package/pcre: security bump to version 8.41
Removed patches 0003 & 0004, applied upstream.
Fixes the following security issues:
CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 allows remote attackers to cause a denial of service (invalid
memory read) via a crafted file.
CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 4) or possibly have unspecified
other impact via a crafted file.
CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 268) or possibly have unspecified
other impact via a crafted file.
[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc6a84bb3d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Bernd Kuhls
Peter Korsgaard
parent
4fe48b572e
commit
d8318535f0
@ -1,21 +0,0 @@
|
||||
Description: CVE-2017-6004: crafted regular expression may cause denial of service
|
||||
Origin: upstream, https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
|
||||
Bug: https://bugs.exim.org/show_bug.cgi?id=2035
|
||||
Bug-Debian: https://bugs.debian.org/855405
|
||||
Forwarded: not-needed
|
||||
Author: Salvatore Bonaccorso <carnil@debian.org>
|
||||
Last-Update: 2017-02-17
|
||||
|
||||
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
||||
|
||||
--- a/pcre_jit_compile.c
|
||||
+++ b/pcre_jit_compile.c
|
||||
@@ -8111,7 +8111,7 @@ if (opcode == OP_COND || opcode == OP_SC
|
||||
|
||||
if (*matchingpath == OP_FAIL)
|
||||
stacksize = 0;
|
||||
- if (*matchingpath == OP_RREF)
|
||||
+ else if (*matchingpath == OP_RREF)
|
||||
{
|
||||
stacksize = GET2(matchingpath, 1);
|
||||
if (common->currententry == NULL)
|
||||
@ -1,60 +0,0 @@
|
||||
Description: Upstream fix for CVE-2017-7186 (Upstream rev 1688)
|
||||
Fix Unicode property crash for 32-bit characters greater than 0x10ffff.
|
||||
Author: Matthew Vernon <matthew@debian.org>
|
||||
X-Dgit-Generated: 2:8.39-3 c4c2c7c4f74d53b263af2471d8e11db88096bd13
|
||||
|
||||
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
||||
---
|
||||
|
||||
--- pcre3-8.39.orig/pcre_internal.h
|
||||
+++ pcre3-8.39/pcre_internal.h
|
||||
@@ -2772,6 +2772,9 @@ extern const pcre_uint8 PRIV(ucd_stage1
|
||||
extern const pcre_uint16 PRIV(ucd_stage2)[];
|
||||
extern const pcre_uint32 PRIV(ucp_gentype)[];
|
||||
extern const pcre_uint32 PRIV(ucp_gbtable)[];
|
||||
+#ifdef COMPILE_PCRE32
|
||||
+extern const ucd_record PRIV(dummy_ucd_record)[];
|
||||
+#endif
|
||||
#ifdef SUPPORT_JIT
|
||||
extern const int PRIV(ucp_typerange)[];
|
||||
#endif
|
||||
@@ -2780,9 +2783,15 @@ extern const int PRIV(ucp_typera
|
||||
/* UCD access macros */
|
||||
|
||||
#define UCD_BLOCK_SIZE 128
|
||||
-#define GET_UCD(ch) (PRIV(ucd_records) + \
|
||||
+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
|
||||
PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
|
||||
UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
|
||||
+
|
||||
+#ifdef COMPILE_PCRE32
|
||||
+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
|
||||
+#else
|
||||
+#define GET_UCD(ch) REAL_GET_UCD(ch)
|
||||
+#endif
|
||||
|
||||
#define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype
|
||||
#define UCD_SCRIPT(ch) GET_UCD(ch)->script
|
||||
--- pcre3-8.39.orig/pcre_ucd.c
|
||||
+++ pcre3-8.39/pcre_ucd.c
|
||||
@@ -38,6 +38,20 @@ const pcre_uint16 PRIV(ucd_stage2)[] = {
|
||||
const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
|
||||
#else
|
||||
|
||||
+/* If the 32-bit library is run in non-32-bit mode, character values
|
||||
+greater than 0x10ffff may be encountered. For these we set up a
|
||||
+special record. */
|
||||
+
|
||||
+#ifdef COMPILE_PCRE32
|
||||
+const ucd_record PRIV(dummy_ucd_record)[] = {{
|
||||
+ ucp_Common, /* script */
|
||||
+ ucp_Cn, /* type unassigned */
|
||||
+ ucp_gbOther, /* grapheme break property */
|
||||
+ 0, /* case set */
|
||||
+ 0, /* other case */
|
||||
+ }};
|
||||
+#endif
|
||||
+
|
||||
/* When recompiling tables with a new Unicode version, please check the
|
||||
types in this structure definition from pcre_internal.h (the actual
|
||||
field names will be different):
|
||||
@ -1,2 +1,2 @@
|
||||
# Locally calculated after checking pgp signature
|
||||
sha256 00e27a29ead4267e3de8111fcaa59b132d0533cdfdbdddf4b0604279acbcf4f4 pcre-8.40.tar.bz2
|
||||
sha256 e62c7eac5ae7c0e7286db61ff82912e1c0b7a0c13706616e94a7dd729321b530 pcre-8.41.tar.bz2
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
PCRE_VERSION = 8.40
|
||||
PCRE_VERSION = 8.41
|
||||
PCRE_SITE = https://ftp.pcre.org/pub/pcre
|
||||
PCRE_SOURCE = pcre-$(PCRE_VERSION).tar.bz2
|
||||
PCRE_LICENSE = BSD-3c
|
||||
|
||||
Loading…
Reference in New Issue
Block a user