diff --git a/pcre2-10.32-Fix-subject-buffer-overread-in-JIT.-Found-by-Yunho-K.patch b/pcre2-10.32-Fix-subject-buffer-overread-in-JIT.-Found-by-Yunho-K.patch new file mode 100644 index 0000000..8ff3425 --- /dev/null +++ b/pcre2-10.32-Fix-subject-buffer-overread-in-JIT.-Found-by-Yunho-K.patch @@ -0,0 +1,34 @@ +From f3b9337a2280db816ef6b2cbe3750b2991944c22 Mon Sep 17 00:00:00 2001 +From: zherczeg +Date: Tue, 18 Sep 2018 10:19:14 +0000 +Subject: [PATCH] Fix subject buffer overread in JIT. Found by Yunho Kim. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1011 6239d852-aaf2-0410-a92c-79f79f948069 + +Petr Písař: Ported to 10.32. The tests were removed because they need +a new test framework not availanble in 10.32. + +Signed-off-by: Petr Písař +--- + src/pcre2_jit_compile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c +index 32e985b..b3015cc 100644 +--- a/src/pcre2_jit_compile.c ++++ b/src/pcre2_jit_compile.c +@@ -9951,7 +9951,7 @@ if (exact > 1) + #ifdef SUPPORT_UNICODE + && !common->utf + #endif +- ) ++ && type != OP_ANYNL && type != OP_EXTUNI) + { + OP2(SLJIT_ADD, TMP1, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(exact)); + add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_GREATER, TMP1, 0, STR_END, 0)); +-- +2.17.1 + diff --git a/pcre2.spec b/pcre2.spec index d88056b..07664b0 100644 --- a/pcre2.spec +++ b/pcre2.spec @@ -9,7 +9,7 @@ #%%global rcversion RC1 Name: pcre2 Version: 10.32 -Release: %{?rcversion:0.}1%{?rcversion:.%rcversion}%{?dist} +Release: %{?rcversion:0.}2%{?rcversion:.%rcversion}%{?dist} %global myversion %{version}%{?rcversion:-%rcversion} Summary: Perl-compatible regular expression library # the library: BSD with exceptions @@ -49,6 +49,10 @@ URL: http://www.pcre.org/ Source: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/%{?rcversion:Testing/}%{name}-%{myversion}.tar.bz2 # Do no set RPATH if libdir is not /usr/lib Patch0: pcre2-10.10-Fix-multilib.patch +# Fix a subject buffer overread in JIT when UTF is disabled and \X or \R has +# a greater than 1 fixed quantifier, upstream bug #2320, in upstream after +# 10.32 +Patch1: pcre2-10.32-Fix-subject-buffer-overread-in-JIT.-Found-by-Yunho-K.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: coreutils @@ -125,6 +129,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test. %prep %setup -q -n %{name}-%{myversion} %patch0 -p1 +%patch1 -p1 # Because of multilib patch libtoolize --copy --force autoreconf -vif @@ -227,6 +232,10 @@ make %{?_smp_mflags} check VERBOSE=yes %{_mandir}/man1/pcre2test.* %changelog +* Tue Sep 18 2018 Petr Pisar - 10.32-2 +- Fix a subject buffer overread in JIT when UTF is disabled and \X or \R has + a greater than 1 fixed quantifier (upstream bug #2320) + * Wed Sep 12 2018 Petr Pisar - 10.32-1 - 10.32 bump