pcre3 (2:8.35-7.4) unstable; urgency=medium

* Non-maintainer upload. * Fix copy-and-paste error in Disable_JIT_on_sparc64.patch. # imported from the archive
author: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> 2015-11-02 17:51:13 +0000
committer: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> 2015-11-02 17:51:13 +0000
commit: 98c3e224a46705936ea39a3830e50299f2ce3c73 (patch)
tree: e1245867d3733b5deaf4e41a88a080c3a0b4f59e /debian/patches/Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch
1 files changed, 145 insertions, 0 deletions
diff --git a/debian/patches/Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch b/debian/patches/Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch
new file mode 100644
index 0000000..ed5b5c1
--- /dev/null
+++ b/debian/patches/Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch
@@ -0,0 +1,145 @@
+Description: CVE-2015-2326: heap buffer overflow in pcre_compile2()
+ Fix bad compilation for patterns like /((?+1)(\1))/ with
+ forward reference subroutine and recursive back reference within the same
+ group.
+Origin: upstream, http://vcs.pcre.org/pcre?view=revision&revision=1529
+Bug: http://bugs.exim.org/show_bug.cgi?id=1592
+Bug-Debian: https://bugs.debian.org/783285
+Forwarded: not-needed
+Last-Update: 2015-09-10
+Applied-Upstream: 8.36
+
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -8027,6 +8027,7 @@ int length;
+ unsigned int orig_bracount;
+ unsigned int max_bracount;
+ branch_chain bc;
++size_t save_hwm_offset;
+ 
+ /* If set, call the external function that checks for stack availability. */
+ 
+@@ -8044,6 +8045,8 @@ bc.current_branch = code;
+ firstchar = reqchar = 0;
+ firstcharflags = reqcharflags = REQ_UNSET;
+ 
++save_hwm_offset = cd->hwm - cd->start_workspace;
++
+ /* Accumulate the length for use in the pre-compile phase. Start with the
+ length of the BRA and KET and any extra bytes that are required at the
+ beginning. We accumulate in a local variable to save frequent testing of
+@@ -8246,7 +8249,7 @@ for (;;)
+         {
+         *code = OP_END;
+         adjust_recurse(start_bracket, 1 + LINK_SIZE,
+-          (options & PCRE_UTF8) != 0, cd, cd->hwm - cd->start_workspace);
++          (options & PCRE_UTF8) != 0, cd, save_hwm_offset);
+         memmove(start_bracket + 1 + LINK_SIZE, start_bracket,
+           IN_UCHARS(code - start_bracket));
+         *start_bracket = OP_ONCE;
+--- a/testdata/testinput11
++++ b/testdata/testinput11
+@@ -134,4 +134,6 @@ is required for these tests. --/
+ 
+ /(((a\2)|(a*)\g<-1>))*a?/B
+ 
++/((?+1)(\1))/B
++
+ /-- End of testinput11 --/
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4066,4 +4066,6 @@ backtracking verbs. --/
+ 
+ "((?2){0,1999}())?"
+ 
++/((?+1)(\1))/BZ
++
+ /-- End of testinput2 --/
+--- a/testdata/testoutput11-16
++++ b/testdata/testoutput11-16
+@@ -733,4 +733,19 @@ Memory allocation (code space): 14
+  41     End
+ ------------------------------------------------------------------
+ 
++/((?+1)(\1))/B
++------------------------------------------------------------------
++  0  20 Bra
++  2  16 Once
++  4  12 CBra 1
++  7   9 Recurse
++  9   5 CBra 2
++ 12     \1
++ 14   5 Ket
++ 16  12 Ket
++ 18  16 Ket
++ 20  20 Ket
++ 22     End
++------------------------------------------------------------------
++
+ /-- End of testinput11 --/
+--- a/testdata/testoutput11-32
++++ b/testdata/testoutput11-32
+@@ -733,4 +733,19 @@ Memory allocation (code space): 28
+  41     End
+ ------------------------------------------------------------------
+ 
++/((?+1)(\1))/B
++------------------------------------------------------------------
++  0  20 Bra
++  2  16 Once
++  4  12 CBra 1
++  7   9 Recurse
++  9   5 CBra 2
++ 12     \1
++ 14   5 Ket
++ 16  12 Ket
++ 18  16 Ket
++ 20  20 Ket
++ 22     End
++------------------------------------------------------------------
++
+ /-- End of testinput11 --/
+--- a/testdata/testoutput11-8
++++ b/testdata/testoutput11-8
+@@ -733,4 +733,19 @@ Memory allocation (code space): 10
+  60     End
+ ------------------------------------------------------------------
+ 
++/((?+1)(\1))/B
++------------------------------------------------------------------
++  0  31 Bra
++  3  25 Once
++  6  19 CBra 1
++ 11  14 Recurse
++ 14   8 CBra 2
++ 19     \1
++ 22   8 Ket
++ 25  19 Ket
++ 28  25 Ket
++ 31  31 Ket
++ 34     End
++------------------------------------------------------------------
++
+ /-- End of testinput11 --/
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14175,4 +14175,19 @@ Failed: parentheses are too deeply neste
+ 
+ "((?2){0,1999}())?"
+ 
++/((?+1)(\1))/BZ
++------------------------------------------------------------------
++        Bra
++        Once
++        CBra 1
++        Recurse
++        CBra 2
++        \1
++        Ket
++        Ket
++        Ket
++        Ket
++        End
++------------------------------------------------------------------
++
+ /-- End of testinput2 --/
author	John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>	2015-11-02 17:51:13 +0000
committer	John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>	2015-11-02 17:51:13 +0000
commit	98c3e224a46705936ea39a3830e50299f2ce3c73 (patch)
tree	e1245867d3733b5deaf4e41a88a080c3a0b4f59e /debian/patches/Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch