diff --git a/pkgs/tools/text/gnugrep/cve-2015-1345.patch b/pkgs/tools/text/gnugrep/cve-2015-1345.patch deleted file mode 100644 index 7156f475e7e8..000000000000 --- a/pkgs/tools/text/gnugrep/cve-2015-1345.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001 -From: Yuliy Pisetsky -Date: Thu, 01 Jan 2015 23:36:55 +0000 -Subject: grep -F: fix a heap buffer (read) overrun - -grep's read buffer is often filled to its full size, except when -reading the final buffer of a file. In that case, the number of -bytes read may be far less than the size of the buffer. However, for -certain unusual pattern/text combinations, grep -F would mistakenly -examine bytes in that uninitialized region of memory when searching -for a match. With carefully chosen inputs, one can cause grep -F to -read beyond the end of that buffer altogether. This problem arose via -commit v2.18-90-g73893ff with the introduction of a more efficient -heuristic using what is now the memchr_kwset function. The use of -that function in bmexec_trans could leave TP much larger than EP, -and the subsequent call to bm_delta2_search would mistakenly access -beyond end of the main input read buffer. - -* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP, -do not call bm_delta2_search. -* tests/kwset-abuse: New file. -* tests/Makefile.am (TESTS): Add it. -* THANKS.in: Update. -* NEWS (Bug fixes): Mention it. - -Prior to this patch, this command would trigger a UMR: - - printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0) - - Use of uninitialised value of size 8 - at 0x4142BE: bmexec_trans (kwset.c:657) - by 0x4143CA: bmexec (kwset.c:678) - by 0x414973: kwsexec (kwset.c:848) - by 0x414DC4: Fexecute (kwsearch.c:128) - by 0x404E2E: grepbuf (grep.c:1238) - by 0x4054BF: grep (grep.c:1417) - by 0x405CEB: grepdesc (grep.c:1645) - by 0x405EC1: grep_command_line_arg (grep.c:1692) - by 0x4077D4: main (grep.c:2570) - -See the accompanying test for how to trigger the heap buffer overrun. - -Thanks to Nima Aghdaii for testing and finding numerous -ways to break early iterations of this patch. - -Nix: @vcunat restricted this to the runtime code only to avoid needing autoreconfiguration. ---- -diff --git a/src/kwset.c b/src/kwset.c -index 4003c8d..376f7c3 100644 ---- a/src/kwset.c -+++ b/src/kwset.c -@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size) - if (! tp) - return -1; - tp++; -+ if (ep <= tp) -+ break; - } - } - } diff --git a/pkgs/tools/text/gnugrep/default.nix b/pkgs/tools/text/gnugrep/default.nix index d03db13ed420..e8352e318b9b 100644 --- a/pkgs/tools/text/gnugrep/default.nix +++ b/pkgs/tools/text/gnugrep/default.nix @@ -1,17 +1,17 @@ -{ stdenv, fetchurl, pcre, libiconv }: +{ stdenv, fetchurl, pcre, libiconv, perl }: -let version = "2.21"; in +let version = "2.22"; in stdenv.mkDerivation { name = "gnugrep-${version}"; src = fetchurl { url = "mirror://gnu/grep/grep-${version}.tar.xz"; - sha256 = "1pp5n15qwxrw1pibwjhhgsibyv5cafhamf8lwzjygs6y00fa2i2j"; + sha256 = "1srn321x7whlhs5ks36zlcrrmj4iahll8fxwsh1vbz3v04px54fa"; }; - patches = [ ./cve-2015-1345.patch ]; - + # Perl is needed for testing + nativeBuildInputs = [ perl ]; buildInputs = [ pcre libiconv ]; # cygwin: FAIL: multibyte-white-space