Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[7350] branches/1.0/package/pcre
|
From: <abe...@us...> - 2015-11-25 14:35:53
|
Revision: 7350
http://sourceforge.net/p/astlinux/code/7350
Author: abelbeck
Date: 2015-11-25 14:35:50 +0000 (Wed, 25 Nov 2015)
Log Message:
-----------
pcre, version bump to 8.38
Fixes:
Ref: https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html
Modified Paths:
--------------
branches/1.0/package/pcre/pcre.mk
Removed Paths:
-------------
branches/1.0/package/pcre/pcre-pre-8.38-security-fixes.patch
Deleted: branches/1.0/package/pcre/pcre-pre-8.38-security-fixes.patch
===================================================================
--- branches/1.0/package/pcre/pcre-pre-8.38-security-fixes.patch 2015-11-24 18:36:52 UTC (rev 7349)
+++ branches/1.0/package/pcre/pcre-pre-8.38-security-fixes.patch 2015-11-25 14:35:50 UTC (rev 7350)
@@ -1,359 +0,0 @@
---- pcre-8.37/pcre_compile.c 2015/04/14 17:02:30 1548
-+++ pcre-8.37/pcre_compile.c 2015/06/03 16:51:59 1562
-@@ -1799,7 +1799,7 @@
- case OP_ASSERTBACK:
- case OP_ASSERTBACK_NOT:
- do cc += GET(cc, 1); while (*cc == OP_ALT);
-- cc += PRIV(OP_lengths)[*cc];
-+ cc += 1 + LINK_SIZE;
- break;
-
- /* Skip over things that don't match chars */
-@@ -3985,11 +3985,12 @@
- is called, the partially compiled regex must be temporarily terminated with
- OP_END.
-
--This function has been extended with the possibility of forward references for
--recursions and subroutine calls. It must also check the list of such references
--for the group we are dealing with. If it finds that one of the recursions in
--the current group is on this list, it adjusts the offset in the list, not the
--value in the reference (which is a group number).
-+This function has been extended to cope with forward references for recursions
-+and subroutine calls. It must check the list of such references for the
-+group we are dealing with. If it finds that one of the recursions in the
-+current group is on this list, it does not adjust the value in the reference
-+(which is a group number). After the group has been scanned, all the offsets in
-+the forward reference list for the group are adjusted.
-
- Arguments:
- group points to the start of the group
-@@ -4005,29 +4006,21 @@
- adjust_recurse(pcre_uchar *group, int adjust, BOOL utf, compile_data *cd,
- size_t save_hwm_offset)
- {
-+int offset;
-+pcre_uchar *hc;
- pcre_uchar *ptr = group;
-
- while ((ptr = (pcre_uchar *)find_recurse(ptr, utf)) != NULL)
- {
-- int offset;
-- pcre_uchar *hc;
--
-- /* See if this recursion is on the forward reference list. If so, adjust the
-- reference. */
--
- for (hc = (pcre_uchar *)cd->start_workspace + save_hwm_offset; hc < cd->hwm;
- hc += LINK_SIZE)
- {
- offset = (int)GET(hc, 0);
-- if (cd->start_code + offset == ptr + 1)
-- {
-- PUT(hc, 0, offset + adjust);
-- break;
-- }
-+ if (cd->start_code + offset == ptr + 1) break;
- }
-
-- /* Otherwise, adjust the recursion offset if it's after the start of this
-- group. */
-+ /* If we have not found this recursion on the forward reference list, adjust
-+ the recursion's offset if it's after the start of this group. */
-
- if (hc >= cd->hwm)
- {
-@@ -4037,6 +4030,15 @@
-
- ptr += 1 + LINK_SIZE;
- }
-+
-+/* Now adjust all forward reference offsets for the group. */
-+
-+for (hc = (pcre_uchar *)cd->start_workspace + save_hwm_offset; hc < cd->hwm;
-+ hc += LINK_SIZE)
-+ {
-+ offset = (int)GET(hc, 0);
-+ PUT(hc, 0, offset + adjust);
-+ }
- }
-
-
-@@ -4465,7 +4467,7 @@
- const pcre_uchar *nestptr = NULL;
- pcre_uchar *previous = NULL;
- pcre_uchar *previous_callout = NULL;
--size_t save_hwm_offset = 0;
-+size_t item_hwm_offset = 0;
- pcre_uint8 classbits[32];
-
- /* We can fish out the UTF-8 setting once and for all into a BOOL, but we
-@@ -4767,6 +4769,7 @@
- zeroreqchar = reqchar;
- zeroreqcharflags = reqcharflags;
- previous = code;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
- *code++ = ((options & PCRE_DOTALL) != 0)? OP_ALLANY: OP_ANY;
- break;
-
-@@ -4818,6 +4821,7 @@
- /* Handle a real character class. */
-
- previous = code;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
-
- /* PCRE supports POSIX class stuff inside a class. Perl gives an error if
- they are encountered at the top level, so we'll do that too. */
-@@ -5930,7 +5934,7 @@
- {
- register int i;
- int len = (int)(code - previous);
-- size_t base_hwm_offset = save_hwm_offset;
-+ size_t base_hwm_offset = item_hwm_offset;
- pcre_uchar *bralink = NULL;
- pcre_uchar *brazeroptr = NULL;
-
-@@ -5985,7 +5989,7 @@
- if (repeat_max <= 1) /* Covers 0, 1, and unlimited */
- {
- *code = OP_END;
-- adjust_recurse(previous, 1, utf, cd, save_hwm_offset);
-+ adjust_recurse(previous, 1, utf, cd, item_hwm_offset);
- memmove(previous + 1, previous, IN_UCHARS(len));
- code++;
- if (repeat_max == 0)
-@@ -6009,7 +6013,7 @@
- {
- int offset;
- *code = OP_END;
-- adjust_recurse(previous, 2 + LINK_SIZE, utf, cd, save_hwm_offset);
-+ adjust_recurse(previous, 2 + LINK_SIZE, utf, cd, item_hwm_offset);
- memmove(previous + 2 + LINK_SIZE, previous, IN_UCHARS(len));
- code += 2 + LINK_SIZE;
- *previous++ = OP_BRAZERO + repeat_type;
-@@ -6267,7 +6271,7 @@
- {
- int nlen = (int)(code - bracode);
- *code = OP_END;
-- adjust_recurse(bracode, 1 + LINK_SIZE, utf, cd, save_hwm_offset);
-+ adjust_recurse(bracode, 1 + LINK_SIZE, utf, cd, item_hwm_offset);
- memmove(bracode + 1 + LINK_SIZE, bracode, IN_UCHARS(nlen));
- code += 1 + LINK_SIZE;
- nlen += 1 + LINK_SIZE;
-@@ -6401,7 +6405,7 @@
- else
- {
- *code = OP_END;
-- adjust_recurse(tempcode, 1 + LINK_SIZE, utf, cd, save_hwm_offset);
-+ adjust_recurse(tempcode, 1 + LINK_SIZE, utf, cd, item_hwm_offset);
- memmove(tempcode + 1 + LINK_SIZE, tempcode, IN_UCHARS(len));
- code += 1 + LINK_SIZE;
- len += 1 + LINK_SIZE;
-@@ -6450,7 +6454,7 @@
-
- default:
- *code = OP_END;
-- adjust_recurse(tempcode, 1 + LINK_SIZE, utf, cd, save_hwm_offset);
-+ adjust_recurse(tempcode, 1 + LINK_SIZE, utf, cd, item_hwm_offset);
- memmove(tempcode + 1 + LINK_SIZE, tempcode, IN_UCHARS(len));
- code += 1 + LINK_SIZE;
- len += 1 + LINK_SIZE;
-@@ -6623,7 +6627,7 @@
- newoptions = options;
- skipbytes = 0;
- bravalue = OP_CBRA;
-- save_hwm_offset = cd->hwm - cd->start_workspace;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
- reset_bracount = FALSE;
-
- /* Deal with the extended parentheses; all are introduced by '?', and the
-@@ -6769,7 +6773,7 @@
- ptr++;
- }
- namelen = (int)(ptr - name);
-- if (lengthptr != NULL) *lengthptr += IMM2_SIZE;
-+ if (lengthptr != NULL) skipbytes += IMM2_SIZE;
- }
-
- /* Check the terminator */
-@@ -7173,14 +7177,26 @@
- number. If the name is not found, set the value to 0 for a forward
- reference. */
-
-+ recno = 0;
- ng = cd->named_groups;
- for (i = 0; i < cd->names_found; i++, ng++)
- {
- if (namelen == ng->length &&
- STRNCMP_UC_UC(name, ng->name, namelen) == 0)
-- break;
-+ {
-+ open_capitem *oc;
-+ recno = ng->number;
-+ if (is_recurse) break;
-+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
-+ {
-+ if (oc->number == recno)
-+ {
-+ oc->flag = TRUE;
-+ break;
-+ }
-+ }
-+ }
- }
-- recno = (i < cd->names_found)? ng->number : 0;
-
- /* Count named back references. */
-
-@@ -7191,6 +7207,19 @@
- 16-bit data item. */
-
- *lengthptr += IMM2_SIZE;
-+
-+ /* If this is a forward reference and we are within a (?|...) group,
-+ the reference may end up as the number of a group which we are
-+ currently inside, that is, it could be a recursive reference. In the
-+ real compile this will be picked up and the reference wrapped with
-+ OP_ONCE to make it atomic, so we must space in case this occurs. */
-+
-+ /* In fact, this can happen for a non-forward reference because
-+ another group with the same number might be created later. This
-+ issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
-+ only mode, we finesse the bug by allowing more memory always. */
-+
-+ /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
- }
-
- /* In the real compile, search the name table. We check the name
-@@ -7247,6 +7276,7 @@
- {
- if (firstcharflags == REQ_UNSET) firstcharflags = REQ_NONE;
- previous = code;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
- *code++ = ((options & PCRE_CASELESS) != 0)? OP_DNREFI : OP_DNREF;
- PUT2INC(code, 0, index);
- PUT2INC(code, 0, count);
-@@ -7360,6 +7390,7 @@
- HANDLE_RECURSION:
-
- previous = code;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
- called = cd->start_code;
-
- /* When we are actually compiling, find the bracket that is being
-@@ -7561,7 +7592,11 @@
- previous = NULL;
- cd->iscondassert = FALSE;
- }
-- else previous = code;
-+ else
-+ {
-+ previous = code;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
-+ }
-
- *code = bravalue;
- tempcode = code;
-@@ -7809,7 +7844,7 @@
- const pcre_uchar *p;
- pcre_uint32 cf;
-
-- save_hwm_offset = cd->hwm - cd->start_workspace; /* Normally this is set when '(' is read */
-+ item_hwm_offset = cd->hwm - cd->start_workspace; /* Normally this is set when '(' is read */
- terminator = (*(++ptr) == CHAR_LESS_THAN_SIGN)?
- CHAR_GREATER_THAN_SIGN : CHAR_APOSTROPHE;
-
-@@ -7877,6 +7912,7 @@
- HANDLE_REFERENCE:
- if (firstcharflags == REQ_UNSET) firstcharflags = REQ_NONE;
- previous = code;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
- *code++ = ((options & PCRE_CASELESS) != 0)? OP_REFI : OP_REF;
- PUT2INC(code, 0, recno);
- cd->backref_map |= (recno < 32)? (1 << recno) : 1;
-@@ -7906,6 +7942,7 @@
- if (!get_ucp(&ptr, &negated, &ptype, &pdata, errorcodeptr))
- goto FAILED;
- previous = code;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
- *code++ = ((escape == ESC_p) != negated)? OP_PROP : OP_NOTPROP;
- *code++ = ptype;
- *code++ = pdata;
-@@ -7946,6 +7983,7 @@
-
- {
- previous = (escape > ESC_b && escape < ESC_Z)? code : NULL;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
- *code++ = (!utf && escape == ESC_C)? OP_ALLANY : escape;
- }
- }
-@@ -7989,6 +8027,7 @@
-
- ONE_CHAR:
- previous = code;
-+ item_hwm_offset = cd->hwm - cd->start_workspace;
-
- /* For caseless UTF-8 mode when UCP support is available, check whether
- this character has more than one other case. If so, generate a special
-
---- pcre-8.37/pcre_compile.c 2015/06/03 16:51:59 1562
-+++ pcre-8.37/pcre_compile.c 2015/06/09 17:45:25 1566
-@@ -204,7 +204,7 @@
- /* 78 */ 0, '`', ':', '#', '@', '\'', '=', '"',
- /* 80 */ 0, 7, -ESC_b, 0, -ESC_d, ESC_e, ESC_f, 0,
- /* 88 */-ESC_h, 0, 0, '{', 0, 0, 0, 0,
--/* 90 */ 0, 0, -ESC_k, 'l', 0, ESC_n, 0, -ESC_p,
-+/* 90 */ 0, 0, -ESC_k, 0, 0, ESC_n, 0, -ESC_p,
- /* 98 */ 0, ESC_r, 0, '}', 0, 0, 0, 0,
- /* A0 */ 0, '~', -ESC_s, ESC_tee, 0,-ESC_v, -ESC_w, 0,
- /* A8 */ 0,-ESC_z, 0, 0, 0, '[', 0, 0,
-@@ -2487,7 +2487,7 @@
- if (c == OP_BRA || c == OP_BRAPOS ||
- c == OP_CBRA || c == OP_CBRAPOS ||
- c == OP_ONCE || c == OP_ONCE_NC ||
-- c == OP_COND)
-+ c == OP_COND || c == OP_SCOND)
- {
- BOOL empty_branch;
- if (GET(code, 1) == 0) return TRUE; /* Hit unclosed bracket */
-@@ -7353,7 +7353,15 @@
-
- recno = 0;
- while(IS_DIGIT(*ptr))
-+ {
-+ if (recno > INT_MAX / 10 - 1) /* Integer overflow */
-+ {
-+ while (IS_DIGIT(*ptr)) ptr++;
-+ *errorcodeptr = ERR61;
-+ goto FAILED;
-+ }
- recno = recno * 10 + *ptr++ - CHAR_0;
-+ }
-
- if (*ptr != (pcre_uchar)terminator)
- {
-
---- pcre-8.37/pcre_compile.c 2015/06/22 09:38:41 1570
-+++ pcre-8.37/pcre_compile.c 2015/06/23 16:34:53 1571
-@@ -9427,7 +9427,7 @@
- exceptional ones forgo this. We scan the pattern to check that they are fixed
- length, and set their lengths. */
-
--if (cd->check_lookbehind)
-+if (errorcode == 0 && cd->check_lookbehind)
- {
- pcre_uchar *cc = (pcre_uchar *)codestart;
-
-
---- pcre-8.37/pcre_exec.c 2015/06/09 16:33:27 1564
-+++ pcre-8.37/pcre_exec.c 2015/06/09 16:46:52 1565
-@@ -6685,7 +6685,8 @@
- register int *iend = iptr - re->top_bracket;
- if (iend < md->offset_vector + 2) iend = md->offset_vector + 2;
- while (--iptr >= iend) *iptr = -1;
-- md->offset_vector[0] = md->offset_vector[1] = -1;
-+ if (offsetcount > 0) md->offset_vector[0] = -1;
-+ if (offsetcount > 1) md->offset_vector[1] = -1;
- }
-
- /* Set up the first character to match, if available. The first_char value is
-
Modified: branches/1.0/package/pcre/pcre.mk
===================================================================
--- branches/1.0/package/pcre/pcre.mk 2015-11-24 18:36:52 UTC (rev 7349)
+++ branches/1.0/package/pcre/pcre.mk 2015-11-25 14:35:50 UTC (rev 7350)
@@ -4,8 +4,8 @@
#
#############################################################
-PCRE_VERSION = 8.37
-PCRE_SITE = http://downloads.sourceforge.net/project/pcre/pcre/$(PCRE_VERSION)
+PCRE_VERSION = 8.38
+PCRE_SITE = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre
PCRE_SOURCE = pcre-$(PCRE_VERSION).tar.bz2
PCRE_INSTALL_STAGING = YES
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
