[arch-commits] Commit in grep/trunk (CVE-2015-1345.patch PKGBUILD)

2015-11-02 Thread Sébastien Luttringer 
Date: Monday, November 2, 2015 @ 20:35:11
  Author: seblu
Revision: 250031

upgpkg: grep 2.22-1

Modified:
  grep/trunk/PKGBUILD
Deleted:
  grep/trunk/CVE-2015-1345.patch

-+
 CVE-2015-1345.patch |   58 --
 PKGBUILD|   18 ---
 2 files changed, 5 insertions(+), 71 deletions(-)

Deleted: CVE-2015-1345.patch
===
--- CVE-2015-1345.patch 2015-11-02 19:33:25 UTC (rev 250030)
+++ CVE-2015-1345.patch 2015-11-02 19:35:11 UTC (rev 250031)
@@ -1,58 +0,0 @@
-From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001
-From: Yuliy Pisetsky 
-Date: Thu, 01 Jan 2015 23:36:55 +
-Subject: grep -F: fix a heap buffer (read) overrun
-
-grep's read buffer is often filled to its full size, except when
-reading the final buffer of a file.  In that case, the number of
-bytes read may be far less than the size of the buffer.  However, for
-certain unusual pattern/text combinations, grep -F would mistakenly
-examine bytes in that uninitialized region of memory when searching
-for a match.  With carefully chosen inputs, one can cause grep -F to
-read beyond the end of that buffer altogether.  This problem arose via
-commit v2.18-90-g73893ff with the introduction of a more efficient
-heuristic using what is now the memchr_kwset function. The use of
-that function in bmexec_trans could leave TP much larger than EP,
-and the subsequent call to bm_delta2_search would mistakenly access
-beyond end of the main input read buffer.
-
-* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
-do not call bm_delta2_search.
-* tests/kwset-abuse: New file.
-* tests/Makefile.am (TESTS): Add it.
-* THANKS.in: Update.
-* NEWS (Bug fixes): Mention it.
-
-Prior to this patch, this command would trigger a UMR:
-
-  printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
-
-  Use of uninitialised value of size 8
- at 0x4142BE: bmexec_trans (kwset.c:657)
- by 0x4143CA: bmexec (kwset.c:678)
- by 0x414973: kwsexec (kwset.c:848)
- by 0x414DC4: Fexecute (kwsearch.c:128)
- by 0x404E2E: grepbuf (grep.c:1238)
- by 0x4054BF: grep (grep.c:1417)
- by 0x405CEB: grepdesc (grep.c:1645)
- by 0x405EC1: grep_command_line_arg (grep.c:1692)
- by 0x4077D4: main (grep.c:2570)
-
-See the accompanying test for how to trigger the heap buffer overrun.
-
-Thanks to Nima Aghdaii for testing and finding numerous
-ways to break early iterations of this patch.

-diff --git a/src/kwset.c b/src/kwset.c
-index 4003c8d..376f7c3 100644
 a/src/kwset.c
-+++ b/src/kwset.c
-@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
- if (! tp)
-   return -1;
- tp++;
-+if (ep <= tp)
-+  break;
-   }
-   }
-   }

Modified: PKGBUILD
===
--- PKGBUILD2015-11-02 19:33:25 UTC (rev 250030)
+++ PKGBUILD2015-11-02 19:35:11 UTC (rev 250031)
@@ -4,8 +4,8 @@
 # Contributor: judd 
 
 pkgname=grep
-pkgver=2.21
-pkgrel=2
+pkgver=2.22
+pkgrel=1
 pkgdesc='A string search utility'
 arch=('i686' 'x86_64')
 license=('GPL3')
@@ -15,18 +15,10 @@
 makedepends=('texinfo')
 install=$pkgname.install
 validpgpkeys=('155D3FC500C834486D1EEA677FD9FCCB000B') # Jim Meyering
-source=("ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig}
-'CVE-2015-1345.patch')
-md5sums=('43c48064d6409862b8a850db83c8038a'
- 'SKIP'
- 'f9c8e95efcc1bd52d4af42cb4bff03aa')
+source=("ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig})
+md5sums=('e1015e951a49a82b02e38891026ef5df'
+ 'SKIP')
 
- prepare() {
-  cd $pkgname-$pkgver
-  # fix CVE-2015-1345
-  patch -Np1 < "${srcdir}/CVE-2015-1345.patch"
- }
-
 build() {
   cd $pkgname-$pkgver
   ./configure --prefix=/usr --without-included-regex

[arch-commits] Commit in grep/trunk (CVE-2015-1345.patch PKGBUILD)

2015-03-02 Thread Sébastien Luttringer 
Date: Monday, March 2, 2015 @ 22:56:08
  Author: seblu
Revision: 232430

upgpkg: grep 2.21-2

- fix  FS#44017

Added:
  grep/trunk/CVE-2015-1345.patch
Modified:
  grep/trunk/PKGBUILD

-+
 CVE-2015-1345.patch |   58 ++
 PKGBUILD|   14 +---
 2 files changed, 69 insertions(+), 3 deletions(-)

Added: CVE-2015-1345.patch
===
--- CVE-2015-1345.patch (rev 0)
+++ CVE-2015-1345.patch 2015-03-02 21:56:08 UTC (rev 232430)
@@ -0,0 +1,58 @@
+From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001
+From: Yuliy Pisetsky 
+Date: Thu, 01 Jan 2015 23:36:55 +
+Subject: grep -F: fix a heap buffer (read) overrun
+
+grep's read buffer is often filled to its full size, except when
+reading the final buffer of a file.  In that case, the number of
+bytes read may be far less than the size of the buffer.  However, for
+certain unusual pattern/text combinations, grep -F would mistakenly
+examine bytes in that uninitialized region of memory when searching
+for a match.  With carefully chosen inputs, one can cause grep -F to
+read beyond the end of that buffer altogether.  This problem arose via
+commit v2.18-90-g73893ff with the introduction of a more efficient
+heuristic using what is now the memchr_kwset function. The use of
+that function in bmexec_trans could leave TP much larger than EP,
+and the subsequent call to bm_delta2_search would mistakenly access
+beyond end of the main input read buffer.
+
+* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
+do not call bm_delta2_search.
+* tests/kwset-abuse: New file.
+* tests/Makefile.am (TESTS): Add it.
+* THANKS.in: Update.
+* NEWS (Bug fixes): Mention it.
+
+Prior to this patch, this command would trigger a UMR:
+
+  printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
+
+  Use of uninitialised value of size 8
+ at 0x4142BE: bmexec_trans (kwset.c:657)
+ by 0x4143CA: bmexec (kwset.c:678)
+ by 0x414973: kwsexec (kwset.c:848)
+ by 0x414DC4: Fexecute (kwsearch.c:128)
+ by 0x404E2E: grepbuf (grep.c:1238)
+ by 0x4054BF: grep (grep.c:1417)
+ by 0x405CEB: grepdesc (grep.c:1645)
+ by 0x405EC1: grep_command_line_arg (grep.c:1692)
+ by 0x4077D4: main (grep.c:2570)
+
+See the accompanying test for how to trigger the heap buffer overrun.
+
+Thanks to Nima Aghdaii for testing and finding numerous
+ways to break early iterations of this patch.
+---
+diff --git a/src/kwset.c b/src/kwset.c
+index 4003c8d..376f7c3 100644
+--- a/src/kwset.c
 b/src/kwset.c
+@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
+ if (! tp)
+   return -1;
+ tp++;
++if (ep <= tp)
++  break;
+   }
+   }
+   }

Modified: PKGBUILD
===
--- PKGBUILD2015-03-02 21:45:12 UTC (rev 232429)
+++ PKGBUILD2015-03-02 21:56:08 UTC (rev 232430)
@@ -5,7 +5,7 @@
 
 pkgname=grep
 pkgver=2.21
-pkgrel=1
+pkgrel=2
 pkgdesc='A string search utility'
 arch=('i686' 'x86_64')
 license=('GPL3')
@@ -15,10 +15,18 @@
 makedepends=('texinfo')
 install=$pkgname.install
 validpgpkeys=('155D3FC500C834486D1EEA677FD9FCCB000B') # Jim Meyering
-source=("ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig})
+source=("ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz"{,.sig}
+'CVE-2015-1345.patch')
 md5sums=('43c48064d6409862b8a850db83c8038a'
- 'SKIP')
+ 'SKIP'
+ 'f9c8e95efcc1bd52d4af42cb4bff03aa')
 
+ prepare() {
+  cd $pkgname-$pkgver
+  # fix CVE-2015-1345
+  patch -Np1 < "${srcdir}/CVE-2015-1345.patch"
+ }
+
 build() {
   cd $pkgname-$pkgver
   ./configure --prefix=/usr --without-included-regex