import pcre-8.42-6.el8

2021-11-09 04:52:31 -05:00 · 2021-11-09 04:52:31 -05:00 · 5aa6c2f1e8
commit 5aa6c2f1e8
parent d18649b36f
3 changed files with 103 additions and 1 deletions
--- a/SOURCES/pcre-8.42-Fix-subject-buffer-overread-in-JIT.patch
+++ b/SOURCES/pcre-8.42-Fix-subject-buffer-overread-in-JIT.patch
@ -0,0 +1,29 @@
 From 1aa76cb33f04fcea3127a0859450e5d18369e5e2 Mon Sep 17 00:00:00 2001
 From: zherczeg <zherczeg@2f5784b3-3f2a-0410-8824-cb99058d5e15>
 Date: Fri, 21 Sep 2018 07:34:10 +0000
 Subject: [PATCH] Fix subject buffer overread in JIT.
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1740 2f5784b3-3f2a-0410-8824-cb99058d5e15
 Petr Písař: Ported to 8.42.
 ---
 pcre_jit_compile.c | 2 +-
 diff --git a/pcre_jit_compile.c b/pcre_jit_compile.c
 index 2bad74b..bc5f9c0 100644
 --- a/pcre_jit_compile.c
 +++ b/pcre_jit_compile.c
@@ -9002,7 +9002,7 @@ if (exact > 1)
 #ifdef SUPPORT_UTF
       && !common->utf
 #endif
 -      )
 +      && type != OP_ANYNL && type != OP_EXTUNI)
     {
     OP2(SLJIT_ADD, TMP1, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(exact));
     add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_GREATER, TMP1, 0, STR_END, 0));
 -- 
 2.17.2
--- a/SOURCES/pcre-8.43-Check-the-size-of-the-number-after-C-as-it-is-read-i.patch
+++ b/SOURCES/pcre-8.43-Check-the-size-of-the-number-after-C-as-it-is-read-i.patch
@ -0,0 +1,55 @@
 From 3a9026509f9c1745f378595e55e5024361ad152d Mon Sep 17 00:00:00 2001
 From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
 Date: Mon, 10 Feb 2020 17:17:34 +0000
 Subject: [PATCH] Check the size of the number after (?C as it is read, in
 order to avoid integer overflow.
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1761 2f5784b3-3f2a-0410-8824-cb99058d5e15
 Petr Písař: Ported to 8.43.
 ---
 pcre_compile.c | 14 ++++++++------
 diff --git a/pcre_compile.c b/pcre_compile.c
 index 079d30a..1e3d6c3 100644
 --- a/pcre_compile.c
 +++ b/pcre_compile.c
@@ -6,7 +6,7 @@
 and semantics are as close as possible to those of the Perl 5 language.
                        Written by Philip Hazel
 -           Copyright (c) 1997-2018 University of Cambridge
 +           Copyright (c) 1997-2020 University of Cambridge
 -----------------------------------------------------------------------------
 Redistribution and use in source and binary forms, with or without
@@ -7130,17 +7130,19 @@ for (;; ptr++)
           int n = 0;
           ptr++;
           while(IS_DIGIT(*ptr))
 +            { 
             n = n * 10 + *ptr++ - CHAR_0;
 +            if (n > 255)
 +              {
 +              *errorcodeptr = ERR38;
 +              goto FAILED;
 +              }
 +            } 
           if (*ptr != CHAR_RIGHT_PARENTHESIS)
             {
             *errorcodeptr = ERR39;
             goto FAILED;
             }
 -          if (n > 255)
 -            {
 -            *errorcodeptr = ERR38;
 -            goto FAILED;
 -            }
           *code++ = n;
           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
           PUT(code, LINK_SIZE, 0);                          /* Default length */
 -- 
 2.21.1
--- a/SPECS/pcre.spec
+++ b/SPECS/pcre.spec
@ -2,7 +2,7 @@
 #%%global rcversion RC1
 Name:       pcre
 Version:    8.42
-Release:    %{?rcversion:0.}4%{?rcversion:.%rcversion}%{?dist}
+Release:    %{?rcversion:0.}6%{?rcversion:.%rcversion}%{?dist}
 %global myversion %{version}%{?rcversion:-%rcversion}
 Summary:    Perl-compatible regular expression library
 ## Source package only:
@ -48,6 +48,13 @@ Patch5:     pcre-8.42-Fix-bad-auto-possessify-for-certain-classes.patch
 # Fix anchoring in conditionals with only one branch, bug #1619228,
 # upstream bug #2307, in upstream after 8.42
 Patch6:     pcre-8.42-Fix-anchoring-bug-in-conditional-subexpression.patch
 # Fix a subject buffer overread in JIT when UTF is disabled and \X or \R has
 # a greater than 1 fixed quantifier, CVE-2019-20838, bug #1852252,
 # in upstream after 8.42
 Patch7:     pcre-8.42-Fix-subject-buffer-overread-in-JIT.patch
 # Fix an integer overflow when parsing numbers after "(?C", CVE-2020-14155,
 # bug #1851552, upstream bug #2463, in upstream after 8.43
 Patch8:     pcre-8.43-Check-the-size-of-the-number-after-C-as-it-is-read-i.patch
 BuildRequires:  readline-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -136,6 +143,8 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 # Because of rpath patch
 libtoolize --copy --force
 autoreconf -vif
@ -230,6 +239,15 @@ make %{?_smp_mflags} check VERBOSE=yes
 %{_mandir}/man1/pcretest.*
 %changelog
 * Wed Jun 02 2021 Lukas Javorsky <ljavorsk@redhat.com> - 8.42-6
 - Rebuild for BZ#1954441
 * Wed Apr 14 2021 Petr Pisar <ppisar@redhat.com> - 8.42-5
 - Fix CVE-2019-20838 (a subject buffer overread in JIT when UTF is disabled
  and \X or \R has a greater than 1 fixed quantifier) (bug #1852252)
 - Fix CVE-2020-14155 (an integer overflow when parsing numbers after "(?C"))
  (bug #1851552)
 * Mon Sep 03 2018 Petr Pisar <ppisar@redhat.com> - 8.42-4
 - Fix anchoring in conditionals with only one branch (bug #1619228)