rpms/tcl/devel tcl-8.4.15-regexp.patch,NONE,1.1 tcl.spec,1.63,1.64
Marcela Mašláňová (mmaslano)
fedora-extras-commits at redhat.com
Fri Nov 16 08:23:31 UTC 2007
Author: mmaslano
Update of /cvs/pkgs/rpms/tcl/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32585
Modified Files:
tcl.spec
Added Files:
tcl-8.4.15-regexp.patch
Log Message:
CVE-2007-4772 NFA optimization cause hang in loop. Back ported patch
from upstream development version.
tcl-8.4.15-regexp.patch:
--- NEW FILE tcl-8.4.15-regexp.patch ---
--- tcl8.4.15/generic/regc_nfa.c.old 1999-08-05 03:16:57.000000000 +0200
+++ tcl8.4.15/generic/regc_nfa.c 2007-11-16 09:10:18.000000000 +0100
@@ -803,6 +803,25 @@ struct arc *con;
return 1;
}
+ /*
+ * DGP 2007-11-15: Cloning a state with a circular constraint on its list
+ * of outs can lead to trouble [Bug 1810038], so get rid of them first.
+ */
+
+ for (a = from->outs; a != NULL; a = nexta) {
+ nexta = a->outchain;
+ switch (a->type) {
+ case '^':
+ case '$':
+ case BEHIND:
+ case AHEAD:
+ if (from == a->to) {
+ freearc(nfa, a);
+ }
+ break;
+ }
+ }
+
/* first, clone from state if necessary to avoid other outarcs */
if (from->nouts > 1) {
s = newstate(nfa);
@@ -921,6 +940,29 @@ struct arc *con;
return 1;
}
+ /*
+ * DGP 2007-11-15: Here we duplicate the same protections as appear
+ * in pull() above to avoid troubles with cloning a state with a
+ * circular constraint on its list of ins. It is not clear whether
+ * this is necessary, or is protecting against a "can't happen".
+ * Any test case that actually leads to a freearc() call here would
+ * be a welcome addition to the test suite.
+ */
+
+ for (a = to->ins; a != NULL; a = nexta) {
+ nexta = a->inchain;
+ switch (a->type) {
+ case '^':
+ case '$':
+ case BEHIND:
+ case AHEAD:
+ if (a->from == to) {
+ freearc(nfa, a);
+ }
+ break;
+ }
+ }
+
/* first, clone to state if necessary to avoid other inarcs */
if (to->nins > 1) {
s = newstate(nfa);
--- tcl8.4.15/tests/regexp.test.old 2003-10-14 20:22:10.000000000 +0200
+++ tcl8.4.15/tests/regexp.test 2007-11-16 09:11:13.000000000 +0100
@@ -628,6 +628,10 @@ test regexp-21.13 {multiple matches hand
regexp -all -inline -indices -line -- ^ "a\nb\nc"
} {{0 -1} {2 1} {4 3}}
+test regexp-22.1 {Bug 1810038} {
+ regexp ($|^X)* {}
+} 1
+
# cleanup
::tcltest::cleanupTests
return
Index: tcl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tcl/devel/tcl.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- tcl.spec 26 Sep 2007 07:27:21 -0000 1.63
+++ tcl.spec 16 Nov 2007 08:22:57 -0000 1.64
@@ -3,7 +3,7 @@
Summary: Tcl scripting language development environment
Name: tcl
Version: %{majorver}.15
-Release: 5%{?dist}
+Release: 6%{?dist}
Epoch: 1
License: TCL
Group: Development/Languages
@@ -16,6 +16,7 @@
##Conflicts: tcldict
Patch1: tcl-confi.patch
Patch2: tcl-8.4.7-path.patch
+Patch3: tcl-8.4.15-regexp.patch
%description
The Tcl (Tool Command Language) provides a powerful platform for
@@ -59,6 +60,7 @@
%patch1 -p1 -b .confi
%patch2 -p1 -b .path
+%patch3 -p1 -b .regexp
%build
cd %{name}%{version}/unix
@@ -142,6 +144,10 @@
%doc %{name}%{version}/html/*
%changelog
+* Fri Nov 16 2007 Marcela Maslanova <mmaslano at redhat.com> - 1:8.4.15-6
+- CVE-2007-4772 NFA optimization cause hang in loop. Back ported patch
+ from upstream development version.
+
* Wed Sep 26 2007 Marcela Maslanova <mmaslano at redhat.com> - 1:8.4.15-5
- fix of patch - set auto_path was broken
- Resolves: rhbz#306321
More information about the fedora-extras-commits
mailing list