aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-04-06 23:27:10 +0200
committerLudovic Courtès <ludo@gnu.org>2016-04-06 23:27:10 +0200
commita7681d29dcb415593a06cf265aabc776bd3a02c0 (patch)
tree2049996438046498b71f863e859f69ade23556f5
parenta70a50048bec0ba2a694ad2f8f414051e2f88430 (diff)
downloadpatches-a7681d29dcb415593a06cf265aabc776bd3a02c0.tar
patches-a7681d29dcb415593a06cf265aabc776bd3a02c0.tar.gz
gnu: pcre: Fix CVE-2016-3191.
* gnu/packages/pcre.scm (pcre)[replacement]: New field. (pcre-fixed): New variable. * gnu/packages/patches/pcre-CVE-2016-3191.patch: New file. * gnu-system.am (dist_patch_DATA): Add it.
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/patches/pcre-CVE-2016-3191.patch151
-rw-r--r--gnu/packages/pcre.scm9
3 files changed, 161 insertions, 0 deletions
diff --git a/gnu-system.am b/gnu-system.am
index 824cd8ec13..7aac127164 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -655,6 +655,7 @@ dist_patch_DATA = \
gnu/packages/patches/patchelf-rework-for-arm.patch \
gnu/packages/patches/patchutils-xfail-gendiff-tests.patch \
gnu/packages/patches/patch-hurd-path-max.patch \
+ gnu/packages/patches/pcre-CVE-2016-3191.patch \
gnu/packages/patches/perl-CVE-2015-8607.patch \
gnu/packages/patches/perl-CVE-2016-2381.patch \
gnu/packages/patches/perl-autosplit-default-time.patch \
diff --git a/gnu/packages/patches/pcre-CVE-2016-3191.patch b/gnu/packages/patches/pcre-CVE-2016-3191.patch
new file mode 100644
index 0000000000..89cce2a36f
--- /dev/null
+++ b/gnu/packages/patches/pcre-CVE-2016-3191.patch
@@ -0,0 +1,151 @@
+Fix for CVE-2016-3191.
+See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>.
+This is svn r1631 at <svn://vcs.exim.org/pcre/code>.
+
+Index: trunk/testdata/testoutput11-16
+===================================================================
+--- trunk/testdata/testoutput11-16 (revision 1630)
++++ trunk/testdata/testoutput11-16 (revision 1631)
+@@ -765,4 +765,7 @@
+ 25 End
+ ------------------------------------------------------------------
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: regular expression is too complicated at offset 490
++
+ /-- End of testinput11 --/
+Index: trunk/testdata/testinput11
+===================================================================
+--- trunk/testdata/testinput11 (revision 1630)
++++ trunk/testdata/testinput11 (revision 1631)
+@@ -138,4 +138,6 @@
+
+ /.((?2)(?R)\1)()/B
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++
+ /-- End of testinput11 --/
+Index: trunk/testdata/testoutput11-8
+===================================================================
+--- trunk/testdata/testoutput11-8 (revision 1630)
++++ trunk/testdata/testoutput11-8 (revision 1631)
+@@ -765,4 +765,7 @@
+ 38 End
+ ------------------------------------------------------------------
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: missing ) at offset 509
++
+ /-- End of testinput11 --/
+Index: trunk/testdata/testoutput11-32
+===================================================================
+--- trunk/testdata/testoutput11-32 (revision 1630)
++++ trunk/testdata/testoutput11-32 (revision 1631)
+@@ -765,4 +765,7 @@
+ 25 End
+ ------------------------------------------------------------------
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: missing ) at offset 509
++
+ /-- End of testinput11 --/
+Index: trunk/pcre_internal.h
+===================================================================
+--- trunk/pcre_internal.h (revision 1630)
++++ trunk/pcre_internal.h (revision 1631)
+@@ -7,7 +7,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+ Written by Philip Hazel
+- Copyright (c) 1997-2014 University of Cambridge
++ Copyright (c) 1997-2016 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -2289,7 +2289,7 @@
+ ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
+ ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
+ ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
+- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
++ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
+
+ /* JIT compiling modes. The function list is indexed by them. */
+
+Index: trunk/pcre_compile.c
+===================================================================
+--- trunk/pcre_compile.c (revision 1630)
++++ trunk/pcre_compile.c (revision 1631)
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+ Written by Philip Hazel
+- Copyright (c) 1997-2014 University of Cambridge
++ Copyright (c) 1997-2016 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -560,6 +560,7 @@
+ /* 85 */
+ "parentheses are too deeply nested (stack check)\0"
+ "digits missing in \\x{} or \\o{}\0"
++ "regular expression is too complicated\0"
+ ;
+
+ /* Table to identify digits and hex digits. This is used when compiling
+@@ -4591,7 +4592,8 @@
+ if (code > cd->start_workspace + cd->workspace_size -
+ WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
+ {
+- *errorcodeptr = ERR52;
++ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
++ ERR52 : ERR87;
+ goto FAILED;
+ }
+
+@@ -6626,8 +6628,21 @@
+ cd->had_accept = TRUE;
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+ {
+- *code++ = OP_CLOSE;
+- PUT2INC(code, 0, oc->number);
++ if (lengthptr != NULL)
++ {
++#ifdef COMPILE_PCRE8
++ *lengthptr += 1 + IMM2_SIZE;
++#elif defined COMPILE_PCRE16
++ *lengthptr += 2 + IMM2_SIZE;
++#elif defined COMPILE_PCRE32
++ *lengthptr += 4 + IMM2_SIZE;
++#endif
++ }
++ else
++ {
++ *code++ = OP_CLOSE;
++ PUT2INC(code, 0, oc->number);
++ }
+ }
+ setverb = *code++ =
+ (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
+Index: trunk/pcreposix.c
+===================================================================
+--- trunk/pcreposix.c (revision 1630)
++++ trunk/pcreposix.c (revision 1631)
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+ Written by Philip Hazel
+- Copyright (c) 1997-2014 University of Cambridge
++ Copyright (c) 1997-2016 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -173,7 +173,8 @@
+ REG_BADPAT, /* group name must start with a non-digit */
+ /* 85 */
+ REG_BADPAT, /* parentheses too deeply nested (stack check) */
+- REG_BADPAT /* missing digits in \x{} or \o{} */
++ REG_BADPAT, /* missing digits in \x{} or \o{} */
++ REG_BADPAT /* pattern too complicated */
+ };
+
+ /* Table of texts corresponding to POSIX error codes */
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index d2933bbe38..9794def4c1 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -22,6 +22,7 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages compression)
#:use-module (gnu packages readline)
+ #:use-module (gnu packages)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu))
@@ -30,6 +31,7 @@
(package
(name "pcre")
(version "8.38")
+ (replacement pcre-fixed)
(source (origin
(method url-fetch)
(uri (list
@@ -65,6 +67,13 @@ POSIX regular expression API.")
(license license:bsd-3)
(home-page "http://www.pcre.org/")))
+(define pcre-fixed ;for CVE-2016-3191
+ (package
+ (inherit pcre)
+ (source (origin
+ (inherit (package-source pcre))
+ (patches (list (search-patch "pcre-CVE-2016-3191.patch")))))))
+
(define-public pcre2
(package
(name "pcre2")