summary refs log tree commit diff
path: root/gnu/packages
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-04-10 15:29:28 +0200
committerLudovic Courtès <ludo@gnu.org>2017-04-10 23:54:46 +0200
commit18d0cec29e22cdbc27c486129d1a1425de27f03f (patch)
treee716457f66f85d3a4c87d59c2e236c7f3e8958aa /gnu/packages
parent81eaa3f8579df42dbf0410db78b45a718fc544e7 (diff)
downloadguix-18d0cec29e22cdbc27c486129d1a1425de27f03f.tar.gz
gnu: pcre2: Patch CVE-2017-7186.
* gnu/packages/patches/pcre2-CVE-2017-7186.patch: New file.
* gnu/packages/pcre.scm (pcre2)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages')
-rw-r--r--gnu/packages/patches/pcre2-CVE-2017-7186.patch68
-rw-r--r--gnu/packages/pcre.scm3
2 files changed, 70 insertions, 1 deletions
diff --git a/gnu/packages/patches/pcre2-CVE-2017-7186.patch b/gnu/packages/patches/pcre2-CVE-2017-7186.patch
new file mode 100644
index 0000000000..5c16955aaa
--- /dev/null
+++ b/gnu/packages/patches/pcre2-CVE-2017-7186.patch
@@ -0,0 +1,68 @@
+Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
+taken from <https://vcs.pcre.org/pcre2?view=revision&revision=670>.
+
+--- trunk/src/pcre2_internal.h	2016/11/19 12:46:24	600
++++ trunk/src/pcre2_internal.h	2017/02/24 18:25:32	670
+@@ -1774,10 +1774,17 @@
+ /* UCD access macros */
+ 
+ #define UCD_BLOCK_SIZE 128
+-#define GET_UCD(ch) (PRIV(ucd_records) + \
++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
+         PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
+         UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
+ 
++#if PCRE2_CODE_UNIT_WIDTH == 32
++#define GET_UCD(ch) ((ch > MAX_UTF_CODE_POINT)? \
++  PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
++#else
++#define GET_UCD(ch) REAL_GET_UCD(ch)
++#endif
++
+ #define UCD_CHARTYPE(ch)    GET_UCD(ch)->chartype
+ #define UCD_SCRIPT(ch)      GET_UCD(ch)->script
+ #define UCD_CATEGORY(ch)    PRIV(ucp_gentype)[UCD_CHARTYPE(ch)]
+@@ -1834,6 +1841,9 @@
+ #define _pcre2_default_compile_context PCRE2_SUFFIX(_pcre2_default_compile_context_)
+ #define _pcre2_default_match_context   PCRE2_SUFFIX(_pcre2_default_match_context_)
+ #define _pcre2_default_tables          PCRE2_SUFFIX(_pcre2_default_tables_)
++#if PCRE2_CODE_UNIT_WIDTH == 32
++#define _pcre2_dummy_ucd_record        PCRE2_SUFFIX(_pcre2_dummy_ucd_record_)
++#endif
+ #define _pcre2_hspace_list             PCRE2_SUFFIX(_pcre2_hspace_list_)
+ #define _pcre2_vspace_list             PCRE2_SUFFIX(_pcre2_vspace_list_)
+ #define _pcre2_ucd_caseless_sets       PCRE2_SUFFIX(_pcre2_ucd_caseless_sets_)
+@@ -1858,6 +1868,9 @@
+ extern const uint32_t                  PRIV(vspace_list)[];
+ extern const uint32_t                  PRIV(ucd_caseless_sets)[];
+ extern const ucd_record                PRIV(ucd_records)[];
++#if PCRE2_CODE_UNIT_WIDTH == 32
++extern const ucd_record                PRIV(dummy_ucd_record)[];
++#endif
+ extern const uint8_t                   PRIV(ucd_stage1)[];
+ extern const uint16_t                  PRIV(ucd_stage2)[];
+ extern const uint32_t                  PRIV(ucp_gbtable)[];
+
+--- trunk/src/pcre2_ucd.c	2015/07/17 15:44:51	316
++++ trunk/src/pcre2_ucd.c	2017/02/24 18:25:32	670
+@@ -41,6 +41,20 @@
+ 
+ const char *PRIV(unicode_version) = "8.0.0";
+ 
++/* If the 32-bit library is run in non-32-bit mode, character values
++greater than 0x10ffff may be encountered. For these we set up a
++special record. */
++
++#if PCRE2_CODE_UNIT_WIDTH == 32
++const ucd_record PRIV(dummy_ucd_record)[] = {{
++  ucp_Common,    /* script */
++  ucp_Cn,        /* type unassigned */
++  ucp_gbOther,   /* grapheme break property */
++  0,             /* case set */
++  0,             /* other case */
++  }};
++#endif
++
+ /* When recompiling tables with a new Unicode version, please check the
+ types in this structure definition from pcre2_internal.h (the actual
+ field names will be different):
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 011a30dd38..9f610e59fd 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -81,7 +81,8 @@ POSIX regular expression API.")
 
               (sha256
                (base32
-                "0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz"))))
+                "0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz"))
+              (patches (search-patches "pcre2-CVE-2017-7186.patch"))))
    (build-system gnu-build-system)
    (inputs `(("bzip2" ,bzip2)
              ("readline" ,readline)