GNU bug report logs - #26431
[PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Mon, 10 Apr 2017 13:41:01 UTC

Severity: normal

Tags: patch

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

Message #11 received at 26431 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 26431 <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [PATCH 2/2] gnu: pcre: Patch CVE-2017-7186.
Date: Mon, 10 Apr 2017 15:43:05 +0200

* gnu/packages/patches/pcre-CVE-2017-7186.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pcre.scm (pcre)[replacement]: New field.
(pcre/fixed): New variable.
---
 gnu/local.mk                                  |  1 +
 gnu/packages/patches/pcre-CVE-2017-7186.patch | 55 +++++++++++++++++++++++++++
 gnu/packages/pcre.scm                         | 10 +++++
 3 files changed, 66 insertions(+)
 create mode 100644 gnu/packages/patches/pcre-CVE-2017-7186.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index c3a65789a..5782f8390 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -825,6 +825,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/patchelf-rework-for-arm.patch		\
   %D%/packages/patches/patchutils-xfail-gendiff-tests.patch	\
   %D%/packages/patches/patch-hurd-path-max.patch		\
+  %D%/packages/patches/pcre-CVE-2017-7186.patch			\
   %D%/packages/patches/pcre2-CVE-2017-7186.patch		\
   %D%/packages/patches/perl-autosplit-default-time.patch	\
   %D%/packages/patches/perl-deterministic-ordering.patch	\
diff --git a/gnu/packages/patches/pcre-CVE-2017-7186.patch b/gnu/packages/patches/pcre-CVE-2017-7186.patch
new file mode 100644
index 000000000..b8b112230
--- /dev/null
+++ b/gnu/packages/patches/pcre-CVE-2017-7186.patch
@@ -0,0 +1,55 @@
+Upstream patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>.
+
+--- trunk/pcre_internal.h	2016/05/21 13:34:44	1649
++++ trunk/pcre_internal.h	2017/02/24 17:30:30	1688
+@@ -2772,6 +2772,9 @@
+ extern const pcre_uint16 PRIV(ucd_stage2)[];
+ extern const pcre_uint32 PRIV(ucp_gentype)[];
+ extern const pcre_uint32 PRIV(ucp_gbtable)[];
++#ifdef COMPILE_PCRE32
++extern const ucd_record  PRIV(dummy_ucd_record)[];
++#endif
+ #ifdef SUPPORT_JIT
+ extern const int         PRIV(ucp_typerange)[];
+ #endif
+@@ -2780,9 +2783,15 @@
+ /* UCD access macros */
+ 
+ #define UCD_BLOCK_SIZE 128
+-#define GET_UCD(ch) (PRIV(ucd_records) + \
++#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
+         PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
+         UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
++        
++#ifdef COMPILE_PCRE32
++#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
++#else
++#define GET_UCD(ch) REAL_GET_UCD(ch)
++#endif 
+ 
+ #define UCD_CHARTYPE(ch)    GET_UCD(ch)->chartype
+ #define UCD_SCRIPT(ch)      GET_UCD(ch)->script
+
+--- trunk/pcre_ucd.c	2014/06/19 07:51:39	1490
++++ trunk/pcre_ucd.c	2017/02/24 17:30:30	1688
+@@ -38,6 +38,20 @@
+ const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
+ #else
+ 
++/* If the 32-bit library is run in non-32-bit mode, character values
++greater than 0x10ffff may be encountered. For these we set up a
++special record. */
++
++#ifdef COMPILE_PCRE32
++const ucd_record PRIV(dummy_ucd_record)[] = {{
++  ucp_Common,    /* script */
++  ucp_Cn,        /* type unassigned */
++  ucp_gbOther,   /* grapheme break property */
++  0,             /* case set */
++  0,             /* other case */
++  }};
++#endif
++
+ /* When recompiling tables with a new Unicode version, please check the
+ types in this structure definition from pcre_internal.h (the actual
+ field names will be different):
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 9f610e59f..1946f5229 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Ricardo Wurmus <rekado <at> elephly.net>
 ;;; Copyright © 2016 Leo Famulari <leo <at> famulari.name>
 ;;; Copyright © 2017 Marius Bakke <mbakke <at> fastmail.com>
+;;; Copyright © 2017 Ludovic Courtès <ludo <at> gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,6 +34,7 @@
   (package
    (name "pcre")
    (version "8.40")
+   (replacement pcre/fixed)
    (source (origin
             (method url-fetch)
             (uri (list
@@ -70,6 +72,14 @@ POSIX regular expression API.")
    (license license:bsd-3)
    (home-page "http://www.pcre.org/")))
 
+(define pcre/fixed
+  (package
+    (inherit pcre)
+    (replacement #f)
+    (source (origin
+              (inherit (package-source pcre))
+              (patches (search-patches "pcre-CVE-2017-7186.patch"))))))
+
 (define-public pcre2
   (package
     (name "pcre2")
-- 
2.12.2
This bug report was last modified 8 years and 45 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.