Control: tags 809706 + patch Control: tags 809706 + pending Dear maintainer,
I've prepared an NMU for pcre3 (versioned as 2:8.38-3.1) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
p.s.: actually if we can have it fixed before the weekend in unstable, I
would try to prepare debdiff for pcre3 for jessie to be reviewed
by the SRM and have it included in the next jessie point release.
diff -Nru pcre3-8.38/debian/changelog pcre3-8.38/debian/changelog
--- pcre3-8.38/debian/changelog 2016-02-28 12:24:52.000000000 +0100
+++ pcre3-8.38/debian/changelog 2016-03-22 21:06:40.000000000 +0100
@@ -1,3 +1,11 @@
+pcre3 (2:8.38-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2016-1283: heap buffer overflow in handling of duplicate named
+ groups (Closes: #809706)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Tue, 22 Mar 2016 21:05:13 +0100
+
pcre3 (2:8.38-3) unstable; urgency=low
* Apply Ubuntu patch from Iain Lane (modified by Graham Inggs) to add
diff -Nru pcre3-8.38/debian/patches/CVE-2016-1283.patch pcre3-8.38/debian/patches/CVE-2016-1283.patch
--- pcre3-8.38/debian/patches/CVE-2016-1283.patch 1970-01-01 01:00:00.000000000 +0100
+++ pcre3-8.38/debian/patches/CVE-2016-1283.patch 2016-03-22 21:06:40.000000000 +0100
@@ -0,0 +1,47 @@
+From b7537308b7c758f33c347cb0bec62754c43c271f Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Sat, 27 Feb 2016 17:38:11 +0000
+Subject: [PATCH] Yet another duplicate name bugfix by overestimating the
+ memory needed (i.e. another hack - PCRE2 has this "properly" fixed).
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1636 2f5784b3-3f2a-0410-8824-cb99058d5e15
+---
+ pcre_compile.c | 7 ++++++-
+ testdata/testinput2 | 2 ++
+ testdata/testoutput2 | 2 ++
+ 4 files changed, 17 insertions(+), 1 deletion(-)
+
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7289,7 +7289,12 @@ for (;; ptr++)
+ so far in order to get the number. If the name is not found, leave
+ the value of recno as 0 for a forward reference. */
+
+- else
++ /* This patch (removing "else") fixes a problem when a reference is
++ to multiple identically named nested groups from within the nest.
++ Once again, it is not the "proper" fix, and it results in an
++ over-allocation of memory. */
++
++ /* else */
+ {
+ ng = cd->named_groups;
+ for (i = 0; i < cd->names_found; i++, ng++)
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4217,4 +4217,6 @@ backtracking verbs. --/
+
+ /a[[:punct:]b]/BZ
+
++/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
++
+ /-- End of testinput2 --/
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14574,4 +14574,6 @@ No match
+ End
+ ------------------------------------------------------------------
+
++/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
++
+ /-- End of testinput2 --/
diff -Nru pcre3-8.38/debian/patches/series pcre3-8.38/debian/patches/series
--- pcre3-8.38/debian/patches/series 2016-02-27 17:34:37.000000000 +0100
+++ pcre3-8.38/debian/patches/series 2016-03-22 21:06:40.000000000 +0100
@@ -6,3 +6,4 @@
no_jit_x32_powerpcspe.patch
Disable_JIT_on_sparc64.patch
apply-upstream-revision-1631-closes-8159
+CVE-2016-1283.patch
signature.asc
Description: PGP signature
