Pullup ticket #4636 - requested by spz textproc/icu: security patch Revisions pulled up: - textproc/icu/Makefile 1.96 - textproc/icu/distinfo 1.52 - textproc/icu/patches/patch-CVE-2014-7923+7926 1.1 --- Module Name: pkgsrc Committed By: spz Date: Fri Mar 6 14:43:15 UTC 2015 Modified Files: pkgsrc/textproc/icu: Makefile distinfo Added Files: pkgsrc/textproc/icu/patches: patch-CVE-2014-7923+7926 Log Message: add patch for CVE-2014-7923 and CVE-2014-7926 found at https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fbdiff -r1.95 -r1.95.2.1 pkgsrc/textproc/icu/Makefile
(tron)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.95 2014/10/07 16:47:14 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.95.2.1 2015/03/09 19:31:21 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= icu4c-54_1-src | 3 | DISTNAME= icu4c-54_1-src | |
4 | PKGNAME= ${DISTNAME:S/4c//:S/-src//:S/_/./g} | 4 | PKGNAME= ${DISTNAME:S/4c//:S/-src//:S/_/./g} | |
5 | PKGREVISION= 1 | 5 | PKGREVISION= 2 | |
6 | CATEGORIES= textproc | 6 | CATEGORIES= textproc | |
7 | MASTER_SITES= http://download.icu-project.org/files/icu4c/${PKGVERSION_NOREV}/ | 7 | MASTER_SITES= http://download.icu-project.org/files/icu4c/${PKGVERSION_NOREV}/ | |
8 | EXTRACT_SUFX= .tgz | 8 | EXTRACT_SUFX= .tgz | |
9 | 9 | |||
10 | MAINTAINER= pkgsrc-users@NetBSD.org | 10 | MAINTAINER= pkgsrc-users@NetBSD.org | |
11 | HOMEPAGE= http://www.icu-project.org/ | 11 | HOMEPAGE= http://www.icu-project.org/ | |
12 | COMMENT= Robust and full-featured Unicode services | 12 | COMMENT= Robust and full-featured Unicode services | |
13 | LICENSE= mit | 13 | LICENSE= mit | |
14 | 14 | |||
15 | WRKSRC= ${WRKDIR}/icu/source | 15 | WRKSRC= ${WRKDIR}/icu/source | |
16 | USE_LANGUAGES= c c++ | 16 | USE_LANGUAGES= c c++ | |
17 | USE_TOOLS+= gmake | 17 | USE_TOOLS+= gmake | |
18 | TEST_TARGET= check | 18 | TEST_TARGET= check |
@@ -1,18 +1,19 @@ | @@ -1,18 +1,19 @@ | |||
1 | $NetBSD: distinfo,v 1.51 2014/10/26 19:46:48 bsiegert Exp $ | 1 | $NetBSD: distinfo,v 1.51.2.1 2015/03/09 19:31:21 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (icu4c-54_1-src.tgz) = 8c752490bbf31cea26e20246430cee67d48abe34 | 3 | SHA1 (icu4c-54_1-src.tgz) = 8c752490bbf31cea26e20246430cee67d48abe34 | |
4 | RMD160 (icu4c-54_1-src.tgz) = b1440e1a3330b12336742c881863a8de6a6d2235 | 4 | RMD160 (icu4c-54_1-src.tgz) = b1440e1a3330b12336742c881863a8de6a6d2235 | |
5 | Size (icu4c-54_1-src.tgz) = 25485678 bytes | 5 | Size (icu4c-54_1-src.tgz) = 25485678 bytes | |
6 | SHA1 (patch-CVE-2014-7923+7926) = cb5e355c6e5b4860c581a9743706b800d56dadf2 | |||
6 | SHA1 (patch-aa) = fd5c513e75ca17a46be4ed010455bda63731afff | 7 | SHA1 (patch-aa) = fd5c513e75ca17a46be4ed010455bda63731afff | |
7 | SHA1 (patch-ab) = 32f0e4c241535e37e4cad9b871ed3d36b4184199 | 8 | SHA1 (patch-ab) = 32f0e4c241535e37e4cad9b871ed3d36b4184199 | |
8 | SHA1 (patch-ac) = e7cee161315321d2580074054d87714b55319886 | 9 | SHA1 (patch-ac) = e7cee161315321d2580074054d87714b55319886 | |
9 | SHA1 (patch-acinclude.m4) = ab757e9bf7351e44edd92b96edbffc40acb44dae | 10 | SHA1 (patch-acinclude.m4) = ab757e9bf7351e44edd92b96edbffc40acb44dae | |
10 | SHA1 (patch-ad) = c2a9469bf896b5f0702d5795c3b1c2b394893663 | 11 | SHA1 (patch-ad) = c2a9469bf896b5f0702d5795c3b1c2b394893663 | |
11 | SHA1 (patch-af) = 6f41d58f258361e28ce3283e1b46f8a762b7c5dd | 12 | SHA1 (patch-af) = 6f41d58f258361e28ce3283e1b46f8a762b7c5dd | |
12 | SHA1 (patch-common_putil.cpp) = 3d35bdea709ded1ae5926729fb23995ca8734687 | 13 | SHA1 (patch-common_putil.cpp) = 3d35bdea709ded1ae5926729fb23995ca8734687 | |
13 | SHA1 (patch-common_putilimp.h) = a68faa97c2bffeecaca1586e26f5bbe48e71b262 | 14 | SHA1 (patch-common_putilimp.h) = a68faa97c2bffeecaca1586e26f5bbe48e71b262 | |
14 | SHA1 (patch-common_umutex.h) = 096d3e15ef7b84533456af4570ed70747a4ef70c | 15 | SHA1 (patch-common_umutex.h) = 096d3e15ef7b84533456af4570ed70747a4ef70c | |
15 | SHA1 (patch-common_unicode_platform.h) = 82786dff790782eb07cdc527061de33e771ec63c | 16 | SHA1 (patch-common_unicode_platform.h) = 82786dff790782eb07cdc527061de33e771ec63c | |
16 | SHA1 (patch-common_uposixdefs.h) = 02dedd10282961dec66673069796122b447dac33 | 17 | SHA1 (patch-common_uposixdefs.h) = 02dedd10282961dec66673069796122b447dac33 | |
17 | SHA1 (patch-config_icu-config-bottom) = 168b89ee9180d4ae545125866ee91eb004010501 | 18 | SHA1 (patch-config_icu-config-bottom) = 168b89ee9180d4ae545125866ee91eb004010501 | |
18 | SHA1 (patch-config_mh-scoosr5) = 47703dcc184f58c0382da3225f849424ab74d472 | 19 | SHA1 (patch-config_mh-scoosr5) = 47703dcc184f58c0382da3225f849424ab74d472 |
$NetBSD: patch-CVE-2014-7923+7926,v 1.1.2.2 2015/03/09 19:31:21 tron Exp $
patches for CVE-2014-7923 and CVE-2014-7926 from
https://chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fb
--- i18n/regexcmp.cpp.orig 2014-10-03 16:10:36.000000000 +0000
+++ i18n/regexcmp.cpp
@@ -2132,6 +2132,10 @@ void RegexCompile::handleCloseParen() {
int32_t patEnd = fRXPat->fCompiledPat->size() - 1;
int32_t minML = minMatchLength(fMatchOpenParen, patEnd);
int32_t maxML = maxMatchLength(fMatchOpenParen, patEnd);
+ if (URX_TYPE(maxML) != 0) {
+ error(U_REGEX_LOOK_BEHIND_LIMIT);
+ break;
+ }
if (maxML == INT32_MAX) {
error(U_REGEX_LOOK_BEHIND_LIMIT);
break;
@@ -2165,6 +2169,10 @@ void RegexCompile::handleCloseParen() {
int32_t patEnd = fRXPat->fCompiledPat->size() - 1;
int32_t minML = minMatchLength(fMatchOpenParen, patEnd);
int32_t maxML = maxMatchLength(fMatchOpenParen, patEnd);
+ if (URX_TYPE(maxML) != 0) {
+ error(U_REGEX_LOOK_BEHIND_LIMIT);
+ break;
+ }
if (maxML == INT32_MAX) {
error(U_REGEX_LOOK_BEHIND_LIMIT);
break;
@@ -2328,7 +2336,15 @@ UBool RegexCompile::compileInlineInterva
int32_t topOfBlock = blockTopLoc(FALSE);
if (fIntervalUpper == 0) {
// Pathological case. Attempt no matches, as if the block doesn't exist.
+ // Discard the generated code for the block.
+ // If the block included parens, discard the info pertaining to them as well.
fRXPat->fCompiledPat->setSize(topOfBlock);
+ if (fMatchOpenParen >= topOfBlock) {
+ fMatchOpenParen = -1;
+ }
+ if (fMatchCloseParen >= topOfBlock) {
+ fMatchCloseParen = -1;
+ }
return TRUE;
}
--- i18n/regexcmp.h.orig 2014-10-03 16:10:36.000000000 +0000
+++ i18n/regexcmp.h
@@ -187,7 +187,9 @@ private:
int32_t fMatchOpenParen; // The position in the compiled pattern
// of the slot reserved for a state save
// at the start of the most recently processed
- // parenthesized block.
+ // parenthesized block. Updated when processing
+ // a close to the location for the corresponding open.
+
int32_t fMatchCloseParen; // The position in the pattern of the first
// location after the most recently processed
// parenthesized block.
--- test/testdata/regextst.txt.orig 2014-10-03 16:09:58.000000000 +0000
+++ test/testdata/regextst.txt
@@ -1178,6 +1178,24 @@
"(?<=a{1,})bc" E "aaaa<0>bc</0>def" # U_REGEX_LOOK_BEHIND_LIMIT error.
"(?<=(?:){11})bc" "<0>bc</0>" # Empty (?:) expression.
+# Bug 11369
+# Incorrect optimization of patterns with a zero length quantifier {0}
+
+"(.|b)(|b){0}\$(?#xxx){3}(?>\D*)" "AAAAABBBBBCCCCCDDDDEEEEE"
+"(|b)ab(c)" "<0><1></1>ab<2>c</2></0>"
+"(|b){0}a{3}(D*)" "<0>aaa<2></2></0>"
+"(|b){0,1}a{3}(D*)" "<0><1></1>aaa<2></2></0>"
+"((|b){0})a{3}(D*)" "<0><1></1>aaa<3></3></0>"
+
+# Bug 11370
+# Max match length computation of look-behind expression gives result that is too big to fit in the
+# in the 24 bit operand portion of the compiled code. Expressions should fail to compile
+# (Look-behind match length must be bounded. This case is treated as unbounded, an error.)
+
+"(?<!(0123456789a){10000000})x" E "no match"
+"(?<!\\ubeaf(\\ubeaf{11000}){11000})" E "no match"
+
+
# Bug 10835
# Match Start Set not being correctly computed for case insensitive patterns.
# (Test here is to dump the compiled pattern & manually check the start set.)