[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfire-scm
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. a0c40b8242171a4d998c5e134173fe8a
From: git () ipfire ! org (Michael Tremer)
Date: 2015-08-17 22:38:26
Message-ID: 20150817223827.4F24F22397 () argus ! ipfire ! org
[Download RAW message or body]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via a0c40b8242171a4d998c5e134173fe8a1c45e45d (commit)
via b62425e3e36c10acb2e99a9db5e5b73ed2a1e8fd (commit)
via af100d627a612783efb21ff8324f3adef206ade2 (commit)
from 4b332b6dc92017a967696634b8c6901b3330171f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a0c40b8242171a4d998c5e134173fe8a1c45e45d
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Aug 17 23:37:53 2015 +0100
core94: Ship rrdtool
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit b62425e3e36c10acb2e99a9db5e5b73ed2a1e8fd
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Aug 17 23:33:31 2015 +0100
pcre: Fix more buffer overflows
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit af100d627a612783efb21ff8324f3adef206ade2
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Thu Aug 13 19:12:46 2015 +0200
rrdtool: Update to 1.5.4
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/rrdtool | 185 ++++++++++----------
.../{oldcore/93 => core/94}/filelists/pcre | 0
.../{oldcore/92 => core/94}/filelists/rrdtool | 0
lfs/pcre | 3 +
lfs/rrdtool | 4 +-
.../pcre-8.37-Fix-another-buffer-overflow.patch | 110 ++++++++++++
...overflow-for-named-references-in-situatio.patch | 190 +++++++++++++++++++++
...orward-reference-to-duplicate-group-numbe.patch | 98 +++++++++++
8 files changed, 496 insertions(+), 94 deletions(-)
copy config/rootfiles/{oldcore/93 => core/94}/filelists/pcre (100%)
copy config/rootfiles/{oldcore/92 => core/94}/filelists/rrdtool (100%)
create mode 100644 src/patches/pcre-8.37-Fix-another-buffer-overflow.patch
create mode 100644 src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch
create mode 100644 \
src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch
Difference in files:
diff --git a/config/rootfiles/common/rrdtool b/config/rootfiles/common/rrdtool
index 738fe37..6a79679 100644
--- a/config/rootfiles/common/rrdtool
+++ b/config/rootfiles/common/rrdtool
@@ -26,98 +26,98 @@ usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/RRDs.pm
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.bs
usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.so
#usr/lib/pkgconfig/librrd.pc
-#usr/share/doc/rrdtool-1.5.3
-#usr/share/doc/rrdtool-1.5.3/html
-#usr/share/doc/rrdtool-1.5.3/html/RRDp.html
-#usr/share/doc/rrdtool-1.5.3/html/RRDs.html
-#usr/share/doc/rrdtool-1.5.3/html/bin_dec_hex.html
-#usr/share/doc/rrdtool-1.5.3/html/cdeftutorial.html
-#usr/share/doc/rrdtool-1.5.3/html/index.html
-#usr/share/doc/rrdtool-1.5.3/html/librrd.html
-#usr/share/doc/rrdtool-1.5.3/html/rpntutorial.html
-#usr/share/doc/rrdtool-1.5.3/html/rrd-beginners.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdbuild.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdcached.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdcgi.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdcreate.html
-#usr/share/doc/rrdtool-1.5.3/html/rrddump.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdfetch.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdfirst.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdflushcached.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_data.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_examples.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_graph.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdgraph_rpn.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdinfo.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdlast.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdlastupdate.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdresize.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdrestore.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdthreads.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdtool.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdtune.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdtutorial.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdupdate.html
-#usr/share/doc/rrdtool-1.5.3/html/rrdxport.html
-#usr/share/doc/rrdtool-1.5.3/txt
-#usr/share/doc/rrdtool-1.5.3/txt/bin_dec_hex.pod
-#usr/share/doc/rrdtool-1.5.3/txt/bin_dec_hex.txt
-#usr/share/doc/rrdtool-1.5.3/txt/cdeftutorial.pod
-#usr/share/doc/rrdtool-1.5.3/txt/cdeftutorial.txt
-#usr/share/doc/rrdtool-1.5.3/txt/librrd.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rpntutorial.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rpntutorial.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrd-beginners.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrd-beginners.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdbuild.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdbuild.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcached.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcached.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcgi.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcgi.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcreate.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdcreate.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrddump.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrddump.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdfetch.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdfetch.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdfirst.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdfirst.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdflushcached.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdflushcached.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_data.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_data.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_examples.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_examples.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_graph.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_graph.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_rpn.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdgraph_rpn.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdinfo.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdinfo.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdlast.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdlast.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdlastupdate.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdlastupdate.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdresize.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdresize.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdrestore.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdrestore.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdthreads.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdthreads.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtool.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtool.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtune.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtune.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtutorial.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdtutorial.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdupdate.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdupdate.txt
-#usr/share/doc/rrdtool-1.5.3/txt/rrdxport.pod
-#usr/share/doc/rrdtool-1.5.3/txt/rrdxport.txt
+#usr/share/doc/rrdtool-1.5.4
+#usr/share/doc/rrdtool-1.5.4/html
+#usr/share/doc/rrdtool-1.5.4/html/RRDp.html
+#usr/share/doc/rrdtool-1.5.4/html/RRDs.html
+#usr/share/doc/rrdtool-1.5.4/html/bin_dec_hex.html
+#usr/share/doc/rrdtool-1.5.4/html/cdeftutorial.html
+#usr/share/doc/rrdtool-1.5.4/html/index.html
+#usr/share/doc/rrdtool-1.5.4/html/librrd.html
+#usr/share/doc/rrdtool-1.5.4/html/rpntutorial.html
+#usr/share/doc/rrdtool-1.5.4/html/rrd-beginners.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdbuild.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdcached.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdcgi.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdcreate.html
+#usr/share/doc/rrdtool-1.5.4/html/rrddump.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdfetch.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdfirst.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdflushcached.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_data.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_examples.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_graph.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdgraph_rpn.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdinfo.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdlast.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdlastupdate.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdresize.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdrestore.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdthreads.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdtool.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdtune.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdtutorial.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdupdate.html
+#usr/share/doc/rrdtool-1.5.4/html/rrdxport.html
+#usr/share/doc/rrdtool-1.5.4/txt
+#usr/share/doc/rrdtool-1.5.4/txt/bin_dec_hex.pod
+#usr/share/doc/rrdtool-1.5.4/txt/bin_dec_hex.txt
+#usr/share/doc/rrdtool-1.5.4/txt/cdeftutorial.pod
+#usr/share/doc/rrdtool-1.5.4/txt/cdeftutorial.txt
+#usr/share/doc/rrdtool-1.5.4/txt/librrd.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rpntutorial.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rpntutorial.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrd-beginners.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrd-beginners.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdbuild.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdbuild.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcached.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcached.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcgi.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcgi.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcreate.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdcreate.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrddump.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrddump.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdfetch.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdfetch.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdfirst.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdfirst.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdflushcached.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdflushcached.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_data.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_data.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_examples.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_examples.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_graph.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_graph.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_rpn.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdgraph_rpn.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdinfo.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdinfo.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdlast.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdlast.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdlastupdate.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdlastupdate.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdresize.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdresize.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdrestore.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdrestore.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdthreads.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdthreads.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtool.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtool.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtune.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtune.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtutorial.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdtutorial.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdupdate.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdupdate.txt
+#usr/share/doc/rrdtool-1.5.4/txt/rrdxport.pod
+#usr/share/doc/rrdtool-1.5.4/txt/rrdxport.txt
#usr/share/man/man1/bin_dec_hex.1
#usr/share/man/man1/cdeftutorial.1
#usr/share/man/man1/rpntutorial.1
@@ -162,4 +162,5 @@ usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/RRDs/RRDs.so
#usr/share/rrdtool/examples/rrdcached/rrdcached-size.pl
#usr/share/rrdtool/examples/shared-demo.pl
#usr/share/rrdtool/examples/stripes.pl
+#usr/share/rrdtool/examples/stripes.py
var/log/rrd
diff --git a/config/rootfiles/core/94/filelists/pcre \
b/config/rootfiles/core/94/filelists/pcre new file mode 120000
index 0000000..b390d9a
--- /dev/null
+++ b/config/rootfiles/core/94/filelists/pcre
@@ -0,0 +1 @@
+../../../common/pcre
\ No newline at end of file
diff --git a/config/rootfiles/core/94/filelists/rrdtool \
b/config/rootfiles/core/94/filelists/rrdtool new file mode 120000
index 0000000..7a82e41
--- /dev/null
+++ b/config/rootfiles/core/94/filelists/rrdtool
@@ -0,0 +1 @@
+../../../common/rrdtool
\ No newline at end of file
diff --git a/lfs/pcre b/lfs/pcre
index 8f207da..f9e63c6 100644
--- a/lfs/pcre
+++ b/lfs/pcre
@@ -72,6 +72,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < \
$(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch
cd $(DIR_APP) && patch -Np1 < \
$(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch
+ cd $(DIR_APP) && patch -Np1 < \
$(DIR_SRC)/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch + cd $(DIR_APP) && \
patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch
+ cd $(DIR_APP) && patch -Np1 < \
$(DIR_SRC)/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--disable-static \
diff --git a/lfs/rrdtool b/lfs/rrdtool
index d0a1181..f156400 100644
--- a/lfs/rrdtool
+++ b/lfs/rrdtool
@@ -24,7 +24,7 @@
include Config
-VER = 1.5.3
+VER = 1.5.4
THISAPP = rrdtool-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 868a828cc6b10654c440a85054240ae2
+$(DL_FILE)_MD5 = 4daea1e628e1c70d91800d6a06427dc1
install : $(TARGET)
diff --git a/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch \
b/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch new file mode 100644
index 0000000..20ead09
--- /dev/null
+++ b/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch
@@ -0,0 +1,110 @@
+From f6efcf125123199d446c5561266c3c3846ed9f30 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Wed, 3 Jun 2015 16:51:59 +0000
+Subject: [PATCH] Fix another buffer overflow.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported to 8.37:
+
+commit 225f0d5eb16c7a26591a1e3f286c7476907b5a6a
+Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Wed Jun 3 16:51:59 2015 +0000
+
+ Fix another buffer overflow.
+
+ git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1562 \
2f5784b3-3f2a-0410-8824-cb99058d5e15 +
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ pcre_compile.c | 7 ++++++-
+ testdata/testinput2 | 2 ++
+ testdata/testoutput11-16 | 2 +-
+ testdata/testoutput11-32 | 2 +-
+ testdata/testoutput11-8 | 2 +-
+ testdata/testoutput2 | 2 ++
+ 6 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index 8b4aaef..f5d2384 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7210,7 +7210,12 @@ for (;; ptr++)
+ real compile this will be picked up and the reference wrapped with
+ OP_ONCE to make it atomic, so we must space in case this occurs. */
+
+- if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
++ /* In fact, this can happen for a non-forward reference because
++ another group with the same number might be created later. This
++ issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
++ only mode, we finesse the bug by allowing more memory always. */
++
++ /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
+ }
+
+ /* In the real compile, search the name table. We check the name
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index 5cc9ce6..e12de3a 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4156,4 +4156,6 @@ backtracking verbs. --/
+
+ /(?=di(?<=(?1))|(?=(.))))/
+
++"(?J:(?|(?'R')(\k'R')|((?'R'))))"
++
+ /-- End of testinput2 --/
+diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
+index 422f2ad..e222e7c 100644
+--- a/testdata/testoutput11-16
++++ b/testdata/testoutput11-16
+@@ -231,7 +231,7 @@ Memory allocation (code space): 73
+ ------------------------------------------------------------------
+
+ /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
+-Memory allocation (code space): 61
++Memory allocation (code space): 77
+ ------------------------------------------------------------------
+ 0 24 Bra
+ 2 5 CBra 1
+diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
+index d953ec8..9a80ec9 100644
+--- a/testdata/testoutput11-32
++++ b/testdata/testoutput11-32
+@@ -231,7 +231,7 @@ Memory allocation (code space): 155
+ ------------------------------------------------------------------
+
+ /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
+-Memory allocation (code space): 125
++Memory allocation (code space): 157
+ ------------------------------------------------------------------
+ 0 24 Bra
+ 2 5 CBra 1
+diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
+index 6ec18ec..3adaca2 100644
+--- a/testdata/testoutput11-8
++++ b/testdata/testoutput11-8
+@@ -231,7 +231,7 @@ Memory allocation (code space): 45
+ ------------------------------------------------------------------
+
+ /(?P<a>a)...(?P=a)bbb(?P>a)d/BM
+-Memory allocation (code space): 38
++Memory allocation (code space): 50
+ ------------------------------------------------------------------
+ 0 30 Bra
+ 3 7 CBra 1
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 4decb8d..5bad26c 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14428,4 +14428,6 @@ Failed: lookbehind assertion is not fixed length at offset \
17 + /(?=di(?<=(?1))|(?=(.))))/
+ Failed: unmatched parentheses at offset 23
+
++"(?J:(?|(?'R')(\k'R')|((?'R'))))"
++
+ /-- End of testinput2 --/
+--
+2.4.3
+
diff --git a/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch \
b/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch \
new file mode 100644 index 0000000..ab1b962
--- /dev/null
+++ b/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch
@@ -0,0 +1,190 @@
+From b3f0b0dd971314df8f865e221aa1a88e75d6d1a6 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Wed, 5 Aug 2015 15:38:32 +0000
+Subject: [PATCH] Fix buffer overflow for named references in (?| situations.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ported for 8.37:
+
+commit 7af8e8717def179fd7b69e173abd347c1a3547cb
+Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Wed Aug 5 15:38:32 2015 +0000
+
+ Fix buffer overflow for named references in (?| situations.
+
+ git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1585 \
2f5784b3-3f2a-0410-8824-cb99058d5e15 +
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ pcre_compile.c | 74 ++++++++++++++++++++++++++++++----------------------
+ pcre_internal.h | 1 +
+ testdata/testinput2 | 2 ++
+ testdata/testoutput2 | 2 ++
+ 4 files changed, 48 insertions(+), 31 deletions(-)
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index f5d2384..5fe5c1d 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -6641,6 +6641,7 @@ for (;; ptr++)
+ /* ------------------------------------------------------------ */
+ case CHAR_VERTICAL_LINE: /* Reset capture count for each branch */
+ reset_bracount = TRUE;
++ cd->dupgroups = TRUE; /* Record (?| encountered */
+ /* Fall through */
+
+ /* ------------------------------------------------------------ */
+@@ -7151,7 +7152,8 @@ for (;; ptr++)
+ if (lengthptr != NULL)
+ {
+ named_group *ng;
+-
++ recno = 0;
++
+ if (namelen == 0)
+ {
+ *errorcodeptr = ERR62;
+@@ -7168,32 +7170,6 @@ for (;; ptr++)
+ goto FAILED;
+ }
+
+- /* The name table does not exist in the first pass; instead we must
+- scan the list of names encountered so far in order to get the
+- number. If the name is not found, set the value to 0 for a forward
+- reference. */
+-
+- recno = 0;
+- ng = cd->named_groups;
+- for (i = 0; i < cd->names_found; i++, ng++)
+- {
+- if (namelen == ng->length &&
+- STRNCMP_UC_UC(name, ng->name, namelen) == 0)
+- {
+- open_capitem *oc;
+- recno = ng->number;
+- if (is_recurse) break;
+- for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+- {
+- if (oc->number == recno)
+- {
+- oc->flag = TRUE;
+- break;
+- }
+- }
+- }
+- }
+-
+ /* Count named back references. */
+
+ if (!is_recurse) cd->namedrefcount++;
+@@ -7215,7 +7191,44 @@ for (;; ptr++)
+ issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
+ only mode, we finesse the bug by allowing more memory always. */
+
+- /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
++ *lengthptr += 2 + 2*LINK_SIZE;
++
++ /* It is even worse than that. The current reference may be to an
++ existing named group with a different number (so apparently not
++ recursive) but which later on is also attached to a group with the
++ current number. This can only happen if $(| has been previous
++ encountered. In that case, we allow yet more memory, just in case.
++ (Again, this is fixed "properly" in PCRE2. */
++
++ if (cd->dupgroups) *lengthptr += 2 + 2*LINK_SIZE;
++
++ /* Otherwise, check for recursion here. The name table does not exist
++ in the first pass; instead we must scan the list of names encountered
++ so far in order to get the number. If the name is not found, leave
++ the value of recno as 0 for a forward reference. */
++
++ else
++ {
++ ng = cd->named_groups;
++ for (i = 0; i < cd->names_found; i++, ng++)
++ {
++ if (namelen == ng->length &&
++ STRNCMP_UC_UC(name, ng->name, namelen) == 0)
++ {
++ open_capitem *oc;
++ recno = ng->number;
++ if (is_recurse) break;
++ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
++ {
++ if (oc->number == recno)
++ {
++ oc->flag = TRUE;
++ break;
++ }
++ }
++ }
++ }
++ }
+ }
+
+ /* In the real compile, search the name table. We check the name
+@@ -7262,8 +7275,6 @@ for (;; ptr++)
+ for (i++; i < cd->names_found; i++)
+ {
+ if (STRCMP_UC_UC(slot + IMM2_SIZE, cslot + IMM2_SIZE) != 0) break;
+-
+-
+ count++;
+ cslot += cd->name_entry_size;
+ }
+@@ -9189,6 +9200,7 @@ cd->names_found = 0;
+ cd->name_entry_size = 0;
+ cd->name_table = NULL;
+ cd->dupnames = FALSE;
++cd->dupgroups = FALSE;
+ cd->namedrefcount = 0;
+ cd->start_code = cworkspace;
+ cd->hwm = cworkspace;
+@@ -9223,7 +9235,7 @@ if (errorcode != 0) goto PCRE_EARLY_ERROR_RETURN;
+
+ DPRINTF(("end pre-compile: length=%d workspace=%d\n", length,
+ (int)(cd->hwm - cworkspace)));
+-
++
+ if (length > MAX_PATTERN_SIZE)
+ {
+ errorcode = ERR20;
+diff --git a/pcre_internal.h b/pcre_internal.h
+index dd0ac7f..7ca6020 100644
+--- a/pcre_internal.h
++++ b/pcre_internal.h
+@@ -2446,6 +2446,7 @@ typedef struct compile_data {
+ BOOL had_pruneorskip; /* (*PRUNE) or (*SKIP) encountered */
+ BOOL check_lookbehind; /* Lookbehinds need later checking */
+ BOOL dupnames; /* Duplicate names exist */
++ BOOL dupgroups; /* Duplicate groups exist: (?| found */
+ BOOL iscondassert; /* Next assert is a condition */
+ int nltype; /* Newline type */
+ int nllen; /* Newline string length */
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index e12de3a..8e044f8 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4158,4 +4158,6 @@ backtracking verbs. --/
+
+ "(?J:(?|(?'R')(\k'R')|((?'R'))))"
+
++/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
++
+ /-- End of testinput2 --/
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 5bad26c..6019425 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14430,4 +14430,6 @@ Failed: unmatched parentheses at offset 23
+
+ "(?J:(?|(?'R')(\k'R')|((?'R'))))"
+
++/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
++
+ /-- End of testinput2 --/
+--
+2.4.3
+
diff --git a/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch \
b/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch \
new file mode 100644 index 0000000..837e86f
--- /dev/null
+++ b/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch
@@ -0,0 +1,98 @@
+From 83ed574998fe7b844b98ab7cd56291068feb9e31 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Sat, 16 May 2015 11:05:40 +0000
+Subject: [PATCH] Fix named forward reference to duplicate group number
+ overflow bug.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Port to 8.37:
+
+commit 2fa78aa4e42bcebf2d616c4ee89c012f29dc3447
+Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Sat May 16 11:05:40 2015 +0000
+
+ Fix named forward reference to duplicate group number overflow bug.
+
+ git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1559 \
2f5784b3-3f2a-0410-8824-cb99058d5e15 +
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ pcre_compile.c | 24 ++++++++++++++++--------
+ testdata/testinput1 | 3 +++
+ testdata/testoutput1 | 5 +++++
+ 3 files changed, 24 insertions(+), 8 deletions(-)
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index b66b1f6..8b4aaef 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7183,15 +7183,15 @@ for (;; ptr++)
+ open_capitem *oc;
+ recno = ng->number;
+ if (is_recurse) break;
+- for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+- {
+- if (oc->number == recno)
+- {
+- oc->flag = TRUE;
++ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
++ {
++ if (oc->number == recno)
++ {
++ oc->flag = TRUE;
+ break;
+- }
+- }
+- }
++ }
++ }
++ }
+ }
+
+ /* Count named back references. */
+@@ -7203,6 +7203,14 @@ for (;; ptr++)
+ 16-bit data item. */
+
+ *lengthptr += IMM2_SIZE;
++
++ /* If this is a forward reference and we are within a (?|...) group,
++ the reference may end up as the number of a group which we are
++ currently inside, that is, it could be a recursive reference. In the
++ real compile this will be picked up and the reference wrapped with
++ OP_ONCE to make it atomic, so we must space in case this occurs. */
++
++ if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
+ }
+
+ /* In the real compile, search the name table. We check the name
+diff --git a/testdata/testinput1 b/testdata/testinput1
+index 73c2f4d..8379ce0 100644
+--- a/testdata/testinput1
++++ b/testdata/testinput1
+@@ -5730,4 +5730,7 @@ AbcdCBefgBhiBqz
+ "(?1)(?#?'){8}(a)"
+ baaaaaaaaac
+
++"(?|(\k'Pm')|(?'Pm'))"
++ abcd
++
+ /-- End of testinput1 --/
+diff --git a/testdata/testoutput1 b/testdata/testoutput1
+index 0a53fd0..e852ab9 100644
+--- a/testdata/testoutput1
++++ b/testdata/testoutput1
+@@ -9429,4 +9429,9 @@ No match
+ 0: aaaaaaaaa
+ 1: a
+
++"(?|(\k'Pm')|(?'Pm'))"
++ abcd
++ 0:
++ 1:
++
+ /-- End of testinput1 --/
+--
+2.4.3
+
hooks/post-receive
--
IPFire 2.x development tree
_______________________________________________
IPFire-SCM mailing list
IPFire-SCM@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/ipfire-scm
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic