Ubuntu
erlang package

Merge lp:~rdoering/ubuntu/lucid/erlang/fix-535090 into lp:ubuntu/lucid/erlang

  1. Lucid (10.04)
  2. fix-535090
  3. Merge into lucid
Proposed by Ralf Doering
Status: Merged
Merge reported by: James Westby
Merged at revision: not available
Proposed branch: lp:~rdoering/ubuntu/lucid/erlang/fix-535090
Merge into: lp:ubuntu/lucid/erlang
Diff against target: 97 lines (+77/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/pcre-crash.patch (+68/-0)
debian/patches/series (+2/-0)
To merge this branch: bzr merge lp:~rdoering/ubuntu/lucid/erlang/fix-535090
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+21161@code.launchpad.net

Description of the change

Fix for #535090

To post a comment you must log in.
Revision history for this message
Stefano Rivera (stefanor) wrote :

This has been merged and should be marked as such

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2009-12-22 02:56:21 +0000
+++ debian/changelog 2010-03-11 17:38:15 +0000
@@ -1,3 +1,10 @@
1erlang (1:13.b.3-dfsg-2ubuntu2) lucid; urgency=low
2
3 * CVE-2008-2371: outer level option with alternatives caused crash.
4 (LP: #535090).
5
6 -- Ralf Doering <rdoering@netsys-it.de> Thu, 11 Mar 2010 15:20:06 +0100
7
1erlang (1:13.b.3-dfsg-2ubuntu1) lucid; urgency=low8erlang (1:13.b.3-dfsg-2ubuntu1) lucid; urgency=low
29
3 * Merge with Debian testing; remaining Ubuntu changes:10 * Merge with Debian testing; remaining Ubuntu changes:
411
=== added file 'debian/patches/pcre-crash.patch'
--- debian/patches/pcre-crash.patch 1970-01-01 00:00:00 +0000
+++ debian/patches/pcre-crash.patch 2010-03-11 17:38:15 +0000
@@ -0,0 +1,68 @@
1Origin: upstream http://github.com/erlang/otp/commit/bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3
2Bug-Ubuntu: https://bugs.launchpad.net/bugs/535090
3Author: Michael Santos <michael.santos@gmail.com>
4Date: Wed Feb 10 15:19:48 2010 -0500
5
6 Fix CVE-2008-2371 (outer level option with alternatives caused crash).
7
8 The patch is from:
9 http://vcs.pcre.org/viewvc?revision=360&view=revision
10
11 Test case:
12 re:compile(<<"(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]">>, [unicode]).
13
14 An option change at the start of a pattern that had top-level
15 alternatives could cause overwriting and/or a crash.
16
17 This potential security problem was recorded as CVE-2008-2371.
18
19diff --git a/erts/emulator/pcre/pcre_compile.c b/erts/emulator/pcre/pcre_compile.c
20index 235617f..2974336 100644
21--- a/erts/emulator/pcre/pcre_compile.c
22+++ b/erts/emulator/pcre/pcre_compile.c
23@@ -4820,10 +4820,8 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */
24 both phases.
25
26 If we are not at the pattern start, compile code to change the ims
27- options if this setting actually changes any of them. We also pass the
28- new setting back so that it can be put at the start of any following
29- branches, and when this group ends (if we are in a group), a resetting
30- item can be compiled. */
31+ options if this setting actually changes any of them, and reset the
32+ greedy defaults and the case value for firstbyte and reqbyte. */
33
34 if (*ptr == ')')
35 {
36@@ -4831,7 +4829,6 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */
37 (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
38 {
39 cd->external_options = newoptions;
40- options = newoptions;
41 }
42 else
43 {
44@@ -4840,17 +4837,17 @@ we set the flag only if there is a literal "\r" or "\n" in the class. */
45 *code++ = OP_OPT;
46 *code++ = newoptions & PCRE_IMS;
47 }
48-
49- /* Change options at this level, and pass them back for use
50- in subsequent branches. Reset the greedy defaults and the case
51- value for firstbyte and reqbyte. */
52-
53- *optionsptr = options = newoptions;
54 greedy_default = ((newoptions & PCRE_UNGREEDY) != 0);
55 greedy_non_default = greedy_default ^ 1;
56- req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
57+ req_caseopt = ((newoptions & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
58 }
59
60+ /* Change options at this level, and pass them back for use
61+ in subsequent branches. When not at the start of the pattern, this
62+ information is also necessary so that a resetting item can be
63+ compiled at the end of a group (if we are in a group). */
64+
65+ *optionsptr = options = newoptions;
66 previous = NULL; /* This item can't be repeated */
67 continue; /* It is complete */
68 }
069
=== modified file 'debian/patches/series'
--- debian/patches/series 2009-12-22 02:56:21 +0000
+++ debian/patches/series 2010-03-11 17:38:15 +0000
@@ -8,3 +8,5 @@
8docs.patch8docs.patch
9#native.patch9#native.patch
10build-options.patch10build-options.patch
11pcre-crash.patch
12

Subscribers

People subscribed via source and target branches