mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-23 19:19:20 -05:00
gnu: pcre2: Update to 10.23.
* gnu/packages/pcre.scm (pcre2): Update to 10.23. [source]: Remove patch. [arguments]: Add phase to substitute /bin/echo reference. * gnu/packages/patches/pcre2-CVE-2016-3191.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
parent
3391e2a078
commit
9bb766e70d
3 changed files with 11 additions and 184 deletions
|
@ -811,7 +811,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/patchutils-xfail-gendiff-tests.patch \
|
||||
%D%/packages/patches/patch-hurd-path-max.patch \
|
||||
%D%/packages/patches/pcre-CVE-2016-3191.patch \
|
||||
%D%/packages/patches/pcre2-CVE-2016-3191.patch \
|
||||
%D%/packages/patches/perl-autosplit-default-time.patch \
|
||||
%D%/packages/patches/perl-deterministic-ordering.patch \
|
||||
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
|
||||
|
|
|
@ -1,179 +0,0 @@
|
|||
Fixes CVE-2016-3191 (remote execution of arbitrary code or denial of
|
||||
service (stack-based buffer overflow) via a crafted regular expression).
|
||||
|
||||
See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>.
|
||||
|
||||
This is svn r489 at <svn://vcs.exim.org/pcre2/code>, omitting the
|
||||
changes to 'testdata/testoutput8-16-4', which does not exist in the
|
||||
source tarball.
|
||||
|
||||
git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@489 6239d852-aaf2-0410-a92c-79f79f948069
|
||||
---
|
||||
ChangeLog | 4 ++++
|
||||
src/pcre2_compile.c | 16 ++++++++++++++--
|
||||
testdata/testinput8 | 2 ++
|
||||
testdata/testoutput8-16-2 | 3 +++
|
||||
testdata/testoutput8-16-3 | 3 +++
|
||||
testdata/testoutput8-16-4 | 3 +++
|
||||
testdata/testoutput8-32-2 | 3 +++
|
||||
testdata/testoutput8-32-3 | 3 +++
|
||||
testdata/testoutput8-32-4 | 3 +++
|
||||
testdata/testoutput8-8-2 | 3 +++
|
||||
testdata/testoutput8-8-3 | 3 +++
|
||||
testdata/testoutput8-8-4 | 3 +++
|
||||
12 files changed, 47 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index 3ce0207..65e333e 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -58,6 +58,10 @@ some head-scratching the next time this happens.
|
||||
assertion, caused pcre2test to output a very large number of spaces when the
|
||||
callout was taken, making the program appearing to loop.
|
||||
|
||||
+12. A pattern that included (*ACCEPT) in the middle of a sufficiently deeply
|
||||
+nested set of parentheses of sufficient size caused an overflow of the
|
||||
+compiling workspace (which was diagnosed, but of course is not desirable).
|
||||
+
|
||||
|
||||
Version 10.21 12-January-2016
|
||||
-----------------------------
|
||||
diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
|
||||
index e33d620..887fbfd 100644
|
||||
--- a/src/pcre2_compile.c
|
||||
+++ b/src/pcre2_compile.c
|
||||
@@ -5901,10 +5901,22 @@ for (;; ptr++)
|
||||
goto FAILED;
|
||||
}
|
||||
cb->had_accept = TRUE;
|
||||
+
|
||||
+ /* In the first pass, just accumulate the length required;
|
||||
+ otherwise hitting (*ACCEPT) inside many nested parentheses can
|
||||
+ cause workspace overflow. */
|
||||
+
|
||||
for (oc = cb->open_caps; oc != NULL; oc = oc->next)
|
||||
{
|
||||
- *code++ = OP_CLOSE;
|
||||
- PUT2INC(code, 0, oc->number);
|
||||
+ if (lengthptr != NULL)
|
||||
+ {
|
||||
+ *lengthptr += CU2BYTES(1) + IMM2_SIZE;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ *code++ = OP_CLOSE;
|
||||
+ PUT2INC(code, 0, oc->number);
|
||||
+ }
|
||||
}
|
||||
setverb = *code++ =
|
||||
(cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
|
||||
diff --git a/testdata/testinput8 b/testdata/testinput8
|
||||
index ca3b1b9..7e2a1f0 100644
|
||||
--- a/testdata/testinput8
|
||||
+++ b/testdata/testinput8
|
||||
@@ -182,4 +182,6 @@
|
||||
|
||||
/((?1)(?2)(?3)(?4)(?5)(?6)(?7)(?8)(?9)(?9)(?8)(?7)(?6)(?5)(?4)(?3)(?2)(?1)(?0)){2,}()()()()()()()()()/debug
|
||||
|
||||
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
||||
+
|
||||
# End of testinput8
|
||||
diff --git a/testdata/testoutput8-16-2 b/testdata/testoutput8-16-2
|
||||
index 05669bb..a5e8dec 100644
|
||||
--- a/testdata/testoutput8-16-2
|
||||
+++ b/testdata/testoutput8-16-2
|
||||
@@ -1027,4 +1027,7 @@ Capturing subpattern count = 10
|
||||
May match empty string
|
||||
Subject length lower bound = 0
|
||||
|
||||
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
||||
+Failed: error 186 at offset 490: regular expression is too complicated
|
||||
+
|
||||
# End of testinput8
|
||||
diff --git a/testdata/testoutput8-16-3 b/testdata/testoutput8-16-3
|
||||
index 31884e1..36133b3 100644
|
||||
--- a/testdata/testoutput8-16-3
|
||||
+++ b/testdata/testoutput8-16-3
|
||||
@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
|
||||
May match empty string
|
||||
Subject length lower bound = 0
|
||||
|
||||
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
||||
+Failed: error 114 at offset 509: missing closing parenthesis
|
||||
+
|
||||
# End of testinput8
|
||||
diff --git a/testdata/testoutput8-32-2 b/testdata/testoutput8-32-2
|
||||
index babd0c7..99c4fad 100644
|
||||
--- a/testdata/testoutput8-32-2
|
||||
+++ b/testdata/testoutput8-32-2
|
||||
@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
|
||||
May match empty string
|
||||
Subject length lower bound = 0
|
||||
|
||||
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
||||
+Failed: error 114 at offset 509: missing closing parenthesis
|
||||
+
|
||||
# End of testinput8
|
||||
diff --git a/testdata/testoutput8-32-3 b/testdata/testoutput8-32-3
|
||||
index babd0c7..99c4fad 100644
|
||||
--- a/testdata/testoutput8-32-3
|
||||
+++ b/testdata/testoutput8-32-3
|
||||
@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
|
||||
May match empty string
|
||||
Subject length lower bound = 0
|
||||
|
||||
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
||||
+Failed: error 114 at offset 509: missing closing parenthesis
|
||||
+
|
||||
# End of testinput8
|
||||
diff --git a/testdata/testoutput8-32-4 b/testdata/testoutput8-32-4
|
||||
index babd0c7..99c4fad 100644
|
||||
--- a/testdata/testoutput8-32-4
|
||||
+++ b/testdata/testoutput8-32-4
|
||||
@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
|
||||
May match empty string
|
||||
Subject length lower bound = 0
|
||||
|
||||
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
||||
+Failed: error 114 at offset 509: missing closing parenthesis
|
||||
+
|
||||
# End of testinput8
|
||||
diff --git a/testdata/testoutput8-8-2 b/testdata/testoutput8-8-2
|
||||
index 6a9aa0a..6dc1f42 100644
|
||||
--- a/testdata/testoutput8-8-2
|
||||
+++ b/testdata/testoutput8-8-2
|
||||
@@ -1026,4 +1026,7 @@ Capturing subpattern count = 10
|
||||
May match empty string
|
||||
Subject length lower bound = 0
|
||||
|
||||
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
||||
+Failed: error 114 at offset 509: missing closing parenthesis
|
||||
+
|
||||
# End of testinput8
|
||||
diff --git a/testdata/testoutput8-8-3 b/testdata/testoutput8-8-3
|
||||
index 2fe1168..ae14946 100644
|
||||
--- a/testdata/testoutput8-8-3
|
||||
+++ b/testdata/testoutput8-8-3
|
||||
@@ -1024,4 +1024,7 @@ Capturing subpattern count = 10
|
||||
May match empty string
|
||||
Subject length lower bound = 0
|
||||
|
||||
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
||||
+Failed: error 114 at offset 509: missing closing parenthesis
|
||||
+
|
||||
# End of testinput8
|
||||
diff --git a/testdata/testoutput8-8-4 b/testdata/testoutput8-8-4
|
||||
index 91993b2..6c79956 100644
|
||||
--- a/testdata/testoutput8-8-4
|
||||
+++ b/testdata/testoutput8-8-4
|
||||
@@ -1022,4 +1022,7 @@ Capturing subpattern count = 10
|
||||
May match empty string
|
||||
Subject length lower bound = 0
|
||||
|
||||
+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
|
||||
+Failed: error 114 at offset 509: missing closing parenthesis
|
||||
+
|
||||
# End of testinput8
|
||||
--
|
||||
2.8.3
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
|
||||
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
|
||||
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
|
||||
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -73,16 +74,15 @@ (define-public pcre
|
|||
(define-public pcre2
|
||||
(package
|
||||
(name "pcre2")
|
||||
(version "10.21")
|
||||
(version "10.23")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/pcre/pcre2/"
|
||||
version "/pcre2-" version ".tar.bz2"))
|
||||
|
||||
(patches (search-patches "pcre2-CVE-2016-3191.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"1q6lrj9b08l1q39vxipb0fi88x6ybvkr6439h8bjb9r8jd81fsn6"))))
|
||||
"0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz"))))
|
||||
(build-system gnu-build-system)
|
||||
(inputs `(("bzip2" ,bzip2)
|
||||
("readline" ,readline)
|
||||
|
@ -95,7 +95,14 @@ (define-public pcre2
|
|||
"--enable-unicode-properties"
|
||||
"--enable-pcre2-16"
|
||||
"--enable-pcre2-32"
|
||||
"--enable-jit")))
|
||||
"--enable-jit")
|
||||
#:phases
|
||||
(modify-phases %standard-phases
|
||||
(add-after 'unpack 'patch-paths
|
||||
(lambda _
|
||||
(substitute* "RunGrepTest"
|
||||
(("/bin/echo") (which "echo")))
|
||||
#t)))))
|
||||
(synopsis "Perl Compatible Regular Expressions")
|
||||
(description
|
||||
"The PCRE library is a set of functions that implement regular expression
|
||||
|
|
Loading…
Reference in a new issue