[arch-commits] Commit in grep/repos (8 files)
Sébastien Luttringer
seblu at archlinux.org
Mon Mar 2 21:56:32 UTC 2015
Date: Monday, March 2, 2015 @ 22:56:31
Author: seblu
Revision: 232431
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
grep/repos/extra-i686/
grep/repos/extra-i686/CVE-2015-1345.patch
(from rev 232430, grep/trunk/CVE-2015-1345.patch)
grep/repos/extra-i686/PKGBUILD
(from rev 232430, grep/trunk/PKGBUILD)
grep/repos/extra-i686/grep.install
(from rev 232430, grep/trunk/grep.install)
grep/repos/extra-x86_64/
grep/repos/extra-x86_64/CVE-2015-1345.patch
(from rev 232430, grep/trunk/CVE-2015-1345.patch)
grep/repos/extra-x86_64/PKGBUILD
(from rev 232430, grep/trunk/PKGBUILD)
grep/repos/extra-x86_64/grep.install
(from rev 232430, grep/trunk/grep.install)
----------------------------------+
extra-i686/CVE-2015-1345.patch | 58 +++++++++++++++++++++++++++++++++++++
extra-i686/PKGBUILD | 44 ++++++++++++++++++++++++++++
extra-i686/grep.install | 18 +++++++++++
extra-x86_64/CVE-2015-1345.patch | 58 +++++++++++++++++++++++++++++++++++++
extra-x86_64/PKGBUILD | 44 ++++++++++++++++++++++++++++
extra-x86_64/grep.install | 18 +++++++++++
6 files changed, 240 insertions(+)
Copied: grep/repos/extra-i686/CVE-2015-1345.patch (from rev 232430, grep/trunk/CVE-2015-1345.patch)
===================================================================
--- extra-i686/CVE-2015-1345.patch (rev 0)
+++ extra-i686/CVE-2015-1345.patch 2015-03-02 21:56:31 UTC (rev 232431)
@@ -0,0 +1,58 @@
+From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001
+From: Yuliy Pisetsky <ypisetsky at fb.com>
+Date: Thu, 01 Jan 2015 23:36:55 +0000
+Subject: grep -F: fix a heap buffer (read) overrun
+
+grep's read buffer is often filled to its full size, except when
+reading the final buffer of a file. In that case, the number of
+bytes read may be far less than the size of the buffer. However, for
+certain unusual pattern/text combinations, grep -F would mistakenly
+examine bytes in that uninitialized region of memory when searching
+for a match. With carefully chosen inputs, one can cause grep -F to
+read beyond the end of that buffer altogether. This problem arose via
+commit v2.18-90-g73893ff with the introduction of a more efficient
+heuristic using what is now the memchr_kwset function. The use of
+that function in bmexec_trans could leave TP much larger than EP,
+and the subsequent call to bm_delta2_search would mistakenly access
+beyond end of the main input read buffer.
+
+* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
+do not call bm_delta2_search.
+* tests/kwset-abuse: New file.
+* tests/Makefile.am (TESTS): Add it.
+* THANKS.in: Update.
+* NEWS (Bug fixes): Mention it.
+
+Prior to this patch, this command would trigger a UMR:
+
+ printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
+
+ Use of uninitialised value of size 8
+ at 0x4142BE: bmexec_trans (kwset.c:657)
+ by 0x4143CA: bmexec (kwset.c:678)
+ by 0x414973: kwsexec (kwset.c:848)
+ by 0x414DC4: Fexecute (kwsearch.c:128)
+ by 0x404E2E: grepbuf (grep.c:1238)
+ by 0x4054BF: grep (grep.c:1417)
+ by 0x405CEB: grepdesc (grep.c:1645)
+ by 0x405EC1: grep_command_line_arg (grep.c:1692)
+ by 0x4077D4: main (grep.c:2570)
+
+See the accompanying test for how to trigger the heap buffer overrun.
+
+Thanks to Nima Aghdaii for testing and finding numerous
+ways to break early iterations of this patch.
+---
+diff --git a/src/kwset.c b/src/kwset.c
+index 4003c8d..376f7c3 100644
+--- a/src/kwset.c
++++ b/src/kwset.c
+@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
+ if (! tp)
+ return -1;
+ tp++;
++ if (ep <= tp)
++ break;
+ }
+ }
+ }
Copied: grep/repos/extra-i686/PKGBUILD (from rev 232430, grep/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2015-03-02 21:56:31 UTC (rev 232431)
@@ -0,0 +1,44 @@
+# $Id$
+# Maintainer: Sébastien Luttringer <seblu at archlinux.org>
+# Contributor: Allan McRae <allan at archlinux.org>
+# Contributor: judd <jvinet at zeroflux.org>
+
+pkgname=grep
+pkgver=2.21
+pkgrel=2
+pkgdesc='A string search utility'
+arch=('i686' 'x86_64')
+license=('GPL3')
+url='http://www.gnu.org/software/grep/grep.html'
+groups=('base' 'base-devel')
+depends=('glibc' 'pcre')
+makedepends=('texinfo')
+install=$pkgname.install
+validpgpkeys=('155D3FC500C834486D1EEA677FD9FCCB000BEEEE') # Jim Meyering
+source=("ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig}
+ 'CVE-2015-1345.patch')
+md5sums=('43c48064d6409862b8a850db83c8038a'
+ 'SKIP'
+ 'f9c8e95efcc1bd52d4af42cb4bff03aa')
+
+ prepare() {
+ cd $pkgname-$pkgver
+ # fix CVE-2015-1345
+ patch -Np1 < "${srcdir}/CVE-2015-1345.patch"
+ }
+
+build() {
+ cd $pkgname-$pkgver
+ ./configure --prefix=/usr --without-included-regex
+ make
+}
+
+check() {
+ cd $pkgname-$pkgver
+ make check
+}
+
+package() {
+ cd $pkgname-$pkgver
+ make DESTDIR=$pkgdir install
+}
Copied: grep/repos/extra-i686/grep.install (from rev 232430, grep/trunk/grep.install)
===================================================================
--- extra-i686/grep.install (rev 0)
+++ extra-i686/grep.install 2015-03-02 21:56:31 UTC (rev 232431)
@@ -0,0 +1,18 @@
+infodir=usr/share/info
+file=grep.info
+
+post_install() {
+ [[ -x usr/bin/install-info ]] || return 0
+ install-info "$infodir/$file.gz" "$infodir/dir" 2> /dev/null
+}
+
+post_upgrade() {
+ post_install "$1"
+}
+
+pre_remove() {
+ [[ -x usr/bin/install-info ]] || return 0
+ install-info --delete "$infodir/$file.gz" "$infodir/dir" 2> /dev/null
+}
+
+# vim:set ts=2 sw=2 ft=sh et:
Copied: grep/repos/extra-x86_64/CVE-2015-1345.patch (from rev 232430, grep/trunk/CVE-2015-1345.patch)
===================================================================
--- extra-x86_64/CVE-2015-1345.patch (rev 0)
+++ extra-x86_64/CVE-2015-1345.patch 2015-03-02 21:56:31 UTC (rev 232431)
@@ -0,0 +1,58 @@
+From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001
+From: Yuliy Pisetsky <ypisetsky at fb.com>
+Date: Thu, 01 Jan 2015 23:36:55 +0000
+Subject: grep -F: fix a heap buffer (read) overrun
+
+grep's read buffer is often filled to its full size, except when
+reading the final buffer of a file. In that case, the number of
+bytes read may be far less than the size of the buffer. However, for
+certain unusual pattern/text combinations, grep -F would mistakenly
+examine bytes in that uninitialized region of memory when searching
+for a match. With carefully chosen inputs, one can cause grep -F to
+read beyond the end of that buffer altogether. This problem arose via
+commit v2.18-90-g73893ff with the introduction of a more efficient
+heuristic using what is now the memchr_kwset function. The use of
+that function in bmexec_trans could leave TP much larger than EP,
+and the subsequent call to bm_delta2_search would mistakenly access
+beyond end of the main input read buffer.
+
+* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
+do not call bm_delta2_search.
+* tests/kwset-abuse: New file.
+* tests/Makefile.am (TESTS): Add it.
+* THANKS.in: Update.
+* NEWS (Bug fixes): Mention it.
+
+Prior to this patch, this command would trigger a UMR:
+
+ printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
+
+ Use of uninitialised value of size 8
+ at 0x4142BE: bmexec_trans (kwset.c:657)
+ by 0x4143CA: bmexec (kwset.c:678)
+ by 0x414973: kwsexec (kwset.c:848)
+ by 0x414DC4: Fexecute (kwsearch.c:128)
+ by 0x404E2E: grepbuf (grep.c:1238)
+ by 0x4054BF: grep (grep.c:1417)
+ by 0x405CEB: grepdesc (grep.c:1645)
+ by 0x405EC1: grep_command_line_arg (grep.c:1692)
+ by 0x4077D4: main (grep.c:2570)
+
+See the accompanying test for how to trigger the heap buffer overrun.
+
+Thanks to Nima Aghdaii for testing and finding numerous
+ways to break early iterations of this patch.
+---
+diff --git a/src/kwset.c b/src/kwset.c
+index 4003c8d..376f7c3 100644
+--- a/src/kwset.c
++++ b/src/kwset.c
+@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
+ if (! tp)
+ return -1;
+ tp++;
++ if (ep <= tp)
++ break;
+ }
+ }
+ }
Copied: grep/repos/extra-x86_64/PKGBUILD (from rev 232430, grep/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2015-03-02 21:56:31 UTC (rev 232431)
@@ -0,0 +1,44 @@
+# $Id$
+# Maintainer: Sébastien Luttringer <seblu at archlinux.org>
+# Contributor: Allan McRae <allan at archlinux.org>
+# Contributor: judd <jvinet at zeroflux.org>
+
+pkgname=grep
+pkgver=2.21
+pkgrel=2
+pkgdesc='A string search utility'
+arch=('i686' 'x86_64')
+license=('GPL3')
+url='http://www.gnu.org/software/grep/grep.html'
+groups=('base' 'base-devel')
+depends=('glibc' 'pcre')
+makedepends=('texinfo')
+install=$pkgname.install
+validpgpkeys=('155D3FC500C834486D1EEA677FD9FCCB000BEEEE') # Jim Meyering
+source=("ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig}
+ 'CVE-2015-1345.patch')
+md5sums=('43c48064d6409862b8a850db83c8038a'
+ 'SKIP'
+ 'f9c8e95efcc1bd52d4af42cb4bff03aa')
+
+ prepare() {
+ cd $pkgname-$pkgver
+ # fix CVE-2015-1345
+ patch -Np1 < "${srcdir}/CVE-2015-1345.patch"
+ }
+
+build() {
+ cd $pkgname-$pkgver
+ ./configure --prefix=/usr --without-included-regex
+ make
+}
+
+check() {
+ cd $pkgname-$pkgver
+ make check
+}
+
+package() {
+ cd $pkgname-$pkgver
+ make DESTDIR=$pkgdir install
+}
Copied: grep/repos/extra-x86_64/grep.install (from rev 232430, grep/trunk/grep.install)
===================================================================
--- extra-x86_64/grep.install (rev 0)
+++ extra-x86_64/grep.install 2015-03-02 21:56:31 UTC (rev 232431)
@@ -0,0 +1,18 @@
+infodir=usr/share/info
+file=grep.info
+
+post_install() {
+ [[ -x usr/bin/install-info ]] || return 0
+ install-info "$infodir/$file.gz" "$infodir/dir" 2> /dev/null
+}
+
+post_upgrade() {
+ post_install "$1"
+}
+
+pre_remove() {
+ [[ -x usr/bin/install-info ]] || return 0
+ install-info --delete "$infodir/$file.gz" "$infodir/dir" 2> /dev/null
+}
+
+# vim:set ts=2 sw=2 ft=sh et:
More information about the arch-commits
mailing list