summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Hoffmann <hoffie@gentoo.org>2008-02-02 21:54:59 +0000
committerChristian Hoffmann <hoffie@gentoo.org>2008-02-02 21:54:59 +0000
commit03dec136346b675bde7da4fa2f87c7f466a31957 (patch)
treecf2e8eb0eb19b15ed00c5a3efb3b28d80ef11c70 /dev-libs
parentdisable gtk (bug #168172) (diff)
downloadgentoo-2-03dec136346b675bde7da4fa2f87c7f466a31957.tar.gz
gentoo-2-03dec136346b675bde7da4fa2f87c7f466a31957.tar.bz2
gentoo-2-03dec136346b675bde7da4fa2f87c7f466a31957.zip
adding patch for CVE-2007-{4770,4771} per bug #208001, thanks to jakub
(Portage version: 2.1.4.1)
Diffstat (limited to 'dev-libs')
-rw-r--r--dev-libs/icu/ChangeLog8
-rw-r--r--dev-libs/icu/files/icu-3.8-regexp-CVE-2007-4770+4771.diff305
-rw-r--r--dev-libs/icu/icu-3.8.1-r1.ebuild83
3 files changed, 395 insertions, 1 deletions
diff --git a/dev-libs/icu/ChangeLog b/dev-libs/icu/ChangeLog
index eb5cdd410fd0..44ffbfde1f22 100644
--- a/dev-libs/icu/ChangeLog
+++ b/dev-libs/icu/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for dev-libs/icu
# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/icu/ChangeLog,v 1.67 2008/01/04 13:34:10 jokey Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/icu/ChangeLog,v 1.68 2008/02/02 21:54:58 hoffie Exp $
+
+*icu-3.8.1-r1 (02 Feb 2008)
+
+ 02 Feb 2008; Christian Hoffmann <hoffie@gentoo.org>
+ +files/icu-3.8-regexp-CVE-2007-4770+4771.diff, +icu-3.8.1-r1.ebuild:
+ adding patch for CVE-2007-{4770,4771} per bug #208001, thanks to jakub
*icu-3.8.1 (04 Jan 2008)
diff --git a/dev-libs/icu/files/icu-3.8-regexp-CVE-2007-4770+4771.diff b/dev-libs/icu/files/icu-3.8-regexp-CVE-2007-4770+4771.diff
new file mode 100644
index 000000000000..545540a4cfc7
--- /dev/null
+++ b/dev-libs/icu/files/icu-3.8-regexp-CVE-2007-4770+4771.diff
@@ -0,0 +1,305 @@
+Index: /icu/branches/maint/maint-3-8/source/i18n/regexcmp.cpp
+===================================================================
+--- i18n/regexcmp.cpp (revision 21805)
++++ i18n/regexcmp.cpp (revision 23292)
+@@ -3,5 +3,5 @@
+ // file: regexcmp.cpp
+ //
+-// Copyright (C) 2002-2007 International Business Machines Corporation and others.
++// Copyright (C) 2002-2008 International Business Machines Corporation and others.
+ // All Rights Reserved.
+ //
+@@ -1187,12 +1187,15 @@
+ // we fill the operand with the capture group number. At the end
+ // of compilation, it will be changed to the variable's location.
+- U_ASSERT(groupNum > 0);
+- int32_t op;
+- if (fModeFlags & UREGEX_CASE_INSENSITIVE) {
+- op = URX_BUILD(URX_BACKREF_I, groupNum);
++ if (groupNum < 1) {
++ error(U_REGEX_INVALID_BACK_REF);
+ } else {
+- op = URX_BUILD(URX_BACKREF, groupNum);
+- }
+- fRXPat->fCompiledPat->addElement(op, *fStatus);
++ int32_t op;
++ if (fModeFlags & UREGEX_CASE_INSENSITIVE) {
++ op = URX_BUILD(URX_BACKREF_I, groupNum);
++ } else {
++ op = URX_BUILD(URX_BACKREF, groupNum);
++ }
++ fRXPat->fCompiledPat->addElement(op, *fStatus);
++ }
+ }
+ break;
+Index: /icu/branches/maint/maint-3-8/source/i18n/rematch.cpp
+===================================================================
+--- i18n/rematch.cpp (revision 21973)
++++ i18n/rematch.cpp (revision 23292)
+@@ -1,5 +1,5 @@
+ /*
+ **************************************************************************
+-* Copyright (C) 2002-2007 International Business Machines Corporation *
++* Copyright (C) 2002-2008 International Business Machines Corporation *
+ * and others. All rights reserved. *
+ **************************************************************************
+@@ -30,4 +30,13 @@
+
+ U_NAMESPACE_BEGIN
++
++// Limit the size of the back track stack, to avoid system failures caused
++// by heap exhaustion. Units are in 32 bit words, not bytes.
++// This value puts ICU's limits higher than most other regexp implementations,
++// which use recursion rather than the heap, and take more storage per
++// backtrack point.
++// This constant is _temporary_. Proper API to control the value will added.
++//
++static const int32_t BACKTRACK_STACK_CAPACITY = 8000000;
+
+ //-----------------------------------------------------------------------------
+@@ -54,6 +63,7 @@
+ if (fStack == NULL || fData == NULL) {
+ fDeferredStatus = U_MEMORY_ALLOCATION_ERROR;
+- }
+-
++ } else {
++ fStack->setMaxCapacity(BACKTRACK_STACK_CAPACITY);
++ }
+ reset(RegexStaticSets::gStaticSets->fEmptyString);
+ }
+@@ -79,4 +89,6 @@
+ if (fStack == NULL || fData == NULL) {
+ status = U_MEMORY_ALLOCATION_ERROR;
++ } else {
++ fStack->setMaxCapacity(BACKTRACK_STACK_CAPACITY);
+ }
+ reset(input);
+@@ -103,4 +115,6 @@
+ if (fStack == NULL || fData == NULL) {
+ status = U_MEMORY_ALLOCATION_ERROR;
++ } else {
++ fStack->setMaxCapacity(BACKTRACK_STACK_CAPACITY);
+ }
+ reset(RegexStaticSets::gStaticSets->fEmptyString);
+@@ -1015,4 +1029,12 @@
+ // push storage for a new frame.
+ int32_t *newFP = fStack->reserveBlock(frameSize, status);
++ if (newFP == NULL) {
++ // Heap allocation error on attempted stack expansion.
++ // We need to return a writable stack frame, so just return the
++ // previous frame. The match operation will stop quickly
++ // becuase of the error status, after which the frame will never
++ // be looked at again.
++ return fp;
++ }
+ fp = (REStackFrame *)(newFP - frameSize); // in case of realloc of stack.
+
+@@ -1030,6 +1052,6 @@
+ return (REStackFrame *)newFP;
+ }
+-
+-
++
++
+ //--------------------------------------------------------------------------------
+ //
+@@ -2262,4 +2284,5 @@
+
+ if (U_FAILURE(status)) {
++ isMatch = FALSE;
+ break;
+ }
+Index: /icu/branches/maint/maint-3-8/source/test/intltest/regextst.h
+===================================================================
+--- test/intltest/regextst.h (revision 22001)
++++ test/intltest/regextst.h (revision 23292)
+@@ -1,5 +1,5 @@
+ /********************************************************************
+ * COPYRIGHT:
+- * Copyright (c) 2002-2007, International Business Machines Corporation and
++ * Copyright (c) 2002-2008, International Business Machines Corporation and
+ * others. All Rights Reserved.
+ ********************************************************************/
+@@ -31,4 +31,5 @@
+ virtual void Errors();
+ virtual void PerlTests();
++ virtual void Bug6149();
+
+ // The following functions are internal to the regexp tests.
+Index: /icu/branches/maint/maint-3-8/source/test/intltest/regextst.cpp
+===================================================================
+--- test/intltest/regextst.cpp (revision 22057)
++++ test/intltest/regextst.cpp (revision 23292)
+@@ -1,5 +1,5 @@
+ /********************************************************************
+ * COPYRIGHT:
+- * Copyright (c) 2002-2007, International Business Machines Corporation and
++ * Copyright (c) 2002-2008, International Business Machines Corporation and
+ * others. All Rights Reserved.
+ ********************************************************************/
+@@ -67,4 +67,8 @@
+ if (exec) PerlTests();
+ break;
++ case 7: name = "Bug 6149";
++ if (exec) Bug6149();
++ break;
++
+
+
+@@ -1640,4 +1644,10 @@
+ // Ticket 5389
+ REGEX_ERR("*c", 1, 1, U_REGEX_RULE_SYNTAX);
++
++ // Invalid Back Reference \0
++ // For ICU 3.8 and earlier
++ // For ICU versions newer than 3.8, \0 introduces an octal escape.
++ //
++ REGEX_ERR("(ab)\\0", 1, 6, U_REGEX_INVALID_BACK_REF);
+
+ }
+@@ -2123,4 +2133,24 @@
+
+
++//--------------------------------------------------------------
++//
++// Bug6149 Verify limits to heap expansion for backtrack stack.
++// Use this pattern,
++// "(a?){1,}"
++// The zero-length match will repeat forever.
++// (That this goes into a loop is another bug)
++//
++//---------------------------------------------------------------
++void RegexTest::Bug6149() {
++ UnicodeString pattern("(a?){1,}");
++ UnicodeString s("xyz");
++ uint32_t flags = 0;
++ UErrorCode status = U_ZERO_ERROR;
++
++ RegexMatcher matcher(pattern, s, flags, status);
++ UBool result = false;
++ REGEX_ASSERT_FAIL(result=matcher.matches(status), U_BUFFER_OVERFLOW_ERROR);
++ REGEX_ASSERT(result == FALSE);
++ }
+
+ #endif /* !UCONFIG_NO_REGULAR_EXPRESSIONS */
+Index: /icu/branches/maint/maint-3-8/source/common/uvectr32.cpp
+===================================================================
+--- common/uvectr32.cpp (revision 12958)
++++ common/uvectr32.cpp (revision 23292)
+@@ -1,5 +1,5 @@
+ /*
+ ******************************************************************************
+-* Copyright (C) 1999-2003, International Business Machines Corporation and *
++* Copyright (C) 1999-2008, International Business Machines Corporation and *
+ * others. All Rights Reserved. *
+ ******************************************************************************
+@@ -27,4 +27,5 @@
+ count(0),
+ capacity(0),
++ maxCapacity(0),
+ elements(NULL)
+ {
+@@ -35,4 +36,5 @@
+ count(0),
+ capacity(0),
++ maxCapacity(0),
+ elements(0)
+ {
+@@ -46,4 +48,7 @@
+ if (initialCapacity < 1) {
+ initialCapacity = DEFUALT_CAPACITY;
++ }
++ if (maxCapacity>0 && maxCapacity<initialCapacity) {
++ initialCapacity = maxCapacity;
+ }
+ elements = (int32_t *)uprv_malloc(sizeof(int32_t)*initialCapacity);
+@@ -190,19 +195,33 @@
+ if (capacity >= minimumCapacity) {
+ return TRUE;
+- } else {
+- int32_t newCap = capacity * 2;
+- if (newCap < minimumCapacity) {
+- newCap = minimumCapacity;
+- }
+- int32_t* newElems = (int32_t *)uprv_malloc(sizeof(int32_t)*newCap);
+- if (newElems == 0) {
+- status = U_MEMORY_ALLOCATION_ERROR;
+- return FALSE;
+- }
+- uprv_memcpy(newElems, elements, sizeof(elements[0]) * count);
+- uprv_free(elements);
+- elements = newElems;
+- capacity = newCap;
+- return TRUE;
++ }
++ if (maxCapacity>0 && minimumCapacity>maxCapacity) {
++ status = U_BUFFER_OVERFLOW_ERROR;
++ return FALSE;
++ }
++ int32_t newCap = capacity * 2;
++ if (newCap < minimumCapacity) {
++ newCap = minimumCapacity;
++ }
++ if (maxCapacity > 0 && newCap > maxCapacity) {
++ newCap = maxCapacity;
++ }
++ int32_t* newElems = (int32_t *)uprv_malloc(sizeof(int32_t)*newCap);
++ if (newElems == 0) {
++ status = U_MEMORY_ALLOCATION_ERROR;
++ return FALSE;
++ }
++ uprv_memcpy(newElems, elements, sizeof(elements[0]) * count);
++ uprv_free(elements);
++ elements = newElems;
++ capacity = newCap;
++ return TRUE;
++}
++
++void UVector32::setMaxCapacity(int32_t limit) {
++ U_ASSERT(limit >= 0);
++ maxCapacity = limit;
++ if (maxCapacity < 0) {
++ maxCapacity = 0;
+ }
+ }
+Index: /icu/branches/maint/maint-3-8/source/common/uvectr32.h
+===================================================================
+--- common/uvectr32.h (revision 19000)
++++ common/uvectr32.h (revision 23292)
+@@ -1,5 +1,5 @@
+ /*
+ **********************************************************************
+-* Copyright (C) 1999-2006, International Business Machines
++* Copyright (C) 1999-2008, International Business Machines
+ * Corporation and others. All Rights Reserved.
+ **********************************************************************
+@@ -62,4 +62,6 @@
+
+ int32_t capacity;
++
++ int32_t maxCapacity; // Limit beyond which capacity is not permitted to grow.
+
+ int32_t* elements;
+@@ -161,4 +163,12 @@
+ */
+ int32_t *getBuffer() const;
++
++ /**
++ * Set the maximum allowed buffer capacity for this vector/stack.
++ * Default with no limit set is unlimited, go until malloc() fails.
++ * A Limit of zero means unlimited capacity.
++ * Units are vector elements (32 bits each), not bytes.
++ */
++ void setMaxCapacity(int32_t limit);
+
+ /**
+@@ -222,5 +232,7 @@
+
+ inline int32_t *UVector32::reserveBlock(int32_t size, UErrorCode &status) {
+- ensureCapacity(count+size, status);
++ if (ensureCapacity(count+size, status) == FALSE) {
++ return NULL;
++ }
+ int32_t *rp = elements+count;
+ count += size;
+
diff --git a/dev-libs/icu/icu-3.8.1-r1.ebuild b/dev-libs/icu/icu-3.8.1-r1.ebuild
new file mode 100644
index 000000000000..66c98c129734
--- /dev/null
+++ b/dev-libs/icu/icu-3.8.1-r1.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/icu/icu-3.8.1-r1.ebuild,v 1.1 2008/02/02 21:54:58 hoffie Exp $
+
+inherit eutils versionator
+
+DESCRIPTION="International Components for Unicode"
+HOMEPAGE="http://www.icu-project.org/ http://ibm.com/software/globalization/icu/"
+
+BASEURI="http://download.icu-project.org/files/${PN}4c/${PV}"
+DOCS_PV="$(get_version_component_range 1-2)"
+DOCS_BASEURI="http://download.icu-project.org/files/${PN}4c/${DOCS_PV}"
+DOCS_PV="${DOCS_PV/./_}"
+SRCPKG="${PN}4c-${PV//./_}-src.tgz"
+USERGUIDE="${PN}-${DOCS_PV}-userguide.zip"
+APIDOCS="${PN}4c-${DOCS_PV}-docs.zip"
+
+SRC_URI="${BASEURI}/${SRCPKG}
+ doc? ( ${DOCS_BASEURI}/${USERGUIDE}
+ ${DOCS_BASEURI}/${APIDOCS} )"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="debug doc examples"
+
+DEPEND="doc? ( app-arch/unzip )"
+RDEPEND=""
+
+S=${WORKDIR}/${PN}/source
+
+src_unpack() {
+ unpack ${SRCPKG}
+ if use doc ; then
+ mkdir userguide
+ pushd ./userguide > /dev/null
+ unpack ${USERGUIDE}
+ popd
+
+ mkdir apidocs
+ pushd ./apidocs > /dev/null
+ unpack ${APIDOCS}
+ popd
+ fi
+
+ # See http://qa.openoffice.org/issues/show_bug.cgi?id=83146
+ # and http://bugs.icu-project.org/trac/ticket/5498 for details
+ cd "${S}"
+ epatch "${FILESDIR}"/${PN}-3.8-setBreakType-public.diff
+
+ # Bug 208001
+ epatch "${FILESDIR}"/${PN}-3.8-regexp-CVE-2007-4770+4771.diff
+
+ # do not hardcode used CFLAGS, LDFLAGS etc. into icu-config
+ # Bug 202059
+ # http://bugs.icu-project.org/trac/ticket/6102
+ for x in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS ; do
+ sed -i -e "/^${x} =.*/s:@${x}@::" config/Makefile.inc.in || die "sed failed"
+ done
+}
+
+src_compile() {
+ econf \
+ --enable-static \
+ $(use_enable debug) \
+ $(use_enable examples samples)
+
+ emake -j1 || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+
+ dohtml ../readme.html
+ dodoc ../unicode-license.txt
+ if use doc ; then
+ insinto /usr/share/doc/${PF}/html/userguide
+ doins -r "${WORKDIR}"/userguide/*
+
+ insinto /usr/share/doc/${PF}/html/apidocs
+ doins -r "${WORKDIR}"/apidocs/*
+ fi
+}