diff options
author | Armin Kuster <akuster808@gmail.com> | 2017-11-03 12:54:46 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-07 13:25:31 +0000 |
commit | e14152226339a76d5192ff9a49d07ed044b071c4 (patch) | |
tree | f769565f62f3f6a08873a09d47af7bb10f1b4355 | |
parent | 2e2ba4597e80b451e98d8197a66ef9011a4701c1 (diff) | |
download | poky-e14152226339a76d5192ff9a49d07ed044b071c4.tar.gz |
libpcre2: update to 10.30
LICENSE files changed:
Amend licence to relax its conditions for chains of binary distributions.
removed included patches
includes CVE-2017-8399
(From OE-Core rev: d8ea0674d1feee803b75cf837e8d029619f8d663)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/libpcre/libpcre2/libpcre2-CVE-2017-7186.patch | 96 | ||||
-rw-r--r-- | meta/recipes-support/libpcre/libpcre2/libpcre2-CVE-2017-8786.patch | 93 | ||||
-rw-r--r-- | meta/recipes-support/libpcre/libpcre2_10.30.bb (renamed from meta/recipes-support/libpcre/libpcre2_10.23.bb) | 8 |
3 files changed, 3 insertions, 194 deletions
diff --git a/meta/recipes-support/libpcre/libpcre2/libpcre2-CVE-2017-7186.patch b/meta/recipes-support/libpcre/libpcre2/libpcre2-CVE-2017-7186.patch deleted file mode 100644 index bfa3bfeec9..0000000000 --- a/meta/recipes-support/libpcre/libpcre2/libpcre2-CVE-2017-7186.patch +++ /dev/null | |||
@@ -1,96 +0,0 @@ | |||
1 | libpcre2-10.23: Fix CVE-2017-7186 | ||
2 | |||
3 | A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the | ||
4 | library. For who is interested in a detailed description of the bug, will | ||
5 | follow a feedback from upstream: | ||
6 | |||
7 | This was a genuine bug in the 32-bit library. Thanks for finding it. The crash | ||
8 | was caused by trying to find a Unicode property for a code value greater than | ||
9 | 0x10ffff, the Unicode maximum, when running in non-UTF mode (where character | ||
10 | values can be up to 0xffffffff). | ||
11 | |||
12 | The complete ASan output: | ||
13 | |||
14 | # pcretest -32 -d $FILE | ||
15 | ==14788==ERROR: AddressSanitizer: SEGV on unknown address 0x7f1bbffed4df (pc 0x7f1bbee3fe6b bp 0x7fff8b50d8c0 sp 0x7fff8b50d3a0 T0) | ||
16 | ==14788==The signal is caused by a READ memory access. | ||
17 | #0 0x7f1bbee3fe6a in match /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_exec.c:5473:18 | ||
18 | #1 0x7f1bbee09226 in pcre32_exec /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_exec.c:6936:8 | ||
19 | #2 0x527d6c in main /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcretest.c:5218:9 | ||
20 | #3 0x7f1bbddd678f in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289 | ||
21 | #4 0x41b438 in _init (/usr/bin/pcretest+0x41b438) | ||
22 | |||
23 | AddressSanitizer can not provide additional info. | ||
24 | SUMMARY: AddressSanitizer: SEGV /tmp/portage/dev-libs/libpcre-8.40/work/pcre-8.40/pcre_exec.c:5473:18 in match | ||
25 | ==14788==ABORTING | ||
26 | |||
27 | Upstream-Status: Backport [https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?view=patch&r1=316&r2=670&sortby=date \ | ||
28 | https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?view=patch&r1=600&r2=670&sortby=date] | ||
29 | CVE: CVE-2017-7186 | ||
30 | |||
31 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> | ||
32 | |||
33 | --- trunk/src/pcre2_ucd.c 2015/07/17 15:44:51 316 | ||
34 | +++ trunk/src/pcre2_ucd.c 2017/02/24 18:25:32 670 | ||
35 | @@ -41,6 +41,20 @@ | ||
36 | |||
37 | const char *PRIV(unicode_version) = "8.0.0"; | ||
38 | |||
39 | +/* If the 32-bit library is run in non-32-bit mode, character values | ||
40 | +greater than 0x10ffff may be encountered. For these we set up a | ||
41 | +special record. */ | ||
42 | + | ||
43 | +#if PCRE2_CODE_UNIT_WIDTH == 32 | ||
44 | +const ucd_record PRIV(dummy_ucd_record)[] = {{ | ||
45 | + ucp_Common, /* script */ | ||
46 | + ucp_Cn, /* type unassigned */ | ||
47 | + ucp_gbOther, /* grapheme break property */ | ||
48 | + 0, /* case set */ | ||
49 | + 0, /* other case */ | ||
50 | + }}; | ||
51 | +#endif | ||
52 | + | ||
53 | /* When recompiling tables with a new Unicode version, please check the | ||
54 | types in this structure definition from pcre2_internal.h (the actual | ||
55 | field names will be different): | ||
56 | --- trunk/src/pcre2_internal.h 2016/11/19 12:46:24 600 | ||
57 | +++ trunk/src/pcre2_internal.h 2017/02/24 18:25:32 670 | ||
58 | @@ -1774,10 +1774,17 @@ | ||
59 | /* UCD access macros */ | ||
60 | |||
61 | #define UCD_BLOCK_SIZE 128 | ||
62 | -#define GET_UCD(ch) (PRIV(ucd_records) + \ | ||
63 | +#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \ | ||
64 | PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \ | ||
65 | UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE]) | ||
66 | |||
67 | +#if PCRE2_CODE_UNIT_WIDTH == 32 | ||
68 | +#define GET_UCD(ch) ((ch > MAX_UTF_CODE_POINT)? \ | ||
69 | + PRIV(dummy_ucd_record) : REAL_GET_UCD(ch)) | ||
70 | +#else | ||
71 | +#define GET_UCD(ch) REAL_GET_UCD(ch) | ||
72 | +#endif | ||
73 | + | ||
74 | #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype | ||
75 | #define UCD_SCRIPT(ch) GET_UCD(ch)->script | ||
76 | #define UCD_CATEGORY(ch) PRIV(ucp_gentype)[UCD_CHARTYPE(ch)] | ||
77 | @@ -1834,6 +1841,9 @@ | ||
78 | #define _pcre2_default_compile_context PCRE2_SUFFIX(_pcre2_default_compile_context_) | ||
79 | #define _pcre2_default_match_context PCRE2_SUFFIX(_pcre2_default_match_context_) | ||
80 | #define _pcre2_default_tables PCRE2_SUFFIX(_pcre2_default_tables_) | ||
81 | +#if PCRE2_CODE_UNIT_WIDTH == 32 | ||
82 | +#define _pcre2_dummy_ucd_record PCRE2_SUFFIX(_pcre2_dummy_ucd_record_) | ||
83 | +#endif | ||
84 | #define _pcre2_hspace_list PCRE2_SUFFIX(_pcre2_hspace_list_) | ||
85 | #define _pcre2_vspace_list PCRE2_SUFFIX(_pcre2_vspace_list_) | ||
86 | #define _pcre2_ucd_caseless_sets PCRE2_SUFFIX(_pcre2_ucd_caseless_sets_) | ||
87 | @@ -1858,6 +1868,9 @@ | ||
88 | extern const uint32_t PRIV(vspace_list)[]; | ||
89 | extern const uint32_t PRIV(ucd_caseless_sets)[]; | ||
90 | extern const ucd_record PRIV(ucd_records)[]; | ||
91 | +#if PCRE2_CODE_UNIT_WIDTH == 32 | ||
92 | +extern const ucd_record PRIV(dummy_ucd_record)[]; | ||
93 | +#endif | ||
94 | extern const uint8_t PRIV(ucd_stage1)[]; | ||
95 | extern const uint16_t PRIV(ucd_stage2)[]; | ||
96 | extern const uint32_t PRIV(ucp_gbtable)[]; | ||
diff --git a/meta/recipes-support/libpcre/libpcre2/libpcre2-CVE-2017-8786.patch b/meta/recipes-support/libpcre/libpcre2/libpcre2-CVE-2017-8786.patch deleted file mode 100644 index eafafc1f69..0000000000 --- a/meta/recipes-support/libpcre/libpcre2/libpcre2-CVE-2017-8786.patch +++ /dev/null | |||
@@ -1,93 +0,0 @@ | |||
1 | libpcre2-10.23: Fix CVE-2017-8786 | ||
2 | |||
3 | The pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of | ||
4 | service (heap-based buffer overflow) or possibly have unspecified other impact | ||
5 | via a crafted regular expression. | ||
6 | |||
7 | Upstream-Status: Backport [https://vcs.pcre.org/pcre2/code/trunk/src/pcre2test.c?r1=692&r2=697&view=patch] | ||
8 | CVE: CVE-2017-8786 | ||
9 | |||
10 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> | ||
11 | |||
12 | --- trunk/src/pcre2test.c 2017/03/21 16:18:54 692 | ||
13 | +++ trunk/src/pcre2test.c 2017/03/21 18:36:13 697 | ||
14 | @@ -1017,9 +1017,9 @@ | ||
15 | if (test_mode == PCRE8_MODE) \ | ||
16 | r = pcre2_get_error_message_8(a,G(b,8),G(G(b,8),_size)); \ | ||
17 | else if (test_mode == PCRE16_MODE) \ | ||
18 | - r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size)); \ | ||
19 | + r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2)); \ | ||
20 | else \ | ||
21 | - r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size)) | ||
22 | + r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4)) | ||
23 | |||
24 | #define PCRE2_GET_OVECTOR_COUNT(a,b) \ | ||
25 | if (test_mode == PCRE8_MODE) \ | ||
26 | @@ -1399,6 +1399,9 @@ | ||
27 | |||
28 | /* ----- Common macros for two-mode cases ----- */ | ||
29 | |||
30 | +#define BYTEONE (BITONE/8) | ||
31 | +#define BYTETWO (BITTWO/8) | ||
32 | + | ||
33 | #define CASTFLD(t,a,b) \ | ||
34 | ((test_mode == G(G(PCRE,BITONE),_MODE))? (t)(G(a,BITONE)->b) : \ | ||
35 | (t)(G(a,BITTWO)->b)) | ||
36 | @@ -1481,9 +1484,9 @@ | ||
37 | |||
38 | #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \ | ||
39 | if (test_mode == G(G(PCRE,BITONE),_MODE)) \ | ||
40 | - r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size)); \ | ||
41 | + r = G(pcre2_get_error_message_,BITONE)(a,G(b,BITONE),G(G(b,BITONE),_size/BYTEONE)); \ | ||
42 | else \ | ||
43 | - r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size)) | ||
44 | + r = G(pcre2_get_error_message_,BITTWO)(a,G(b,BITTWO),G(G(b,BITTWO),_size/BYTETWO)) | ||
45 | |||
46 | #define PCRE2_GET_OVECTOR_COUNT(a,b) \ | ||
47 | if (test_mode == G(G(PCRE,BITONE),_MODE)) \ | ||
48 | @@ -1904,7 +1907,7 @@ | ||
49 | #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \ | ||
50 | a = pcre2_dfa_match_16(G(b,16),(PCRE2_SPTR16)c,d,e,f,G(g,16),h,i,j) | ||
51 | #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \ | ||
52 | - r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size)) | ||
53 | + r = pcre2_get_error_message_16(a,G(b,16),G(G(b,16),_size/2)) | ||
54 | #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_16(G(b,16)) | ||
55 | #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_16(G(b,16)) | ||
56 | #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_16(G(a,16),b) | ||
57 | @@ -2000,7 +2003,7 @@ | ||
58 | #define PCRE2_DFA_MATCH(a,b,c,d,e,f,g,h,i,j) \ | ||
59 | a = pcre2_dfa_match_32(G(b,32),(PCRE2_SPTR32)c,d,e,f,G(g,32),h,i,j) | ||
60 | #define PCRE2_GET_ERROR_MESSAGE(r,a,b) \ | ||
61 | - r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size)) | ||
62 | + r = pcre2_get_error_message_32(a,G(b,32),G(G(b,32),_size/4)) | ||
63 | #define PCRE2_GET_OVECTOR_COUNT(a,b) a = pcre2_get_ovector_count_32(G(b,32)) | ||
64 | #define PCRE2_GET_STARTCHAR(a,b) a = pcre2_get_startchar_32(G(b,32)) | ||
65 | #define PCRE2_JIT_COMPILE(r,a,b) r = pcre2_jit_compile_32(G(a,32),b) | ||
66 | @@ -2889,7 +2892,7 @@ | ||
67 | { | ||
68 | if (pbuffer32 != NULL) free(pbuffer32); | ||
69 | pbuffer32_size = 4*len + 4; | ||
70 | - if (pbuffer32_size < 256) pbuffer32_size = 256; | ||
71 | + if (pbuffer32_size < 512) pbuffer32_size = 512; | ||
72 | pbuffer32 = (uint32_t *)malloc(pbuffer32_size); | ||
73 | if (pbuffer32 == NULL) | ||
74 | { | ||
75 | @@ -7600,7 +7603,8 @@ | ||
76 | int errcode; | ||
77 | char *endptr; | ||
78 | |||
79 | -/* Ensure the relevant non-8-bit buffer is available. */ | ||
80 | +/* Ensure the relevant non-8-bit buffer is available. Ensure that it is at | ||
81 | +least 128 code units, because it is used for retrieving error messages. */ | ||
82 | |||
83 | #ifdef SUPPORT_PCRE2_16 | ||
84 | if (test_mode == PCRE16_MODE) | ||
85 | @@ -7620,7 +7624,7 @@ | ||
86 | #ifdef SUPPORT_PCRE2_32 | ||
87 | if (test_mode == PCRE32_MODE) | ||
88 | { | ||
89 | - pbuffer32_size = 256; | ||
90 | + pbuffer32_size = 512; | ||
91 | pbuffer32 = (uint32_t *)malloc(pbuffer32_size); | ||
92 | if (pbuffer32 == NULL) | ||
93 | { | ||
diff --git a/meta/recipes-support/libpcre/libpcre2_10.23.bb b/meta/recipes-support/libpcre/libpcre2_10.30.bb index ca2b028e1c..a7df055906 100644 --- a/meta/recipes-support/libpcre/libpcre2_10.23.bb +++ b/meta/recipes-support/libpcre/libpcre2_10.30.bb | |||
@@ -8,16 +8,14 @@ SUMMARY = "Perl Compatible Regular Expressions version 2" | |||
8 | HOMEPAGE = "http://www.pcre.org" | 8 | HOMEPAGE = "http://www.pcre.org" |
9 | SECTION = "devel" | 9 | SECTION = "devel" |
10 | LICENSE = "BSD" | 10 | LICENSE = "BSD" |
11 | LIC_FILES_CHKSUM = "file://LICENCE;md5=3de34df49e1fe3c3b59a08dff214488b" | 11 | LIC_FILES_CHKSUM = "file://LICENCE;md5=12d55e15a0c6da5c645ba40382bd3293" |
12 | 12 | ||
13 | SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \ | 13 | SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \ |
14 | file://pcre-cross.patch \ | 14 | file://pcre-cross.patch \ |
15 | file://libpcre2-CVE-2017-8786.patch \ | ||
16 | file://libpcre2-CVE-2017-7186.patch \ | ||
17 | " | 15 | " |
18 | 16 | ||
19 | SRC_URI[md5sum] = "b2cd00ca7e24049040099b0a46bb3649" | 17 | SRC_URI[md5sum] = "d3adf4b130eed854a530390f00020a65" |
20 | SRC_URI[sha256sum] = "dfc79b918771f02d33968bd34a749ad7487fa1014aeb787fad29dd392b78c56e" | 18 | SRC_URI[sha256sum] = "90bd41c605d30e3745771eb81928d779f158081a51b2f314bbcc1f73de5773db" |
21 | 19 | ||
22 | CVE_PRODUCT = "pcre2" | 20 | CVE_PRODUCT = "pcre2" |
23 | 21 | ||