diff options
| author | tron <tron> | 2015-03-09 19:31:21 +0000 |
|---|---|---|
| committer | tron <tron> | 2015-03-09 19:31:21 +0000 |
| commit | 41b3ecc2d7b6d3a3394366f996b2afb34afaa863 (patch) | |
| tree | 59aa9b79d6e509c49603cdaa24afb127c9b95b55 | |
| parent | 7e28e204d4346ff57a8a4e0bc39d756df3b17734 (diff) | |
| download | pkgsrc-41b3ecc2d7b6d3a3394366f996b2afb34afaa863.tar.gz | |
Pullup ticket #4636 - requested by spz
textproc/icu: security patch
Revisions pulled up:
- textproc/icu/Makefile 1.96
- textproc/icu/distinfo 1.52
- textproc/icu/patches/patch-CVE-2014-7923+7926 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Fri Mar 6 14:43:15 UTC 2015
Modified Files:
pkgsrc/textproc/icu: Makefile distinfo
Added Files:
pkgsrc/textproc/icu/patches: patch-CVE-2014-7923+7926
Log Message:
add patch for CVE-2014-7923 and CVE-2014-7926 found at
https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb
| -rw-r--r-- | textproc/icu/Makefile | 4 | ||||
| -rw-r--r-- | textproc/icu/distinfo | 3 | ||||
| -rw-r--r-- | textproc/icu/patches/patch-CVE-2014-7923+7926 | 85 |
3 files changed, 89 insertions, 3 deletions
diff --git a/textproc/icu/Makefile b/textproc/icu/Makefile index 65d05e97cbb..6f55dbb5d7e 100644 --- a/textproc/icu/Makefile +++ b/textproc/icu/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.95 2014/10/07 16:47:14 adam Exp $ +# $NetBSD: Makefile,v 1.95.2.1 2015/03/09 19:31:21 tron Exp $ DISTNAME= icu4c-54_1-src PKGNAME= ${DISTNAME:S/4c//:S/-src//:S/_/./g} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= textproc MASTER_SITES= http://download.icu-project.org/files/icu4c/${PKGVERSION_NOREV}/ EXTRACT_SUFX= .tgz diff --git a/textproc/icu/distinfo b/textproc/icu/distinfo index fb0f1f72f1f..d9c03e706ca 100644 --- a/textproc/icu/distinfo +++ b/textproc/icu/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.51 2014/10/26 19:46:48 bsiegert Exp $ +$NetBSD: distinfo,v 1.51.2.1 2015/03/09 19:31:21 tron Exp $ SHA1 (icu4c-54_1-src.tgz) = 8c752490bbf31cea26e20246430cee67d48abe34 RMD160 (icu4c-54_1-src.tgz) = b1440e1a3330b12336742c881863a8de6a6d2235 Size (icu4c-54_1-src.tgz) = 25485678 bytes +SHA1 (patch-CVE-2014-7923+7926) = cb5e355c6e5b4860c581a9743706b800d56dadf2 SHA1 (patch-aa) = fd5c513e75ca17a46be4ed010455bda63731afff SHA1 (patch-ab) = 32f0e4c241535e37e4cad9b871ed3d36b4184199 SHA1 (patch-ac) = e7cee161315321d2580074054d87714b55319886 diff --git a/textproc/icu/patches/patch-CVE-2014-7923+7926 b/textproc/icu/patches/patch-CVE-2014-7923+7926 new file mode 100644 index 00000000000..91c1922e94d --- /dev/null +++ b/textproc/icu/patches/patch-CVE-2014-7923+7926 @@ -0,0 +1,85 @@ +$NetBSD: patch-CVE-2014-7923+7926,v 1.1.2.2 2015/03/09 19:31:21 tron Exp $ + +patches for CVE-2014-7923 and CVE-2014-7926 from +https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb + +--- i18n/regexcmp.cpp.orig 2014-10-03 16:10:36.000000000 +0000 ++++ i18n/regexcmp.cpp +@@ -2132,6 +2132,10 @@ void RegexCompile::handleCloseParen() { + int32_t patEnd = fRXPat->fCompiledPat->size() - 1; + int32_t minML = minMatchLength(fMatchOpenParen, patEnd); + int32_t maxML = maxMatchLength(fMatchOpenParen, patEnd); ++ if (URX_TYPE(maxML) != 0) { ++ error(U_REGEX_LOOK_BEHIND_LIMIT); ++ break; ++ } + if (maxML == INT32_MAX) { + error(U_REGEX_LOOK_BEHIND_LIMIT); + break; +@@ -2165,6 +2169,10 @@ void RegexCompile::handleCloseParen() { + int32_t patEnd = fRXPat->fCompiledPat->size() - 1; + int32_t minML = minMatchLength(fMatchOpenParen, patEnd); + int32_t maxML = maxMatchLength(fMatchOpenParen, patEnd); ++ if (URX_TYPE(maxML) != 0) { ++ error(U_REGEX_LOOK_BEHIND_LIMIT); ++ break; ++ } + if (maxML == INT32_MAX) { + error(U_REGEX_LOOK_BEHIND_LIMIT); + break; +@@ -2328,7 +2336,15 @@ UBool RegexCompile::compileInlineInterva + int32_t topOfBlock = blockTopLoc(FALSE); + if (fIntervalUpper == 0) { + // Pathological case. Attempt no matches, as if the block doesn't exist. ++ // Discard the generated code for the block. ++ // If the block included parens, discard the info pertaining to them as well. + fRXPat->fCompiledPat->setSize(topOfBlock); ++ if (fMatchOpenParen >= topOfBlock) { ++ fMatchOpenParen = -1; ++ } ++ if (fMatchCloseParen >= topOfBlock) { ++ fMatchCloseParen = -1; ++ } + return TRUE; + } + +--- i18n/regexcmp.h.orig 2014-10-03 16:10:36.000000000 +0000 ++++ i18n/regexcmp.h +@@ -187,7 +187,9 @@ private: + int32_t fMatchOpenParen; // The position in the compiled pattern + // of the slot reserved for a state save + // at the start of the most recently processed +- // parenthesized block. ++ // parenthesized block. Updated when processing ++ // a close to the location for the corresponding open. ++ + int32_t fMatchCloseParen; // The position in the pattern of the first + // location after the most recently processed + // parenthesized block. +--- test/testdata/regextst.txt.orig 2014-10-03 16:09:58.000000000 +0000 ++++ test/testdata/regextst.txt +@@ -1178,6 +1178,24 @@ + "(?<=a{1,})bc" E "aaaa<0>bc</0>def" # U_REGEX_LOOK_BEHIND_LIMIT error. + "(?<=(?:){11})bc" "<0>bc</0>" # Empty (?:) expression. + ++# Bug 11369 ++# Incorrect optimization of patterns with a zero length quantifier {0} ++ ++"(.|b)(|b){0}\$(?#xxx){3}(?>\D*)" "AAAAABBBBBCCCCCDDDDEEEEE" ++"(|b)ab(c)" "<0><1></1>ab<2>c</2></0>" ++"(|b){0}a{3}(D*)" "<0>aaa<2></2></0>" ++"(|b){0,1}a{3}(D*)" "<0><1></1>aaa<2></2></0>" ++"((|b){0})a{3}(D*)" "<0><1></1>aaa<3></3></0>" ++ ++# Bug 11370 ++# Max match length computation of look-behind expression gives result that is too big to fit in the ++# in the 24 bit operand portion of the compiled code. Expressions should fail to compile ++# (Look-behind match length must be bounded. This case is treated as unbounded, an error.) ++ ++"(?<!(0123456789a){10000000})x" E "no match" ++"(?<!\\ubeaf(\\ubeaf{11000}){11000})" E "no match" ++ ++ + # Bug 10835 + # Match Start Set not being correctly computed for case insensitive patterns. + # (Test here is to dump the compiled pattern & manually check the start set.) |