diff --git a/CVE-2019-20454.patch b/CVE-2019-20454.patch deleted file mode 100644 index 1b3e2631679175137d5273961cdb7d3ee20f48ab..0000000000000000000000000000000000000000 --- a/CVE-2019-20454.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ae72065b4aefb98ea581ebb509f7af51d27f05c2 Mon Sep 17 00:00:00 2001 -Date: Mom, 13 May 2019 16:38:18 +0800 -Subject: [PATCH] Forgot this file in previous commit. Fixes JIT non-UTF bug. -https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?r1=1089&r2=1092&pathrev=1092 - ---- - src/pcre2_jit_compile.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c -index 1f21bfb..9ced906 100644 ---- a/src/pcre2_jit_compile.c -+++ b/src/pcre2_jit_compile.c -@@ -8538,7 +8538,10 @@ int lgb, rgb, ricount; - PCRE2_SPTR bptr; - uint32_t c; - --GETCHARINC(c, cc); -+/* Patch by PH */ -+/* GETCHARINC(c, cc); */ -+ -+c = *cc++; - #if PCRE2_CODE_UNIT_WIDTH == 32 - if (c >= 0x110000) - return NULL; --- -1.8.3.1 - diff --git a/Implement-a-check-on-the-number-of-capturing-parenth.patch b/Implement-a-check-on-the-number-of-capturing-parenth.patch deleted file mode 100644 index a8a820cf938a1a800fb94c083091700e5e447fd3..0000000000000000000000000000000000000000 --- a/Implement-a-check-on-the-number-of-capturing-parenth.patch +++ /dev/null @@ -1,209 +0,0 @@ -From a38f1e7eb827408133178ffac9987157d82edaa2 Mon Sep 17 00:00:00 2001 -From: ph10 -Date: Mon, 22 Apr 2019 12:39:38 +0000 -Subject: [PATCH] Implement a check on the number of capturing parentheses, - which for some reason has never existed. This fixes ClusterFuzz issue 14376. - -git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1088 6239d852-aaf2-0410-a92c-79f79f948069 ---- - ChangeLog | 8 ++++++++ - configure.ac | 6 +++--- - src/pcre2.h.in | 1 + - src/pcre2_compile.c | 12 +++++++++++- - src/pcre2_error.c | 1 + - testdata/testinput11 | 2 ++ - testdata/testinput2 | 4 ++++ - testdata/testinput9 | 2 ++ - testdata/testoutput11-16 | 3 +++ - testdata/testoutput11-32 | 2 ++ - testdata/testoutput2 | 6 ++++++ - testdata/testoutput9 | 3 +++ - 12 files changed, 46 insertions(+), 4 deletions(-) - -diff --git a/ChangeLog b/ChangeLog -index 66c6d0b..da4ffb6 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -2,6 +2,14 @@ Change Log for PCRE2 - -------------------- - - -+Version 10.34 22-April-2019 -+--------------------------- -+ -+1. The maximum number of capturing subpatterns is 65535 (documented), but no -+check on this was ever implemented. This omission has been rectified; it fixes -+ClusterFuzz 14376. -+ -+ - Version 10.33 16-April-2019 - --------------------------- - -diff --git a/configure.ac b/configure.ac -index 93c2b53..35b947b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -9,9 +9,9 @@ dnl The PCRE2_PRERELEASE feature is for identifying release candidates. It might - dnl be defined as -RC2, for example. For real releases, it should be empty. - - m4_define(pcre2_major, [10]) --m4_define(pcre2_minor, [33]) --m4_define(pcre2_prerelease, []) --m4_define(pcre2_date, [2019-04-16]) -+m4_define(pcre2_minor, [34]) -+m4_define(pcre2_prerelease, [-RC1]) -+m4_define(pcre2_date, [2019-04-22]) - - # NOTE: The CMakeLists.txt file searches for the above variables in the first - # 50 lines of this file. Please update that if the variables above are moved. -diff --git a/src/pcre2.h.in b/src/pcre2.h.in -index 9415d70..29f3688 100644 ---- a/src/pcre2.h.in -+++ b/src/pcre2.h.in -@@ -305,6 +305,7 @@ pcre2_pattern_convert(). */ - #define PCRE2_ERROR_INVALID_HYPHEN_IN_OPTIONS 194 - #define PCRE2_ERROR_ALPHA_ASSERTION_UNKNOWN 195 - #define PCRE2_ERROR_SCRIPT_RUN_NOT_AVAILABLE 196 -+#define PCRE2_ERROR_TOO_MANY_CAPTURES 197 - - - /* "Expected" matching error codes: no match and partial match. */ -diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c -index 068735a..cd6fbea 100644 ---- a/src/pcre2_compile.c -+++ b/src/pcre2_compile.c -@@ -781,7 +781,7 @@ enum { ERR0 = COMPILE_ERROR_BASE, - ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, ERR70, - ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, ERR80, - ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERR88, ERR89, ERR90, -- ERR91, ERR92, ERR93, ERR94, ERR95, ERR96 }; -+ ERR91, ERR92, ERR93, ERR94, ERR95, ERR96, ERR97 }; - - /* This is a table of start-of-pattern options such as (*UTF) and settings such - as (*LIMIT_MATCH=nnnn) and (*CRLF). For completeness and backward -@@ -3611,6 +3611,11 @@ while (ptr < ptrend) - nest_depth++; - if ((options & PCRE2_NO_AUTO_CAPTURE) == 0) - { -+ if (cb->bracount >= MAX_GROUP_NUMBER) -+ { -+ errorcode = ERR97; -+ goto FAILED; -+ } - cb->bracount++; - *parsed_pattern++ = META_CAPTURE | cb->bracount; - } -@@ -4435,6 +4440,11 @@ while (ptr < ptrend) - /* We have a name for this capturing group. It is also assigned a number, - which is its primary means of identification. */ - -+ if (cb->bracount >= MAX_GROUP_NUMBER) -+ { -+ errorcode = ERR97; -+ goto FAILED; -+ } - cb->bracount++; - *parsed_pattern++ = META_CAPTURE | cb->bracount; - nest_depth++; -diff --git a/src/pcre2_error.c b/src/pcre2_error.c -index 1d02cf1..5517e74 100644 ---- a/src/pcre2_error.c -+++ b/src/pcre2_error.c -@@ -184,6 +184,7 @@ static const unsigned char compile_error_texts[] = - /* 95 */ - "(*alpha_assertion) not recognized\0" - "script runs require Unicode support, which this version of PCRE2 does not have\0" -+ "too many capturing groups (maximum 65535)\0" - ; - - /* Match-time and UTF error texts are in the same format. */ -diff --git a/testdata/testinput11 b/testdata/testinput11 -index 2d267d6..fca6042 100644 ---- a/testdata/testinput11 -+++ b/testdata/testinput11 -@@ -368,4 +368,6 @@ - abÿAz - ab\x{80000041}z - -+/\[()]{65535}/expand -+ - # End of testinput11 -diff --git a/testdata/testinput2 b/testdata/testinput2 -index 9e59b62..8a98f94 100644 ---- a/testdata/testinput2 -+++ b/testdata/testinput2 -@@ -5587,4 +5587,8 @@ a)"xI - \= Expect error message - abc\=null_context - -+/\[()]{65535}()/expand -+ -+/\[()]{65535}(?)/expand -+ - # End of testinput2 -diff --git a/testdata/testinput9 b/testdata/testinput9 -index 7be4b15..792d610 100644 ---- a/testdata/testinput9 -+++ b/testdata/testinput9 -@@ -260,4 +260,6 @@ - - /(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':Æ¿)/ - -+/\[()]{65535}/expand -+ - # End of testinput9 -diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16 -index 78bf7fb..f2b9637 100644 ---- a/testdata/testoutput11-16 -+++ b/testdata/testoutput11-16 -@@ -661,4 +661,7 @@ Subject length lower bound = 1 - abÿAz - ab\x{80000041}z - -+/\[()]{65535}/expand -+Failed: error 120 at offset 131070: regular expression is too large -+ - # End of testinput11 -diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32 -index 4b00384..1908ab7 100644 ---- a/testdata/testoutput11-32 -+++ b/testdata/testoutput11-32 -@@ -667,4 +667,6 @@ Subject length lower bound = 1 - ab\x{80000041}z - 0: ab\x{80000041}z - -+/\[()]{65535}/expand -+ - # End of testinput11 -diff --git a/testdata/testoutput2 b/testdata/testoutput2 -index 2f91c38..158fbad 100644 ---- a/testdata/testoutput2 -+++ b/testdata/testoutput2 -@@ -16934,6 +16934,12 @@ Subject length lower bound = 0 - abc\=null_context - ** Replacement callouts are not supported with null_context. - -+/\[()]{65535}()/expand -+Failed: error 197 at offset 131071: too many capturing groups (maximum 65535) -+ -+/\[()]{65535}(?)/expand -+Failed: error 197 at offset 131075: too many capturing groups (maximum 65535) -+ - # End of testinput2 - Error -70: PCRE2_ERROR_BADDATA (unknown error number) - Error -62: bad serialized data -diff --git a/testdata/testoutput9 b/testdata/testoutput9 -index f98f276..f66ca3d 100644 ---- a/testdata/testoutput9 -+++ b/testdata/testoutput9 -@@ -367,4 +367,7 @@ Failed: error 134 at offset 14: character code point value in \x{} or \o{} is to - /(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':Æ¿)/ - Failed: error 176 at offset 259: name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN) - -+/\[()]{65535}/expand -+Failed: error 120 at offset 131070: regular expression is too large -+ - # End of testinput9 --- -1.8.3.1 - diff --git a/pcre2-10.10-Fix-multilib.patch b/pcre2-10.10-Fix-multilib.patch new file mode 100644 index 0000000000000000000000000000000000000000..89c7d80c615af873ba9629e475f0fbd594cbcdb5 --- /dev/null +++ b/pcre2-10.10-Fix-multilib.patch @@ -0,0 +1,39 @@ +From 8b6b10229201e5b148979a24e06c640dbbcfbad9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 20 Feb 2015 14:34:26 +0100 +Subject: [PATCH] Fix multilib +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not set RPATH nor add explicit -L path to compiler. + +Signed-off-by: Petr PísaÅ™ + +diff --git a/pcre2-config.in b/pcre2-config.in +index 932160e..dbef5e5 100644 +--- a/pcre2-config.in ++++ b/pcre2-config.in +@@ -28,19 +28,7 @@ if test $# -eq 0; then + fi + + libR= +-case `uname -s` in +- *SunOS*) +- libR=" -R@libdir@" +- ;; +- *BSD*) +- libR=" -Wl,-R@libdir@" +- ;; +-esac +- + libS= +-if test @libdir@ != /usr/lib ; then +- libS=-L@libdir@ +-fi + + while test $# -gt 0; do + case "$1" in +-- +2.1.0 + diff --git a/pcre2-10.33.tar.bz2 b/pcre2-10.33.tar.bz2 deleted file mode 100644 index b95ed353a9735846c5011383b537fd71b086dc4d..0000000000000000000000000000000000000000 Binary files a/pcre2-10.33.tar.bz2 and /dev/null differ diff --git a/pcre2-10.35-Apply-H.J.-Lu-s-patch-to-pass-mshstk-to-the-compiler.patch b/pcre2-10.35-Apply-H.J.-Lu-s-patch-to-pass-mshstk-to-the-compiler.patch new file mode 100644 index 0000000000000000000000000000000000000000..6c471af2783a5f15055614ded378023b7d7bd0db --- /dev/null +++ b/pcre2-10.35-Apply-H.J.-Lu-s-patch-to-pass-mshstk-to-the-compiler.patch @@ -0,0 +1,95 @@ +From 4f0b3ea9771e49fb0d5e5c323e7966ceff2c7ec2 Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Mon, 25 May 2020 16:03:24 +0000 +Subject: [PATCH 1/2] Apply H.J. Lu's patch to pass -mshstk to the compiler + when Intel CET is enabled. CMake version invented by PH, but only tested on + non-CET system. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1256 6239d852-aaf2-0410-a92c-79f79f948069 +Petr PísaÅ™: Ported to 10.35. +--- + CMakeLists.txt | 19 +++++++++++++++++++ + Makefile.am | 1 + + configure.ac | 15 +++++++++++++++ + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 86b8896..5e8a763 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -92,6 +92,7 @@ + # library versioning. + # 2020-04-25 Carlo added function check for mkostemp used in ProtExecAllocator + # 2020-04-28 PH added function check for memfd_create based on Carlo's patch ++# 2020-05-25 PH added a check for Intel CET + + PROJECT(PCRE2 C) + +@@ -146,6 +147,24 @@ CHECK_C_SOURCE_COMPILES( + ) + set(CMAKE_REQUIRED_FLAGS ${ORIG_CMAKE_REQUIRED_FLAGS}) + ++# Check whether Intel CET is enabled, and if so, adjust compiler flags. This ++# code was written by PH, trying to imitate the logic from the autotools ++# configuration. ++ ++CHECK_C_SOURCE_COMPILES( ++ "#ifndef __CET__ ++ #error CET is not enabled ++ #endif ++ int main() { return 0; }" ++ INTEL_CET_ENABLED ++) ++ ++IF (INTEL_CET_ENABLED) ++ SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mshstk") ++ENDIF(INTEL_CET_ENABLED) ++ ++ ++ + # User-configurable options + # + # Note: CMakeSetup displays these in alphabetical order, regardless of +diff --git a/Makefile.am b/Makefile.am +index bb888f2..af6b92b 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -391,6 +391,7 @@ nodist_libpcre2_8_la_SOURCES = \ + libpcre2_8_la_CFLAGS = \ + -DPCRE2_CODE_UNIT_WIDTH=8 \ + $(VISIBILITY_CFLAGS) \ ++ $(CET_CFLAGS) \ + $(AM_CFLAGS) + libpcre2_8_la_LIBADD = + endif # WITH_PCRE2_8 +diff --git a/configure.ac b/configure.ac +index 180d3dc..61b93ba 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1006,6 +1006,21 @@ fi # enable_coverage + + AM_CONDITIONAL([WITH_GCOV],[test "x$enable_coverage" = "xyes"]) + ++AC_MSG_CHECKING([whether Intel CET is enabled]) ++AC_LANG_PUSH([C]) ++AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, ++ [[#ifndef __CET__ ++# error CET is not enabled ++#endif]])], ++ [pcre2_cc_cv_intel_cet_enabled=yes], ++ [pcre2_cc_cv_intel_cet_enabled=no]) ++AC_MSG_RESULT([$pcre2_cc_cv_intel_cet_enabled]) ++if test "$pcre2_cc_cv_intel_cet_enabled" = yes; then ++ CET_CFLAGS="-mshstk" ++ AC_SUBST([CET_CFLAGS]) ++fi ++AC_LANG_POP([C]) ++ + # Produce these files, in addition to config.h. + AC_CONFIG_FILES( + Makefile +-- +2.25.4 + diff --git a/pcre2-10.35-Fix-an-early-fail-optimization-issue-and-a-buffer-ov.patch b/pcre2-10.35-Fix-an-early-fail-optimization-issue-and-a-buffer-ov.patch new file mode 100644 index 0000000000000000000000000000000000000000..466a0be6bcda251b3a61000416b488547f3298de --- /dev/null +++ b/pcre2-10.35-Fix-an-early-fail-optimization-issue-and-a-buffer-ov.patch @@ -0,0 +1,114 @@ +From 938cca6343300495c67461c08f4732f098a7ce30 Mon Sep 17 00:00:00 2001 +From: zherczeg +Date: Wed, 15 Jul 2020 04:35:32 +0000 +Subject: [PATCH] Fix an early fail optimization issue and a buffer overread in + JIT. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1267 6239d852-aaf2-0410-a92c-79f79f948069 +Petr PísaÅ™: Ported to 10.35. +--- + src/pcre2_jit_compile.c | 24 ++++++++++++------------ + src/pcre2_jit_test.c | 1 + + +diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c +index 7c5d63b..2bd4275 100644 +--- a/src/pcre2_jit_compile.c ++++ b/src/pcre2_jit_compile.c +@@ -1466,9 +1466,9 @@ do + default: + accelerated_start = NULL; + fast_forward_allowed = FALSE; +- break; ++ continue; + } +- continue; ++ break; + + case OP_ONCE: + case OP_BRA: +@@ -1834,57 +1834,57 @@ while (cc < ccend) + case OP_BRAZERO: + case OP_BRAMINZERO: + case OP_BRAPOSZERO: +- repeat_check = FALSE; + size = 1; ++ repeat_check = FALSE; + break; + + CASE_ITERATOR_PRIVATE_DATA_1 +- space = 1; + size = -2; ++ space = 1; + break; + + CASE_ITERATOR_PRIVATE_DATA_2A +- space = 2; + size = -2; ++ space = 2; + break; + + CASE_ITERATOR_PRIVATE_DATA_2B +- space = 2; + size = -(2 + IMM2_SIZE); ++ space = 2; + break; + + CASE_ITERATOR_TYPE_PRIVATE_DATA_1 +- space = 1; + size = 1; ++ space = 1; + break; + + CASE_ITERATOR_TYPE_PRIVATE_DATA_2A ++ size = 1; + if (cc[1] != OP_ANYNL && cc[1] != OP_EXTUNI) + space = 2; +- size = 1; + break; + + case OP_TYPEUPTO: ++ size = 1 + IMM2_SIZE; + if (cc[1 + IMM2_SIZE] != OP_ANYNL && cc[1 + IMM2_SIZE] != OP_EXTUNI) + space = 2; +- size = 1 + IMM2_SIZE; + break; + + case OP_TYPEMINUPTO: +- space = 2; + size = 1 + IMM2_SIZE; ++ space = 2; + break; + + case OP_CLASS: + case OP_NCLASS: +- space = get_class_iterator_size(cc + size); + size = 1 + 32 / sizeof(PCRE2_UCHAR); ++ space = get_class_iterator_size(cc + size); + break; + + #if defined SUPPORT_UNICODE || PCRE2_CODE_UNIT_WIDTH != 8 + case OP_XCLASS: +- space = get_class_iterator_size(cc + size); + size = GET(cc, 1); ++ space = get_class_iterator_size(cc + size); + break; + #endif + +diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c +index 16dade7..b7856ad 100644 +--- a/src/pcre2_jit_test.c ++++ b/src/pcre2_jit_test.c +@@ -350,6 +350,7 @@ static struct regression_test_case regression_test_cases[] = { + { MU, A, 0, 0, ".[ab]*.", "xx" }, + { MU, A, 0, 0, ".[ab]*a", "xxa" }, + { MU, A, 0, 0, ".[ab]?.", "xx" }, ++ { MU, A, 0, 0, "_[ab]+_*a", "_aa" }, + + /* Bracket repeats with limit. */ + { MU, A, 0, 0, "(?:(ab){2}){5}M", "abababababababababababM" }, +-- +2.25.4 + diff --git a/pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch b/pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch new file mode 100644 index 0000000000000000000000000000000000000000..254258da3c88455b445d8fb2161a8eb63cdf4cef --- /dev/null +++ b/pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch @@ -0,0 +1,157 @@ +From 58040c3b15f966857eef0b35885800f0805e7c7a Mon Sep 17 00:00:00 2001 +From: zherczeg +Date: Fri, 29 May 2020 14:20:23 +0000 +Subject: [PATCH] Fix inifinite loop when a single byte newline is searched in + JIT. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1258 6239d852-aaf2-0410-a92c-79f79f948069 +Petr PísaÅ™: Ported to 10.35. +--- + src/pcre2_jit_compile.c | 9 ++++++++- + src/pcre2_jit_test.c | 38 +++++++++++++++++++++++++------------- + +diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c +index 33ad7e6..4a3ddd8 100644 +--- a/src/pcre2_jit_compile.c ++++ b/src/pcre2_jit_compile.c +@@ -4578,7 +4578,14 @@ if (common->nltype != NLTYPE_ANY) + /* All newlines are ascii, just skip intermediate octets. */ + jump[0] = CMP(SLJIT_GREATER_EQUAL, STR_PTR, 0, STR_END, 0); + loop = LABEL(); +- OP1(MOV_UCHAR, TMP2, 0, SLJIT_MEM1(STR_PTR), IN_UCHARS(0)); ++ if (sljit_emit_mem(compiler, MOV_UCHAR | SLJIT_MEM_SUPP | SLJIT_MEM_POST, TMP2, SLJIT_MEM1(STR_PTR), IN_UCHARS(1)) == SLJIT_SUCCESS) ++ sljit_emit_mem(compiler, MOV_UCHAR | SLJIT_MEM_POST, TMP2, SLJIT_MEM1(STR_PTR), IN_UCHARS(1)); ++ else ++ { ++ OP1(MOV_UCHAR, TMP2, 0, SLJIT_MEM1(STR_PTR), IN_UCHARS(0)); ++ OP2(SLJIT_ADD, STR_PTR, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(1)); ++ } ++ + OP2(SLJIT_AND, TMP2, 0, TMP2, 0, SLJIT_IMM, 0xc0); + CMPTO(SLJIT_EQUAL, TMP2, 0, SLJIT_IMM, 0x80, loop); + OP2(SLJIT_SUB, STR_PTR, 0, STR_PTR, 0, SLJIT_IMM, IN_UCHARS(1)); +diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c +index a29fffa..16dade7 100644 +--- a/src/pcre2_jit_test.c ++++ b/src/pcre2_jit_test.c +@@ -1831,7 +1831,9 @@ struct invalid_utf8_regression_test_case { + const char *input; + }; + +-static struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cases[] = { ++static const char invalid_utf8_newline_cr; ++ ++static const struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cases[] = { + { UDA, CI, 0, 0, 0, 0, 4, { ".", NULL }, "\xf4\x8f\xbf\xbf" }, + { UDA, CI, 0, 0, 0, 0, 4, { ".", NULL }, "\xf0\x90\x80\x80" }, + { UDA, CI, 0, 0, 0, -1, -1, { ".", NULL }, "\xf4\x90\x80\x80" }, +@@ -1974,6 +1976,8 @@ static struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cas + { 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\X{2}", NULL }, "\r\n\n" }, + { 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\R{2}", NULL }, "\r\n\n" }, + ++ { PCRE2_UTF | PCRE2_MULTILINE, CI, 0, 0, 0, -1, -1, { "^.a", &invalid_utf8_newline_cr }, "\xc3\xa7#a" }, ++ + { 0, 0, 0, 0, 0, 0, 0, { NULL, NULL }, NULL } + }; + +@@ -1981,7 +1985,7 @@ static struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cas + #undef CI + #undef CPI + +-static int run_invalid_utf8_test(struct invalid_utf8_regression_test_case *current, ++static int run_invalid_utf8_test(const struct invalid_utf8_regression_test_case *current, + int pattern_index, int i, pcre2_compile_context_8 *ccontext, pcre2_match_data_8 *mdata) + { + pcre2_code_8 *code; +@@ -2034,7 +2038,7 @@ static int run_invalid_utf8_test(struct invalid_utf8_regression_test_case *curre + + static int invalid_utf8_regression_tests(void) + { +- struct invalid_utf8_regression_test_case *current; ++ const struct invalid_utf8_regression_test_case *current; + pcre2_compile_context_8 *ccontext; + pcre2_match_data_8 *mdata; + int total = 0, successful = 0; +@@ -2051,10 +2055,18 @@ static int invalid_utf8_regression_tests(void) + total++; + + result = 1; +- if (!run_invalid_utf8_test(current, total - 1, 0, ccontext, mdata)) +- result = 0; +- if (!run_invalid_utf8_test(current, total - 1, 1, ccontext, mdata)) +- result = 0; ++ if (current->pattern[1] != &invalid_utf8_newline_cr) ++ { ++ if (!run_invalid_utf8_test(current, total - 1, 0, ccontext, mdata)) ++ result = 0; ++ if (!run_invalid_utf8_test(current, total - 1, 1, ccontext, mdata)) ++ result = 0; ++ } else { ++ pcre2_set_newline_8(ccontext, PCRE2_NEWLINE_CR); ++ if (!run_invalid_utf8_test(current, total - 1, 0, ccontext, mdata)) ++ result = 0; ++ pcre2_set_newline_8(ccontext, PCRE2_NEWLINE_ANY); ++ } + + if (result) { + successful++; +@@ -2128,7 +2140,7 @@ static PCRE2_UCHAR16 test16_10[] = { ' ', 0xdc00, 0xd800, 0x2028, '#', 0 }; + static PCRE2_UCHAR16 test16_11[] = { 0xdc00, 0xdc00, 0xd800, 0xdc00, 0xdc00, '#', 0xd800, 0xdc00, '#', 0 }; + static PCRE2_UCHAR16 test16_12[] = { '#', 0xd800, 0xdc00, 0xd800, '#', 0xd800, 0xdc00, 0xdc00, 0xdc00, '#', 0xd800, 0xdc00, '#', 0 }; + +-static struct invalid_utf16_regression_test_case invalid_utf16_regression_test_cases[] = { ++static const struct invalid_utf16_regression_test_case invalid_utf16_regression_test_cases[] = { + { UDA, CI, 0, 0, 0, 0, 1, { allany16, NULL }, test16_1 }, + { UDA, CI, 1, 0, 0, 1, 2, { allany16, NULL }, test16_1 }, + { UDA, CI, 2, 0, 0, 2, 3, { allany16, NULL }, test16_1 }, +@@ -2182,7 +2194,7 @@ static struct invalid_utf16_regression_test_case invalid_utf16_regression_test_c + #undef CI + #undef CPI + +-static int run_invalid_utf16_test(struct invalid_utf16_regression_test_case *current, ++static int run_invalid_utf16_test(const struct invalid_utf16_regression_test_case *current, + int pattern_index, int i, pcre2_compile_context_16 *ccontext, pcre2_match_data_16 *mdata) + { + pcre2_code_16 *code; +@@ -2242,7 +2254,7 @@ static int run_invalid_utf16_test(struct invalid_utf16_regression_test_case *cur + + static int invalid_utf16_regression_tests(void) + { +- struct invalid_utf16_regression_test_case *current; ++ const struct invalid_utf16_regression_test_case *current; + pcre2_compile_context_16 *ccontext; + pcre2_match_data_16 *mdata; + int total = 0, successful = 0; +@@ -2329,7 +2341,7 @@ static PCRE2_UCHAR32 test32_4[] = { '#', 0x10ffff, 0x110000, 0 }; + static PCRE2_UCHAR32 test32_5[] = { ' ', 0x2028, '#', 0 }; + static PCRE2_UCHAR32 test32_6[] = { ' ', 0x110000, 0x2028, '#', 0 }; + +-static struct invalid_utf32_regression_test_case invalid_utf32_regression_test_cases[] = { ++static const struct invalid_utf32_regression_test_case invalid_utf32_regression_test_cases[] = { + { UDA, CI, 0, 0, 0, 0, 1, { allany32, NULL }, test32_1 }, + { UDA, CI, 2, 0, 0, -1, -1, { allany32, NULL }, test32_1 }, + { UDA, CI, 0, 0, 0, 0, 1, { allany32, NULL }, test32_2 }, +@@ -2369,7 +2381,7 @@ static struct invalid_utf32_regression_test_case invalid_utf32_regression_test_c + #undef CI + #undef CPI + +-static int run_invalid_utf32_test(struct invalid_utf32_regression_test_case *current, ++static int run_invalid_utf32_test(const struct invalid_utf32_regression_test_case *current, + int pattern_index, int i, pcre2_compile_context_32 *ccontext, pcre2_match_data_32 *mdata) + { + pcre2_code_32 *code; +@@ -2429,7 +2441,7 @@ static int run_invalid_utf32_test(struct invalid_utf32_regression_test_case *cur + + static int invalid_utf32_regression_tests(void) + { +- struct invalid_utf32_regression_test_case *current; ++ const struct invalid_utf32_regression_test_case *current; + pcre2_compile_context_32 *ccontext; + pcre2_match_data_32 *mdata; + int total = 0, successful = 0; +-- +2.25.4 + diff --git a/pcre2-10.35-Fix-previous-commit-include-CET_CFLAGS-in-16-bit-and.patch b/pcre2-10.35-Fix-previous-commit-include-CET_CFLAGS-in-16-bit-and.patch new file mode 100644 index 0000000000000000000000000000000000000000..db710173c64e81ccc2271d3cc24b313223bb31cd --- /dev/null +++ b/pcre2-10.35-Fix-previous-commit-include-CET_CFLAGS-in-16-bit-and.patch @@ -0,0 +1,38 @@ +From 842cc30948723f3fe3e7e71ebcb18191ae5324ed Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Tue, 26 May 2020 15:18:35 +0000 +Subject: [PATCH 2/2] Fix previous commit: include CET_CFLAGS in 16-bit and + 32-bit builds under AutoTools. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1257 6239d852-aaf2-0410-a92c-79f79f948069 +Signed-off-by: Petr PísaÅ™ +--- + Makefile.am | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Makefile.am b/Makefile.am +index af6b92b..6a771a5 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -405,6 +405,7 @@ nodist_libpcre2_16_la_SOURCES = \ + libpcre2_16_la_CFLAGS = \ + -DPCRE2_CODE_UNIT_WIDTH=16 \ + $(VISIBILITY_CFLAGS) \ ++ $(CET_CFLAGS) \ + $(AM_CFLAGS) + libpcre2_16_la_LIBADD = + endif # WITH_PCRE2_16 +@@ -418,6 +419,7 @@ nodist_libpcre2_32_la_SOURCES = \ + libpcre2_32_la_CFLAGS = \ + -DPCRE2_CODE_UNIT_WIDTH=32 \ + $(VISIBILITY_CFLAGS) \ ++ $(CET_CFLAGS) \ + $(AM_CFLAGS) + libpcre2_32_la_LIBADD = + endif # WITH_PCRE2_32 +-- +2.25.4 + diff --git a/pcre2-10.35-Fix-read-overflow-for-invalid-VERSION-test-with-one-.patch b/pcre2-10.35-Fix-read-overflow-for-invalid-VERSION-test-with-one-.patch new file mode 100644 index 0000000000000000000000000000000000000000..596cefc571e91556bd32682b6b10ba57720fd4f7 --- /dev/null +++ b/pcre2-10.35-Fix-read-overflow-for-invalid-VERSION-test-with-one-.patch @@ -0,0 +1,56 @@ +From 4089a9d71445fbe48ce41dd5cb595dba88c18a26 Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Mon, 29 Jun 2020 15:35:49 +0000 +Subject: [PATCH] Fix read overflow for invalid VERSION test with one + fractional digit at the end of a pattern. Fixes ClusterFuzz 23779. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre2/code/trunk@1266 6239d852-aaf2-0410-a92c-79f79f948069 +Petr PísaÅ™: Ported to 10.35. +--- + src/pcre2_compile.c | 1 + + testdata/testinput2 | 2 ++ + testdata/testoutput2 | 3 +++ + +diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c +index 136d583..e811f12 100644 +--- a/src/pcre2_compile.c ++++ b/src/pcre2_compile.c +@@ -4331,6 +4331,7 @@ while (ptr < ptrend) + { + if (++ptr >= ptrend || !IS_DIGIT(*ptr)) goto BAD_VERSION_CONDITION; + minor = (*ptr++ - CHAR_0) * 10; ++ if (ptr >= ptrend) goto BAD_VERSION_CONDITION; + if (IS_DIGIT(*ptr)) minor += *ptr++ - CHAR_0; + if (ptr >= ptrend || *ptr != CHAR_RIGHT_PARENTHESIS) + goto BAD_VERSION_CONDITION; +diff --git a/testdata/testinput2 b/testdata/testinput2 +index c816c5f..47320eb 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -5864,4 +5864,6 @@ a)"xI + /"(*MARK:>" 00 "<).(?C1)."/hex,mark,no_start_optimize + AB + ++/(?(VERSION=0.0/ ++ + # End of testinput2 +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index c90efef..c06363a 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -17621,6 +17621,9 @@ Latest Mark: >\x00< + 0: AB + MK: >\x00< + ++/(?(VERSION=0.0/ ++Failed: error 179 at offset 14: syntax error or number too big in (?(VERSION condition ++ + # End of testinput2 + Error -70: PCRE2_ERROR_BADDATA (unknown error number) + Error -62: bad serialized data +-- +2.25.4 + diff --git a/pcre2-10.35.tar.bz2 b/pcre2-10.35.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..b2731a18ce0402c570da475345a63380b80a371f Binary files /dev/null and b/pcre2-10.35.tar.bz2 differ diff --git a/pcre2.spec b/pcre2.spec index 6d073eaaad3df945a7f67d22619b1c93cd3f038c..f0552a138c92e79a51b1cd25e0d430fab97de4e9 100644 --- a/pcre2.spec +++ b/pcre2.spec @@ -1,13 +1,24 @@ Name: pcre2 -Version: 10.33 -Release: 4 +Version: 10.35 +Release: 1 Summary: Perl Compatible Regular Expressions License: BSD URL: http://www.pcre.org/ Source0: https://ftp.pcre.org/pub/pcre/%{name}-%{version}.tar.bz2 -Patch0: Implement-a-check-on-the-number-of-capturing-parenth.patch -Patch1: CVE-2019-20454.patch +# Do no set RPATH if libdir is not /usr/lib +Patch0: pcre2-10.10-Fix-multilib.patch +# 1/2 Enable shadow stack built-in functions if -fcf-protection compiler flag is +Patch1: pcre2-10.35-Apply-H.J.-Lu-s-patch-to-pass-mshstk-to-the-compiler.patch +# 2/2 Enable shadow stack built-in functions if -fcf-protection compiler flag is +Patch2: pcre2-10.35-Fix-previous-commit-include-CET_CFLAGS-in-16-bit-and.patch +# Fix an infinite loop when a single-byte newline is search in JIT if an +Patch3: pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch +# Fix a buffer overread when parsing an unterminated VERSION condition with +# a single-digit minor number at the end of a regular expression, +Patch4: pcre2-10.35-Fix-read-overflow-for-invalid-VERSION-test-with-one-.patch +# Fix an early fail optimization with character ranges and a buffer overread +Patch5: pcre2-10.35-Fix-an-early-fail-optimization-issue-and-a-buffer-ov.patch BuildRequires: autoconf libtool automake coreutils gcc make readline-devel Obsoletes: pcre2-utf16 pcre2-utf32 pcre2-tools @@ -124,6 +135,12 @@ make check %{_pkgdocdir}/html/ %changelog +* Fri Jul 24 2020 zhangxingliang - 10.35-1 +- Type:update +- ID:NA +- SUG:NA +- DESC:update to 10.35 + * Tue Jun 2 2020 whoisxxx - 10.33-4 - DESC: Disable jit for RISC-V