Bug#924694: unblock: gnulib/20140202+stable-3.2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi,
Moritz Muehlenhoff filled #924613 to raise CVE-2009-5155 issue in
gnulib to the BTS. The issue is already fixed in the experimental
version and the update to sid includes the cherry-picked patch as per
http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272
from upstream.
The changelog entry reads as (note I did not choose it as QA upload as
the QA upload was done for experimental):
gnulib (20140202+stable-3.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Diagnose ERE '()|\1' (CVE-2009-5155) (Closes: #924613)
unblock gnulib/20140202+stable-3.2
Regards,
Salvatore
diff -Nru gnulib-20140202+stable/debian/changelog gnulib-20140202+stable/debian/changelog
--- gnulib-20140202+stable/debian/changelog 2019-02-09 11:11:06.000000000 +0100
+++ gnulib-20140202+stable/debian/changelog 2019-03-15 21:08:27.000000000 +0100
@@ -1,3 +1,10 @@
+gnulib (20140202+stable-3.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Diagnose ERE '()|\1' (CVE-2009-5155) (Closes: #924613)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Fri, 15 Mar 2019 21:08:27 +0100
+
gnulib (20140202+stable-3.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru gnulib-20140202+stable/debian/patches/04-Diagnose-ERE-1.patch gnulib-20140202+stable/debian/patches/04-Diagnose-ERE-1.patch
--- gnulib-20140202+stable/debian/patches/04-Diagnose-ERE-1.patch 1970-01-01 01:00:00.000000000 +0100
+++ gnulib-20140202+stable/debian/patches/04-Diagnose-ERE-1.patch 2019-03-15 21:08:27.000000000 +0100
@@ -0,0 +1,45 @@
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sat, 19 Sep 2015 13:53:34 -0700
+Subject: Diagnose ERE '()|\1'
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Origin: http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2009-5155
+Bug-Debian: https://bugs.debian.org/924613
+
+Problem reported by Hanno Böck in: http://bugs.gnu.org/21513
+* lib/regcomp.c (parse_reg_exp): While parsing alternatives, keep
+track of the set of previously-completed subexpressions available
+before the first alternative, and restore this set just before
+parsing each subsequent alternative. This lets us diagnose the
+invalid back-reference in the ERE '()|\1'.
+---
+
+--- a/lib/regcomp.c
++++ b/lib/regcomp.c
+@@ -2187,6 +2187,7 @@ parse_reg_exp (re_string_t *regexp, rege
+ {
+ re_dfa_t *dfa = preg->buffer;
+ bin_tree_t *tree, *branch = NULL;
++ bitset_word_t initial_bkref_map = dfa->completed_bkref_map;
+ tree = parse_branch (regexp, preg, token, syntax, nest, err);
+ if (BE (*err != REG_NOERROR && tree == NULL, 0))
+ return NULL;
+@@ -2197,6 +2198,8 @@ parse_reg_exp (re_string_t *regexp, rege
+ if (token->type != OP_ALT && token->type != END_OF_RE
+ && (nest == 0 || token->type != OP_CLOSE_SUBEXP))
+ {
++ bitset_word_t accumulated_bkref_map = dfa->completed_bkref_map;
++ dfa->completed_bkref_map = initial_bkref_map;
+ branch = parse_branch (regexp, preg, token, syntax, nest, err);
+ if (BE (*err != REG_NOERROR && branch == NULL, 0))
+ return NULL;
+@@ -2398,6 +2401,7 @@ parse_expression (re_string_t *regexp, r
+ *err = REG_ESPACE;
+ return NULL;
+ }
++ dfa->completed_bkref_map |= accumulated_bkref_map;
+ }
+ else
+ {
diff -Nru gnulib-20140202+stable/debian/patches/series gnulib-20140202+stable/debian/patches/series
--- gnulib-20140202+stable/debian/patches/series 2019-02-09 11:11:06.000000000 +0100
+++ gnulib-20140202+stable/debian/patches/series 2019-03-15 21:08:27.000000000 +0100
@@ -1,3 +1,4 @@
01-gnulib-directory.patch
02-shebang.patch
03-vasnprintf-Fix-heap-memory-overrun-bug.patch
+04-Diagnose-ERE-1.patch
Reply to: