Ubuntu
erlang package

Merge lp:~rdoering/ubuntu/lucid/erlang/fix-535090 into lp:ubuntu/lucid/erlang

  1. Lucid (10.04)
  2. fix-535090
  3. Merge into lucid
Proposed by Ralf Doering
Status: Merged
Merge reported by: James Westby
Merged at revision: not available
Proposed branch: lp:~rdoering/ubuntu/lucid/erlang/fix-535090
Merge into: lp:ubuntu/lucid/erlang
Diff against target: 97 lines (+77/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/pcre-crash.patch (+68/-0)
debian/patches/series (+2/-0)
To merge this branch: bzr merge lp:~rdoering/ubuntu/lucid/erlang/fix-535090
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+21161@code.launchpad.net

Description of the change

Fix for #535090

To post a comment you must log in.
Revision history for this message
Stefano Rivera (stefanor) wrote :

This has been merged and should be marked as such

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2009-12-22 02:56:21 +0000
3+++ debian/changelog 2010-03-11 17:38:15 +0000
4@@ -1,3 +1,10 @@
5+erlang (1:13.b.3-dfsg-2ubuntu2) lucid; urgency=low
6+
7+ * CVE-2008-2371: outer level option with alternatives caused crash.
8+ (LP: #535090).
9+
10+ -- Ralf Doering <rdoering@netsys-it.de> Thu, 11 Mar 2010 15:20:06 +0100
11+
12 erlang (1:13.b.3-dfsg-2ubuntu1) lucid; urgency=low
13
14 * Merge with Debian testing; remaining Ubuntu changes:
15
16=== added file 'debian/patches/pcre-crash.patch'
17--- debian/patches/pcre-crash.patch 1970-01-01 00:00:00 +0000
18+++ debian/patches/pcre-crash.patch 2010-03-11 17:38:15 +0000
19@@ -0,0 +1,68 @@
20+Origin: upstream http://github.com/erlang/otp/commit/bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3
21+Bug-Ubuntu: https://bugs.launchpad.net/bugs/535090
22+Author: Michael Santos <michael.santos@gmail.com>
23+Date: Wed Feb 10 15:19:48 2010 -0500
24+
25+ Fix CVE-2008-2371 (outer level option with alternatives caused crash).
26+
27+ The patch is from:
28+ http://vcs.pcre.org/viewvc?revision=360&view=revision
29+
30+ Test case:
31+ re:compile(<<"(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]">>, [unicode]).
32+
33+ An option change at the start of a pattern that had top-level
34+ alternatives could cause overwriting and/or a crash.
35+
36+ This potential security problem was recorded as CVE-2008-2371.
37+
38+diff --git a/erts/emulator/pcre/pcre_compile.c b/erts/emulator/pcre/pcre_compile.c
39+index 235617f..2974336 100644
40+--- a/erts/emulator/pcre/pcre_compile.c
41++++ b/erts/emulator/pcre/pcre_compile.c
42+@@ -4820,10 +4820,8 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */
43+ both phases.
44+
45+ If we are not at the pattern start, compile code to change the ims
46+- options if this setting actually changes any of them. We also pass the
47+- new setting back so that it can be put at the start of any following
48+- branches, and when this group ends (if we are in a group), a resetting
49+- item can be compiled. */
50++ options if this setting actually changes any of them, and reset the
51++ greedy defaults and the case value for firstbyte and reqbyte. */
52+
53+ if (*ptr == ')')
54+ {
55+@@ -4831,7 +4829,6 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */
56+ (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
57+ {
58+ cd->external_options = newoptions;
59+- options = newoptions;
60+ }
61+ else
62+ {
63+@@ -4840,17 +4837,17 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */
64+ *code++ = OP_OPT;
65+ *code++ = newoptions & PCRE_IMS;
66+ }
67+-
68+- /* Change options at this level, and pass them back for use
69+- in subsequent branches. Reset the greedy defaults and the case
70+- value for firstbyte and reqbyte. */
71+-
72+- *optionsptr = options = newoptions;
73+ greedy_default = ((newoptions & PCRE_UNGREEDY) != 0);
74+ greedy_non_default = greedy_default ^ 1;
75+- req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
76++ req_caseopt = ((newoptions & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
77+ }
78+
79++ /* Change options at this level, and pass them back for use
80++ in subsequent branches. When not at the start of the pattern, this
81++ information is also necessary so that a resetting item can be
82++ compiled at the end of a group (if we are in a group). */
83++
84++ *optionsptr = options = newoptions;
85+ previous = NULL; /* This item can't be repeated */
86+ continue; /* It is complete */
87+ }
88
89=== modified file 'debian/patches/series'
90--- debian/patches/series 2009-12-22 02:56:21 +0000
91+++ debian/patches/series 2010-03-11 17:38:15 +0000
92@@ -8,3 +8,5 @@
93 docs.patch
94 #native.patch
95 build-options.patch
96+pcre-crash.patch
97+

Subscribers

People subscribed via source and target branches