summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-04-06 23:27:10 +0200
committerLudovic Courtès <ludo@gnu.org>2016-04-06 23:27:10 +0200
commita7681d29dcb415593a06cf265aabc776bd3a02c0 (patch)
tree2049996438046498b71f863e859f69ade23556f5
parenta70a50048bec0ba2a694ad2f8f414051e2f88430 (diff)
downloadguix-a7681d29dcb415593a06cf265aabc776bd3a02c0.tar.gz
gnu: pcre: Fix CVE-2016-3191.
* gnu/packages/pcre.scm (pcre)[replacement]: New field.
(pcre-fixed): New variable.
* gnu/packages/patches/pcre-CVE-2016-3191.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/patches/pcre-CVE-2016-3191.patch151
-rw-r--r--gnu/packages/pcre.scm9
3 files changed, 161 insertions, 0 deletions
diff --git a/gnu-system.am b/gnu-system.am
index 824cd8ec13..7aac127164 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -655,6 +655,7 @@ dist_patch_DATA =						\
   gnu/packages/patches/patchelf-rework-for-arm.patch		\
   gnu/packages/patches/patchutils-xfail-gendiff-tests.patch	\
   gnu/packages/patches/patch-hurd-path-max.patch		\
+  gnu/packages/patches/pcre-CVE-2016-3191.patch			\
   gnu/packages/patches/perl-CVE-2015-8607.patch			\
   gnu/packages/patches/perl-CVE-2016-2381.patch			\
   gnu/packages/patches/perl-autosplit-default-time.patch	\
diff --git a/gnu/packages/patches/pcre-CVE-2016-3191.patch b/gnu/packages/patches/pcre-CVE-2016-3191.patch
new file mode 100644
index 0000000000..89cce2a36f
--- /dev/null
+++ b/gnu/packages/patches/pcre-CVE-2016-3191.patch
@@ -0,0 +1,151 @@
+Fix for CVE-2016-3191.
+See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>.
+This is svn r1631 at <svn://vcs.exim.org/pcre/code>.
+
+Index: trunk/testdata/testoutput11-16
+===================================================================
+--- trunk/testdata/testoutput11-16	(revision 1630)
++++ trunk/testdata/testoutput11-16	(revision 1631)
+@@ -765,4 +765,7 @@
+  25     End
+ ------------------------------------------------------------------
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: regular expression is too complicated at offset 490
++
+ /-- End of testinput11 --/
+Index: trunk/testdata/testinput11
+===================================================================
+--- trunk/testdata/testinput11	(revision 1630)
++++ trunk/testdata/testinput11	(revision 1631)
+@@ -138,4 +138,6 @@
+ 
+ /.((?2)(?R)\1)()/B
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++
+ /-- End of testinput11 --/
+Index: trunk/testdata/testoutput11-8
+===================================================================
+--- trunk/testdata/testoutput11-8	(revision 1630)
++++ trunk/testdata/testoutput11-8	(revision 1631)
+@@ -765,4 +765,7 @@
+  38     End
+ ------------------------------------------------------------------
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: missing ) at offset 509
++
+ /-- End of testinput11 --/
+Index: trunk/testdata/testoutput11-32
+===================================================================
+--- trunk/testdata/testoutput11-32	(revision 1630)
++++ trunk/testdata/testoutput11-32	(revision 1631)
+@@ -765,4 +765,7 @@
+  25     End
+ ------------------------------------------------------------------
+ 
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: missing ) at offset 509
++
+ /-- End of testinput11 --/
+Index: trunk/pcre_internal.h
+===================================================================
+--- trunk/pcre_internal.h	(revision 1630)
++++ trunk/pcre_internal.h	(revision 1631)
+@@ -7,7 +7,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+ 
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2014 University of Cambridge
++           Copyright (c) 1997-2016 University of Cambridge
+ 
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -2289,7 +2289,7 @@
+        ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
+        ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
+        ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
+-       ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
++       ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
+ 
+ /* JIT compiling modes. The function list is indexed by them. */
+ 
+Index: trunk/pcre_compile.c
+===================================================================
+--- trunk/pcre_compile.c	(revision 1630)
++++ trunk/pcre_compile.c	(revision 1631)
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+ 
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2014 University of Cambridge
++           Copyright (c) 1997-2016 University of Cambridge
+ 
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -560,6 +560,7 @@
+   /* 85 */
+   "parentheses are too deeply nested (stack check)\0"
+   "digits missing in \\x{} or \\o{}\0"
++  "regular expression is too complicated\0"
+   ;
+ 
+ /* Table to identify digits and hex digits. This is used when compiling
+@@ -4591,7 +4592,8 @@
+     if (code > cd->start_workspace + cd->workspace_size -
+         WORK_SIZE_SAFETY_MARGIN)                       /* Check for overrun */
+       {
+-      *errorcodeptr = ERR52;
++      *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
++        ERR52 : ERR87;
+       goto FAILED;
+       }
+ 
+@@ -6626,8 +6628,21 @@
+             cd->had_accept = TRUE;
+             for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+               {
+-              *code++ = OP_CLOSE;
+-              PUT2INC(code, 0, oc->number);
++              if (lengthptr != NULL)
++                {
++#ifdef COMPILE_PCRE8
++                *lengthptr += 1 + IMM2_SIZE;
++#elif defined COMPILE_PCRE16
++                *lengthptr += 2 + IMM2_SIZE;
++#elif defined COMPILE_PCRE32
++                *lengthptr += 4 + IMM2_SIZE;
++#endif
++                }
++              else
++                {
++                *code++ = OP_CLOSE;
++                PUT2INC(code, 0, oc->number);
++                }
+               }
+             setverb = *code++ =
+               (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
+Index: trunk/pcreposix.c
+===================================================================
+--- trunk/pcreposix.c	(revision 1630)
++++ trunk/pcreposix.c	(revision 1631)
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+ 
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2014 University of Cambridge
++           Copyright (c) 1997-2016 University of Cambridge
+ 
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -173,7 +173,8 @@
+   REG_BADPAT,  /* group name must start with a non-digit */
+   /* 85 */
+   REG_BADPAT,  /* parentheses too deeply nested (stack check) */
+-  REG_BADPAT   /* missing digits in \x{} or \o{} */
++  REG_BADPAT,  /* missing digits in \x{} or \o{} */
++  REG_BADPAT   /* pattern too complicated */
+ };
+ 
+ /* Table of texts corresponding to POSIX error codes */
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index d2933bbe38..9794def4c1 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -22,6 +22,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu))
@@ -30,6 +31,7 @@
   (package
    (name "pcre")
    (version "8.38")
+   (replacement pcre-fixed)
    (source (origin
             (method url-fetch)
             (uri (list
@@ -65,6 +67,13 @@ POSIX regular expression API.")
    (license license:bsd-3)
    (home-page "http://www.pcre.org/")))
 
+(define pcre-fixed                                ;for CVE-2016-3191
+  (package
+    (inherit pcre)
+    (source (origin
+              (inherit (package-source pcre))
+              (patches (list (search-patch "pcre-CVE-2016-3191.patch")))))))
+
 (define-public pcre2
   (package
     (name "pcre2")