summary refs log tree commit diff
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2018-02-28 18:23:28 +0100
committerTobias Geerinckx-Rice <me@tobias.gr>2018-02-28 18:23:31 +0100
commit8297ff0f931a677c51ca7c64a844a55cd6cd2ef4 (patch)
tree288e5e6e3bf0e8dfc8d10aacd612941455fb486a
parent3d185f5562291ca2879fc703dbe61ed99fa929ad (diff)
downloadguix-8297ff0f931a677c51ca7c64a844a55cd6cd2ef4.tar.gz
gnu: pcre2: Update to 10.31.
* gnu/packages/pcre.scm (pcre2): Update to 10.31.
[source]: Remove upstreamed patches.
* gnu/packages/patches/pcre2-CVE-2017-7186.patch: Delete this file...
* gnu/packages/patches/pcre2-CVE-2017-8786.patch: ...and this one.
* gnu/local.mk (dist_patch_DATA): Remove them.
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/patches/pcre2-CVE-2017-7186.patch68
-rw-r--r--gnu/packages/patches/pcre2-CVE-2017-8786.patch155
-rw-r--r--gnu/packages/pcre.scm7
4 files changed, 3 insertions, 229 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 6cc73cb946..2df11950c5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -961,8 +961,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/patchutils-xfail-gendiff-tests.patch	\
   %D%/packages/patches/patch-hurd-path-max.patch		\
   %D%/packages/patches/pcmanfm-CVE-2017-8934.patch		\
-  %D%/packages/patches/pcre2-CVE-2017-7186.patch		\
-  %D%/packages/patches/pcre2-CVE-2017-8786.patch		\
   %D%/packages/patches/perl-file-path-CVE-2017-6512.patch	\
   %D%/packages/patches/perl-autosplit-default-time.patch	\
   %D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch	\
diff --git a/gnu/packages/patches/pcre2-CVE-2017-7186.patch b/gnu/packages/patches/pcre2-CVE-2017-7186.patch
deleted file mode 100644
index 5c16955aaa..0000000000
--- a/gnu/packages/patches/pcre2-CVE-2017-7186.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
-taken from <https://vcs.pcre.org/pcre2?view=revision&revision=670>.
-
---- trunk/src/pcre2_internal.h	2016/11/19 12:46:24	600
-+++ trunk/src/pcre2_internal.h	2017/02/24 18:25:32	670
-@@ -1774,10 +1774,17 @@
- /* UCD access macros */
- 
- #define UCD_BLOCK_SIZE 128
--#define GET_UCD(ch) (PRIV(ucd_records) + \
-+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
-         PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
-         UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
- 
-+#if PCRE2_CODE_UNIT_WIDTH == 32
-+#define GET_UCD(ch) ((ch > MAX_UTF_CODE_POINT)? \
-+  PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
-+#else
-+#define GET_UCD(ch) REAL_GET_UCD(ch)
-+#endif
-+
- #define UCD_CHARTYPE(ch)    GET_UCD(ch)->chartype
- #define UCD_SCRIPT(ch)      GET_UCD(ch)->script
- #define UCD_CATEGORY(ch)    PRIV(ucp_gentype)[UCD_CHARTYPE(ch)]
-@@ -1834,6 +1841,9 @@
- #define _pcre2_default_compile_context PCRE2_SUFFIX(_pcre2_default_compile_context_)
- #define _pcre2_default_match_context   PCRE2_SUFFIX(_pcre2_default_match_context_)
- #define _pcre2_default_tables          PCRE2_SUFFIX(_pcre2_default_tables_)
-+#if PCRE2_CODE_UNIT_WIDTH == 32
-+#define _pcre2_dummy_ucd_record        PCRE2_SUFFIX(_pcre2_dummy_ucd_record_)
-+#endif
- #define _pcre2_hspace_list             PCRE2_SUFFIX(_pcre2_hspace_list_)
- #define _pcre2_vspace_list             PCRE2_SUFFIX(_pcre2_vspace_list_)
- #define _pcre2_ucd_caseless_sets       PCRE2_SUFFIX(_pcre2_ucd_caseless_sets_)
-@@ -1858,6 +1868,9 @@
- extern const uint32_t                  PRIV(vspace_list)[];
- extern const uint32_t                  PRIV(ucd_caseless_sets)[];
- extern const ucd_record                PRIV(ucd_records)[];
-+#if PCRE2_CODE_UNIT_WIDTH == 32
-+extern const ucd_record                PRIV(dummy_ucd_record)[];
-+#endif
- extern const uint8_t                   PRIV(ucd_stage1)[];
- extern const uint16_t                  PRIV(ucd_stage2)[];
- extern const uint32_t                  PRIV(ucp_gbtable)[];
-
---- trunk/src/pcre2_ucd.c	2015/07/17 15:44:51	316
-+++ trunk/src/pcre2_ucd.c	2017/02/24 18:25:32	670
-@@ -41,6 +41,20 @@
- 
- const char *PRIV(unicode_version) = "8.0.0";
- 
-+/* If the 32-bit library is run in non-32-bit mode, character values
-+greater than 0x10ffff may be encountered. For these we set up a
-+special record. */
-+
-+#if PCRE2_CODE_UNIT_WIDTH == 32
-+const ucd_record PRIV(dummy_ucd_record)[] = {{
-+  ucp_Common,    /* script */
-+  ucp_Cn,        /* type unassigned */
-+  ucp_gbOther,   /* grapheme break property */
-+  0,             /* case set */
-+  0,             /* other case */
-+  }};
-+#endif
-+
- /* When recompiling tables with a new Unicode version, please check the
- types in this structure definition from pcre2_internal.h (the actual
- field names will be different):
diff --git a/gnu/packages/patches/pcre2-CVE-2017-8786.patch b/gnu/packages/patches/pcre2-CVE-2017-8786.patch
deleted file mode 100644
index 6071d58f07..0000000000
--- a/gnu/packages/patches/pcre2-CVE-2017-8786.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-Fix CVE-2017-8786:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8786
-https://bugs.exim.org/show_bug.cgi?id=2079
-https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/
-
-Patch copied from upstream source repository:
-
-https://vcs.pcre.org/pcre2?view=revision&revision=696
-https://vcs.pcre.org/pcre2?view=revision&revision=697
-
---- trunk/doc/pcre2api.3	2017/03/21 16:48:40	695
-+++ trunk/doc/pcre2api.3	2017/03/21 17:46:21	696
-@@ -1,4 +1,4 @@
--.TH PCRE2API 3 "24 December 2016" "PCRE2 10.23"
-+.TH PCRE2API 3 "21 March 2017" "PCRE2 10.30"
- .SH NAME
- PCRE2 - Perl-compatible regular expressions (revised API)
- .sp
-@@ -2633,8 +2633,8 @@
- A text message for an error code from any PCRE2 function (compile, match, or
- auxiliary) can be obtained by calling \fBpcre2_get_error_message()\fP. The code
- is passed as the first argument, with the remaining two arguments specifying a
--code unit buffer and its length, into which the text message is placed. Note
--that the message is returned in code units of the appropriate width for the
-+code unit buffer and its length in code units, into which the text message is
-+placed. The message is returned in code units of the appropriate width for the
- library that is being used.
- .P
- The returned message is terminated with a trailing zero, and the function
-@@ -3321,6 +3321,6 @@
- .rs
- .sp
- .nf
--Last updated: 23 December 2016
--Copyright (c) 1997-2016 University of Cambridge.
-+Last updated: 21 March 2017
-+Copyright (c) 1997-2017 University of Cambridge.
- .fi
---- trunk/src/pcre2_error.c	2017/03/21 16:48:40	695
-+++ trunk/src/pcre2_error.c	2017/03/21 17:46:21	696
-@@ -271,7 +271,7 @@
- Arguments:
-   enumber       error number
-   buffer        where to put the message (zero terminated)
--  size          size of the buffer
-+  size          size of the buffer in code units
- 
- Returns:        length of message if all is well
-                 negative on error
---- trunk/src/pcre2test.c	2017/03/21 17:46:21	696
-+++ trunk/src/pcre2test.c	2017/03/21 18:36:13	697
-@@ -1017,9 +1017,9 @@
-   if (test_mode == PCRE8_MODE) \
-     r = pcre2_get_error_message_8(a,G(b,8),G(G(b,8),_size)); \
-   else if (test_mode == PCRE16_MODE) \
--    r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size)); \
-+    r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2)); \
-   else \
--    r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
-+    r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
- 
- #define PCRE2_GET_OVECTOR_COUNT(a,b) \
-   if (test_mode == PCRE8_MODE) \
-@@ -1399,6 +1399,9 @@
- 
- /* ----- Common macros for two-mode cases ----- */
- 
-+#define BYTEONE (BITONE/8)
-+#define BYTETWO (BITTWO/8)
-+
- #define CASTFLD(t,a,b) \
-   ((test_mode == G(G(PCRE,BITONE),_MODE))? (t)(G(a,BITONE)->b) : \
-     (t)(G(a,BITTWO)->b))
-@@ -1481,9 +1484,9 @@
- 
- #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
-   if (test_mode == G(G(PCRE,BITONE),_MODE)) \
--    r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size)); \
-+    r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size/BYTEONE)); \
-   else \
--    r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size))
-+    r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size/BYTETWO))
- 
- #define PCRE2_GET_OVECTOR_COUNT(a,b) \
-   if (test_mode == G(G(PCRE,BITONE),_MODE)) \
-@@ -1904,7 +1907,7 @@
- #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
-   a = pcre2_dfa_match_16(G(b,16),(PCRE2_SPTR16)c,d,e,f,G(g,16),h,i,j)
- #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
--  r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size))
-+  r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2))
- #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_16(G(b,16))
- #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_16(G(b,16))
- #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_16(G(a,16),b)
-@@ -2000,7 +2003,7 @@
- #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
-   a = pcre2_dfa_match_32(G(b,32),(PCRE2_SPTR32)c,d,e,f,G(g,32),h,i,j)
- #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
--  r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
-+  r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
- #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_32(G(b,32))
- #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_32(G(b,32))
- #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_32(G(a,32),b)
---- trunk/src/pcre2test.c	2017/03/21 16:48:40	695
-+++ trunk/src/pcre2test.c	2017/03/21 17:46:21	696
-@@ -2889,7 +2889,7 @@
-   {
-   if (pbuffer32 != NULL) free(pbuffer32);
-   pbuffer32_size = 4*len + 4;
--  if (pbuffer32_size < 256) pbuffer32_size = 256;
-+  if (pbuffer32_size < 512) pbuffer32_size = 512;
-   pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
-   if (pbuffer32 == NULL)
-     {
-@@ -7600,7 +7600,8 @@
-   int errcode;
-   char *endptr;
- 
--/* Ensure the relevant non-8-bit buffer is available. */
-+/* Ensure the relevant non-8-bit buffer is available. Ensure that it is at 
-+least 128 code units, because it is used for retrieving error messages. */
- 
- #ifdef SUPPORT_PCRE2_16
-   if (test_mode == PCRE16_MODE)
-@@ -7620,7 +7621,7 @@
- #ifdef SUPPORT_PCRE2_32
-   if (test_mode == PCRE32_MODE)
-     {
--    pbuffer32_size = 256;
-+    pbuffer32_size = 512;
-     pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
-     if (pbuffer32 == NULL)
-       {
---- trunk/testdata/testinput2	2017/03/21 16:48:40	695
-+++ trunk/testdata/testinput2	2017/03/21 17:46:21	696
-@@ -5017,4 +5017,6 @@
- 
- /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
- 
-+/\g{3/
-+
- # End of testinput2 
---- trunk/testdata/testoutput2	2017/03/21 16:48:40	695
-+++ trunk/testdata/testoutput2	2017/03/21 17:46:21	696
-@@ -15570,6 +15570,9 @@
- 
- /(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
- 
-+/\g{3/
-+Failed: error 157 at offset 2: \g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
-+
- # End of testinput2 
- Error -63: PCRE2_ERROR_BADDATA (unknown error number)
- Error -62: bad serialized data
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index ee853d5015..5719b7bb45 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -75,7 +76,7 @@ POSIX regular expression API.")
 (define-public pcre2
   (package
     (name "pcre2")
-    (version "10.23")
+    (version "10.31")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/pcre/pcre2/"
@@ -83,9 +84,7 @@ POSIX regular expression API.")
 
               (sha256
                (base32
-                "0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz"))
-              (patches (search-patches "pcre2-CVE-2017-7186.patch"
-                                       "pcre2-CVE-2017-8786.patch"))))
+                "1b389pzw91k1hzydsh4smdsxyppwz4pv74m3nrvy8rda0j3m6zg0"))))
    (build-system gnu-build-system)
    (inputs `(("bzip2" ,bzip2)
              ("readline" ,readline)