[Pkg-tcltk-commits] r696 - in tcl8.3/trunk/debian: . patches

sgolovan-guest at alioth.debian.org sgolovan-guest at alioth.debian.org
Fri Jul 4 17:36:42 UTC 2008 

Author: sgolovan-guest
Date: 2008-07-04 17:36:41 +0000 (Fri, 04 Jul 2008)
New Revision: 696

Added:
   tcl8.3/trunk/debian/patches/CVE-2007-4772.diff
Modified:
   tcl8.3/trunk/debian/changelog
   tcl8.3/trunk/debian/control
   tcl8.3/trunk/debian/patches/series
   tcl8.3/trunk/debian/rules
Log:
[tcl8.3]
  * Fixed CVE-2007-4772 vulnerability (The regular expression parser in TCL
    before 8.4.17 allows context-dependent attackers to cause a denial of
    service (infinite loop) via a crafted regular expression.)
  * Set urgency to high as this upload fixes a security bug.
  * Protected quilt calls in debian/rules to make the source package
    convertible to 3.0 (quilt) format (closes: #484912).
  * Bumped standards version to 3.8.0.


Modified: tcl8.3/trunk/debian/changelog
===================================================================
--- tcl8.3/trunk/debian/changelog	2008-07-04 05:37:22 UTC (rev 695)
+++ tcl8.3/trunk/debian/changelog	2008-07-04 17:36:41 UTC (rev 696)
@@ -1,8 +1,14 @@
-tcl8.3 (8.3.5-13) UNRELEASED; urgency=low
+tcl8.3 (8.3.5-13) unstable; urgency=high
 
-  * NOT RELEASED YET
+  * Fixed CVE-2007-4772 vulnerability (The regular expression parser in TCL
+    before 8.4.17 allows context-dependent attackers to cause a denial of
+    service (infinite loop) via a crafted regular expression.)
+  * Set urgency to high as this upload fixes a security bug.
+  * Protected quilt calls in debian/rules to make the source package
+    convertible to 3.0 (quilt) format (closes: #484912).
+  * Bumped standards version to 3.8.0.
 
- -- Sergei Golovan <sgolovan at debian.org>  Thu,  1 May 2008 12:19:15 +0400
+ -- Sergei Golovan <sgolovan at debian.org>  Fri, 04 Jul 2008 21:35:52 +0400
 
 tcl8.3 (8.3.5-12) unstable; urgency=low
 

Modified: tcl8.3/trunk/debian/control
===================================================================
--- tcl8.3/trunk/debian/control	2008-07-04 05:37:22 UTC (rev 695)
+++ tcl8.3/trunk/debian/control	2008-07-04 17:36:41 UTC (rev 696)
@@ -4,7 +4,7 @@
 Maintainer: Tcl/Tk Debian Packagers <pkg-tcltk-devel at lists.alioth.debian.org>
 Uploaders: Chris Waters <xtifr at debian.org>, Anselm Lingnau <lingnau at debian.org>, Sergei Golovan <sgolovan at debian.org>
 Build-Depends: debhelper (>= 5.0.0), quilt
-Standards-Version: 3.7.3
+Standards-Version: 3.8.0
 Homepage: http://www.tcl.tk/
 
 Package: tcl8.3

Added: tcl8.3/trunk/debian/patches/CVE-2007-4772.diff
===================================================================
--- tcl8.3/trunk/debian/patches/CVE-2007-4772.diff	                        (rev 0)
+++ tcl8.3/trunk/debian/patches/CVE-2007-4772.diff	2008-07-04 17:36:41 UTC (rev 696)
@@ -0,0 +1,79 @@
+Patch by upstream fixes CVE-2007-4772.
+The regular expression parser in TCL before 8.4.17 allows context-dependent
+attackers to cause a denial of service (infinite loop) via a crafted regular
+expression.
+
+--- tcl8.3-8.3.5.orig/generic/regc_nfa.c
++++ tcl8.3-8.3.5/generic/regc_nfa.c
+@@ -803,6 +803,26 @@
+ 		return 1;
+ 	}
+ 
++	/*
++	 * DGP 2007-11-15: Cloning a state with a circular constraint on its
++	 * list of outs can lead to trouble [Bug 1810038], so get rid of them
++	 * first.
++	 */
++
++	for (a = from->outs; a != NULL; a = nexta) {
++		nexta = a->outchain;
++		switch (a->type) {
++		case '^':
++		case '$':
++		case BEHIND:
++		case AHEAD:
++			if (from == a->to) {
++				freearc(nfa, a);
++			}
++			break;
++		}
++	}
++
+ 	/* first, clone from state if necessary to avoid other outarcs */
+ 	if (from->nouts > 1) {
+ 		s = newstate(nfa);
+@@ -921,6 +941,29 @@
+ 		return 1;
+ 	}
+ 
++	/*
++	 * DGP 2007-11-15: Here we duplicate the same protections as appear
++	 * in pull() above to avoid troubles with cloning a state with a
++	 * circular constraint on its list of ins.  It is not clear whether
++	 * this is necessary, or is protecting against a "can't happen".
++	 * Any test case that actually leads to a freearc() call here would
++	 * be a welcome addition to the test suite.
++	 */
++
++	for (a = to->ins; a != NULL; a = nexta) {
++		nexta = a->inchain;
++		switch (a->type) {
++		case '^':
++		case '$':
++		case BEHIND:
++		case AHEAD:
++			if (a->from == to) {
++				freearc(nfa, a);
++			}
++			break;
++		}
++	}
++
+ 	/* first, clone to state if necessary to avoid other inarcs */
+ 	if (to->nins > 1) {
+ 		s = newstate(nfa);
+--- tcl8.3-8.3.5.orig/tests/regexp.test
++++ tcl8.3-8.3.5/tests/regexp.test
+@@ -535,6 +535,12 @@
+     list $result [string length $result]
+ } "\0a\0hel\0a\0lo\0a\0 14"
+ 
++
++test regexp-22.1 {Bug 1810038} {
++    regexp ($|^X)* {}
++} 1
++
++
+ # cleanup
+ ::tcltest::cleanupTests
+ return

Modified: tcl8.3/trunk/debian/patches/series
===================================================================
--- tcl8.3/trunk/debian/patches/series	2008-07-04 05:37:22 UTC (rev 695)
+++ tcl8.3/trunk/debian/patches/series	2008-07-04 17:36:41 UTC (rev 696)
@@ -1,3 +1,4 @@
+CVE-2007-4772.diff
 ungets.diff
 64bit.diff
 tcllibrary.diff

Modified: tcl8.3/trunk/debian/rules
===================================================================
--- tcl8.3/trunk/debian/rules	2008-07-04 05:37:22 UTC (rev 695)
+++ tcl8.3/trunk/debian/rules	2008-07-04 17:36:41 UTC (rev 696)
@@ -18,13 +18,13 @@
 
 unpatch:
 	dh_testdir
-	-quilt pop -a
+	quilt pop -a || test $$? = 2
 	rm -rf patch-stamp .pc
 
 patch: patch-stamp
 patch-stamp:
 	dh_testdir
-	quilt push -a
+	quilt push -a || test $$? = 2
 	touch patch-stamp
 
 build: build-stamp
@@ -55,7 +55,7 @@
 	dh_testroot
 	dh_clean
 
-clean-patched:
+clean-patched: patch-stamp
 	dh_testdir
 	dh_testroot
 	rm -f build-stamp install-stamp

More information about the Pkg-tcltk-commits mailing list