Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Hi, Moritz Muehlenhoff filled #924613 to raise CVE-2009-5155 issue in gnulib to the BTS. The issue is already fixed in the experimental version and the update to sid includes the cherry-picked patch as per http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272 from upstream. The changelog entry reads as (note I did not choose it as QA upload as the QA upload was done for experimental): gnulib (20140202+stable-3.2) unstable; urgency=medium . * Non-maintainer upload. * Diagnose ERE '()|\1' (CVE-2009-5155) (Closes: #924613) unblock gnulib/20140202+stable-3.2 Regards, Salvatore
diff -Nru gnulib-20140202+stable/debian/changelog gnulib-20140202+stable/debian/changelog --- gnulib-20140202+stable/debian/changelog 2019-02-09 11:11:06.000000000 +0100 +++ gnulib-20140202+stable/debian/changelog 2019-03-15 21:08:27.000000000 +0100 @@ -1,3 +1,10 @@ +gnulib (20140202+stable-3.2) unstable; urgency=medium + + * Non-maintainer upload. + * Diagnose ERE '()|\1' (CVE-2009-5155) (Closes: #924613) + + -- Salvatore Bonaccorso <[email protected]> Fri, 15 Mar 2019 21:08:27 +0100 + gnulib (20140202+stable-3.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru gnulib-20140202+stable/debian/patches/04-Diagnose-ERE-1.patch gnulib-20140202+stable/debian/patches/04-Diagnose-ERE-1.patch --- gnulib-20140202+stable/debian/patches/04-Diagnose-ERE-1.patch 1970-01-01 01:00:00.000000000 +0100 +++ gnulib-20140202+stable/debian/patches/04-Diagnose-ERE-1.patch 2019-03-15 21:08:27.000000000 +0100 @@ -0,0 +1,45 @@ +From: Paul Eggert <[email protected]> +Date: Sat, 19 Sep 2015 13:53:34 -0700 +Subject: Diagnose ERE '()|\1' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Origin: http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2009-5155 +Bug-Debian: https://bugs.debian.org/924613 + +Problem reported by Hanno Böck in: http://bugs.gnu.org/21513 +* lib/regcomp.c (parse_reg_exp): While parsing alternatives, keep +track of the set of previously-completed subexpressions available +before the first alternative, and restore this set just before +parsing each subsequent alternative. This lets us diagnose the +invalid back-reference in the ERE '()|\1'. +--- + +--- a/lib/regcomp.c ++++ b/lib/regcomp.c +@@ -2187,6 +2187,7 @@ parse_reg_exp (re_string_t *regexp, rege + { + re_dfa_t *dfa = preg->buffer; + bin_tree_t *tree, *branch = NULL; ++ bitset_word_t initial_bkref_map = dfa->completed_bkref_map; + tree = parse_branch (regexp, preg, token, syntax, nest, err); + if (BE (*err != REG_NOERROR && tree == NULL, 0)) + return NULL; +@@ -2197,6 +2198,8 @@ parse_reg_exp (re_string_t *regexp, rege + if (token->type != OP_ALT && token->type != END_OF_RE + && (nest == 0 || token->type != OP_CLOSE_SUBEXP)) + { ++ bitset_word_t accumulated_bkref_map = dfa->completed_bkref_map; ++ dfa->completed_bkref_map = initial_bkref_map; + branch = parse_branch (regexp, preg, token, syntax, nest, err); + if (BE (*err != REG_NOERROR && branch == NULL, 0)) + return NULL; +@@ -2398,6 +2401,7 @@ parse_expression (re_string_t *regexp, r + *err = REG_ESPACE; + return NULL; + } ++ dfa->completed_bkref_map |= accumulated_bkref_map; + } + else + { diff -Nru gnulib-20140202+stable/debian/patches/series gnulib-20140202+stable/debian/patches/series --- gnulib-20140202+stable/debian/patches/series 2019-02-09 11:11:06.000000000 +0100 +++ gnulib-20140202+stable/debian/patches/series 2019-03-15 21:08:27.000000000 +0100 @@ -1,3 +1,4 @@ 01-gnulib-directory.patch 02-shebang.patch 03-vasnprintf-Fix-heap-memory-overrun-bug.patch +04-Diagnose-ERE-1.patch
