import pcre2-10.32-3.el8_6
This commit is contained in:
parent
d3b1260ab5
commit
41f9c1a59b
21
SOURCES/pcre2-10.32-Fix-CVE-2022-1586
Normal file
21
SOURCES/pcre2-10.32-Fix-CVE-2022-1586
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
--- pcre2-10.32/src/pcre2_jit_compile.c.old 2022-05-13 09:13:06.188574517 +0000
|
||||||
|
+++ pcre2-10.32/src/pcre2_jit_compile.c 2022-05-13 09:27:57.189574517 +0000
|
||||||
|
@@ -6494,7 +6494,7 @@ while (*cc != XCL_END)
|
||||||
|
{
|
||||||
|
SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP);
|
||||||
|
cc++;
|
||||||
|
- if (*cc == PT_CLIST)
|
||||||
|
+ if (*cc == PT_CLIST && cc[-1] == XCL_PROP)
|
||||||
|
{
|
||||||
|
other_cases = PRIV(ucd_caseless_sets) + cc[1];
|
||||||
|
while (*other_cases != NOTACHAR)
|
||||||
|
--- pcre2-10.32/src/pcre2_jit_test.c.old 2022-05-13 09:29:27.531574517 +0000
|
||||||
|
+++ pcre2-10.32/src/pcre2_jit_test.c 2022-05-13 09:32:50.666574517 +0000
|
||||||
|
@@ -397,6 +397,7 @@ static struct regression_test_case regre
|
||||||
|
{ MUP, A, 0, 0 | F_PROPERTY, "[\xc3\xa2-\xc3\xa6\xc3\x81-\xc3\x84\xe2\x80\xa8-\xe2\x80\xa9\xe6\x92\xad\\p{Zs}]{2,}", "\xe2\x80\xa7\xe2\x80\xa9\xe6\x92\xad \xe6\x92\xae" },
|
||||||
|
{ MUP, A, 0, 0 | F_PROPERTY, "[\\P{L&}]{2}[^\xc2\x85-\xc2\x89\\p{Ll}\\p{Lu}]{2}", "\xc3\xa9\xe6\x92\xad.a\xe6\x92\xad|\xc2\x8a#" },
|
||||||
|
{ PCRE2_UCP, 0, 0, 0 | F_PROPERTY, "[a-b\\s]{2,5}[^a]", "AB baaa" },
|
||||||
|
+ { CMUP, 0, 0, 0, "[^S]\\B", "\xe2\x80\x8a" },
|
||||||
|
|
||||||
|
/* Possible empty brackets. */
|
||||||
|
{ MU, A, 0, 0, "(?:|ab||bc|a)+d", "abcxabcabd" },
|
@ -9,7 +9,7 @@
|
|||||||
#%%global rcversion RC1
|
#%%global rcversion RC1
|
||||||
Name: pcre2
|
Name: pcre2
|
||||||
Version: 10.32
|
Version: 10.32
|
||||||
Release: %{?rcversion:0.}2%{?rcversion:.%rcversion}%{?dist}
|
Release: %{?rcversion:0.}3%{?rcversion:.%rcversion}%{?dist}
|
||||||
%global myversion %{version}%{?rcversion:-%rcversion}
|
%global myversion %{version}%{?rcversion:-%rcversion}
|
||||||
Summary: Perl-compatible regular expression library
|
Summary: Perl-compatible regular expression library
|
||||||
# the library: BSD with exceptions
|
# the library: BSD with exceptions
|
||||||
@ -68,6 +68,11 @@ Patch5: pcre2-10.32-Fix-crash-when-X-is-used-without-UTF-in-JIT.patch
|
|||||||
# 2/2 Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT),
|
# 2/2 Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT),
|
||||||
# upstream bug #2399, bug #1734468, in upstream after 10.33
|
# upstream bug #2399, bug #1734468, in upstream after 10.33
|
||||||
Patch6: pcre2-10.32-Forgot-this-file-in-previous-commit.-Fixes-JIT-non-U.patch
|
Patch6: pcre2-10.32-Forgot-this-file-in-previous-commit.-Fixes-JIT-non-U.patch
|
||||||
|
# Fix CVE-2022-1586 (Out-of-bounds read in compile_xclass_matchingpath)
|
||||||
|
# Downstream patch backport
|
||||||
|
# Ref: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a
|
||||||
|
# https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c
|
||||||
|
Patch7: pcre2-10.32-Fix-CVE-2022-1586
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: coreutils
|
BuildRequires: coreutils
|
||||||
@ -150,6 +155,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test.
|
|||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
# Because of multilib patch
|
# Because of multilib patch
|
||||||
libtoolize --copy --force
|
libtoolize --copy --force
|
||||||
autoreconf -vif
|
autoreconf -vif
|
||||||
@ -251,6 +257,9 @@ make %{?_smp_mflags} check VERBOSE=yes
|
|||||||
%{_mandir}/man1/pcre2test.*
|
%{_mandir}/man1/pcre2test.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri May 13 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.32-3
|
||||||
|
- Resolves: CVE-2022-1586
|
||||||
|
|
||||||
* Mon May 13 2019 Petr Pisar <ppisar@redhat.com> - 10.32-2
|
* Mon May 13 2019 Petr Pisar <ppisar@redhat.com> - 10.32-2
|
||||||
- Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT)
|
- Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT)
|
||||||
(bug #1734468)
|
(bug #1734468)
|
||||||
|
Loading…
Reference in New Issue
Block a user