gnu: pcre2: Update to 10.31.
* gnu/packages/pcre.scm (pcre2): Update to 10.31. [source]: Remove upstreamed patches. * gnu/packages/patches/pcre2-CVE-2017-7186.patch: Delete this file... * gnu/packages/patches/pcre2-CVE-2017-8786.patch: ...and this one. * gnu/local.mk (dist_patch_DATA): Remove them.
This commit is contained in:
Tobias Geerinckx-Rice
parent
3d185f5562
commit
8297ff0f93
|
|
@ -961,8 +961,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/patchutils-xfail-gendiff-tests.patch \
|
||||
%D%/packages/patches/patch-hurd-path-max.patch \
|
||||
%D%/packages/patches/pcmanfm-CVE-2017-8934.patch \
|
||||
%D%/packages/patches/pcre2-CVE-2017-7186.patch \
|
||||
%D%/packages/patches/pcre2-CVE-2017-8786.patch \
|
||||
%D%/packages/patches/perl-file-path-CVE-2017-6512.patch \
|
||||
%D%/packages/patches/perl-autosplit-default-time.patch \
|
||||
%D%/packages/patches/perl-dbd-mysql-CVE-2017-10788.patch \
|
||||
|
|
|
|||
|
|
@ -1,68 +0,0 @@
|
|||
Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
|
||||
taken from <https://vcs.pcre.org/pcre2?view=revision&revision=670>.
|
||||
|
||||
--- trunk/src/pcre2_internal.h 2016/11/19 12:46:24 600
|
||||
+++ trunk/src/pcre2_internal.h 2017/02/24 18:25:32 670
|
||||
@@ -1774,10 +1774,17 @@
|
||||
/* UCD access macros */
|
||||
|
||||
#define UCD_BLOCK_SIZE 128
|
||||
-#define GET_UCD(ch) (PRIV(ucd_records) + \
|
||||
+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
|
||||
PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
|
||||
UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
|
||||
|
||||
+#if PCRE2_CODE_UNIT_WIDTH == 32
|
||||
+#define GET_UCD(ch) ((ch > MAX_UTF_CODE_POINT)? \
|
||||
+ PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
|
||||
+#else
|
||||
+#define GET_UCD(ch) REAL_GET_UCD(ch)
|
||||
+#endif
|
||||
+
|
||||
#define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype
|
||||
#define UCD_SCRIPT(ch) GET_UCD(ch)->script
|
||||
#define UCD_CATEGORY(ch) PRIV(ucp_gentype)[UCD_CHARTYPE(ch)]
|
||||
@@ -1834,6 +1841,9 @@
|
||||
#define _pcre2_default_compile_context PCRE2_SUFFIX(_pcre2_default_compile_context_)
|
||||
#define _pcre2_default_match_context PCRE2_SUFFIX(_pcre2_default_match_context_)
|
||||
#define _pcre2_default_tables PCRE2_SUFFIX(_pcre2_default_tables_)
|
||||
+#if PCRE2_CODE_UNIT_WIDTH == 32
|
||||
+#define _pcre2_dummy_ucd_record PCRE2_SUFFIX(_pcre2_dummy_ucd_record_)
|
||||
+#endif
|
||||
#define _pcre2_hspace_list PCRE2_SUFFIX(_pcre2_hspace_list_)
|
||||
#define _pcre2_vspace_list PCRE2_SUFFIX(_pcre2_vspace_list_)
|
||||
#define _pcre2_ucd_caseless_sets PCRE2_SUFFIX(_pcre2_ucd_caseless_sets_)
|
||||
@@ -1858,6 +1868,9 @@
|
||||
extern const uint32_t PRIV(vspace_list)[];
|
||||
extern const uint32_t PRIV(ucd_caseless_sets)[];
|
||||
extern const ucd_record PRIV(ucd_records)[];
|
||||
+#if PCRE2_CODE_UNIT_WIDTH == 32
|
||||
+extern const ucd_record PRIV(dummy_ucd_record)[];
|
||||
+#endif
|
||||
extern const uint8_t PRIV(ucd_stage1)[];
|
||||
extern const uint16_t PRIV(ucd_stage2)[];
|
||||
extern const uint32_t PRIV(ucp_gbtable)[];
|
||||
|
||||
--- trunk/src/pcre2_ucd.c 2015/07/17 15:44:51 316
|
||||
+++ trunk/src/pcre2_ucd.c 2017/02/24 18:25:32 670
|
||||
@@ -41,6 +41,20 @@
|
||||
|
||||
const char *PRIV(unicode_version) = "8.0.0";
|
||||
|
||||
+/* If the 32-bit library is run in non-32-bit mode, character values
|
||||
+greater than 0x10ffff may be encountered. For these we set up a
|
||||
+special record. */
|
||||
+
|
||||
+#if PCRE2_CODE_UNIT_WIDTH == 32
|
||||
+const ucd_record PRIV(dummy_ucd_record)[] = {{
|
||||
+ ucp_Common, /* script */
|
||||
+ ucp_Cn, /* type unassigned */
|
||||
+ ucp_gbOther, /* grapheme break property */
|
||||
+ 0, /* case set */
|
||||
+ 0, /* other case */
|
||||
+ }};
|
||||
+#endif
|
||||
+
|
||||
/* When recompiling tables with a new Unicode version, please check the
|
||||
types in this structure definition from pcre2_internal.h (the actual
|
||||
field names will be different):
|
||||
|
|
@ -1,155 +0,0 @@
|
|||
Fix CVE-2017-8786:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8786
|
||||
https://bugs.exim.org/show_bug.cgi?id=2079
|
||||
https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://vcs.pcre.org/pcre2?view=revision&revision=696
|
||||
https://vcs.pcre.org/pcre2?view=revision&revision=697
|
||||
|
||||
--- trunk/doc/pcre2api.3 2017/03/21 16:48:40 695
|
||||
+++ trunk/doc/pcre2api.3 2017/03/21 17:46:21 696
|
||||
@@ -1,4 +1,4 @@
|
||||
-.TH PCRE2API 3 "24 December 2016" "PCRE2 10.23"
|
||||
+.TH PCRE2API 3 "21 March 2017" "PCRE2 10.30"
|
||||
.SH NAME
|
||||
PCRE2 - Perl-compatible regular expressions (revised API)
|
||||
.sp
|
||||
@@ -2633,8 +2633,8 @@
|
||||
A text message for an error code from any PCRE2 function (compile, match, or
|
||||
auxiliary) can be obtained by calling \fBpcre2_get_error_message()\fP. The code
|
||||
is passed as the first argument, with the remaining two arguments specifying a
|
||||
-code unit buffer and its length, into which the text message is placed. Note
|
||||
-that the message is returned in code units of the appropriate width for the
|
||||
+code unit buffer and its length in code units, into which the text message is
|
||||
+placed. The message is returned in code units of the appropriate width for the
|
||||
library that is being used.
|
||||
.P
|
||||
The returned message is terminated with a trailing zero, and the function
|
||||
@@ -3321,6 +3321,6 @@
|
||||
.rs
|
||||
.sp
|
||||
.nf
|
||||
-Last updated: 23 December 2016
|
||||
-Copyright (c) 1997-2016 University of Cambridge.
|
||||
+Last updated: 21 March 2017
|
||||
+Copyright (c) 1997-2017 University of Cambridge.
|
||||
.fi
|
||||
--- trunk/src/pcre2_error.c 2017/03/21 16:48:40 695
|
||||
+++ trunk/src/pcre2_error.c 2017/03/21 17:46:21 696
|
||||
@@ -271,7 +271,7 @@
|
||||
Arguments:
|
||||
enumber error number
|
||||
buffer where to put the message (zero terminated)
|
||||
- size size of the buffer
|
||||
+ size size of the buffer in code units
|
||||
|
||||
Returns: length of message if all is well
|
||||
negative on error
|
||||
--- trunk/src/pcre2test.c 2017/03/21 17:46:21 696
|
||||
+++ trunk/src/pcre2test.c 2017/03/21 18:36:13 697
|
||||
@@ -1017,9 +1017,9 @@
|
||||
if (test_mode == PCRE8_MODE) \
|
||||
r = pcre2_get_error_message_8(a,G(b,8),G(G(b,8),_size)); \
|
||||
else if (test_mode == PCRE16_MODE) \
|
||||
- r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size)); \
|
||||
+ r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2)); \
|
||||
else \
|
||||
- r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
|
||||
+ r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
|
||||
|
||||
#define PCRE2_GET_OVECTOR_COUNT(a,b) \
|
||||
if (test_mode == PCRE8_MODE) \
|
||||
@@ -1399,6 +1399,9 @@
|
||||
|
||||
/* ----- Common macros for two-mode cases ----- */
|
||||
|
||||
+#define BYTEONE (BITONE/8)
|
||||
+#define BYTETWO (BITTWO/8)
|
||||
+
|
||||
#define CASTFLD(t,a,b) \
|
||||
((test_mode == G(G(PCRE,BITONE),_MODE))? (t)(G(a,BITONE)->b) : \
|
||||
(t)(G(a,BITTWO)->b))
|
||||
@@ -1481,9 +1484,9 @@
|
||||
|
||||
#define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
|
||||
if (test_mode == G(G(PCRE,BITONE),_MODE)) \
|
||||
- r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size)); \
|
||||
+ r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size/BYTEONE)); \
|
||||
else \
|
||||
- r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size))
|
||||
+ r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size/BYTETWO))
|
||||
|
||||
#define PCRE2_GET_OVECTOR_COUNT(a,b) \
|
||||
if (test_mode == G(G(PCRE,BITONE),_MODE)) \
|
||||
@@ -1904,7 +1907,7 @@
|
||||
#define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
|
||||
a = pcre2_dfa_match_16(G(b,16),(PCRE2_SPTR16)c,d,e,f,G(g,16),h,i,j)
|
||||
#define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
|
||||
- r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size))
|
||||
+ r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2))
|
||||
#define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_16(G(b,16))
|
||||
#define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_16(G(b,16))
|
||||
#define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_16(G(a,16),b)
|
||||
@@ -2000,7 +2003,7 @@
|
||||
#define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \
|
||||
a = pcre2_dfa_match_32(G(b,32),(PCRE2_SPTR32)c,d,e,f,G(g,32),h,i,j)
|
||||
#define PCRE2_GET_ERROR_MESSAGE(r,a,b) \
|
||||
- r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size))
|
||||
+ r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4))
|
||||
#define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_32(G(b,32))
|
||||
#define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_32(G(b,32))
|
||||
#define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_32(G(a,32),b)
|
||||
--- trunk/src/pcre2test.c 2017/03/21 16:48:40 695
|
||||
+++ trunk/src/pcre2test.c 2017/03/21 17:46:21 696
|
||||
@@ -2889,7 +2889,7 @@
|
||||
{
|
||||
if (pbuffer32 != NULL) free(pbuffer32);
|
||||
pbuffer32_size = 4*len + 4;
|
||||
- if (pbuffer32_size < 256) pbuffer32_size = 256;
|
||||
+ if (pbuffer32_size < 512) pbuffer32_size = 512;
|
||||
pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
|
||||
if (pbuffer32 == NULL)
|
||||
{
|
||||
@@ -7600,7 +7600,8 @@
|
||||
int errcode;
|
||||
char *endptr;
|
||||
|
||||
-/* Ensure the relevant non-8-bit buffer is available. */
|
||||
+/* Ensure the relevant non-8-bit buffer is available. Ensure that it is at
|
||||
+least 128 code units, because it is used for retrieving error messages. */
|
||||
|
||||
#ifdef SUPPORT_PCRE2_16
|
||||
if (test_mode == PCRE16_MODE)
|
||||
@@ -7620,7 +7621,7 @@
|
||||
#ifdef SUPPORT_PCRE2_32
|
||||
if (test_mode == PCRE32_MODE)
|
||||
{
|
||||
- pbuffer32_size = 256;
|
||||
+ pbuffer32_size = 512;
|
||||
pbuffer32 = (uint32_t *)malloc(pbuffer32_size);
|
||||
if (pbuffer32 == NULL)
|
||||
{
|
||||
--- trunk/testdata/testinput2 2017/03/21 16:48:40 695
|
||||
+++ trunk/testdata/testinput2 2017/03/21 17:46:21 696
|
||||
@@ -5017,4 +5017,6 @@
|
||||
|
||||
/(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
|
||||
|
||||
+/\g{3/
|
||||
+
|
||||
# End of testinput2
|
||||
--- trunk/testdata/testoutput2 2017/03/21 16:48:40 695
|
||||
+++ trunk/testdata/testoutput2 2017/03/21 17:46:21 696
|
||||
@@ -15570,6 +15570,9 @@
|
||||
|
||||
/(?<!\1((?U)1((?U))))(*F)/never_backslash_c,alt_bsux,anchored,extended
|
||||
|
||||
+/\g{3/
|
||||
+Failed: error 157 at offset 2: \g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number
|
||||
+
|
||||
# End of testinput2
|
||||
Error -63: PCRE2_ERROR_BADDATA (unknown error number)
|
||||
Error -62: bad serialized data
|
||||
|
|
@ -6,6 +6,7 @@
|
|||
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
|
||||
;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
|
||||
;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
|
@ -75,7 +76,7 @@ POSIX regular expression API.")
|
|||
(define-public pcre2
|
||||
(package
|
||||
(name "pcre2")
|
||||
(version "10.23")
|
||||
(version "10.31")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/pcre/pcre2/"
|
||||
|
|
@ -83,9 +84,7 @@ POSIX regular expression API.")
|
|||
|
||||
(sha256
|
||||
(base32
|
||||
"0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz"))
|
||||
(patches (search-patches "pcre2-CVE-2017-7186.patch"
|
||||
"pcre2-CVE-2017-8786.patch"))))
|
||||
"1b389pzw91k1hzydsh4smdsxyppwz4pv74m3nrvy8rda0j3m6zg0"))))
|
||||
(build-system gnu-build-system)
|
||||
(inputs `(("bzip2" ,bzip2)
|
||||
("readline" ,readline)
|
||||
|
|
|
|||
Loading…
Reference in New Issue