import CS pcre-8.44-4.el9

2024-09-30 16:17:45 +00:00 · 2024-09-30 16:17:45 +00:00 · d56bc455c5
commit d56bc455c5
parent 6cc27dbfa8
6 changed files with 94 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 SOURCES/pcre-8.44.tar.bz2
+SOURCES/pcre-8.44.tar.bz2.sig
--- a/.pcre.metadata
+++ b/.pcre.metadata
@ -1 +1,2 @@
 8179b083053fce9b4a766513fa1f14807aabee42 SOURCES/pcre-8.44.tar.bz2
+b43d3d5bcd1d534c18134821d767c367d37ef929 SOURCES/pcre-8.44.tar.bz2.sig
--- a/SOURCES/0001-Fix-the-possible-array-overrun-when-the-OP_TABLE_LEN.patch
+++ b/SOURCES/0001-Fix-the-possible-array-overrun-when-the-OP_TABLE_LEN.patch
@ -0,0 +1,39 @@
+From bc21e89823bb3b1550e03489345864dfe1515e2c Mon Sep 17 00:00:00 2001
+From: Lukas Javorsky <ljavorsk@redhat.com>
+Date: Tue, 16 Apr 2024 10:13:35 +0000
+Subject: [PATCH] Fix the possible array overrun when the OP_TABLE_LENGTH
+
+When the *code pointer holds value of 162 (OP_TABLE_LENGTH) it could
+possibly overrun the priv_OP_lengths[] array. By adding this condition
+it's not being overrun and the 0 values is added instead. It would most
+likely be 0 when overrun as the array is alligned to the lowest byte
+with zeros
+
+---
+ pcre_printint.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/pcre_printint.c b/pcre_printint.c
+index 60dcb55..e1e419b 100644
+--- a/pcre_printint.c
+++ b/pcre_printint.c
+@@ -825,8 +825,14 @@ for(;;)
+     fprintf(f, " %s %s", flag, priv_OP_names[*code]);
+     break;
+     }
+-
+-  code += priv_OP_lengths[*code] + extra;
+  if (*code >= OP_TABLE_LENGTH){
+    // Use 0 because it would most likely be 0 when the priv_OP_lengths is overrun.
+    // Allocator would have allign the size of this array
+    code += 0 + extra;
+  }
+  else {
+    code += priv_OP_lengths[*code] + extra;
+  }
+   fprintf(f, "\n");
+   }
+ }
+-- 
+2.44.0
+
--- a/SOURCES/0002-Fix-UNINIT-SAST-report-for-the-mark-values.patch
+++ b/SOURCES/0002-Fix-UNINIT-SAST-report-for-the-mark-values.patch
@ -0,0 +1,44 @@
+From 3f53de7ff720b40f547a2d55532a73b2b570ab40 Mon Sep 17 00:00:00 2001
+From: Lukas Javorsky <ljavorsk@redhat.com>
+Date: Tue, 16 Apr 2024 10:28:58 +0000
+Subject: [PATCH] Fix UNINIT SAST report for the mark* values
+
+These values are initialized if the re* values is true, thus we can add
+it to the condition, so there is no possibility that the mark* values
+are not initialized
+---
+ pcre_jit_test.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/pcre_jit_test.c b/pcre_jit_test.c
+index 034cb52..e3e4a3e 100644
+--- a/pcre_jit_test.c
+++ b/pcre_jit_test.c
+@@ -1687,21 +1687,21 @@ static int regression_tests(void)
+ 
+ 		if (is_successful) {
+ #ifdef SUPPORT_PCRE8
+-			if (mark8_1 != mark8_2) {
+			if (re8 && (mark8_1 != mark8_2)) {
+ 				printf("8 bit: Mark value mismatch: [%d] '%s' @ '%s'\n",
+ 					total, current->pattern, current->input);
+ 				is_successful = 0;
+ 			}
+ #endif
+ #ifdef SUPPORT_PCRE16
+-			if (mark16_1 != mark16_2) {
+			if (re16 && (mark16_1 != mark16_2)) {
+ 				printf("16 bit: Mark value mismatch: [%d] '%s' @ '%s'\n",
+ 					total, current->pattern, current->input);
+ 				is_successful = 0;
+ 			}
+ #endif
+ #ifdef SUPPORT_PCRE32
+-			if (mark32_1 != mark32_2) {
+			if (re32 && (mark32_1 != mark32_2)) {
+ 				printf("32 bit: Mark value mismatch: [%d] '%s' @ '%s'\n",
+ 					total, current->pattern, current->input);
+ 				is_successful = 0;
+-- 
+2.44.0
+
--- a/SOURCES/pcre-8.44.tar.bz2.sig
+++ b/SOURCES/pcre-8.44.tar.bz2.sig
--- a/SPECS/pcre.spec
+++ b/SPECS/pcre.spec
@ -2,7 +2,7 @@
 #%%global rcversion RC1
 Name:       pcre
 Version:    8.44
-Release:    %{?rcversion:0.}3%{?rcversion:.%rcversion}%{?dist}.3
+Release:    %{?rcversion:0.}4%{?rcversion:.%rcversion}%{?dist}
 %global myversion %{version}%{?rcversion:-%rcversion}
 Summary:    Perl-compatible regular expression library
 ## Source package only:
@ -49,6 +49,9 @@ Patch4:     pcre-8.44-Inicialize-name-table-memory-region.patch
 # <https://lists.exim.org/lurker/message/20201220.222016.d8cd6d61.en.html>
 Patch5:     pcre-8.44-JIT-compiler-update-for-Intel-CET.patch
 Patch6:     pcre-8.44-Pass-mshstk-to-the-compiler-when-Intel-CET-is-enable.patch
+# SAST reports RHEL-32488 and RHEL-32492 fixed
+Patch7:	    0001-Fix-the-possible-array-overrun-when-the-OP_TABLE_LEN.patch
+Patch8:	    0002-Fix-UNINIT-SAST-report-for-the-mark-values.patch
 BuildRequires:  readline-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -139,6 +142,8 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
+%patch8 -p1
 # Because of the multilib patch
 libtoolize --copy --force
 autoreconf -vif
@ -231,6 +236,9 @@ make %{?_smp_mflags} check VERBOSE=yes
 %{_mandir}/man1/pcretest.*

 %changelog
+* Wed Apr 17 2024 Lukas Javorsky <ljavorsk@redhat.com> - 8.44.3-4
+- Fix the SAST reports described in RHEL-32492 and RHEL-32488
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 8.44-3.3
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688