summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/pcre2-CVE-2016-3191.patch179
-rw-r--r--gnu/packages/pcre.scm15
3 files changed, 11 insertions, 184 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index e3bf241c8e..ee40c1bd30 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -811,7 +811,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/patchutils-xfail-gendiff-tests.patch	\
   %D%/packages/patches/patch-hurd-path-max.patch		\
   %D%/packages/patches/pcre-CVE-2016-3191.patch			\
-  %D%/packages/patches/pcre2-CVE-2016-3191.patch		\
   %D%/packages/patches/perl-autosplit-default-time.patch	\
   %D%/packages/patches/perl-deterministic-ordering.patch	\
   %D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
diff --git a/gnu/packages/patches/pcre2-CVE-2016-3191.patch b/gnu/packages/patches/pcre2-CVE-2016-3191.patch
deleted file mode 100644
index 80f9d3d4f1..0000000000
--- a/gnu/packages/patches/pcre2-CVE-2016-3191.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-Fixes CVE-2016-3191 (remote execution of arbitrary code or denial of
-service (stack-based buffer overflow) via a crafted regular expression).
-
-See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>.
-
-This is svn r489 at <svn://vcs.exim.org/pcre2/code>, omitting the
-changes to 'testdata/testoutput8-16-4', which does not exist in the
-source tarball.
-
-git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@489 6239d852-aaf2-0410-a92c-79f79f948069
----
- ChangeLog                 |  4 ++++
- src/pcre2_compile.c       | 16 ++++++++++++++--
- testdata/testinput8       |  2 ++
- testdata/testoutput8-16-2 |  3 +++
- testdata/testoutput8-16-3 |  3 +++
- testdata/testoutput8-16-4 |  3 +++
- testdata/testoutput8-32-2 |  3 +++
- testdata/testoutput8-32-3 |  3 +++
- testdata/testoutput8-32-4 |  3 +++
- testdata/testoutput8-8-2  |  3 +++
- testdata/testoutput8-8-3  |  3 +++
- testdata/testoutput8-8-4  |  3 +++
- 12 files changed, 47 insertions(+), 2 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 3ce0207..65e333e 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -58,6 +58,10 @@ some head-scratching the next time this happens.
- assertion, caused pcre2test to output a very large number of spaces when the 
- callout was taken, making the program appearing to loop.
- 
-+12. A pattern that included (*ACCEPT) in the middle of a sufficiently deeply 
-+nested set of parentheses of sufficient size caused an overflow of the 
-+compiling workspace (which was diagnosed, but of course is not desirable).
-+
- 
- Version 10.21 12-January-2016
- -----------------------------
-diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
-index e33d620..887fbfd 100644
---- a/src/pcre2_compile.c
-+++ b/src/pcre2_compile.c
-@@ -5901,10 +5901,22 @@ for (;; ptr++)
-               goto FAILED;
-               }
-             cb->had_accept = TRUE;
-+            
-+            /* In the first pass, just accumulate the length required;
-+            otherwise hitting (*ACCEPT) inside many nested parentheses can
-+            cause workspace overflow. */
-+              
-             for (oc = cb->open_caps; oc != NULL; oc = oc->next)
-               {
--              *code++ = OP_CLOSE;
--              PUT2INC(code, 0, oc->number);
-+              if (lengthptr != NULL)
-+                {
-+                *lengthptr += CU2BYTES(1) + IMM2_SIZE; 
-+                }
-+              else
-+                {       
-+                *code++ = OP_CLOSE;
-+                PUT2INC(code, 0, oc->number);
-+                } 
-               }
-             setverb = *code++ =
-               (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
-diff --git a/testdata/testinput8 b/testdata/testinput8
-index ca3b1b9..7e2a1f0 100644
---- a/testdata/testinput8
-+++ b/testdata/testinput8
-@@ -182,4 +182,6 @@
- 
- /((?1)(?2)(?3)(?4)(?5)(?6)(?7)(?8)(?9)(?9)(?8)(?7)(?6)(?5)(?4)(?3)(?2)(?1)(?0)){2,}()()()()()()()()()/debug
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-16-2 b/testdata/testoutput8-16-2
-index 05669bb..a5e8dec 100644
---- a/testdata/testoutput8-16-2
-+++ b/testdata/testoutput8-16-2
-@@ -1027,4 +1027,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 186 at offset 490: regular expression is too complicated
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-16-3 b/testdata/testoutput8-16-3
-index 31884e1..36133b3 100644
---- a/testdata/testoutput8-16-3
-+++ b/testdata/testoutput8-16-3
-@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-32-2 b/testdata/testoutput8-32-2
-index babd0c7..99c4fad 100644
---- a/testdata/testoutput8-32-2
-+++ b/testdata/testoutput8-32-2
-@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-32-3 b/testdata/testoutput8-32-3
-index babd0c7..99c4fad 100644
---- a/testdata/testoutput8-32-3
-+++ b/testdata/testoutput8-32-3
-@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-32-4 b/testdata/testoutput8-32-4
-index babd0c7..99c4fad 100644
---- a/testdata/testoutput8-32-4
-+++ b/testdata/testoutput8-32-4
-@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-8-2 b/testdata/testoutput8-8-2
-index 6a9aa0a..6dc1f42 100644
---- a/testdata/testoutput8-8-2
-+++ b/testdata/testoutput8-8-2
-@@ -1026,4 +1026,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-8-3 b/testdata/testoutput8-8-3
-index 2fe1168..ae14946 100644
---- a/testdata/testoutput8-8-3
-+++ b/testdata/testoutput8-8-3
-@@ -1024,4 +1024,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-8-4 b/testdata/testoutput8-8-4
-index 91993b2..6c79956 100644
---- a/testdata/testoutput8-8-4
-+++ b/testdata/testoutput8-8-4
-@@ -1022,4 +1022,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
- 
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
--- 
-2.8.3
-
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index fe9157af12..8b92e47a4d 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -73,16 +74,15 @@ POSIX regular expression API.")
 (define-public pcre2
   (package
     (name "pcre2")
-    (version "10.21")
+    (version "10.23")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/pcre/pcre2/"
                                   version "/pcre2-" version ".tar.bz2"))
 
-              (patches (search-patches "pcre2-CVE-2016-3191.patch"))
               (sha256
                (base32
-                "1q6lrj9b08l1q39vxipb0fi88x6ybvkr6439h8bjb9r8jd81fsn6"))))
+                "0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz"))))
    (build-system gnu-build-system)
    (inputs `(("bzip2" ,bzip2)
              ("readline" ,readline)
@@ -95,7 +95,14 @@ POSIX regular expression API.")
                           "--enable-unicode-properties"
                           "--enable-pcre2-16"
                           "--enable-pcre2-32"
-                          "--enable-jit")))
+                          "--enable-jit")
+      #:phases
+      (modify-phases %standard-phases
+        (add-after 'unpack 'patch-paths
+          (lambda _
+            (substitute* "RunGrepTest"
+              (("/bin/echo") (which "echo")))
+            #t)))))
    (synopsis "Perl Compatible Regular Expressions")
    (description
     "The PCRE library is a set of functions that implement regular expression