From 43404febe5b7fb00e6b23bbad9c177ea523cc27e Mon Sep 17 00:00:00 2001 From: spz Date: Sat, 10 Jun 2017 18:02:12 +0000 Subject: patches for CVE-2017-7186 from upstream there are commits upstream that may fix the remaining 3 known vulnerabilities, but they are not in the "bleeding obvious" category --- devel/pcre/Makefile | 4 ++-- devel/pcre/distinfo | 4 +++- devel/pcre/patches/patch-pcre__internal.h | 36 +++++++++++++++++++++++++++++++ devel/pcre/patches/patch-pcre__ucd.c | 29 +++++++++++++++++++++++++ 4 files changed, 70 insertions(+), 3 deletions(-) create mode 100644 devel/pcre/patches/patch-pcre__internal.h create mode 100644 devel/pcre/patches/patch-pcre__ucd.c diff --git a/devel/pcre/Makefile b/devel/pcre/Makefile index 53f78a4df88..18548e349d8 100644 --- a/devel/pcre/Makefile +++ b/devel/pcre/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.83 2017/02/22 03:22:57 sevan Exp $ +# $NetBSD: Makefile,v 1.84 2017/06/10 18:02:12 spz Exp $ DISTNAME= pcre-8.40 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= devel MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ MASTER_SITES+= ${MASTER_SITE_SOURCEFORGE:=pcre/} diff --git a/devel/pcre/distinfo b/devel/pcre/distinfo index a95abe26f18..c75d8959338 100644 --- a/devel/pcre/distinfo +++ b/devel/pcre/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.63 2017/02/22 03:22:57 sevan Exp $ +$NetBSD: distinfo,v 1.64 2017/06/10 18:02:12 spz Exp $ SHA1 (pcre-8.40.tar.bz2) = 12f338719b8b028a2eecbf9192fcc00a13fc04f6 RMD160 (pcre-8.40.tar.bz2) = 1e2ebc58764e3b990d475323b4ffc848979e9c5d @@ -7,4 +7,6 @@ Size (pcre-8.40.tar.bz2) = 1560119 bytes SHA1 (patch-aa) = ed20cfb5ca7b1e620e368c8e41a7f691d6f93282 SHA1 (patch-ab) = 0b8fbde09c27e2716e5bfa32abce8ee4a79fb7fb SHA1 (patch-doc_pcredemo.3) = 90f9b3a021f58973149d839735d40c5e2e245912 +SHA1 (patch-pcre__internal.h) = 8b0e8552dcb9e13ef29fe609fa5268ac320ecce9 +SHA1 (patch-pcre__ucd.c) = 1251b3effaa4195f65b5432575acabfde08e9908 SHA1 (patch-pcre_jit_compile.c) = 13c472caccc02e727d7d9377dba71f810feb89e9 diff --git a/devel/pcre/patches/patch-pcre__internal.h b/devel/pcre/patches/patch-pcre__internal.h new file mode 100644 index 00000000000..9bb39fb42b6 --- /dev/null +++ b/devel/pcre/patches/patch-pcre__internal.h @@ -0,0 +1,36 @@ +$NetBSD: patch-pcre__internal.h,v 1.1 2017/06/10 18:02:13 spz Exp $ + +from +https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688 +for CVE-2017-7186 + +--- pcre_internal.h.orig 2016-05-21 13:33:24.000000000 +0000 ++++ pcre_internal.h +@@ -2772,6 +2772,9 @@ extern const pcre_uint8 PRIV(ucd_stage1 + extern const pcre_uint16 PRIV(ucd_stage2)[]; + extern const pcre_uint32 PRIV(ucp_gentype)[]; + extern const pcre_uint32 PRIV(ucp_gbtable)[]; ++#ifdef COMPILE_PCRE32 ++extern const ucd_record PRIV(dummy_ucd_record)[]; ++#endif + #ifdef SUPPORT_JIT + extern const int PRIV(ucp_typerange)[]; + #endif +@@ -2780,10 +2783,16 @@ extern const int PRIV(ucp_typera + /* UCD access macros */ + + #define UCD_BLOCK_SIZE 128 +-#define GET_UCD(ch) (PRIV(ucd_records) + \ ++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ + PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ + UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) + ++#ifdef COMPILE_PCRE32 ++#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) ++#else ++#define GET_UCD(ch) REAL_GET_UCD(ch) ++#endif ++ + #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype + #define UCD_SCRIPT(ch) GET_UCD(ch)->script + #define UCD_CATEGORY(ch) PRIV(ucp_gentype)[UCD_CHARTYPE(ch)] diff --git a/devel/pcre/patches/patch-pcre__ucd.c b/devel/pcre/patches/patch-pcre__ucd.c new file mode 100644 index 00000000000..e82e7d16d1a --- /dev/null +++ b/devel/pcre/patches/patch-pcre__ucd.c @@ -0,0 +1,29 @@ +$NetBSD: patch-pcre__ucd.c,v 1.1 2017/06/10 18:02:13 spz Exp $ + +from +https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688 +for CVE-2017-7186 + +--- pcre_ucd.c.orig 2014-06-20 11:26:05.000000000 +0000 ++++ pcre_ucd.c +@@ -38,6 +38,20 @@ const pcre_uint16 PRIV(ucd_stage2)[] = { + const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0}; + #else + ++/* If the 32-bit library is run in non-32-bit mode, character values ++greater than 0x10ffff may be encountered. For these we set up a ++special record. */ ++ ++#ifdef COMPILE_PCRE32 ++const ucd_record PRIV(dummy_ucd_record)[] = {{ ++ ucp_Common, /* script */ ++ ucp_Cn, /* type unassigned */ ++ ucp_gbOther, /* grapheme break property */ ++ 0, /* case set */ ++ 0, /* other case */ ++ }}; ++#endif ++ + /* When recompiling tables with a new Unicode version, please check the + types in this structure definition from pcre_internal.h (the actual + field names will be different): -- cgit v1.2.3