commit: cee01d4f06b3984b8211bd3c27358f7d18cf90fb
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Apr 2 20:49:56 2016 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Apr 2 20:51:12 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cee01d4f
dev-libs/libpcre: add upstream fixes #570694 #575546
.../libpcre/files/libpcre-8.38-CVE-2016-1283.patch | 42 +++++
.../libpcre/files/libpcre-8.38-ZDI-CAN-3542.patch | 172 +++++++++++++++++++++
dev-libs/libpcre/libpcre-8.38-r1.ebuild | 93 +++++++++++
3 files changed, 307 insertions(+)
diff --git a/dev-libs/libpcre/files/libpcre-8.38-CVE-2016-1283.patch
b/dev-libs/libpcre/files/libpcre-8.38-CVE-2016-1283.patch
new file mode 100644
index 0000000..77c5046
--- /dev/null
+++ b/dev-libs/libpcre/files/libpcre-8.38-CVE-2016-1283.patch
@@ -0,0 +1,42 @@
+From b7537308b7c758f33c347cb0bec62754c43c271f Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Sat, 27 Feb 2016 17:38:11 +0000
+Subject: [PATCH] Yet another duplicate name bugfix by overestimating the
+ memory needed (i.e. another hack - PCRE2 has this "properly" fixed).
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1636
2f5784b3-3f2a-0410-8824-cb99058d5e15
+---
+ ChangeLog | 7 +++++++
+ pcre_compile.c | 7 ++++++-
+ testdata/testinput2 | 2 ++
+ testdata/testoutput2 | 2 ++
+ 4 files changed, 17 insertions(+), 1 deletion(-)
+
+14. And yet another buffer overflow bug involving duplicate named groups, this
+ time nested, with a nested back reference. Yet again, I have just allowed
+ for more memory, because anything more needs all the refactoring that has
+ been done for PCRE2. An example pattern that provoked this bug is:
+ /((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/ and the bug was
+ registered as CVE-2016-1283.
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index 5019854..4ffea0c 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7311,7 +7311,12 @@ for (;; ptr++)
+ so far in order to get the number. If the name is not found, leave
+ the value of recno as 0 for a forward reference. */
+
+- else
++ /* This patch (removing "else") fixes a problem when a reference is
++ to multiple identically named nested groups from within the nest.
++ Once again, it is not the "proper" fix, and it results in an
++ over-allocation of memory. */
++
++ /* else */
+ {
+ ng = cd->named_groups;
+ for (i = 0; i < cd->names_found; i++, ng++)
+--
+2.7.4
+
diff --git a/dev-libs/libpcre/files/libpcre-8.38-ZDI-CAN-3542.patch
b/dev-libs/libpcre/files/libpcre-8.38-ZDI-CAN-3542.patch
new file mode 100644
index 0000000..7ca05f9
--- /dev/null
+++ b/dev-libs/libpcre/files/libpcre-8.38-ZDI-CAN-3542.patch
@@ -0,0 +1,172 @@
+From 943a5105b9fe2842851003f692c7077a6cdbeefe Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Wed, 10 Feb 2016 19:13:17 +0000
+Subject: [PATCH] Fix workspace overflow for (*ACCEPT) with deeply nested
+ parentheses.
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1631
2f5784b3-3f2a-0410-8824-cb99058d5e15
+---
+ ChangeLog | 32 ++++++++++++++++++--------------
+ pcre_compile.c | 23 +++++++++++++++++++----
+ pcre_internal.h | 4 ++--
+ pcreposix.c | 5 +++--
+ testdata/testinput11 | 2 ++
+ testdata/testoutput11-16 | 3 +++
+ testdata/testoutput11-32 | 3 +++
+ testdata/testoutput11-8 | 3 +++
+ 8 files changed, 53 insertions(+), 22 deletions(-)
+
+13. A pattern that included (*ACCEPT) in the middle of a sufficiently deeply
+ nested set of parentheses of sufficient size caused an overflow of the
+ compiling workspace (which was diagnosed, but of course is not desirable).
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index b9a239e..5019854 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+ Written by Philip Hazel
+- Copyright (c) 1997-2014 University of Cambridge
++ Copyright (c) 1997-2016 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -560,6 +560,7 @@ static const char error_texts[] =
+ /* 85 */
+ "parentheses are too deeply nested (stack check)\0"
+ "digits missing in \\x{} or \\o{}\0"
++ "regular expression is too complicated\0"
+ ;
+
+ /* Table to identify digits and hex digits. This is used when compiling
+@@ -4591,7 +4592,8 @@ for (;; ptr++)
+ if (code > cd->start_workspace + cd->workspace_size -
+ WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
+ {
+- *errorcodeptr = ERR52;
++ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
++ ERR52 : ERR87;
+ goto FAILED;
+ }
+
+@@ -6626,8 +6628,21 @@ for (;; ptr++)
+ cd->had_accept = TRUE;
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+ {
+- *code++ = OP_CLOSE;
+- PUT2INC(code, 0, oc->number);
++ if (lengthptr != NULL)
++ {
++#ifdef COMPILE_PCRE8
++ *lengthptr += 1 + IMM2_SIZE;
++#elif defined COMPILE_PCRE16
++ *lengthptr += 2 + IMM2_SIZE;
++#elif defined COMPILE_PCRE32
++ *lengthptr += 4 + IMM2_SIZE;
++#endif
++ }
++ else
++ {
++ *code++ = OP_CLOSE;
++ PUT2INC(code, 0, oc->number);
++ }
+ }
+ setverb = *code++ =
+ (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
+diff --git a/pcre_internal.h b/pcre_internal.h
+index f7a5ee7..dbfe80e 100644
+--- a/pcre_internal.h
++++ b/pcre_internal.h
+@@ -7,7 +7,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+ Written by Philip Hazel
+- Copyright (c) 1997-2014 University of Cambridge
++ Copyright (c) 1997-2016 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -2289,7 +2289,7 @@ enum { ERR0, ERR1, ERR2, ERR3, ERR4, ERR5, ERR6,
ERR7, ERR8, ERR9,
+ ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
+ ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
+ ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
+- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
++ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
+
+ /* JIT compiling modes. The function list is indexed by them. */
+
+diff --git a/pcreposix.c b/pcreposix.c
+index dcc13ef..55b6ddc 100644
+--- a/pcreposix.c
++++ b/pcreposix.c
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+
+ Written by Philip Hazel
+- Copyright (c) 1997-2014 University of Cambridge
++ Copyright (c) 1997-2016 University of Cambridge
+
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -173,7 +173,8 @@ static const int eint[] = {
+ REG_BADPAT, /* group name must start with a non-digit */
+ /* 85 */
+ REG_BADPAT, /* parentheses too deeply nested (stack check) */
+- REG_BADPAT /* missing digits in \x{} or \o{} */
++ REG_BADPAT, /* missing digits in \x{} or \o{} */
++ REG_BADPAT /* pattern too complicated */
+ };
+
+ /* Table of texts corresponding to POSIX error codes */
+diff --git a/testdata/testinput11 b/testdata/testinput11
+index ac9d228..6f0989a 100644
+--- a/testdata/testinput11
++++ b/testdata/testinput11
+@@ -138,4 +138,6 @@ is required for these tests. --/
+
+ /.((?2)(?R)\1)()/B
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++
+ /-- End of testinput11 --/
+diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
+index 280692e..3c485da 100644
+--- a/testdata/testoutput11-16
++++ b/testdata/testoutput11-16
+@@ -765,4 +765,7 @@ Memory allocation (code space): 14
+ 25 End
+ ------------------------------------------------------------------
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: regular expression is too complicated at offset 490
++
+ /-- End of testinput11 --/
+diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
+index cdbda74..e19518d 100644
+--- a/testdata/testoutput11-32
++++ b/testdata/testoutput11-32
+@@ -765,4 +765,7 @@ Memory allocation (code space): 28
+ 25 End
+ ------------------------------------------------------------------
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: missing ) at offset 509
++
+ /-- End of testinput11 --/
+diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
+index cb37896..5a4fbb2 100644
+--- a/testdata/testoutput11-8
++++ b/testdata/testoutput11-8
+@@ -765,4 +765,7 @@ Memory allocation (code space): 10
+ 38 End
+ ------------------------------------------------------------------
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: missing ) at offset 509
++
+ /-- End of testinput11 --/
+--
+2.7.4
+
diff --git a/dev-libs/libpcre/libpcre-8.38-r1.ebuild
b/dev-libs/libpcre/libpcre-8.38-r1.ebuild
new file mode 100644
index 0000000..7fb6a5b
--- /dev/null
+++ b/dev-libs/libpcre/libpcre-8.38-r1.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils multilib libtool flag-o-matic toolchain-funcs multilib-minimal
+
+DESCRIPTION="Perl-compatible regular expression library"
+HOMEPAGE="http://www.pcre.org/";
+MY_P="pcre-${PV/_rc/-RC}"
+if [[ ${PV} != *_rc* ]] ; then
+ # Only the final releases are available here.
+ SRC_URI="mirror://sourceforge/pcre/${MY_P}.tar.bz2
+
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${MY_P}.tar.bz2";
+else
+
SRC_URI="ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/${MY_P}.tar.bz2";
+fi
+
+LICENSE="BSD"
+SLOT="3"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd
~x86-freebsd ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux
~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris
~x64-solaris ~x86-solaris"
+IUSE="bzip2 +cxx +jit libedit pcre16 pcre32 +readline +recursion-limit
static-libs unicode zlib"
+REQUIRED_USE="readline? ( !libedit )
+ libedit? ( !readline )"
+
+RDEPEND="bzip2? ( app-arch/bzip2 )
+ zlib? ( sys-libs/zlib )
+ libedit? ( dev-libs/libedit )
+ readline? ( sys-libs/readline:0= )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+RDEPEND="${RDEPEND}
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20131008-r2
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S=${WORKDIR}/${MY_P}
+
+MULTILIB_CHOST_TOOLS=(
+ /usr/bin/pcre-config
+)
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-ZDI-CAN-3542.patch #575546
+ epatch "${FILESDIR}"/${P}-CVE-2016-1283.patch #570694
+ sed -i -e "s:-lpcre ::" libpcrecpp.pc.in || die
+ elibtoolize
+}
+
+multilib_src_configure() {
+ ECONF_SOURCE="${S}" econf \
+ --with-match-limit-recursion=$(usex recursion-limit 8192
MATCH_LIMIT) \
+ $(multilib_native_use_enable bzip2 pcregrep-libbz2) \
+ $(use_enable cxx cpp) \
+ $(use_enable jit) $(use_enable jit pcregrep-jit) \
+ $(use_enable pcre16) \
+ $(use_enable pcre32) \
+ $(multilib_native_use_enable libedit pcretest-libedit) \
+ $(multilib_native_use_enable readline pcretest-libreadline) \
+ $(use_enable static-libs static) \
+ $(use_enable unicode utf) $(use_enable unicode
unicode-properties) \
+ $(multilib_native_use_enable zlib pcregrep-libz) \
+ --enable-pcre8 \
+ --enable-shared \
+ --htmldir="${EPREFIX}"/usr/share/doc/${PF}/html \
+ --docdir="${EPREFIX}"/usr/share/doc/${PF}
+}
+
+multilib_src_compile() {
+ emake V=1 $(multilib_is_native_abi || echo "bin_PROGRAMS=")
+}
+
+multilib_src_install() {
+ emake \
+ DESTDIR="${D}" \
+ $(multilib_is_native_abi || echo "bin_PROGRAMS=
dist_html_DATA=") \
+ install
+ gen_usr_ldscript -a pcre
+}
+
+multilib_src_install_all() {
+ prune_libtool_files
+}
+
+pkg_preinst() {
+ preserve_old_lib /$(get_libdir)/libpcre.so.0
+}
+
+pkg_postinst() {
+ preserve_old_lib_notify /$(get_libdir)/libpcre.so.0
+}
