Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/pcre/patches/05-CVE-2015-3217.patch
branchs11u3-sru
changeset 5230 03a3a267d872
parent 5208 0606ba1c1cc6
child 5237 c85859d16ccb
equal deleted inserted replaced
5208:0606ba1c1cc6 5230:03a3a267d872 
     1 Patch from upstream:
 
       
     2 http://vcs.pcre.org/pcre?view=revision&revision=1566
 
       
     3 to fix CVE-2015-3217 for this upstream bug
 
       
     4 https://bugs.exim.org/show_bug.cgi?id=1638
 
       
     5 
       
     6 This patch may be removed when pcre is upgraded from version 8.37
 
       
     7 
       
     8 --- pcre-8.37-orig/ChangeLog	2015-06-18 14:42:05.162869794 -0700
 
       
     9 +++ pcre-8.37/ChangeLog	2015-06-18 14:42:49.750142570 -0700
 
       
    10 @@ -23,6 +23,10 @@ Changes since Version 8.37
 
       
    11      another group caused a buffer overflow. For example:
 
       
    12      /(?J)(?'d'(?'d'\g{d}))/. This bug was discovered by the LLVM fuzzer.
 
       
    13   
       
    14 +5.  If a non-capturing group containing a conditional group that could match
 
       
    15 +    an empty string was repeated, it was not identified as matching an empty
 
       
    16 +    string itself. For example: /^(?:(?(1)x|)+)+$()/.
 
       
    17 +
 
       
    18  
       
    19  Version 8.37 28-April-2015
 
       
    20  --------------------------
 
       
    21 --- pcre-8.37-orig/pcre_compile.c	2015-06-18 14:43:18.613383953 -0700
 
       
    22 +++ pcre-8.37/pcre_compile.c	2015-06-18 14:44:14.866515479 -0700
 
       
    23 @@ -2487,7 +2487,7 @@ for (code = first_significant_code(code 
       
    24    if (c == OP_BRA  || c == OP_BRAPOS ||
 
       
    25        c == OP_CBRA || c == OP_CBRAPOS ||
 
       
    26        c == OP_ONCE || c == OP_ONCE_NC ||
 
       
    27 -      c == OP_COND)
 
       
    28 +      c == OP_COND || c == OP_SCOND)
 
       
    29      {
 
       
    30      BOOL empty_branch;
 
       
    31      if (GET(code, 1) == 0) return TRUE;    /* Hit unclosed bracket */
 
       
    32 --- pcre-8.37-orig/testdata/testinput2	2015-06-18 14:45:30.453719449 -0700
 
       
    33 +++ pcre-8.37/testdata/testinput2	2015-06-18 14:46:14.175672070 -0700
 
       
    34 @@ -4168,4 +4168,6 @@ backtracking verbs. --/
 
       
    35  
       
    36  "(?J)(?'d'(?'d'\g{d}))"
 
       
    37  
       
    38 +/^(?:(?(1)x|)+)+$()/BZ
 
       
    39 +
 
       
    40  /-- End of testinput2 --/
 
       
    41 --- pcre-8.37-orig/testdata/testoutput2	2015-06-18 14:45:38.047882931 -0700
 
       
    42 +++ pcre-8.37/testdata/testoutput2	2015-06-18 14:47:02.815368178 -0700
 
       
    43 @@ -14456,4 +14456,22 @@ Failed: reference to non-existent subpat
 
       
    44  
       
    45  "(?J)(?'d'(?'d'\g{d}))"
 
       
    46  
       
    47 +/^(?:(?(1)x|)+)+$()/BZ
 
       
    48 +------------------------------------------------------------------
 
       
    49 +        Bra
 
       
    50 +        ^
 
       
    51 +        SBra
 
       
    52 +        SCond
 
       
    53 +      1 Cond ref
 
       
    54 +        x
 
       
    55 +        Alt
 
       
    56 +        KetRmax
 
       
    57 +        KetRmax
 
       
    58 +        $
 
       
    59 +        CBra 1
 
       
    60 +        Ket
 
       
    61 +        Ket
 
       
    62 +        End
 
       
    63 +------------------------------------------------------------------
 
       
    64 +
 
       
    65  /-- End of testinput2 --/
upstream/oracle/userland-gate