summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/pcre2-CVE-2016-3191.patch
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-03-09 16:35:41 +0100
committerLudovic Courtès <ludo@gnu.org>2017-03-09 16:35:41 +0100
commite90e0fad1b3ba79d81f02424e143ee6f4f736e8b (patch)
tree2c26190fd9114199b0ef79303e18a61100cab4af /gnu/packages/patches/pcre2-CVE-2016-3191.patch
parent8ea0700d231a8819fc7e8332e9685f0ce15c174e (diff)
parent9ec2a4d3fec44f08a55df9f5f3d1a04b83e7fcf6 (diff)
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/pcre2-CVE-2016-3191.patch')
-rw-r--r--gnu/packages/patches/pcre2-CVE-2016-3191.patch179
1 files changed, 0 insertions, 179 deletions
diff --git a/gnu/packages/patches/pcre2-CVE-2016-3191.patch b/gnu/packages/patches/pcre2-CVE-2016-3191.patch
deleted file mode 100644
index 80f9d3d4f1..0000000000
--- a/gnu/packages/patches/pcre2-CVE-2016-3191.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-Fixes CVE-2016-3191 (remote execution of arbitrary code or denial of
-service (stack-based buffer overflow) via a crafted regular expression).
-
-See <https://bugzilla.redhat.com/show_bug.cgi?id=1311503>.
-
-This is svn r489 at <svn://vcs.exim.org/pcre2/code>, omitting the
-changes to 'testdata/testoutput8-16-4', which does not exist in the
-source tarball.
-
-git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@489 6239d852-aaf2-0410-a92c-79f79f948069
----
- ChangeLog | 4 ++++
- src/pcre2_compile.c | 16 ++++++++++++++--
- testdata/testinput8 | 2 ++
- testdata/testoutput8-16-2 | 3 +++
- testdata/testoutput8-16-3 | 3 +++
- testdata/testoutput8-16-4 | 3 +++
- testdata/testoutput8-32-2 | 3 +++
- testdata/testoutput8-32-3 | 3 +++
- testdata/testoutput8-32-4 | 3 +++
- testdata/testoutput8-8-2 | 3 +++
- testdata/testoutput8-8-3 | 3 +++
- testdata/testoutput8-8-4 | 3 +++
- 12 files changed, 47 insertions(+), 2 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 3ce0207..65e333e 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -58,6 +58,10 @@ some head-scratching the next time this happens.
- assertion, caused pcre2test to output a very large number of spaces when the
- callout was taken, making the program appearing to loop.
-
-+12. A pattern that included (*ACCEPT) in the middle of a sufficiently deeply
-+nested set of parentheses of sufficient size caused an overflow of the
-+compiling workspace (which was diagnosed, but of course is not desirable).
-+
-
- Version 10.21 12-January-2016
- -----------------------------
-diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
-index e33d620..887fbfd 100644
---- a/src/pcre2_compile.c
-+++ b/src/pcre2_compile.c
-@@ -5901,10 +5901,22 @@ for (;; ptr++)
- goto FAILED;
- }
- cb->had_accept = TRUE;
-+
-+ /* In the first pass, just accumulate the length required;
-+ otherwise hitting (*ACCEPT) inside many nested parentheses can
-+ cause workspace overflow. */
-+
- for (oc = cb->open_caps; oc != NULL; oc = oc->next)
- {
-- *code++ = OP_CLOSE;
-- PUT2INC(code, 0, oc->number);
-+ if (lengthptr != NULL)
-+ {
-+ *lengthptr += CU2BYTES(1) + IMM2_SIZE;
-+ }
-+ else
-+ {
-+ *code++ = OP_CLOSE;
-+ PUT2INC(code, 0, oc->number);
-+ }
- }
- setverb = *code++ =
- (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
-diff --git a/testdata/testinput8 b/testdata/testinput8
-index ca3b1b9..7e2a1f0 100644
---- a/testdata/testinput8
-+++ b/testdata/testinput8
-@@ -182,4 +182,6 @@
-
- /((?1)(?2)(?3)(?4)(?5)(?6)(?7)(?8)(?9)(?9)(?8)(?7)(?6)(?5)(?4)(?3)(?2)(?1)(?0)){2,}()()()()()()()()()/debug
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-16-2 b/testdata/testoutput8-16-2
-index 05669bb..a5e8dec 100644
---- a/testdata/testoutput8-16-2
-+++ b/testdata/testoutput8-16-2
-@@ -1027,4 +1027,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 186 at offset 490: regular expression is too complicated
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-16-3 b/testdata/testoutput8-16-3
-index 31884e1..36133b3 100644
---- a/testdata/testoutput8-16-3
-+++ b/testdata/testoutput8-16-3
-@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-32-2 b/testdata/testoutput8-32-2
-index babd0c7..99c4fad 100644
---- a/testdata/testoutput8-32-2
-+++ b/testdata/testoutput8-32-2
-@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-32-3 b/testdata/testoutput8-32-3
-index babd0c7..99c4fad 100644
---- a/testdata/testoutput8-32-3
-+++ b/testdata/testoutput8-32-3
-@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-32-4 b/testdata/testoutput8-32-4
-index babd0c7..99c4fad 100644
---- a/testdata/testoutput8-32-4
-+++ b/testdata/testoutput8-32-4
-@@ -1023,4 +1023,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-8-2 b/testdata/testoutput8-8-2
-index 6a9aa0a..6dc1f42 100644
---- a/testdata/testoutput8-8-2
-+++ b/testdata/testoutput8-8-2
-@@ -1026,4 +1026,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-8-3 b/testdata/testoutput8-8-3
-index 2fe1168..ae14946 100644
---- a/testdata/testoutput8-8-3
-+++ b/testdata/testoutput8-8-3
-@@ -1024,4 +1024,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
-diff --git a/testdata/testoutput8-8-4 b/testdata/testoutput8-8-4
-index 91993b2..6c79956 100644
---- a/testdata/testoutput8-8-4
-+++ b/testdata/testoutput8-8-4
-@@ -1022,4 +1022,7 @@ Capturing subpattern count = 10
- May match empty string
- Subject length lower bound = 0
-
-+/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
-+Failed: error 114 at offset 509: missing closing parenthesis
-+
- # End of testinput8
---
-2.8.3
-