diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2015-10-03 13:33:13 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2015-10-03 13:33:37 +0200 |
commit | 5227fb1dd53fcb5918b9342dff4868f4ad68427e (patch) | |
tree | d6cd521e3f67944031216a27f740f28f22b73b41 /pkgs/development/libraries/pcre | |
parent | d6dd3b8bd1eaeeb21dfdb5051cd4732c748ce5d7 (diff) | |
parent | 33373d939a19f465228ddede6d38ce9032b5916b (diff) |
Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
Diffstat (limited to 'pkgs/development/libraries/pcre')
-rw-r--r-- | pkgs/development/libraries/pcre/cve-2015-3210.patch | 87 | ||||
-rw-r--r-- | pkgs/development/libraries/pcre/cve-2015-5073.patch | 68 | ||||
-rw-r--r-- | pkgs/development/libraries/pcre/default.nix | 9 |
3 files changed, 162 insertions, 2 deletions
diff --git a/pkgs/development/libraries/pcre/cve-2015-3210.patch b/pkgs/development/libraries/pcre/cve-2015-3210.patch new file mode 100644 index 000000000000..c97849fb70c7 --- /dev/null +++ b/pkgs/development/libraries/pcre/cve-2015-3210.patch @@ -0,0 +1,87 @@ +From 68ff1beb43bb3d4d8838f3285c97023d1e50513a Mon Sep 17 00:00:00 2001 +From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> +Date: Fri, 15 May 2015 17:17:03 +0000 +Subject: [PATCH] Fix buffer overflow for named recursive back reference when + the name is duplicated. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream commit ported to pcre-8.37: + +commit 4b79af6b4cbeb5326ae5e4d83f3e935e00286c19 +Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> +Date: Fri May 15 17:17:03 2015 +0000 + + Fix buffer overflow for named recursive back reference when the name is + duplicated. + + git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1558 2f5784b3-3f2a-0410-8824-cb99058d5e15 + +This fixes CVE-2015-3210. + +Signed-off-by: Petr Písař <ppisar@redhat.com> +--- + pcre_compile.c | 16 ++++++++++++++-- + testdata/testinput2 | 2 ++ + testdata/testoutput2 | 2 ++ + 3 files changed, 18 insertions(+), 2 deletions(-) + +diff --git a/pcre_compile.c b/pcre_compile.c +index 0efad26..6f06912 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -7173,14 +7173,26 @@ for (;; ptr++) + number. If the name is not found, set the value to 0 for a forward + reference. */ + ++ recno = 0; + ng = cd->named_groups; + for (i = 0; i < cd->names_found; i++, ng++) + { + if (namelen == ng->length && + STRNCMP_UC_UC(name, ng->name, namelen) == 0) +- break; ++ { ++ open_capitem *oc; ++ recno = ng->number; ++ if (is_recurse) break; ++ for (oc = cd->open_caps; oc != NULL; oc = oc->next) ++ { ++ if (oc->number == recno) ++ { ++ oc->flag = TRUE; ++ break; ++ } ++ } ++ } + } +- recno = (i < cd->names_found)? ng->number : 0; + + /* Count named back references. */ + +diff --git a/testdata/testinput2 b/testdata/testinput2 +index 58fe53b..83bb471 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -4152,4 +4152,6 @@ backtracking verbs. --/ + + /((?2){73}(?2))((?1))/ + ++"(?J)(?'d'(?'d'\g{d}))" ++ + /-- End of testinput2 --/ +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index b718df0..7dff52a 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -14423,4 +14423,6 @@ Failed: lookbehind assertion is not fixed length at offset 17 + + /((?2){73}(?2))((?1))/ + ++"(?J)(?'d'(?'d'\g{d}))" ++ + /-- End of testinput2 --/ +-- +2.4.3 + diff --git a/pkgs/development/libraries/pcre/cve-2015-5073.patch b/pkgs/development/libraries/pcre/cve-2015-5073.patch new file mode 100644 index 000000000000..16fd45c87b1d --- /dev/null +++ b/pkgs/development/libraries/pcre/cve-2015-5073.patch @@ -0,0 +1,68 @@ +From 354e1f8e921dcb9cf2f3a5eac93cd826d01a7d8a Mon Sep 17 00:00:00 2001 +From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> +Date: Tue, 23 Jun 2015 16:34:53 +0000 +Subject: [PATCH] Fix buffer overflow for forward reference within backward + assertion with excess closing parenthesis. Bugzilla 1651. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This is upstream commit ported to 8.37: + +commit 764692f9aea9eab50fdba6cb537441d8b34c6c37 +Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15> +Date: Tue Jun 23 16:34:53 2015 +0000 + + Fix buffer overflow for forward reference within backward assertion with excess + closing parenthesis. Bugzilla 1651. + + git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1571 2f5784b3-3f2a-0410-8824-cb99058d5e15 + +It fixes CVE-2015-5073. + +Signed-off-by: Petr Písař <ppisar@redhat.com> +--- + pcre_compile.c | 2 +- + testdata/testinput2 | 2 ++ + testdata/testoutput2 | 3 +++ + 3 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/pcre_compile.c b/pcre_compile.c +index 6f06912..b66b1f6 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -9392,7 +9392,7 @@ OP_RECURSE that are not fixed length get a diagnosic with a useful offset. The + exceptional ones forgo this. We scan the pattern to check that they are fixed + length, and set their lengths. */ + +-if (cd->check_lookbehind) ++if (errorcode == 0 && cd->check_lookbehind) + { + pcre_uchar *cc = (pcre_uchar *)codestart; + +diff --git a/testdata/testinput2 b/testdata/testinput2 +index 83bb471..5cc9ce6 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -4154,4 +4154,6 @@ backtracking verbs. --/ + + "(?J)(?'d'(?'d'\g{d}))" + ++/(?=di(?<=(?1))|(?=(.))))/ ++ + /-- End of testinput2 --/ +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index 7dff52a..4decb8d 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -14425,4 +14425,7 @@ Failed: lookbehind assertion is not fixed length at offset 17 + + "(?J)(?'d'(?'d'\g{d}))" + ++/(?=di(?<=(?1))|(?=(.))))/ ++Failed: unmatched parentheses at offset 23 ++ + /-- End of testinput2 --/ +-- +2.4.3 + diff --git a/pkgs/development/libraries/pcre/default.nix b/pkgs/development/libraries/pcre/default.nix index 6ae8e475d1e3..cc6555792899 100644 --- a/pkgs/development/libraries/pcre/default.nix +++ b/pkgs/development/libraries/pcre/default.nix @@ -5,13 +5,18 @@ with stdenv.lib; stdenv.mkDerivation rec { - name = "pcre-8.36"; + name = "pcre-8.37"; src = fetchurl { url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${name}.tar.bz2"; - sha256 = "1fs5p1z67m9f4xnyil3s4lhgyld78f7m4d1yawpyhh0cvrbk90zg"; + sha256 = "17bqykp604p7376wj3q2nmjdhrb6v1ny8q08zdwi7qvc02l9wrsi"; }; + patches = + [ ./cve-2015-3210.patch + ./cve-2015-5073.patch + ]; + outputs = [ "dev" "out" "bin" "doc" "man" ]; configureFlags = '' |