CVS commit: pkgsrc/devel/pcre

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/devel/pcre
From: "S.P.Zeidler" <spz%netbsd.org@localhost>
Date: Sat, 10 Jun 2017 18:02:13 +0000

Module Name:    pkgsrc
Committed By:   spz
Date:           Sat Jun 10 18:02:13 UTC 2017

Modified Files:
        pkgsrc/devel/pcre: Makefile distinfo
Added Files:
        pkgsrc/devel/pcre/patches: patch-pcre__internal.h patch-pcre__ucd.c

Log Message:
patches for CVE-2017-7186 from upstream
there are commits upstream that may fix the remaining 3 known vulnerabilities,
but they are not in the "bleeding obvious" category


To generate a diff of this commit:
cvs rdiff -u -r1.83 -r1.84 pkgsrc/devel/pcre/Makefile
cvs rdiff -u -r1.63 -r1.64 pkgsrc/devel/pcre/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/pcre/patches/patch-pcre__internal.h \
    pkgsrc/devel/pcre/patches/patch-pcre__ucd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/pcre/Makefile
diff -u pkgsrc/devel/pcre/Makefile:1.83 pkgsrc/devel/pcre/Makefile:1.84
--- pkgsrc/devel/pcre/Makefile:1.83     Wed Feb 22 03:22:57 2017
+++ pkgsrc/devel/pcre/Makefile  Sat Jun 10 18:02:12 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.83 2017/02/22 03:22:57 sevan Exp $
+# $NetBSD: Makefile,v 1.84 2017/06/10 18:02:12 spz Exp $
 
 DISTNAME=      pcre-8.40
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    devel
 MASTER_SITES=  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
 MASTER_SITES+= ${MASTER_SITE_SOURCEFORGE:=pcre/}

Index: pkgsrc/devel/pcre/distinfo
diff -u pkgsrc/devel/pcre/distinfo:1.63 pkgsrc/devel/pcre/distinfo:1.64
--- pkgsrc/devel/pcre/distinfo:1.63     Wed Feb 22 03:22:57 2017
+++ pkgsrc/devel/pcre/distinfo  Sat Jun 10 18:02:12 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.63 2017/02/22 03:22:57 sevan Exp $
+$NetBSD: distinfo,v 1.64 2017/06/10 18:02:12 spz Exp $
 
 SHA1 (pcre-8.40.tar.bz2) = 12f338719b8b028a2eecbf9192fcc00a13fc04f6
 RMD160 (pcre-8.40.tar.bz2) = 1e2ebc58764e3b990d475323b4ffc848979e9c5d
@@ -7,4 +7,6 @@ Size (pcre-8.40.tar.bz2) = 1560119 bytes
 SHA1 (patch-aa) = ed20cfb5ca7b1e620e368c8e41a7f691d6f93282
 SHA1 (patch-ab) = 0b8fbde09c27e2716e5bfa32abce8ee4a79fb7fb
 SHA1 (patch-doc_pcredemo.3) = 90f9b3a021f58973149d839735d40c5e2e245912
+SHA1 (patch-pcre__internal.h) = 8b0e8552dcb9e13ef29fe609fa5268ac320ecce9
+SHA1 (patch-pcre__ucd.c) = 1251b3effaa4195f65b5432575acabfde08e9908
 SHA1 (patch-pcre_jit_compile.c) = 13c472caccc02e727d7d9377dba71f810feb89e9

Added files:

Index: pkgsrc/devel/pcre/patches/patch-pcre__internal.h
diff -u /dev/null pkgsrc/devel/pcre/patches/patch-pcre__internal.h:1.1
--- /dev/null   Sat Jun 10 18:02:13 2017
+++ pkgsrc/devel/pcre/patches/patch-pcre__internal.h    Sat Jun 10 18:02:13 2017
@@ -0,0 +1,36 @@
+$NetBSD: patch-pcre__internal.h,v 1.1 2017/06/10 18:02:13 spz Exp $
+
+from
+https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688
+for CVE-2017-7186
+
+--- pcre_internal.h.orig       2016-05-21 13:33:24.000000000 +0000
++++ pcre_internal.h
+@@ -2772,6 +2772,9 @@ extern const pcre_uint8  PRIV(ucd_stage1
+ extern const pcre_uint16 PRIV(ucd_stage2)[];
+ extern const pcre_uint32 PRIV(ucp_gentype)[];
+ extern const pcre_uint32 PRIV(ucp_gbtable)[];
++#ifdef COMPILE_PCRE32
++extern const ucd_record  PRIV(dummy_ucd_record)[];
++#endif
+ #ifdef SUPPORT_JIT
+ extern const int         PRIV(ucp_typerange)[];
+ #endif
+@@ -2780,10 +2783,16 @@ extern const int         PRIV(ucp_typera
+ /* UCD access macros */
+ 
+ #define UCD_BLOCK_SIZE 128
+-#define GET_UCD(ch) (PRIV(ucd_records) + \
++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
+         PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
+         UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
+ 
++#ifdef COMPILE_PCRE32
++#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
++#else
++#define GET_UCD(ch) REAL_GET_UCD(ch)
++#endif
++
+ #define UCD_CHARTYPE(ch)    GET_UCD(ch)->chartype
+ #define UCD_SCRIPT(ch)      GET_UCD(ch)->script
+ #define UCD_CATEGORY(ch)    PRIV(ucp_gentype)[UCD_CHARTYPE(ch)]
Index: pkgsrc/devel/pcre/patches/patch-pcre__ucd.c
diff -u /dev/null pkgsrc/devel/pcre/patches/patch-pcre__ucd.c:1.1
--- /dev/null   Sat Jun 10 18:02:13 2017
+++ pkgsrc/devel/pcre/patches/patch-pcre__ucd.c Sat Jun 10 18:02:13 2017
@@ -0,0 +1,29 @@
+$NetBSD: patch-pcre__ucd.c,v 1.1 2017/06/10 18:02:13 spz Exp $
+
+from
+https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688
+for CVE-2017-7186
+
+--- pcre_ucd.c.orig    2014-06-20 11:26:05.000000000 +0000
++++ pcre_ucd.c
+@@ -38,6 +38,20 @@ const pcre_uint16 PRIV(ucd_stage2)[] = {
+ const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
+ #else
+ 
++/* If the 32-bit library is run in non-32-bit mode, character values
++greater than 0x10ffff may be encountered. For these we set up a
++special record. */
++
++#ifdef COMPILE_PCRE32
++const ucd_record PRIV(dummy_ucd_record)[] = {{
++  ucp_Common,    /* script */
++  ucp_Cn,        /* type unassigned */
++  ucp_gbOther,   /* grapheme break property */
++  0,             /* case set */
++  0,             /* other case */
++  }};
++#endif
++
+ /* When recompiling tables with a new Unicode version, please check the
+ types in this structure definition from pcre_internal.h (the actual
+ field names will be different):

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc
Indexes:

Home | Main Index | Thread Index | Old Index