Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/pcre/patches/06-CVE-2015-5073.patch
author Bill Rushmore <bill.rushmore@oracle.com>
Fri, 07 Aug 2015 13:43:38 -0700
changeset 4746 8e237ffd0a48
parent 4558 12e319bad844
permissions -rw-r--r--
20995635 Perl TK needs to be upgraded to work with Perl 5.20 20994112 Perl XML::Parser needs to work with Perl 5.20 20989929 Perl net-ssleay needs to be fixed so it builds with Perl 5.20 20989909 Perl libxml needs to be fixed so it builds with Perl 5.20 20989894 Perl DBI - needs to be fixed so it builds with Perl 5.20 20989877 AUTHEN-PAM needs to be fixed so it builds with Perl 5.20 21195142 OpenSCAP's Makefile needs to be updated to work with Perl 5.20 21216887 Dependencies and references to Perl 5.16 need to be replaced with Perl 5.20

Patch from upstream:
http://vcs.pcre.org/pcre?view=revision&revision=1571
to fix CVE-2015-5073 for this upstream bug
https://bugs.exim.org/show_bug.cgi?id=1651

This patch may be removed when pcre is upgraded from version 8.37

--- pcre-8.37-orig/ChangeLog	2015-06-29 09:12:15.694261234 -0700
+++ pcre-8.37/ChangeLog	2015-06-29 09:29:45.739958088 -0700
@@ -27,6 +27,10 @@ Changes since Version 8.37
     an empty string was repeated, it was not identified as matching an empty
     string itself. For example: /^(?:(?(1)x|)+)+$()/.
 
+6.  A pattern with an unmatched closing parenthesis that contained a backward 
+    assertion which itself contained a forward reference caused buffer 
+    overflow. And example pattern is: /(?=di(?<=(?1))|(?=(.))))/.
+
 
 Version 8.37 28-April-2015
 --------------------------
--- pcre-8.37-orig/pcre_compile.c	2015-06-29 09:12:15.695805136 -0700
+++ pcre-8.37/pcre_compile.c	2015-06-29 09:17:13.527304409 -0700
@@ -9406,7 +9406,7 @@ OP_RECURSE that are not fixed length get
 exceptional ones forgo this. We scan the pattern to check that they are fixed
 length, and set their lengths. */
 
-if (cd->check_lookbehind)
+if (errorcode == 0 && cd->check_lookbehind)
   {
   pcre_uchar *cc = (pcre_uchar *)codestart;
 
--- pcre-8.37-orig/testdata/testinput2	2015-06-29 09:12:15.696414562 -0700
+++ pcre-8.37/testdata/testinput2	2015-06-29 09:24:55.146760633 -0700
@@ -4170,4 +4170,6 @@ backtracking verbs. --/
 
 /^(?:(?(1)x|)+)+$()/BZ
 
+/(?=di(?<=(?1))|(?=(.))))/
+
 /-- End of testinput2 --/
--- pcre-8.37-orig/testdata/testoutput2	2015-06-29 09:12:15.698016242 -0700
+++ pcre-8.37/testdata/testoutput2	2015-06-29 09:26:11.171270088 -0700
@@ -14474,4 +14474,7 @@ Failed: reference to non-existent subpat
         End
 ------------------------------------------------------------------
 
+/(?=di(?<=(?1))|(?=(.))))/
+Failed: unmatched parentheses at offset 23
+
 /-- End of testinput2 --/
upstream/oracle/userland-gate