Skip to content
Snippets Groups Projects
Commit c9ed17a6 authored by Jakub Jirutka's avatar Jakub Jirutka :flag_ua:
Browse files

main/pcre2: fix CVE-2022-1586 and CVE-2022-1587

parent fad72fd3
No related branches found
No related tags found
1 merge request!35314main/pcre2: fix CVE-2022-1586 and CVE-2022-1587 [v3.13]
Pipeline #125169 passed
......@@ -2,7 +2,7 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=pcre2
pkgver=10.36
pkgrel=0
pkgrel=1
pkgdesc="Perl-compatible regular expression library"
url="https://pcre.org/"
arch="all"
......@@ -11,7 +11,14 @@ depends_dev="libedit-dev zlib-dev"
makedepends="$depends_dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools
libpcre2-16:_libpcre libpcre2-32:_libpcre"
source="https://ftp.pcre.org/pub/pcre/pcre2-$pkgver.tar.gz"
source="https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$pkgver/pcre2-$pkgver.tar.gz
CVE-2022-1586.patch
CVE-2022-1587.patch
"
# secfixes:
# 10.36-r1:
# - CVE-2022-1586
# - CVE-2022-1587
case "$CARCH" in
s390x) _enable_jit="";; # https://bugs.exim.org/show_bug.cgi?id=2468
......@@ -70,4 +77,6 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
sha512sums="a776cda406aea4a30f5072b24fc41bafd580d92e6d7c782b3c5468570f58fb085184ff707d90d8e83662f578c4327178f5ff4236222d0b3ca07244ef70528aa8 pcre2-10.36.tar.gz"
sha512sums="a776cda406aea4a30f5072b24fc41bafd580d92e6d7c782b3c5468570f58fb085184ff707d90d8e83662f578c4327178f5ff4236222d0b3ca07244ef70528aa8 pcre2-10.36.tar.gz
b4dedf83b4bde5350d2e7830df60d229e8c00ad00f8182396dd890e8a4474eabb4d794e6de8893ab8c5921859fa39101ac7418d1a0d2bfcaa4010973a2415fa8 CVE-2022-1586.patch
67707353a4a6b5b7a63da304d827b66bbd6befda0c92dc9ca01d57f0dc214166c7564ccab2253334fbf3b222c73c2750a77fe3e7c11e0addab7c6347547e824e CVE-2022-1587.patch"
Patch-Source: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (modified)
--
From 50a51cb7e67268e6ad417eb07c9de9bfea5cc55a Mon Sep 17 00:00:00 2001
From: Zoltan Herczeg <hzmester@freemail.hu>
Date: Wed, 23 Mar 2022 07:53:25 +0000
Subject: [PATCH] Fixed a unicode properrty matching issue in JIT
diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
index e7dd26c5..94f6a588 100644
--- a/src/pcre2_jit_compile.c
+++ b/src/pcre2_jit_compile.c
@@ -7473,7 +7473,7 @@
{
SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP);
cc++;
- if (*cc == PT_CLIST)
+ if (*cc == PT_CLIST && *cc == XCL_PROP)
{
other_cases = PRIV(ucd_caseless_sets) + cc[1];
while (*other_cases != NOTACHAR)
diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c
index 3b57ce29..8450f0b6 100644
--- a/src/pcre2_jit_test.c
+++ b/src/pcre2_jit_test.c
@@ -410,6 +410,7 @@
{ MUP, A, 0, 0 | F_PROPERTY, "[\\P{L&}]{2}[^\xc2\x85-\xc2\x89\\p{Ll}\\p{Lu}]{2}", "\xc3\xa9\xe6\x92\xad.a\xe6\x92\xad|\xc2\x8a#" },
{ PCRE2_UCP, 0, 0, 0 | F_PROPERTY, "[a-b\\s]{2,5}[^a]", "AB baaa" },
{ MUP, 0, 0, 0 | F_NOMATCH, "[^\\p{Hangul}\\p{Z}]", " " },
+ { CMUP, 0, 0, 0, "[^S]\\B", "\xe2\x80\x8a" },
/* Possible empty brackets. */
{ MU, A, 0, 0, "(?:|ab||bc|a)+d", "abcxabcabd" },
This diff is collapsed.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment