chiark / gitweb /
~ian / pcre3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: c179b7e)
Record pcre3 (2:8.38-3.1) in archive suite sid
authorSalvatore Bonaccorso <carnil@debian.org>
Tue, 22 Mar 2016 20:05:13 +0000 (20:05 +0000)
committerSalvatore Bonaccorso <carnil@debian.org>
Tue, 22 Mar 2016 20:05:13 +0000 (20:05 +0000)
debian/changelog patch | blob | history
debian/patches/CVE-2016-1283.patch [new file with mode: 0644] patch | blob
debian/patches/series patch | blob | history
pcre_compile.c patch | blob | history
testdata/testinput2 patch | blob | history
testdata/testoutput2 patch | blob | history

diff --git a/debian/changelog b/debian/changelog
index 7d516a983a0bc931e3632fc921740a4ad0bcb600..0621273e89af940eb246868ce3e0d713142d30e6 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+pcre3 (2:8.38-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2016-1283: heap buffer overflow in handling of duplicate named
+    groups (Closes: #809706)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 22 Mar 2016 21:05:13 +0100
+
 pcre3 (2:8.38-3) unstable; urgency=low
 
   * Apply Ubuntu patch from Iain Lane (modified by Graham Inggs) to add
diff --git a/debian/patches/CVE-2016-1283.patch b/debian/patches/CVE-2016-1283.patch
new file mode 100644 (file)
index 0000000..f05535b
--- /dev/null
+++ b/debian/patches/CVE-2016-1283.patch
@@ -0,0 +1,47 @@
+From b7537308b7c758f33c347cb0bec62754c43c271f Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Sat, 27 Feb 2016 17:38:11 +0000
+Subject: [PATCH] Yet another duplicate name bugfix by overestimating the
+ memory needed (i.e. another hack - PCRE2 has this "properly" fixed).
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1636 2f5784b3-3f2a-0410-8824-cb99058d5e15
+---
+ pcre_compile.c       | 7 ++++++-
+ testdata/testinput2  | 2 ++
+ testdata/testoutput2 | 2 ++
+ 4 files changed, 17 insertions(+), 1 deletion(-)
+
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7289,7 +7289,12 @@ for (;; ptr++)
+           so far in order to get the number. If the name is not found, leave
+           the value of recno as 0 for a forward reference. */
+-          else
++          /* This patch (removing "else") fixes a problem when a reference is
++          to multiple identically named nested groups from within the nest.
++          Once again, it is not the "proper" fix, and it results in an
++          over-allocation of memory. */
++
++          /* else */
+             {
+             ng = cd->named_groups;
+             for (i = 0; i < cd->names_found; i++, ng++)
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4217,4 +4217,6 @@ backtracking verbs. --/
+ /a[[:punct:]b]/BZ
++/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
++
+ /-- End of testinput2 --/
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14574,4 +14574,6 @@ No match
+         End
+ ------------------------------------------------------------------
++/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
++
+ /-- End of testinput2 --/
diff --git a/debian/patches/series b/debian/patches/series
index 0d18b9098c54f1ea45fe5ea678e802671dff54d8..b76678064bffb3606183a6c5c8163d2d73ad78ed 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ soname.patch
 no_jit_x32_powerpcspe.patch
 Disable_JIT_on_sparc64.patch
 apply-upstream-revision-1631-closes-8159
+CVE-2016-1283.patch
diff --git a/pcre_compile.c b/pcre_compile.c
index 1bc2b7f030a1a1c9eb728cf804f97f258d59b3c6..29300d024edf2566e16c3416b741d04d8ef12ec4 100644 (file)
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7289,7 +7289,12 @@ for (;; ptr++)
           so far in order to get the number. If the name is not found, leave
           the value of recno as 0 for a forward reference. */
 
-          else
+          /* This patch (removing "else") fixes a problem when a reference is
+          to multiple identically named nested groups from within the nest.
+          Once again, it is not the "proper" fix, and it results in an
+          over-allocation of memory. */
+
+          /* else */
             {
             ng = cd->named_groups;
             for (i = 0; i < cd->names_found; i++, ng++)
diff --git a/testdata/testinput2 b/testdata/testinput2
index e2e520f74042269fae65ad8f058ea28b3db8cf51..36bae1e3d62af46aa6220092427e665cc26a4db4 100644 (file)
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4217,4 +4217,6 @@ backtracking verbs. --/
 
 /a[[:punct:]b]/BZ
 
+/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
+
 /-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 85c565d1326efa9ab0eff30a4fadf14e7aa17b33..b5ff70df7a5a4f03f10a161b4deb4918bbd9e888 100644 (file)
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14574,4 +14574,6 @@ No match
         End
 ------------------------------------------------------------------
 
+/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
+
 /-- End of testinput2 --/
Unnamed repository; edit this file 'description' to name the repository.