Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/pcre/patches/05-CVE-2015-3217.patch
author April Chin <april.chin@oracle.com>
Fri, 10 Jul 2015 08:56:04 -0700
branchs11u2-sru
changeset 4620 e3a4a6201724
permissions -rw-r--r--
21290075 update pcre to version 8.37 20069753 problem in LIBRARY/PCRE 21093256 problem in LIBRARY/PCRE 21179786 problem in LIBRARY/PCRE 21195811 problem in LIBRARY/PCRE 21330611 problem in LIBRARY/PCRE 15417417 SUNBT6594265 man page for pcregrep is missing "Last change:" date
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
4620
e3a4a6201724 21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     1
 
Patch from upstream:
e3a4a6201724 21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     2
 
http://vcs.pcre.org/pcre?view=revision&revision=1566
e3a4a6201724 21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     3
 
to fix CVE-2015-3217 for this upstream bug
e3a4a6201724 21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     4
 
https://bugs.exim.org/show_bug.cgi?id=1638
e3a4a6201724 21290075 update pcre to version 8.37
April Chin <april.chin@oracle.com>
parents:
diff changeset 
     5
 












e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




     6


This patch may be removed when pcre is upgraded from version 8.37













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




     7














e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




     8


--- pcre-8.37-orig/ChangeLog	2015-06-18 14:42:05.162869794 -0700













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




     9


+++ pcre-8.37/ChangeLog	2015-06-18 14:42:49.750142570 -0700













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    10


@@ -23,6 +23,10 @@ Changes since Version 8.37













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    11


     another group caused a buffer overflow. For example:













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    12


     /(?J)(?'d'(?'d'\g{d}))/. This bug was discovered by the LLVM fuzzer.













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    13


  













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    14


+5.  If a non-capturing group containing a conditional group that could match













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    15


+    an empty string was repeated, it was not identified as matching an empty













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    16


+    string itself. For example: /^(?:(?(1)x|)+)+$()/.













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    17


+













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    18


 













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    19


 Version 8.37 28-April-2015













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    20


 --------------------------













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    21


--- pcre-8.37-orig/pcre_compile.c	2015-06-18 14:43:18.613383953 -0700













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    22


+++ pcre-8.37/pcre_compile.c	2015-06-18 14:44:14.866515479 -0700













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    23


@@ -2487,7 +2487,7 @@ for (code = first_significant_code(code 













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    24


   if (c == OP_BRA  || c == OP_BRAPOS ||













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    25


       c == OP_CBRA || c == OP_CBRAPOS ||













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    26


       c == OP_ONCE || c == OP_ONCE_NC ||













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    27


-      c == OP_COND)













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    28


+      c == OP_COND || c == OP_SCOND)













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    29


     {













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    30


     BOOL empty_branch;













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    31


     if (GET(code, 1) == 0) return TRUE;    /* Hit unclosed bracket */













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    32


--- pcre-8.37-orig/testdata/testinput2	2015-06-18 14:45:30.453719449 -0700













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    33


+++ pcre-8.37/testdata/testinput2	2015-06-18 14:46:14.175672070 -0700













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    34


@@ -4168,4 +4168,6 @@ backtracking verbs. --/













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    35


 













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    36


 "(?J)(?'d'(?'d'\g{d}))"













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    37


 













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    38


+/^(?:(?(1)x|)+)+$()/BZ













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    39


+













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    40


 /-- End of testinput2 --/













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    41


--- pcre-8.37-orig/testdata/testoutput2	2015-06-18 14:45:38.047882931 -0700













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    42


+++ pcre-8.37/testdata/testoutput2	2015-06-18 14:47:02.815368178 -0700













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    43


@@ -14456,4 +14456,22 @@ Failed: reference to non-existent subpat













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    44


 













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    45


 "(?J)(?'d'(?'d'\g{d}))"













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    46


 













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    47


+/^(?:(?(1)x|)+)+$()/BZ













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    48


+------------------------------------------------------------------













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    49


+        Bra













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    50


+        ^













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    51


+        SBra













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    52


+        SCond













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    53


+      1 Cond ref













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    54


+        x













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    55


+        Alt













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    56


+        KetRmax













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    57


+        KetRmax













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    58


+        $













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    59


+        CBra 1













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    60


+        Ket













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    61


+        Ket













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    62


+        End













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    63


+------------------------------------------------------------------













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    64


+













e3a4a6201724
21290075 update pcre to version 8.37



April Chin <april.chin@oracle.com>


parents: 

diff
changeset




    65


 /-- End of testinput2 --/















upstream/oracle/userland-gate