head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.10 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.8 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.6 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.2 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.1.0.12 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.10 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.8 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.6 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.4 pkgsrc-2008Q1:1.1.0.2 pkgsrc-2008Q1-base:1.1; locks; strict; comment @# @; 1.2 date 2009.03.25.22.30.19; author he; state dead; branches; next 1.1; 1.1 date 2008.03.20.17.07.54; author drochner; state Exp; branches; next ; desc @@ 1.2 log @Update from version 3.6nb2 to 4.0.1. Pkgsrc changes: o New MASTER_SITE o Adjust PLIST o Remove no-longer-needed patches, since corresponding changes have been adopted upstream o BUILDLINK_ABI_DEPENDS bumped to >=4.0, since a new shared library version is installed o Fixes security vulnerability, ref. below. Dependent pkgsrc packages will have their revisions bumped shortly due to the (possibly/probably) changed ABI. Upstream changes: 4.0.1: ICU4C 4.0.1 is a maintenance release of ICU4J 4.0. The primary changes of this release were: * Updated time zone data to 2008i * Technical preview of string search implementation using Boyer-Moore algorithm (#6286). For detail information, please see the tech note here. * #5691 Conversion: consistent illegal sequences * #6435 Bad @@stable ICU4.0 tags * #6597 TestDisplayNamesMeta failure * #6670 Test failure in format/TimeZoneTest/TestShortZoneIDs 4.0: Major changes in ICU 4.0 include the following: * Common Changes o Unicode 5.1 (#5696) o Locale Data: ICU uses and supports data from Common Locale Data Repository (CLDR) 1.6 , which includes many improvements in quality and quantity of data. o add/removeLikelySubtags (#6124) o Charset converter file size improvement (#5987) o Date Interval Formatting (#6157) Note: Calendar type supported by this feature is Gregorian only in this release. o Improved Plural support * ICU4C Specific Changes Additional Calendars + Chinese (#4081) + Coptic/Ethiopic (#4571) * ICU4J Specific Changes o Charset + Graduated from Technology Preview status + ICU2022 Converter (#5791) + HZ Converter (#6128) + SCSU/BOCU-1 Converter (#2147) + Charset Converter Callback (#6144) o Thai Dictionary break iterator (#5385) o JDK TimeZone support (#5975) o Locale Service Provider (#5976) o More convenient formatting of year+month, day+month, and other combinations (#6304) o Simple Duration Formatting (#6303) * ICU4C Security Fixes ICU4C 4.0 resolves the vulnerabilities CVE-2007-4770 and CVE-2007-4771 which were found in earlier versions of ICU. The standard ICU tests verify that these have been corrected, however, the updated versions of the previous tests may be run by applying the following patch to ICU 4.0: r24324. As well, ICU4C and ICU4J 4.0 resolve the issue underlying CVE-2008-1036. @ text @$NetBSD: patch-bd,v 1.1 2008/03/20 17:07:54 drochner Exp $ --- i18n/rematch.cpp.orig 2005-08-25 20:02:20.000000000 +0200 +++ i18n/rematch.cpp @@@@ -30,6 +30,15 @@@@ U_NAMESPACE_BEGIN +// Limit the size of the back track stack, to avoid system failures caused +// by heap exhaustion. Units are in 32 bit words, not bytes. +// This value puts ICU's limits higher than most other regexp implementations, +// which use recursion rather than the heap, and take more storage per +// backtrack point. +// This constant is _temporary_. Proper API to control the value will added. +// +static const int32_t BACKTRACK_STACK_CAPACITY = 8000000; + //----------------------------------------------------------------------------- // // Constructor and Destructor @@@@ -53,6 +62,8 @@@@ RegexMatcher::RegexMatcher(const RegexPa } if (fStack == NULL || fData == NULL) { fDeferredStatus = U_MEMORY_ALLOCATION_ERROR; + } else { + fStack->setMaxCapacity(BACKTRACK_STACK_CAPACITY); } reset(*RegexStaticSets::gStaticSets->fEmptyString); @@@@ -78,6 +89,8 @@@@ RegexMatcher::RegexMatcher(const Unicode } if (fStack == NULL || fData == NULL) { status = U_MEMORY_ALLOCATION_ERROR; + } else { + fStack->setMaxCapacity(BACKTRACK_STACK_CAPACITY); } reset(input); } @@@@ -102,6 +115,8 @@@@ RegexMatcher::RegexMatcher(const Unicode } if (fStack == NULL || fData == NULL) { status = U_MEMORY_ALLOCATION_ERROR; + } else { + fStack->setMaxCapacity(BACKTRACK_STACK_CAPACITY); } reset(*RegexStaticSets::gStaticSets->fEmptyString); } @@@@ -1015,6 +1030,14 @@@@ UBool RegexMatcher::isUWordBoundary(int3 inline REStackFrame *RegexMatcher::StateSave(REStackFrame *fp, int32_t savePatIdx, int32_t frameSize, UErrorCode &status) { // push storage for a new frame. int32_t *newFP = fStack->reserveBlock(frameSize, status); + if (newFP == NULL) { + // Heap allocation error on attempted stack expansion. + // We need to return a writable stack frame, so just return the + // previous frame. The match operation will stop quickly + // becuase of the error status, after which the frame will never + // be looked at again. + return fp; + } fp = (REStackFrame *)(newFP - frameSize); // in case of realloc of stack. // New stack frame = copy of old top frame. @@@@ -1030,8 +1053,8 @@@@ inline REStackFrame *RegexMatcher::State fp->fPatIdx = savePatIdx; return (REStackFrame *)newFP; } - - + + //-------------------------------------------------------------------------------- // // MatchAt This is the actual matching engine. @@@@ -2262,6 +2285,7 @@@@ GC_Done: } if (U_FAILURE(status)) { + isMatch = FALSE; break; } } @ 1.1 log @fix RE vulnerabilities (CVE-2007-(4770|4771)), patch from redhat via Gentoo bug #208001, bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @