This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 4ffb9f95ad615e741954464e764ff4a70c38bf9b (commit) via dc942e1959c29353dff5858ac8825b68d0a7462c (commit) via f1a015425b64a5c0c489fed124c8fea5c8519cc5 (commit) via 0a0059c3e6a21a19f18542c170e57509a1eb53a3 (commit) from 20f79e190e0bc6431f91eb9f0e4fde0e3fad5e0e (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 4ffb9f95ad615e741954464e764ff4a70c38bf9b Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Wed Mar 30 19:31:30 2016 +0200
New package dmidecode
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit dc942e1959c29353dff5858ac8825b68d0a7462c Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Mar 31 11:12:25 2016 +0200
binutils 2.24: Fixes for rootfiles
Last builds were always complaining about changes in rootfiles...
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f1a015425b64a5c0c489fed124c8fea5c8519cc5 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 31 13:35:57 2016 +0100
pcre: Delete old patches
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0a0059c3e6a21a19f18542c170e57509a1eb53a3 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Mar 31 11:20:21 2016 +0200
pcre: Update to 8.38
Bugfix release
For complete changelog see: http://www.pcre.org/original/changelog.txt
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/armv5tel/binutils | 1 + config/rootfiles/common/i586/binutils | 1 + config/rootfiles/common/pcre | 2 +- config/rootfiles/common/x86_64/binutils | 1 + config/rootfiles/packages/dmidecode | 12 ++ lfs/{lame => dmidecode} | 19 ++- lfs/pcre | 11 +- make.sh | 1 + ...d-no-sysfs-option-description-to-h-output.patch | 15 ++ ...BIOS-nor-DMI-entry-point-found-on-SMBIOS3.patch | 26 +++ ...Let-read_file-return-the-actual-data-size.patch | 84 +++++++++ ...se-read_file-to-read-the-DMI-table-from-s.patch | 72 ++++++++ .../0005-nothing-should-go-into-usr-local.patch | 16 ++ .../pcre-8.37-Fix-another-buffer-overflow.patch | 110 ------------ ...overflow-for-forward-reference-within-bac.patch | 68 -------- ...overflow-for-named-recursive-back-referen.patch | 87 ---------- ...overflow-for-named-references-in-situatio.patch | 190 --------------------- ...orward-reference-to-duplicate-group-numbe.patch | 98 ----------- 18 files changed, 244 insertions(+), 570 deletions(-) create mode 100644 config/rootfiles/packages/dmidecode copy lfs/{lame => dmidecode} (78%) create mode 100644 src/patches/dmidecode/0001-Add-no-sysfs-option-description-to-h-output.patch create mode 100644 src/patches/dmidecode/0002-Fix-No-SMBIOS-nor-DMI-entry-point-found-on-SMBIOS3.patch create mode 100644 src/patches/dmidecode/0003-Let-read_file-return-the-actual-data-size.patch create mode 100644 src/patches/dmidecode/0004-dmidecode-Use-read_file-to-read-the-DMI-table-from-s.patch create mode 100644 src/patches/dmidecode/0005-nothing-should-go-into-usr-local.patch delete mode 100644 src/patches/pcre-8.37-Fix-another-buffer-overflow.patch delete mode 100644 src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch delete mode 100644 src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch delete mode 100644 src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch delete mode 100644 src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch
Difference in files: diff --git a/config/rootfiles/common/armv5tel/binutils b/config/rootfiles/common/armv5tel/binutils index ba64237..6fcd5ba 100644 --- a/config/rootfiles/common/armv5tel/binutils +++ b/config/rootfiles/common/armv5tel/binutils @@ -60,6 +60,7 @@ usr/lib/libopcodes-2.24.so #usr/share/info/bfd.info #usr/share/info/binutils.info #usr/share/info/configure.info +#usr/share/info/dir #usr/share/info/gprof.info #usr/share/info/ld.info #usr/share/info/standards.info diff --git a/config/rootfiles/common/i586/binutils b/config/rootfiles/common/i586/binutils index fd5bfb8..5f4c113 100644 --- a/config/rootfiles/common/i586/binutils +++ b/config/rootfiles/common/i586/binutils @@ -104,6 +104,7 @@ usr/lib/libopcodes-2.24.so #usr/share/info/bfd.info #usr/share/info/binutils.info #usr/share/info/configure.info +#usr/share/info/dir #usr/share/info/gprof.info #usr/share/info/ld.info #usr/share/info/standards.info diff --git a/config/rootfiles/common/pcre b/config/rootfiles/common/pcre index 8c4cc2a..1d6310f 100644 --- a/config/rootfiles/common/pcre +++ b/config/rootfiles/common/pcre @@ -10,7 +10,7 @@ #usr/lib/libpcre.la usr/lib/libpcre.so usr/lib/libpcre.so.1 -usr/lib/libpcre.so.1.2.5 +usr/lib/libpcre.so.1.2.6 #usr/lib/libpcrecpp.la usr/lib/libpcrecpp.so usr/lib/libpcrecpp.so.0 diff --git a/config/rootfiles/common/x86_64/binutils b/config/rootfiles/common/x86_64/binutils index b1f819c..bb0bf9b 100644 --- a/config/rootfiles/common/x86_64/binutils +++ b/config/rootfiles/common/x86_64/binutils @@ -104,6 +104,7 @@ #usr/share/info/bfd.info #usr/share/info/binutils.info #usr/share/info/configure.info +#usr/share/info/dir #usr/share/info/gprof.info #usr/share/info/ld.info #usr/share/info/standards.info diff --git a/config/rootfiles/packages/dmidecode b/config/rootfiles/packages/dmidecode new file mode 100644 index 0000000..8883958 --- /dev/null +++ b/config/rootfiles/packages/dmidecode @@ -0,0 +1,12 @@ +usr/sbin/biosdecode +usr/sbin/dmidecode +usr/sbin/ownership +usr/sbin/vpddecode +#usr/share/doc/dmidecode +#usr/share/doc/dmidecode/AUTHORS +#usr/share/doc/dmidecode/CHANGELOG +#usr/share/doc/dmidecode/README +#usr/share/man/man8/biosdecode.8 +#usr/share/man/man8/dmidecode.8 +#usr/share/man/man8/ownership.8 +#usr/share/man/man8/vpddecode.8 diff --git a/lfs/dmidecode b/lfs/dmidecode new file mode 100644 index 0000000..c8d5005 --- /dev/null +++ b/lfs/dmidecode @@ -0,0 +1,87 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2016 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 3.0 + +THISAPP = dmidecode-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = dmidecode +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = be7501ad0f844e875976b96106afaa3c + +install : $(TARGET) +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist:. + $(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dmidecode/0001-Add-no-sysfs-option-description-to-h-output.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dmidecode/0002-Fix-No-SMBIOS-nor-DMI-entry-point-found-on-SMBIOS3.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dmidecode/0003-Let-read_file-return-the-actual-data-size.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dmidecode/0004-dmidecode-Use-read_file-to-read-the-DMI-table-from-s.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dmidecode/0005-nothing-should-go-into-usr-local.patch + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/pcre b/lfs/pcre index fd66350..ddbd0b5 100644 --- a/lfs/pcre +++ b/lfs/pcre @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2016 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 8.37 +VER = 8.38
THISAPP = pcre-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6e0cc6d1bdac7a4308151f9b3571b86e +$(DL_FILE)_MD5 = 8a353fe1450216b6655dfcf3561716d9
install : $(TARGET)
@@ -70,11 +70,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-static \ diff --git a/make.sh b/make.sh index 8784dff..b32dfd2 100755 --- a/make.sh +++ b/make.sh @@ -856,6 +856,7 @@ buildipfire() { ipfiremake lua ipfiremake dnsdist ipfiremake bird + ipfiremake dmidecode }
buildinstaller() { diff --git a/src/patches/dmidecode/0001-Add-no-sysfs-option-description-to-h-output.patch b/src/patches/dmidecode/0001-Add-no-sysfs-option-description-to-h-output.patch new file mode 100644 index 0000000..4b6c117 --- /dev/null +++ b/src/patches/dmidecode/0001-Add-no-sysfs-option-description-to-h-output.patch @@ -0,0 +1,15 @@ +diff --git a/dmiopt.c b/dmiopt.c +index 0d142d2..de607f4 100644 +--- a/dmiopt.c ++++ b/dmiopt.c +@@ -314,6 +314,7 @@ void print_help(void) + " -u, --dump Do not decode the entries\n" + " --dump-bin FILE Dump the DMI data to a binary file\n" + " --from-dump FILE Read the DMI data from a binary file\n" ++ " --no-sysfs Do not attempt to read DMI data from sysfs files\n" + " -V, --version Display the version and exit\n"; + + printf("%s", help); +-- +2.1.4 + diff --git a/src/patches/dmidecode/0002-Fix-No-SMBIOS-nor-DMI-entry-point-found-on-SMBIOS3.patch b/src/patches/dmidecode/0002-Fix-No-SMBIOS-nor-DMI-entry-point-found-on-SMBIOS3.patch new file mode 100644 index 0000000..9f7db9c --- /dev/null +++ b/src/patches/dmidecode/0002-Fix-No-SMBIOS-nor-DMI-entry-point-found-on-SMBIOS3.patch @@ -0,0 +1,26 @@ +diff --git a/dmidecode.c b/dmidecode.c +index ce0511b..cfcade4 100644 +--- a/dmidecode.c ++++ b/dmidecode.c +@@ -4866,8 +4866,16 @@ int main(int argc, char * const argv[]) + goto exit_free; + } + +- if (smbios_decode(buf, opt.devmem, 0)) +- found++; ++ if (memcmp(buf, "_SM3_", 5) == 0) ++ { ++ if (smbios3_decode(buf, opt.devmem, 0)) ++ found++; ++ } ++ else if (memcmp(buf, "_SM_", 4) == 0) ++ { ++ if (smbios_decode(buf, opt.devmem, 0)) ++ found++; ++ } + goto done; + + memory_scan: +-- +2.1.4 + diff --git a/src/patches/dmidecode/0003-Let-read_file-return-the-actual-data-size.patch b/src/patches/dmidecode/0003-Let-read_file-return-the-actual-data-size.patch new file mode 100644 index 0000000..3fea6bc --- /dev/null +++ b/src/patches/dmidecode/0003-Let-read_file-return-the-actual-data-size.patch @@ -0,0 +1,84 @@ +diff --git a/dmidecode.c b/dmidecode.c +index 183ced4..a43cfd1 100644 +--- a/dmidecode.c ++++ b/dmidecode.c +@@ -4751,6 +4751,7 @@ int main(int argc, char * const argv[]) + int ret = 0; /* Returned value */ + int found = 0; + off_t fp; ++ size_t size; + int efi; + u8 *buf; + +@@ -4820,8 +4821,9 @@ int main(int argc, char * const argv[]) + * contain one of several types of entry points, so read enough for + * the largest one, then determine what type it contains. + */ ++ size = 0x20; + if (!(opt.flags & FLAG_NO_SYSFS) +- && (buf = read_file(0x20, SYS_ENTRY_FILE)) != NULL) ++ && (buf = read_file(&size, SYS_ENTRY_FILE)) != NULL) + { + if (!(opt.flags & FLAG_QUIET)) + printf("Getting SMBIOS data from sysfs.\n"); +diff --git a/util.c b/util.c +index f97ac0d..52ed413 100644 +--- a/util.c ++++ b/util.c +@@ -94,10 +94,11 @@ int checksum(const u8 *buf, size_t len) + * needs to be freed by the caller. + * This provides a similar usage model to mem_chunk() + * +- * Returns pointer to buffer of max_len bytes, or NULL on error ++ * Returns pointer to buffer of max_len bytes, or NULL on error, and ++ * sets max_len to the length actually read. + * + */ +-void *read_file(size_t max_len, const char *filename) ++void *read_file(size_t *max_len, const char *filename) + { + int fd; + size_t r2 = 0; +@@ -115,7 +116,7 @@ void *read_file(size_t max_len, const char *filename) + return(NULL); + } + +- if ((p = malloc(max_len)) == NULL) ++ if ((p = malloc(*max_len)) == NULL) + { + perror("malloc"); + return NULL; +@@ -123,7 +124,7 @@ void *read_file(size_t max_len, const char *filename) + + do + { +- r = read(fd, p + r2, max_len - r2); ++ r = read(fd, p + r2, *max_len - r2); + if (r == -1) + { + if (errno != EINTR) +@@ -140,6 +141,8 @@ void *read_file(size_t max_len, const char *filename) + while (r != 0); + + close(fd); ++ *max_len = r2; ++ + return p; + } + +diff --git a/util.h b/util.h +index 9d409cd..b8748f1 100644 +--- a/util.h ++++ b/util.h +@@ -25,7 +25,7 @@ + #define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0])) + + int checksum(const u8 *buf, size_t len); +-void *read_file(size_t len, const char *filename); ++void *read_file(size_t *len, const char *filename); + void *mem_chunk(off_t base, size_t len, const char *devmem); + int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add); + u64 u64_range(u64 start, u64 end); +-- +2.1.4 + diff --git a/src/patches/dmidecode/0004-dmidecode-Use-read_file-to-read-the-DMI-table-from-s.patch b/src/patches/dmidecode/0004-dmidecode-Use-read_file-to-read-the-DMI-table-from-s.patch new file mode 100644 index 0000000..45584b7 --- /dev/null +++ b/src/patches/dmidecode/0004-dmidecode-Use-read_file-to-read-the-DMI-table-from-s.patch @@ -0,0 +1,72 @@ +From 364055211b1956539c6a6268e111e244e1292c8c Mon Sep 17 00:00:00 2001 +From: Jean Delvare jdelvare@suse.de +Date: Mon, 2 Nov 2015 09:45:31 +0100 +Subject: [PATCH] dmidecode: Use read_file() to read the DMI table from sysfs + +We shouldn't use mem_chunk() to read the DMI table from sysfs. This +will fail for SMBIOS v3 implementations which specify a maximum length +for the table rather than its exact length. The kernel will trim the +table to the actual length, so the DMI file will be shorter than the +length announced in entry point. + +read_file() fits the bill in this case, as it deals with end of file +nicely. + +This also helps with corrupted DMI tables, as the kernel will not +export the part of the table that it wasn't able to parse, effectively +trimming it. + +This fixes bug #46176: +https://savannah.nongnu.org/bugs/?46176 +Unexpected end of file error +--- + CHANGELOG | 3 +++ + dmidecode.c | 29 +++++++++++++++++++++-------- + 2 files changed, 24 insertions(+), 8 deletions(-) + + +diff --git a/dmidecode.c b/dmidecode.c +index a43cfd1..16d1823 100644 +--- a/dmidecode.c ++++ b/dmidecode.c +@@ -4524,16 +4524,29 @@ static void dmi_table(off_t base, u32 len, u16 num, u16 ver, const char *devmem, + printf("\n"); + } + +- /* +- * When we are reading the DMI table from sysfs, we want to print +- * the address of the table (done above), but the offset of the +- * data in the file is 0. When reading from /dev/mem, the offset +- * in the file is the address. +- */ + if (flags & FLAG_NO_FILE_OFFSET) +- base = 0; ++ { ++ /* ++ * When reading from sysfs, the file may be shorter than ++ * announced. For SMBIOS v3 this is expcted, as we only know ++ * the maximum table size, not the actual table size. For older ++ * implementations (and for SMBIOS v3 too), this would be the ++ * result of the kernel truncating the table on parse error. ++ */ ++ size_t size = len; ++ buf = read_file(&size, devmem); ++ if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)len) ++ { ++ printf("Wrong DMI structures length: %u bytes " ++ "announced, only %lu bytes available.\n", ++ len, (unsigned long)size); ++ } ++ len = size; ++ } ++ else ++ buf = mem_chunk(base, len, devmem); + +- if ((buf = mem_chunk(base, len, devmem)) == NULL) ++ if (buf == NULL) + { + fprintf(stderr, "Table is unreachable, sorry." + #ifndef USE_MMAP +-- +2.1.4 + diff --git a/src/patches/dmidecode/0005-nothing-should-go-into-usr-local.patch b/src/patches/dmidecode/0005-nothing-should-go-into-usr-local.patch new file mode 100644 index 0000000..4c36dc5 --- /dev/null +++ b/src/patches/dmidecode/0005-nothing-should-go-into-usr-local.patch @@ -0,0 +1,16 @@ +diff --git a/Makefile b/Makefile +index 1f54a1f..8cb7c44 100644 +--- a/Makefile ++++ b/Makefile +@@ -30,7 +30,7 @@ CFLAGS += -O2 + LDFLAGS = + + DESTDIR = +-prefix = /usr/local ++prefix = /usr + sbindir = $(prefix)/sbin + mandir = $(prefix)/share/man + man8dir = $(mandir)/man8 +-- +2.1.4 + diff --git a/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch b/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch deleted file mode 100644 index 20ead09..0000000 --- a/src/patches/pcre-8.37-Fix-another-buffer-overflow.patch +++ /dev/null @@ -1,110 +0,0 @@ -From f6efcf125123199d446c5561266c3c3846ed9f30 Mon Sep 17 00:00:00 2001 -From: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Wed, 3 Jun 2015 16:51:59 +0000 -Subject: [PATCH] Fix another buffer overflow. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Ported to 8.37: - -commit 225f0d5eb16c7a26591a1e3f286c7476907b5a6a -Author: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Wed Jun 3 16:51:59 2015 +0000 - - Fix another buffer overflow. - - git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1562 2f5784b3-3f2a-0410-8824-cb99058d5e15 - -Signed-off-by: Petr Písař ppisar@redhat.com ---- - pcre_compile.c | 7 ++++++- - testdata/testinput2 | 2 ++ - testdata/testoutput11-16 | 2 +- - testdata/testoutput11-32 | 2 +- - testdata/testoutput11-8 | 2 +- - testdata/testoutput2 | 2 ++ - 6 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/pcre_compile.c b/pcre_compile.c -index 8b4aaef..f5d2384 100644 ---- a/pcre_compile.c -+++ b/pcre_compile.c -@@ -7210,7 +7210,12 @@ for (;; ptr++) - real compile this will be picked up and the reference wrapped with - OP_ONCE to make it atomic, so we must space in case this occurs. */ - -- if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE; -+ /* In fact, this can happen for a non-forward reference because -+ another group with the same number might be created later. This -+ issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance -+ only mode, we finesse the bug by allowing more memory always. */ -+ -+ /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE; - } - - /* In the real compile, search the name table. We check the name -diff --git a/testdata/testinput2 b/testdata/testinput2 -index 5cc9ce6..e12de3a 100644 ---- a/testdata/testinput2 -+++ b/testdata/testinput2 -@@ -4156,4 +4156,6 @@ backtracking verbs. --/ - - /(?=di(?<=(?1))|(?=(.))))/ - -+"(?J:(?|(?'R')(\k'R')|((?'R'))))" -+ - /-- End of testinput2 --/ -diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16 -index 422f2ad..e222e7c 100644 ---- a/testdata/testoutput11-16 -+++ b/testdata/testoutput11-16 -@@ -231,7 +231,7 @@ Memory allocation (code space): 73 - ------------------------------------------------------------------ - - /(?P<a>a)...(?P=a)bbb(?P>a)d/BM --Memory allocation (code space): 61 -+Memory allocation (code space): 77 - ------------------------------------------------------------------ - 0 24 Bra - 2 5 CBra 1 -diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32 -index d953ec8..9a80ec9 100644 ---- a/testdata/testoutput11-32 -+++ b/testdata/testoutput11-32 -@@ -231,7 +231,7 @@ Memory allocation (code space): 155 - ------------------------------------------------------------------ - - /(?P<a>a)...(?P=a)bbb(?P>a)d/BM --Memory allocation (code space): 125 -+Memory allocation (code space): 157 - ------------------------------------------------------------------ - 0 24 Bra - 2 5 CBra 1 -diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8 -index 6ec18ec..3adaca2 100644 ---- a/testdata/testoutput11-8 -+++ b/testdata/testoutput11-8 -@@ -231,7 +231,7 @@ Memory allocation (code space): 45 - ------------------------------------------------------------------ - - /(?P<a>a)...(?P=a)bbb(?P>a)d/BM --Memory allocation (code space): 38 -+Memory allocation (code space): 50 - ------------------------------------------------------------------ - 0 30 Bra - 3 7 CBra 1 -diff --git a/testdata/testoutput2 b/testdata/testoutput2 -index 4decb8d..5bad26c 100644 ---- a/testdata/testoutput2 -+++ b/testdata/testoutput2 -@@ -14428,4 +14428,6 @@ Failed: lookbehind assertion is not fixed length at offset 17 - /(?=di(?<=(?1))|(?=(.))))/ - Failed: unmatched parentheses at offset 23 - -+"(?J:(?|(?'R')(\k'R')|((?'R'))))" -+ - /-- End of testinput2 --/ --- -2.4.3 - diff --git a/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch b/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch deleted file mode 100644 index 16fd45c..0000000 --- a/src/patches/pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 354e1f8e921dcb9cf2f3a5eac93cd826d01a7d8a Mon Sep 17 00:00:00 2001 -From: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Tue, 23 Jun 2015 16:34:53 +0000 -Subject: [PATCH] Fix buffer overflow for forward reference within backward - assertion with excess closing parenthesis. Bugzilla 1651. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is upstream commit ported to 8.37: - -commit 764692f9aea9eab50fdba6cb537441d8b34c6c37 -Author: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Tue Jun 23 16:34:53 2015 +0000 - - Fix buffer overflow for forward reference within backward assertion with excess - closing parenthesis. Bugzilla 1651. - - git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1571 2f5784b3-3f2a-0410-8824-cb99058d5e15 - -It fixes CVE-2015-5073. - -Signed-off-by: Petr Písař ppisar@redhat.com ---- - pcre_compile.c | 2 +- - testdata/testinput2 | 2 ++ - testdata/testoutput2 | 3 +++ - 3 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/pcre_compile.c b/pcre_compile.c -index 6f06912..b66b1f6 100644 ---- a/pcre_compile.c -+++ b/pcre_compile.c -@@ -9392,7 +9392,7 @@ OP_RECURSE that are not fixed length get a diagnosic with a useful offset. The - exceptional ones forgo this. We scan the pattern to check that they are fixed - length, and set their lengths. */ - --if (cd->check_lookbehind) -+if (errorcode == 0 && cd->check_lookbehind) - { - pcre_uchar *cc = (pcre_uchar *)codestart; - -diff --git a/testdata/testinput2 b/testdata/testinput2 -index 83bb471..5cc9ce6 100644 ---- a/testdata/testinput2 -+++ b/testdata/testinput2 -@@ -4154,4 +4154,6 @@ backtracking verbs. --/ - - "(?J)(?'d'(?'d'\g{d}))" - -+/(?=di(?<=(?1))|(?=(.))))/ -+ - /-- End of testinput2 --/ -diff --git a/testdata/testoutput2 b/testdata/testoutput2 -index 7dff52a..4decb8d 100644 ---- a/testdata/testoutput2 -+++ b/testdata/testoutput2 -@@ -14425,4 +14425,7 @@ Failed: lookbehind assertion is not fixed length at offset 17 - - "(?J)(?'d'(?'d'\g{d}))" - -+/(?=di(?<=(?1))|(?=(.))))/ -+Failed: unmatched parentheses at offset 23 -+ - /-- End of testinput2 --/ --- -2.4.3 - diff --git a/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch b/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch deleted file mode 100644 index c97849f..0000000 --- a/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 68ff1beb43bb3d4d8838f3285c97023d1e50513a Mon Sep 17 00:00:00 2001 -From: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Fri, 15 May 2015 17:17:03 +0000 -Subject: [PATCH] Fix buffer overflow for named recursive back reference when - the name is duplicated. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upstream commit ported to pcre-8.37: - -commit 4b79af6b4cbeb5326ae5e4d83f3e935e00286c19 -Author: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Fri May 15 17:17:03 2015 +0000 - - Fix buffer overflow for named recursive back reference when the name is - duplicated. - - git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1558 2f5784b3-3f2a-0410-8824-cb99058d5e15 - -This fixes CVE-2015-3210. - -Signed-off-by: Petr Písař ppisar@redhat.com ---- - pcre_compile.c | 16 ++++++++++++++-- - testdata/testinput2 | 2 ++ - testdata/testoutput2 | 2 ++ - 3 files changed, 18 insertions(+), 2 deletions(-) - -diff --git a/pcre_compile.c b/pcre_compile.c -index 0efad26..6f06912 100644 ---- a/pcre_compile.c -+++ b/pcre_compile.c -@@ -7173,14 +7173,26 @@ for (;; ptr++) - number. If the name is not found, set the value to 0 for a forward - reference. */ - -+ recno = 0; - ng = cd->named_groups; - for (i = 0; i < cd->names_found; i++, ng++) - { - if (namelen == ng->length && - STRNCMP_UC_UC(name, ng->name, namelen) == 0) -- break; -+ { -+ open_capitem *oc; -+ recno = ng->number; -+ if (is_recurse) break; -+ for (oc = cd->open_caps; oc != NULL; oc = oc->next) -+ { -+ if (oc->number == recno) -+ { -+ oc->flag = TRUE; -+ break; -+ } -+ } -+ } - } -- recno = (i < cd->names_found)? ng->number : 0; - - /* Count named back references. */ - -diff --git a/testdata/testinput2 b/testdata/testinput2 -index 58fe53b..83bb471 100644 ---- a/testdata/testinput2 -+++ b/testdata/testinput2 -@@ -4152,4 +4152,6 @@ backtracking verbs. --/ - - /((?2){73}(?2))((?1))/ - -+"(?J)(?'d'(?'d'\g{d}))" -+ - /-- End of testinput2 --/ -diff --git a/testdata/testoutput2 b/testdata/testoutput2 -index b718df0..7dff52a 100644 ---- a/testdata/testoutput2 -+++ b/testdata/testoutput2 -@@ -14423,4 +14423,6 @@ Failed: lookbehind assertion is not fixed length at offset 17 - - /((?2){73}(?2))((?1))/ - -+"(?J)(?'d'(?'d'\g{d}))" -+ - /-- End of testinput2 --/ --- -2.4.3 - diff --git a/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch b/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch deleted file mode 100644 index ab1b962..0000000 --- a/src/patches/pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch +++ /dev/null @@ -1,190 +0,0 @@ -From b3f0b0dd971314df8f865e221aa1a88e75d6d1a6 Mon Sep 17 00:00:00 2001 -From: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Wed, 5 Aug 2015 15:38:32 +0000 -Subject: [PATCH] Fix buffer overflow for named references in (?| situations. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Ported for 8.37: - -commit 7af8e8717def179fd7b69e173abd347c1a3547cb -Author: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Wed Aug 5 15:38:32 2015 +0000 - - Fix buffer overflow for named references in (?| situations. - - git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1585 2f5784b3-3f2a-0410-8824-cb99058d5e15 - -Signed-off-by: Petr Písař ppisar@redhat.com ---- - pcre_compile.c | 74 ++++++++++++++++++++++++++++++---------------------- - pcre_internal.h | 1 + - testdata/testinput2 | 2 ++ - testdata/testoutput2 | 2 ++ - 4 files changed, 48 insertions(+), 31 deletions(-) - -diff --git a/pcre_compile.c b/pcre_compile.c -index f5d2384..5fe5c1d 100644 ---- a/pcre_compile.c -+++ b/pcre_compile.c -@@ -6641,6 +6641,7 @@ for (;; ptr++) - /* ------------------------------------------------------------ */ - case CHAR_VERTICAL_LINE: /* Reset capture count for each branch */ - reset_bracount = TRUE; -+ cd->dupgroups = TRUE; /* Record (?| encountered */ - /* Fall through */ - - /* ------------------------------------------------------------ */ -@@ -7151,7 +7152,8 @@ for (;; ptr++) - if (lengthptr != NULL) - { - named_group *ng; -- -+ recno = 0; -+ - if (namelen == 0) - { - *errorcodeptr = ERR62; -@@ -7168,32 +7170,6 @@ for (;; ptr++) - goto FAILED; - } - -- /* The name table does not exist in the first pass; instead we must -- scan the list of names encountered so far in order to get the -- number. If the name is not found, set the value to 0 for a forward -- reference. */ -- -- recno = 0; -- ng = cd->named_groups; -- for (i = 0; i < cd->names_found; i++, ng++) -- { -- if (namelen == ng->length && -- STRNCMP_UC_UC(name, ng->name, namelen) == 0) -- { -- open_capitem *oc; -- recno = ng->number; -- if (is_recurse) break; -- for (oc = cd->open_caps; oc != NULL; oc = oc->next) -- { -- if (oc->number == recno) -- { -- oc->flag = TRUE; -- break; -- } -- } -- } -- } -- - /* Count named back references. */ - - if (!is_recurse) cd->namedrefcount++; -@@ -7215,7 +7191,44 @@ for (;; ptr++) - issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance - only mode, we finesse the bug by allowing more memory always. */ - -- /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE; -+ *lengthptr += 2 + 2*LINK_SIZE; -+ -+ /* It is even worse than that. The current reference may be to an -+ existing named group with a different number (so apparently not -+ recursive) but which later on is also attached to a group with the -+ current number. This can only happen if $(| has been previous -+ encountered. In that case, we allow yet more memory, just in case. -+ (Again, this is fixed "properly" in PCRE2. */ -+ -+ if (cd->dupgroups) *lengthptr += 2 + 2*LINK_SIZE; -+ -+ /* Otherwise, check for recursion here. The name table does not exist -+ in the first pass; instead we must scan the list of names encountered -+ so far in order to get the number. If the name is not found, leave -+ the value of recno as 0 for a forward reference. */ -+ -+ else -+ { -+ ng = cd->named_groups; -+ for (i = 0; i < cd->names_found; i++, ng++) -+ { -+ if (namelen == ng->length && -+ STRNCMP_UC_UC(name, ng->name, namelen) == 0) -+ { -+ open_capitem *oc; -+ recno = ng->number; -+ if (is_recurse) break; -+ for (oc = cd->open_caps; oc != NULL; oc = oc->next) -+ { -+ if (oc->number == recno) -+ { -+ oc->flag = TRUE; -+ break; -+ } -+ } -+ } -+ } -+ } - } - - /* In the real compile, search the name table. We check the name -@@ -7262,8 +7275,6 @@ for (;; ptr++) - for (i++; i < cd->names_found; i++) - { - if (STRCMP_UC_UC(slot + IMM2_SIZE, cslot + IMM2_SIZE) != 0) break; -- -- - count++; - cslot += cd->name_entry_size; - } -@@ -9189,6 +9200,7 @@ cd->names_found = 0; - cd->name_entry_size = 0; - cd->name_table = NULL; - cd->dupnames = FALSE; -+cd->dupgroups = FALSE; - cd->namedrefcount = 0; - cd->start_code = cworkspace; - cd->hwm = cworkspace; -@@ -9223,7 +9235,7 @@ if (errorcode != 0) goto PCRE_EARLY_ERROR_RETURN; - - DPRINTF(("end pre-compile: length=%d workspace=%d\n", length, - (int)(cd->hwm - cworkspace))); -- -+ - if (length > MAX_PATTERN_SIZE) - { - errorcode = ERR20; -diff --git a/pcre_internal.h b/pcre_internal.h -index dd0ac7f..7ca6020 100644 ---- a/pcre_internal.h -+++ b/pcre_internal.h -@@ -2446,6 +2446,7 @@ typedef struct compile_data { - BOOL had_pruneorskip; /* (*PRUNE) or (*SKIP) encountered */ - BOOL check_lookbehind; /* Lookbehinds need later checking */ - BOOL dupnames; /* Duplicate names exist */ -+ BOOL dupgroups; /* Duplicate groups exist: (?| found */ - BOOL iscondassert; /* Next assert is a condition */ - int nltype; /* Newline type */ - int nllen; /* Newline string length */ -diff --git a/testdata/testinput2 b/testdata/testinput2 -index e12de3a..8e044f8 100644 ---- a/testdata/testinput2 -+++ b/testdata/testinput2 -@@ -4158,4 +4158,6 @@ backtracking verbs. --/ - - "(?J:(?|(?'R')(\k'R')|((?'R'))))" - -+/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/ -+ - /-- End of testinput2 --/ -diff --git a/testdata/testoutput2 b/testdata/testoutput2 -index 5bad26c..6019425 100644 ---- a/testdata/testoutput2 -+++ b/testdata/testoutput2 -@@ -14430,4 +14430,6 @@ Failed: unmatched parentheses at offset 23 - - "(?J:(?|(?'R')(\k'R')|((?'R'))))" - -+/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/ -+ - /-- End of testinput2 --/ --- -2.4.3 - diff --git a/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch b/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch deleted file mode 100644 index 837e86f..0000000 --- a/src/patches/pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 83ed574998fe7b844b98ab7cd56291068feb9e31 Mon Sep 17 00:00:00 2001 -From: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Sat, 16 May 2015 11:05:40 +0000 -Subject: [PATCH] Fix named forward reference to duplicate group number - overflow bug. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Port to 8.37: - -commit 2fa78aa4e42bcebf2d616c4ee89c012f29dc3447 -Author: ph10 ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15 -Date: Sat May 16 11:05:40 2015 +0000 - - Fix named forward reference to duplicate group number overflow bug. - - git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1559 2f5784b3-3f2a-0410-8824-cb99058d5e15 - -Signed-off-by: Petr Písař ppisar@redhat.com ---- - pcre_compile.c | 24 ++++++++++++++++-------- - testdata/testinput1 | 3 +++ - testdata/testoutput1 | 5 +++++ - 3 files changed, 24 insertions(+), 8 deletions(-) - -diff --git a/pcre_compile.c b/pcre_compile.c -index b66b1f6..8b4aaef 100644 ---- a/pcre_compile.c -+++ b/pcre_compile.c -@@ -7183,15 +7183,15 @@ for (;; ptr++) - open_capitem *oc; - recno = ng->number; - if (is_recurse) break; -- for (oc = cd->open_caps; oc != NULL; oc = oc->next) -- { -- if (oc->number == recno) -- { -- oc->flag = TRUE; -+ for (oc = cd->open_caps; oc != NULL; oc = oc->next) -+ { -+ if (oc->number == recno) -+ { -+ oc->flag = TRUE; - break; -- } -- } -- } -+ } -+ } -+ } - } - - /* Count named back references. */ -@@ -7203,6 +7203,14 @@ for (;; ptr++) - 16-bit data item. */ - - *lengthptr += IMM2_SIZE; -+ -+ /* If this is a forward reference and we are within a (?|...) group, -+ the reference may end up as the number of a group which we are -+ currently inside, that is, it could be a recursive reference. In the -+ real compile this will be picked up and the reference wrapped with -+ OP_ONCE to make it atomic, so we must space in case this occurs. */ -+ -+ if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE; - } - - /* In the real compile, search the name table. We check the name -diff --git a/testdata/testinput1 b/testdata/testinput1 -index 73c2f4d..8379ce0 100644 ---- a/testdata/testinput1 -+++ b/testdata/testinput1 -@@ -5730,4 +5730,7 @@ AbcdCBefgBhiBqz - "(?1)(?#?'){8}(a)" - baaaaaaaaac - -+"(?|(\k'Pm')|(?'Pm'))" -+ abcd -+ - /-- End of testinput1 --/ -diff --git a/testdata/testoutput1 b/testdata/testoutput1 -index 0a53fd0..e852ab9 100644 ---- a/testdata/testoutput1 -+++ b/testdata/testoutput1 -@@ -9429,4 +9429,9 @@ No match - 0: aaaaaaaaa - 1: a - -+"(?|(\k'Pm')|(?'Pm'))" -+ abcd -+ 0: -+ 1: -+ - /-- End of testinput1 --/ --- -2.4.3 -
hooks/post-receive -- IPFire 2.x development tree