summaryrefslogtreecommitdiff
path: root/system
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2020-03-16 18:32:38 -0500
committerMax Rees <maxcrees@me.com>2020-03-19 22:21:24 -0500
commit6439676870ecce7b71fff1a21eb944f911207e24 (patch)
tree65e5f39059306d5ceba88535c76f2bc2561733a5 /system
parent4457bb5bf106a91ed131a506269c5e09606c6f57 (diff)
downloadpackages-6439676870ecce7b71fff1a21eb944f911207e24.tar.gz
packages-6439676870ecce7b71fff1a21eb944f911207e24.tar.bz2
packages-6439676870ecce7b71fff1a21eb944f911207e24.tar.xz
packages-6439676870ecce7b71fff1a21eb944f911207e24.zip
system/pcre2: patch CVE-2019-20454 (#242)
Diffstat (limited to 'system')
-rw-r--r--system/pcre2/APKBUILD13
-rw-r--r--system/pcre2/CVE-2019-20454.patch50
2 files changed, 60 insertions, 3 deletions
diff --git a/system/pcre2/APKBUILD b/system/pcre2/APKBUILD
index 7bca0e450..4120d0a7b 100644
--- a/system/pcre2/APKBUILD
+++ b/system/pcre2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer:
pkgname=pcre2
pkgver=10.33
-pkgrel=0
+pkgrel=1
pkgdesc="Perl-compatible regular expression library"
url="https://pcre.org"
arch="all"
@@ -12,7 +12,13 @@ depends_dev="libedit-dev zlib-dev"
makedepends="$depends_dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools
libpcre2-16:_libpcre libpcre2-32:_libpcre"
-source="https://ftp.pcre.org/pub/pcre/$pkgname-$pkgver.tar.gz"
+source="https://ftp.pcre.org/pub/pcre/$pkgname-$pkgver.tar.gz
+ CVE-2019-20454.patch
+ "
+
+# secfixes:
+# 10.33-r1:
+# - CVE-2019-20454
case "$CARCH" in
s390x) _enable_jit="";;
@@ -62,4 +68,5 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="649983c7725e2fd2451ba89243b4c08c408fc279b7be3b2d225045cced3b0667ff6da4c9dd37510eb9e5aed6478aff54c2dbd1d92f4d0f1174579df9ec2c1882 pcre2-10.33.tar.gz"
+sha512sums="649983c7725e2fd2451ba89243b4c08c408fc279b7be3b2d225045cced3b0667ff6da4c9dd37510eb9e5aed6478aff54c2dbd1d92f4d0f1174579df9ec2c1882 pcre2-10.33.tar.gz
+07c43ccf130c1ed2b4f97036671f92e9c1d0100fd32c053b448e5dbdf976543c12f74568e37b661db7fbd603e815f5683a59cb2a9f9c307505dca3cb36db8120 CVE-2019-20454.patch"
diff --git a/system/pcre2/CVE-2019-20454.patch b/system/pcre2/CVE-2019-20454.patch
new file mode 100644
index 000000000..bdec87294
--- /dev/null
+++ b/system/pcre2/CVE-2019-20454.patch
@@ -0,0 +1,50 @@
+Revision: 1091
+Author: ph10
+Date: Mon May 13 16:26:17 2019 UTC
+URL: https://vcs.pcre.org/pcre2?view=revision&revision=1091
+
+Fix crash when \X is used without UTF in JIT.
+
+--- a/testdata/testinput4 2019/05/11 11:43:39 1090
++++ b/testdata/testinput4 2019/05/13 16:26:17 1091
+@@ -2480,4 +2480,7 @@
+ /^(?'אABC'...)(?&אABC)/utf
+ 123123123456
+
++/\X*/
++ \xF3aaa\xE4\xEA\xEB\xFEa
++
+ # End of testinput4
+--- a/testdata/testoutput4 2019/05/11 11:43:39 1090
++++ b/testdata/testoutput4 2019/05/13 16:26:17 1091
+@@ -4012,4 +4012,8 @@
+ 0: 123123
+ 1: 123
+
++/\X*/
++ \xF3aaa\xE4\xEA\xEB\xFEa
++ 0: \xf3aaa\xe4\xea\xeb\xfea
++
+ # End of testinput4
+
+Revision: 1092
+Author: ph10
+Date: Mon May 13 16:38:18 2019 UTC
+URL: https://vcs.pcre.org/pcre2?view=revision&revision=1092
+
+Forgot this file in previous commit. Fixes JIT non-UTF bug.
+
+--- a/src/pcre2_jit_compile.c 2019/05/13 16:26:17 1091
++++ b/src/pcre2_jit_compile.c 2019/05/13 16:38:18 1092
+@@ -8571,7 +8571,10 @@
+ PCRE2_SPTR bptr;
+ uint32_t c;
+
+-GETCHARINC(c, cc);
++/* Patch by PH */
++/* GETCHARINC(c, cc); */
++
++c = *cc++;
+ #if PCRE2_CODE_UNIT_WIDTH == 32
+ if (c >= 0x110000)
+ return NULL;