From 18d0cec29e22cdbc27c486129d1a1425de27f03f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 10 Apr 2017 15:29:28 +0200 Subject: gnu: pcre2: Patch CVE-2017-7186. * gnu/packages/patches/pcre2-CVE-2017-7186.patch: New file. * gnu/packages/pcre.scm (pcre2)[source]: Use it. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/patches/pcre2-CVE-2017-7186.patch | 68 ++++++++++++++++++++++++++ gnu/packages/pcre.scm | 3 +- 3 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/pcre2-CVE-2017-7186.patch diff --git a/gnu/local.mk b/gnu/local.mk index a8d0066019..c3a65789a3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -825,6 +825,7 @@ dist_patch_DATA = \ %D%/packages/patches/patchelf-rework-for-arm.patch \ %D%/packages/patches/patchutils-xfail-gendiff-tests.patch \ %D%/packages/patches/patch-hurd-path-max.patch \ + %D%/packages/patches/pcre2-CVE-2017-7186.patch \ %D%/packages/patches/perl-autosplit-default-time.patch \ %D%/packages/patches/perl-deterministic-ordering.patch \ %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \ diff --git a/gnu/packages/patches/pcre2-CVE-2017-7186.patch b/gnu/packages/patches/pcre2-CVE-2017-7186.patch new file mode 100644 index 0000000000..5c16955aaa --- /dev/null +++ b/gnu/packages/patches/pcre2-CVE-2017-7186.patch @@ -0,0 +1,68 @@ +Patch for +taken from . + +--- trunk/src/pcre2_internal.h 2016/11/19 12:46:24 600 ++++ trunk/src/pcre2_internal.h 2017/02/24 18:25:32 670 +@@ -1774,10 +1774,17 @@ + /* UCD access macros */ + + #define UCD_BLOCK_SIZE 128 +-#define GET_UCD(ch) (PRIV(ucd_records) + \ ++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ + PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ + UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) + ++#if PCRE2_CODE_UNIT_WIDTH == 32 ++#define GET_UCD(ch) ((ch > MAX_UTF_CODE_POINT)? \ ++ PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) ++#else ++#define GET_UCD(ch) REAL_GET_UCD(ch) ++#endif ++ + #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype + #define UCD_SCRIPT(ch) GET_UCD(ch)->script + #define UCD_CATEGORY(ch) PRIV(ucp_gentype)[UCD_CHARTYPE(ch)] +@@ -1834,6 +1841,9 @@ + #define _pcre2_default_compile_context PCRE2_SUFFIX(_pcre2_default_compile_context_) + #define _pcre2_default_match_context PCRE2_SUFFIX(_pcre2_default_match_context_) + #define _pcre2_default_tables PCRE2_SUFFIX(_pcre2_default_tables_) ++#if PCRE2_CODE_UNIT_WIDTH == 32 ++#define _pcre2_dummy_ucd_record PCRE2_SUFFIX(_pcre2_dummy_ucd_record_) ++#endif + #define _pcre2_hspace_list PCRE2_SUFFIX(_pcre2_hspace_list_) + #define _pcre2_vspace_list PCRE2_SUFFIX(_pcre2_vspace_list_) + #define _pcre2_ucd_caseless_sets PCRE2_SUFFIX(_pcre2_ucd_caseless_sets_) +@@ -1858,6 +1868,9 @@ + extern const uint32_t PRIV(vspace_list)[]; + extern const uint32_t PRIV(ucd_caseless_sets)[]; + extern const ucd_record PRIV(ucd_records)[]; ++#if PCRE2_CODE_UNIT_WIDTH == 32 ++extern const ucd_record PRIV(dummy_ucd_record)[]; ++#endif + extern const uint8_t PRIV(ucd_stage1)[]; + extern const uint16_t PRIV(ucd_stage2)[]; + extern const uint32_t PRIV(ucp_gbtable)[]; + +--- trunk/src/pcre2_ucd.c 2015/07/17 15:44:51 316 ++++ trunk/src/pcre2_ucd.c 2017/02/24 18:25:32 670 +@@ -41,6 +41,20 @@ + + const char *PRIV(unicode_version) = "8.0.0"; + ++/* If the 32-bit library is run in non-32-bit mode, character values ++greater than 0x10ffff may be encountered. For these we set up a ++special record. */ ++ ++#if PCRE2_CODE_UNIT_WIDTH == 32 ++const ucd_record PRIV(dummy_ucd_record)[] = {{ ++ ucp_Common, /* script */ ++ ucp_Cn, /* type unassigned */ ++ ucp_gbOther, /* grapheme break property */ ++ 0, /* case set */ ++ 0, /* other case */ ++ }}; ++#endif ++ + /* When recompiling tables with a new Unicode version, please check the + types in this structure definition from pcre2_internal.h (the actual + field names will be different): diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm index 011a30dd38..9f610e59fd 100644 --- a/gnu/packages/pcre.scm +++ b/gnu/packages/pcre.scm @@ -81,7 +81,8 @@ POSIX regular expression API.") (sha256 (base32 - "0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz")))) + "0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz")) + (patches (search-patches "pcre2-CVE-2017-7186.patch")))) (build-system gnu-build-system) (inputs `(("bzip2" ,bzip2) ("readline" ,readline) -- cgit v1.2.3