From cee01d4f06b3984b8211bd3c27358f7d18cf90fb Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sat, 2 Apr 2016 16:49:56 -0400 Subject: dev-libs/libpcre: add upstream fixes #570694 #575546 --- .../libpcre/files/libpcre-8.38-CVE-2016-1283.patch | 42 +++++ .../libpcre/files/libpcre-8.38-ZDI-CAN-3542.patch | 172 +++++++++++++++++++++ dev-libs/libpcre/libpcre-8.38-r1.ebuild | 93 +++++++++++ 3 files changed, 307 insertions(+) create mode 100644 dev-libs/libpcre/files/libpcre-8.38-CVE-2016-1283.patch create mode 100644 dev-libs/libpcre/files/libpcre-8.38-ZDI-CAN-3542.patch create mode 100644 dev-libs/libpcre/libpcre-8.38-r1.ebuild (limited to 'dev-libs/libpcre') diff --git a/dev-libs/libpcre/files/libpcre-8.38-CVE-2016-1283.patch b/dev-libs/libpcre/files/libpcre-8.38-CVE-2016-1283.patch new file mode 100644 index 00000000000..77c5046a5f7 --- /dev/null +++ b/dev-libs/libpcre/files/libpcre-8.38-CVE-2016-1283.patch @@ -0,0 +1,42 @@ +From b7537308b7c758f33c347cb0bec62754c43c271f Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Sat, 27 Feb 2016 17:38:11 +0000 +Subject: [PATCH] Yet another duplicate name bugfix by overestimating the + memory needed (i.e. another hack - PCRE2 has this "properly" fixed). + +git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1636 2f5784b3-3f2a-0410-8824-cb99058d5e15 +--- + ChangeLog | 7 +++++++ + pcre_compile.c | 7 ++++++- + testdata/testinput2 | 2 ++ + testdata/testoutput2 | 2 ++ + 4 files changed, 17 insertions(+), 1 deletion(-) + +14. And yet another buffer overflow bug involving duplicate named groups, this + time nested, with a nested back reference. Yet again, I have just allowed + for more memory, because anything more needs all the refactoring that has + been done for PCRE2. An example pattern that provoked this bug is: + /((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/ and the bug was + registered as CVE-2016-1283. + +diff --git a/pcre_compile.c b/pcre_compile.c +index 5019854..4ffea0c 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -7311,7 +7311,12 @@ for (;; ptr++) + so far in order to get the number. If the name is not found, leave + the value of recno as 0 for a forward reference. */ + +- else ++ /* This patch (removing "else") fixes a problem when a reference is ++ to multiple identically named nested groups from within the nest. ++ Once again, it is not the "proper" fix, and it results in an ++ over-allocation of memory. */ ++ ++ /* else */ + { + ng = cd->named_groups; + for (i = 0; i < cd->names_found; i++, ng++) +-- +2.7.4 + diff --git a/dev-libs/libpcre/files/libpcre-8.38-ZDI-CAN-3542.patch b/dev-libs/libpcre/files/libpcre-8.38-ZDI-CAN-3542.patch new file mode 100644 index 00000000000..7ca05f9eb62 --- /dev/null +++ b/dev-libs/libpcre/files/libpcre-8.38-ZDI-CAN-3542.patch @@ -0,0 +1,172 @@ +From 943a5105b9fe2842851003f692c7077a6cdbeefe Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Wed, 10 Feb 2016 19:13:17 +0000 +Subject: [PATCH] Fix workspace overflow for (*ACCEPT) with deeply nested + parentheses. + +git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1631 2f5784b3-3f2a-0410-8824-cb99058d5e15 +--- + ChangeLog | 32 ++++++++++++++++++-------------- + pcre_compile.c | 23 +++++++++++++++++++---- + pcre_internal.h | 4 ++-- + pcreposix.c | 5 +++-- + testdata/testinput11 | 2 ++ + testdata/testoutput11-16 | 3 +++ + testdata/testoutput11-32 | 3 +++ + testdata/testoutput11-8 | 3 +++ + 8 files changed, 53 insertions(+), 22 deletions(-) + +13. A pattern that included (*ACCEPT) in the middle of a sufficiently deeply + nested set of parentheses of sufficient size caused an overflow of the + compiling workspace (which was diagnosed, but of course is not desirable). + +diff --git a/pcre_compile.c b/pcre_compile.c +index b9a239e..5019854 100644 +--- a/pcre_compile.c ++++ b/pcre_compile.c +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -560,6 +560,7 @@ static const char error_texts[] = + /* 85 */ + "parentheses are too deeply nested (stack check)\0" + "digits missing in \\x{} or \\o{}\0" ++ "regular expression is too complicated\0" + ; + + /* Table to identify digits and hex digits. This is used when compiling +@@ -4591,7 +4592,8 @@ for (;; ptr++) + if (code > cd->start_workspace + cd->workspace_size - + WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */ + { +- *errorcodeptr = ERR52; ++ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)? ++ ERR52 : ERR87; + goto FAILED; + } + +@@ -6626,8 +6628,21 @@ for (;; ptr++) + cd->had_accept = TRUE; + for (oc = cd->open_caps; oc != NULL; oc = oc->next) + { +- *code++ = OP_CLOSE; +- PUT2INC(code, 0, oc->number); ++ if (lengthptr != NULL) ++ { ++#ifdef COMPILE_PCRE8 ++ *lengthptr += 1 + IMM2_SIZE; ++#elif defined COMPILE_PCRE16 ++ *lengthptr += 2 + IMM2_SIZE; ++#elif defined COMPILE_PCRE32 ++ *lengthptr += 4 + IMM2_SIZE; ++#endif ++ } ++ else ++ { ++ *code++ = OP_CLOSE; ++ PUT2INC(code, 0, oc->number); ++ } + } + setverb = *code++ = + (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT; +diff --git a/pcre_internal.h b/pcre_internal.h +index f7a5ee7..dbfe80e 100644 +--- a/pcre_internal.h ++++ b/pcre_internal.h +@@ -7,7 +7,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -2289,7 +2289,7 @@ enum { ERR0, ERR1, ERR2, ERR3, ERR4, ERR5, ERR6, ERR7, ERR8, ERR9, + ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59, + ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, + ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, +- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT }; ++ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT }; + + /* JIT compiling modes. The function list is indexed by them. */ + +diff --git a/pcreposix.c b/pcreposix.c +index dcc13ef..55b6ddc 100644 +--- a/pcreposix.c ++++ b/pcreposix.c +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -173,7 +173,8 @@ static const int eint[] = { + REG_BADPAT, /* group name must start with a non-digit */ + /* 85 */ + REG_BADPAT, /* parentheses too deeply nested (stack check) */ +- REG_BADPAT /* missing digits in \x{} or \o{} */ ++ REG_BADPAT, /* missing digits in \x{} or \o{} */ ++ REG_BADPAT /* pattern too complicated */ + }; + + /* Table of texts corresponding to POSIX error codes */ +diff --git a/testdata/testinput11 b/testdata/testinput11 +index ac9d228..6f0989a 100644 +--- a/testdata/testinput11 ++++ b/testdata/testinput11 +@@ -138,4 +138,6 @@ is required for these tests. --/ + + /.((?2)(?R)\1)()/B + ++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ ++ + /-- End of testinput11 --/ +diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16 +index 280692e..3c485da 100644 +--- a/testdata/testoutput11-16 ++++ b/testdata/testoutput11-16 +@@ -765,4 +765,7 @@ Memory allocation (code space): 14 + 25 End + ------------------------------------------------------------------ + ++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ ++Failed: regular expression is too complicated at offset 490 ++ + /-- End of testinput11 --/ +diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32 +index cdbda74..e19518d 100644 +--- a/testdata/testoutput11-32 ++++ b/testdata/testoutput11-32 +@@ -765,4 +765,7 @@ Memory allocation (code space): 28 + 25 End + ------------------------------------------------------------------ + ++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ ++Failed: missing ) at offset 509 ++ + /-- End of testinput11 --/ +diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8 +index cb37896..5a4fbb2 100644 +--- a/testdata/testoutput11-8 ++++ b/testdata/testoutput11-8 +@@ -765,4 +765,7 @@ Memory allocation (code space): 10 + 38 End + ------------------------------------------------------------------ + ++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/ ++Failed: missing ) at offset 509 ++ + /-- End of testinput11 --/ +-- +2.7.4 + diff --git a/dev-libs/libpcre/libpcre-8.38-r1.ebuild b/dev-libs/libpcre/libpcre-8.38-r1.ebuild new file mode 100644 index 00000000000..7fb6a5bc3f6 --- /dev/null +++ b/dev-libs/libpcre/libpcre-8.38-r1.ebuild @@ -0,0 +1,93 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils multilib libtool flag-o-matic toolchain-funcs multilib-minimal + +DESCRIPTION="Perl-compatible regular expression library" +HOMEPAGE="http://www.pcre.org/" +MY_P="pcre-${PV/_rc/-RC}" +if [[ ${PV} != *_rc* ]] ; then + # Only the final releases are available here. + SRC_URI="mirror://sourceforge/pcre/${MY_P}.tar.bz2 + ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${MY_P}.tar.bz2" +else + SRC_URI="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/${MY_P}.tar.bz2" +fi + +LICENSE="BSD" +SLOT="3" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="bzip2 +cxx +jit libedit pcre16 pcre32 +readline +recursion-limit static-libs unicode zlib" +REQUIRED_USE="readline? ( !libedit ) + libedit? ( !readline )" + +RDEPEND="bzip2? ( app-arch/bzip2 ) + zlib? ( sys-libs/zlib ) + libedit? ( dev-libs/libedit ) + readline? ( sys-libs/readline:0= )" +DEPEND="${RDEPEND} + virtual/pkgconfig" +RDEPEND="${RDEPEND} + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20131008-r2 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" + +S=${WORKDIR}/${MY_P} + +MULTILIB_CHOST_TOOLS=( + /usr/bin/pcre-config +) + +src_prepare() { + epatch "${FILESDIR}"/${P}-ZDI-CAN-3542.patch #575546 + epatch "${FILESDIR}"/${P}-CVE-2016-1283.patch #570694 + sed -i -e "s:-lpcre ::" libpcrecpp.pc.in || die + elibtoolize +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + --with-match-limit-recursion=$(usex recursion-limit 8192 MATCH_LIMIT) \ + $(multilib_native_use_enable bzip2 pcregrep-libbz2) \ + $(use_enable cxx cpp) \ + $(use_enable jit) $(use_enable jit pcregrep-jit) \ + $(use_enable pcre16) \ + $(use_enable pcre32) \ + $(multilib_native_use_enable libedit pcretest-libedit) \ + $(multilib_native_use_enable readline pcretest-libreadline) \ + $(use_enable static-libs static) \ + $(use_enable unicode utf) $(use_enable unicode unicode-properties) \ + $(multilib_native_use_enable zlib pcregrep-libz) \ + --enable-pcre8 \ + --enable-shared \ + --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \ + --docdir="${EPREFIX}"/usr/share/doc/${PF} +} + +multilib_src_compile() { + emake V=1 $(multilib_is_native_abi || echo "bin_PROGRAMS=") +} + +multilib_src_install() { + emake \ + DESTDIR="${D}" \ + $(multilib_is_native_abi || echo "bin_PROGRAMS= dist_html_DATA=") \ + install + gen_usr_ldscript -a pcre +} + +multilib_src_install_all() { + prune_libtool_files +} + +pkg_preinst() { + preserve_old_lib /$(get_libdir)/libpcre.so.0 +} + +pkg_postinst() { + preserve_old_lib_notify /$(get_libdir)/libpcre.so.0 +} -- cgit v1.2.1