system/pcre2: patch CVE-2019-20454 (#242)

64396768 · Max Rees · 4457bb5b · 64396768 · 64396768
Verified Commit 64396768 authored 5 years ago by Max Rees
--- a/system/pcre2/APKBUILD
+++ b/system/pcre2/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: 
 pkgname=pcre2
 pkgver=10.33
-pkgrel=0
+pkgrel=1
 pkgdesc="Perl-compatible regular expression library"
 url="https://pcre.org"
 arch="all"
@@ -12,7 +12,13 @@ depends_dev="libedit-dev zlib-dev"
 makedepends="$depends_dev"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-tools
 	libpcre2-16:_libpcre libpcre2-32:_libpcre"
-source="https://ftp.pcre.org/pub/pcre/$pkgname-$pkgver.tar.gz"
+source="https://ftp.pcre.org/pub/pcre/$pkgname-$pkgver.tar.gz
+	CVE-2019-20454.patch
+	"
+
+# secfixes:
+#   10.33-r1:
+#     - CVE-2019-20454

 case "$CARCH" in
 	s390x) _enable_jit="";;
@@ -62,4 +68,5 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }

-sha512sums="649983c7725e2fd2451ba89243b4c08c408fc279b7be3b2d225045cced3b0667ff6da4c9dd37510eb9e5aed6478aff54c2dbd1d92f4d0f1174579df9ec2c1882  pcre2-10.33.tar.gz"
+sha512sums="649983c7725e2fd2451ba89243b4c08c408fc279b7be3b2d225045cced3b0667ff6da4c9dd37510eb9e5aed6478aff54c2dbd1d92f4d0f1174579df9ec2c1882  pcre2-10.33.tar.gz
+07c43ccf130c1ed2b4f97036671f92e9c1d0100fd32c053b448e5dbdf976543c12f74568e37b661db7fbd603e815f5683a59cb2a9f9c307505dca3cb36db8120  CVE-2019-20454.patch"
--- a/system/pcre2/CVE-2019-20454.patch
+++ b/system/pcre2/CVE-2019-20454.patch
+Revision: 1091
+Author: ph10
+Date: Mon May 13 16:26:17 2019 UTC
+URL: https://vcs.pcre.org/pcre2?view=revision&revision=1091
+
+Fix crash when \X is used without UTF in JIT.
+
+--- a/testdata/testinput4	2019/05/11 11:43:39	1090
+++ b/testdata/testinput4	2019/05/13 16:26:17	1091
+@@ -2480,4 +2480,7 @@
+ /^(?'אABC'...)(?&אABC)/utf
+     123123123456
+ 
+/\X*/
+    \xF3aaa\xE4\xEA\xEB\xFEa
+
+ # End of testinput4
+--- a/testdata/testoutput4	2019/05/11 11:43:39	1090
+++ b/testdata/testoutput4	2019/05/13 16:26:17	1091
+@@ -4012,4 +4012,8 @@
+  0: 123123
+  1: 123
+ 
+/\X*/
+    \xF3aaa\xE4\xEA\xEB\xFEa
+ 0: \xf3aaa\xe4\xea\xeb\xfea
+
+ # End of testinput4
+
+Revision: 1092
+Author: ph10
+Date: Mon May 13 16:38:18 2019 UTC
+URL: https://vcs.pcre.org/pcre2?view=revision&revision=1092
+
+Forgot this file in previous commit. Fixes JIT non-UTF bug.
+
+--- a/src/pcre2_jit_compile.c	2019/05/13 16:26:17	1091
+++ b/src/pcre2_jit_compile.c	2019/05/13 16:38:18	1092
+@@ -8571,7 +8571,10 @@
+ PCRE2_SPTR bptr;
+ uint32_t c;
+ 
+-GETCHARINC(c, cc);
+/* Patch by PH */
+/* GETCHARINC(c, cc); */
+
+c = *cc++;
+ #if PCRE2_CODE_UNIT_WIDTH == 32
+ if (c >= 0x110000)
+   return NULL;