400
+Subject: fix missing integer overflow checks in regexec buffer size
+ computations
+
+most of the possible overflows were already ruled out in practice by
+regcomp having already succeeded performing larger allocations.
+however at least the num_states*num_tags multiplication can clearly
+overflow in practice. for safety, check them all, and use the proper
+type, size_t, rather than int.
+
+also improve comments, use calloc in place of malloc+memset, and
+remove bogus casts.
+---
+ src/regex/regexec.c | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+Note: patch was modified to apply to tre, parts were taken from
+https://github.com/laurikari/tre/issues/37
+
+--- a/lib/tre-match-parallel.c
++++ b/lib/tre-match-parallel.c
+@@ -59,6 +59,7 @@ char *alloca ();
+ #ifdef HAVE_MALLOC_H
+ #include <malloc.h>
+ #endif /* HAVE_MALLOC_H */
++#include <stdint.h>
+ 
+ #include "tre-internal.h"
+ #include "tre-match-utils.h"
+@@ -150,11 +151,24 @@ tre_tnfa_run_parallel(const tre_tnfa_t *
+ 
+   /* Allocate memory for temporary data required for matching.	This needs to
+      be done for every matching operation to be thread safe.  This allocates
+-     everything in a single large block from the stack frame using alloca()
+-     or with malloc() if alloca is unavailable. */
++     everything in a single large block with calloc(). */
+   {
+-    int tbytes, rbytes, pbytes, xbytes, total_bytes;
++    size_t tbytes, rbytes, pbytes, xbytes, total_bytes;
+     char *tmp_buf;
++
++    /* Ensure that tbytes and xbytes*num_states cannot overflow, and that
++     * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */
++    if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states))
++      return REG_BADPAT;
++
++    /* Likewise check rbytes. */
++    if (tnfa->num_states+1 > SIZE_MAX/(8 * sizeof(*reach_next)))
++      return REG_BADPAT;
++
++    /* Likewise check pbytes. */
++    if (tnfa->num_states > SIZE_MAX/(8 * sizeof(*reach_pos)))
++      return REG_BADPAT;
++
+     /* Compute the length of the block we need. */
+     tbytes = sizeof(*tmp_tags) * num_tags;
+     rbytes = sizeof(*reach_next) * (tnfa->num_states + 1);
+@@ -168,11 +182,11 @@ tre_tnfa_run_parallel(const tre_tnfa_t *
+ #ifdef TRE_USE_ALLOCA
+     buf = alloca(total_bytes);
+ #else /* !TRE_USE_ALLOCA */
+-    buf = xmalloc((unsigned)total_bytes);
++    buf = xmalloc(total_bytes);
+ #endif /* !TRE_USE_ALLOCA */
+     if (buf == NULL)
+       return REG_ESPACE;
+-    memset(buf, 0, (size_t)total_bytes);
++    memset(buf, 0, total_bytes);
+ 
+     /* Get the various pointers within tmp_buf (properly aligned). */
+     tmp_tags = (void *)buf;

tre-chicken.patch

@@ -0,0 +1,21 @@
+diff -up tre-0.8.0/python/setup.py.in.chicken tre-0.8.0/python/setup.py.in
+--- tre-0.8.0/python/setup.py.in.chicken	2009-09-20 09:51:01.000000000 +0200
++++ tre-0.8.0/python/setup.py.in	2009-09-20 15:43:45.000000000 +0200
+@@ -10,7 +10,8 @@ import shutil
+ 
+ version = "@TRE_VERSION@"
+ data_files = []
+-include_dirs = ["../lib"]
++include_dirs = ["../include"]
++library_dirs = ["../lib/.libs"]
+ libraries = ["tre"]
+ 
+ if sys.platform == "win32":
+@@ -31,6 +32,7 @@ setup(name = "tre",
+                                sources = ["tre-python.c"],
+                                define_macros = [("HAVE_CONFIG_H", None)],
+                                include_dirs = include_dirs,
++                               library_dirs = library_dirs,
+                                libraries = libraries
+                                ),
+                      ],

tre.diff

@@ -0,0 +1,28 @@
+diff -ru tre-0.7.5/lib/tre-match-approx.c tre-0.7.5.new/lib/tre-match-approx.c
+--- tre-0.7.5/lib/tre-match-approx.c	2006-12-08 19:07:03.000000000 +0000
++++ tre-0.7.5.new/lib/tre-match-approx.c	2008-01-24 19:47:12.000000000 +0000
+@@ -23,24 +23,6 @@
+ #include <config.h>
+ #endif /* HAVE_CONFIG_H */
+ 
+-/* AIX requires this to be the first thing in the file.	 */
+-#ifdef TRE_USE_ALLOCA
+-#ifndef __GNUC__
+-# if HAVE_ALLOCA_H
+-#  include <alloca.h>
+-# else
+-#  ifdef _AIX
+- #pragma alloca
+-#  else
+-#   ifndef alloca /* predefined by HP cc +Olibcalls */
+-char *alloca ();
+-#   endif
+-#  endif
+-# endif
+-#endif
+-#endif /* TRE_USE_ALLOCA */
+-
+-#define __USE_STRING_INLINES
+ #undef __NO_INLINE__
+ 
+ #include <assert.h>