* bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2
@ 2017-04-10 13:39 Ludovic Courtès
2017-04-10 13:42 ` bug#26431: [PATCH 1/2] gnu: pcre2: Patch CVE-2017-7186 Ludovic Courtès
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Ludovic Courtès @ 2017-04-10 13:39 UTC (permalink / raw)
To: 26431
Hello,
These patches fix <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
in pcre and pcre2 using the upstream patches referenced in the CVE database.
Ludo'.
Ludovic Courtès (2):
gnu: pcre2: Patch CVE-2017-7186.
gnu: pcre: Patch CVE-2017-7186.
gnu/local.mk | 2 +
gnu/packages/patches/pcre-CVE-2017-7186.patch | 55 +++++++++++++++++++++
gnu/packages/patches/pcre2-CVE-2017-7186.patch | 67 ++++++++++++++++++++++++++
gnu/packages/pcre.scm | 13 ++++-
4 files changed, 136 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/pcre-CVE-2017-7186.patch
create mode 100644 gnu/packages/patches/pcre2-CVE-2017-7186.patch
--
2.12.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#26431: [PATCH 1/2] gnu: pcre2: Patch CVE-2017-7186.
2017-04-10 13:39 bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Ludovic Courtès
@ 2017-04-10 13:42 ` Ludovic Courtès
2017-04-10 13:43 ` bug#26431: [PATCH 2/2] gnu: pcre: " Ludovic Courtès
2017-04-10 17:01 ` bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Marius Bakke
2 siblings, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2017-04-10 13:42 UTC (permalink / raw)
To: 26431
* gnu/packages/patches/pcre2-CVE-2017-7186.patch: New file.
* gnu/packages/pcre.scm (pcre2)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Add it.
---
gnu/local.mk | 1 +
gnu/packages/patches/pcre2-CVE-2017-7186.patch | 67 ++++++++++++++++++++++++++
gnu/packages/pcre.scm | 3 +-
3 files changed, 70 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/pcre2-CVE-2017-7186.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index a8d006601..c3a65789a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -825,6 +825,7 @@ dist_patch_DATA = \
%D%/packages/patches/patchelf-rework-for-arm.patch \
%D%/packages/patches/patchutils-xfail-gendiff-tests.patch \
%D%/packages/patches/patch-hurd-path-max.patch \
+ %D%/packages/patches/pcre2-CVE-2017-7186.patch \
%D%/packages/patches/perl-autosplit-default-time.patch \
%D%/packages/patches/perl-deterministic-ordering.patch \
%D%/packages/patches/perl-finance-quote-unuse-mozilla-ca.patch \
diff --git a/gnu/packages/patches/pcre2-CVE-2017-7186.patch b/gnu/packages/patches/pcre2-CVE-2017-7186.patch
new file mode 100644
index 000000000..482f07a1f
--- /dev/null
+++ b/gnu/packages/patches/pcre2-CVE-2017-7186.patch
@@ -0,0 +1,67 @@
+Upstream patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>.
+
+--- trunk/src/pcre2_internal.h 2016/11/19 12:46:24 600
++++ trunk/src/pcre2_internal.h 2017/02/24 18:25:32 670
+@@ -1774,10 +1774,17 @@
+ /* UCD access macros */
+
+ #define UCD_BLOCK_SIZE 128
+-#define GET_UCD(ch) (PRIV(ucd_records) + \
++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
+ PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
+ UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
+
++#if PCRE2_CODE_UNIT_WIDTH == 32
++#define GET_UCD(ch) ((ch > MAX_UTF_CODE_POINT)? \
++ PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
++#else
++#define GET_UCD(ch) REAL_GET_UCD(ch)
++#endif
++
+ #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype
+ #define UCD_SCRIPT(ch) GET_UCD(ch)->script
+ #define UCD_CATEGORY(ch) PRIV(ucp_gentype)[UCD_CHARTYPE(ch)]
+@@ -1834,6 +1841,9 @@
+ #define _pcre2_default_compile_context PCRE2_SUFFIX(_pcre2_default_compile_context_)
+ #define _pcre2_default_match_context PCRE2_SUFFIX(_pcre2_default_match_context_)
+ #define _pcre2_default_tables PCRE2_SUFFIX(_pcre2_default_tables_)
++#if PCRE2_CODE_UNIT_WIDTH == 32
++#define _pcre2_dummy_ucd_record PCRE2_SUFFIX(_pcre2_dummy_ucd_record_)
++#endif
+ #define _pcre2_hspace_list PCRE2_SUFFIX(_pcre2_hspace_list_)
+ #define _pcre2_vspace_list PCRE2_SUFFIX(_pcre2_vspace_list_)
+ #define _pcre2_ucd_caseless_sets PCRE2_SUFFIX(_pcre2_ucd_caseless_sets_)
+@@ -1858,6 +1868,9 @@
+ extern const uint32_t PRIV(vspace_list)[];
+ extern const uint32_t PRIV(ucd_caseless_sets)[];
+ extern const ucd_record PRIV(ucd_records)[];
++#if PCRE2_CODE_UNIT_WIDTH == 32
++extern const ucd_record PRIV(dummy_ucd_record)[];
++#endif
+ extern const uint8_t PRIV(ucd_stage1)[];
+ extern const uint16_t PRIV(ucd_stage2)[];
+ extern const uint32_t PRIV(ucp_gbtable)[];
+
+--- trunk/src/pcre2_ucd.c 2015/07/17 15:44:51 316
++++ trunk/src/pcre2_ucd.c 2017/02/24 18:25:32 670
+@@ -41,6 +41,20 @@
+
+ const char *PRIV(unicode_version) = "8.0.0";
+
++/* If the 32-bit library is run in non-32-bit mode, character values
++greater than 0x10ffff may be encountered. For these we set up a
++special record. */
++
++#if PCRE2_CODE_UNIT_WIDTH == 32
++const ucd_record PRIV(dummy_ucd_record)[] = {{
++ ucp_Common, /* script */
++ ucp_Cn, /* type unassigned */
++ ucp_gbOther, /* grapheme break property */
++ 0, /* case set */
++ 0, /* other case */
++ }};
++#endif
++
+ /* When recompiling tables with a new Unicode version, please check the
+ types in this structure definition from pcre2_internal.h (the actual
+ field names will be different):
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 011a30dd3..9f610e59f 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -81,7 +81,8 @@ POSIX regular expression API.")
(sha256
(base32
- "0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz"))))
+ "0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz"))
+ (patches (search-patches "pcre2-CVE-2017-7186.patch"))))
(build-system gnu-build-system)
(inputs `(("bzip2" ,bzip2)
("readline" ,readline)
--
2.12.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* bug#26431: [PATCH 2/2] gnu: pcre: Patch CVE-2017-7186.
2017-04-10 13:39 bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Ludovic Courtès
2017-04-10 13:42 ` bug#26431: [PATCH 1/2] gnu: pcre2: Patch CVE-2017-7186 Ludovic Courtès
@ 2017-04-10 13:43 ` Ludovic Courtès
2017-04-10 17:01 ` bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Marius Bakke
2 siblings, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2017-04-10 13:43 UTC (permalink / raw)
To: 26431
* gnu/packages/patches/pcre-CVE-2017-7186.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pcre.scm (pcre)[replacement]: New field.
(pcre/fixed): New variable.
---
gnu/local.mk | 1 +
gnu/packages/patches/pcre-CVE-2017-7186.patch | 55 +++++++++++++++++++++++++++
gnu/packages/pcre.scm | 10 +++++
3 files changed, 66 insertions(+)
create mode 100644 gnu/packages/patches/pcre-CVE-2017-7186.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index c3a65789a..5782f8390 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -825,6 +825,7 @@ dist_patch_DATA = \
%D%/packages/patches/patchelf-rework-for-arm.patch \
%D%/packages/patches/patchutils-xfail-gendiff-tests.patch \
%D%/packages/patches/patch-hurd-path-max.patch \
+ %D%/packages/patches/pcre-CVE-2017-7186.patch \
%D%/packages/patches/pcre2-CVE-2017-7186.patch \
%D%/packages/patches/perl-autosplit-default-time.patch \
%D%/packages/patches/perl-deterministic-ordering.patch \
diff --git a/gnu/packages/patches/pcre-CVE-2017-7186.patch b/gnu/packages/patches/pcre-CVE-2017-7186.patch
new file mode 100644
index 000000000..b8b112230
--- /dev/null
+++ b/gnu/packages/patches/pcre-CVE-2017-7186.patch
@@ -0,0 +1,55 @@
+Upstream patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>.
+
+--- trunk/pcre_internal.h 2016/05/21 13:34:44 1649
++++ trunk/pcre_internal.h 2017/02/24 17:30:30 1688
+@@ -2772,6 +2772,9 @@
+ extern const pcre_uint16 PRIV(ucd_stage2)[];
+ extern const pcre_uint32 PRIV(ucp_gentype)[];
+ extern const pcre_uint32 PRIV(ucp_gbtable)[];
++#ifdef COMPILE_PCRE32
++extern const ucd_record PRIV(dummy_ucd_record)[];
++#endif
+ #ifdef SUPPORT_JIT
+ extern const int PRIV(ucp_typerange)[];
+ #endif
+@@ -2780,9 +2783,15 @@
+ /* UCD access macros */
+
+ #define UCD_BLOCK_SIZE 128
+-#define GET_UCD(ch) (PRIV(ucd_records) + \
++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
+ PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
+ UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
++
++#ifdef COMPILE_PCRE32
++#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
++#else
++#define GET_UCD(ch) REAL_GET_UCD(ch)
++#endif
+
+ #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype
+ #define UCD_SCRIPT(ch) GET_UCD(ch)->script
+
+--- trunk/pcre_ucd.c 2014/06/19 07:51:39 1490
++++ trunk/pcre_ucd.c 2017/02/24 17:30:30 1688
+@@ -38,6 +38,20 @@
+ const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
+ #else
+
++/* If the 32-bit library is run in non-32-bit mode, character values
++greater than 0x10ffff may be encountered. For these we set up a
++special record. */
++
++#ifdef COMPILE_PCRE32
++const ucd_record PRIV(dummy_ucd_record)[] = {{
++ ucp_Common, /* script */
++ ucp_Cn, /* type unassigned */
++ ucp_gbOther, /* grapheme break property */
++ 0, /* case set */
++ 0, /* other case */
++ }};
++#endif
++
+ /* When recompiling tables with a new Unicode version, please check the
+ types in this structure definition from pcre_internal.h (the actual
+ field names will be different):
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 9f610e59f..1946f5229 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -33,6 +34,7 @@
(package
(name "pcre")
(version "8.40")
+ (replacement pcre/fixed)
(source (origin
(method url-fetch)
(uri (list
@@ -70,6 +72,14 @@ POSIX regular expression API.")
(license license:bsd-3)
(home-page "http://www.pcre.org/")))
+(define pcre/fixed
+ (package
+ (inherit pcre)
+ (replacement #f)
+ (source (origin
+ (inherit (package-source pcre))
+ (patches (search-patches "pcre-CVE-2017-7186.patch"))))))
+
(define-public pcre2
(package
(name "pcre2")
--
2.12.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2
2017-04-10 13:39 bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Ludovic Courtès
2017-04-10 13:42 ` bug#26431: [PATCH 1/2] gnu: pcre2: Patch CVE-2017-7186 Ludovic Courtès
2017-04-10 13:43 ` bug#26431: [PATCH 2/2] gnu: pcre: " Ludovic Courtès
@ 2017-04-10 17:01 ` Marius Bakke
2017-04-10 21:57 ` Ludovic Courtès
2 siblings, 1 reply; 5+ messages in thread
From: Marius Bakke @ 2017-04-10 17:01 UTC (permalink / raw)
To: Ludovic Courtès, 26431
[-- Attachment #1: Type: text/plain, Size: 553 bytes --]
Ludovic Courtès <ludo@gnu.org> writes:
> Hello,
>
> These patches fix <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
> in pcre and pcre2 using the upstream patches referenced in the CVE database.
>
> Ludo'.
>
> Ludovic Courtès (2):
> gnu: pcre2: Patch CVE-2017-7186.
> gnu: pcre: Patch CVE-2017-7186.
Thank you for these! Please add URLs to the upstream fixes in the patch
headers:
https://vcs.pcre.org/pcre?view=revision&revision=1688
https://vcs.pcre.org/pcre2?view=revision&revision=670
LGTM apart from that :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 483 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2
2017-04-10 17:01 ` bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Marius Bakke
@ 2017-04-10 21:57 ` Ludovic Courtès
0 siblings, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2017-04-10 21:57 UTC (permalink / raw)
To: Marius Bakke; +Cc: 26431-done
Heya,
Marius Bakke <mbakke@fastmail.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hello,
>>
>> These patches fix <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
>> in pcre and pcre2 using the upstream patches referenced in the CVE database.
>>
>> Ludo'.
>>
>> Ludovic Courtès (2):
>> gnu: pcre2: Patch CVE-2017-7186.
>> gnu: pcre: Patch CVE-2017-7186.
>
> Thank you for these! Please add URLs to the upstream fixes in the patch
> headers:
>
> https://vcs.pcre.org/pcre?view=revision&revision=1688
> https://vcs.pcre.org/pcre2?view=revision&revision=670
Done and pushed, thanks for your quick reply!
FWIW there’s still work to do on pcre:
$ ./pre-inst-env guix lint -c cve pcre pcre2
gnu/packages/pcre.scm:76:2: pcre@8.40: probably vulnerable to CVE-2017-7244, CVE-2017-7245, CVE-2017-7246
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-04-10 21:58 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-10 13:39 bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Ludovic Courtès
2017-04-10 13:42 ` bug#26431: [PATCH 1/2] gnu: pcre2: Patch CVE-2017-7186 Ludovic Courtès
2017-04-10 13:43 ` bug#26431: [PATCH 2/2] gnu: pcre: " Ludovic Courtès
2017-04-10 17:01 ` bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Marius Bakke
2017-04-10 21:57 ` Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.