diff options
| author | sevan <sevan@pkgsrc.org> | 2017-02-22 03:22:57 +0000 |
|---|---|---|
| committer | sevan <sevan@pkgsrc.org> | 2017-02-22 03:22:57 +0000 |
| commit | d9b0fc74351da34f0581cd62475ddca0a5126888 (patch) | |
| tree | 64daf03a902816685e4d902745326b9b70595b3b | |
| parent | 7ce2299857c71a869d6e723786f9030d211cb530 (diff) | |
| download | pkgsrc-d9b0fc74351da34f0581cd62475ddca0a5126888.tar.gz | |
Add a patch for CVE-2017-6004 - Denial of service (out-of-bounds read and
application crash) via a crafted regular expression.
Bump revision.
| -rw-r--r-- | devel/pcre/Makefile | 3 | ||||
| -rw-r--r-- | devel/pcre/distinfo | 3 | ||||
| -rw-r--r-- | devel/pcre/patches/patch-pcre_jit_compile.c | 16 |
3 files changed, 20 insertions, 2 deletions
diff --git a/devel/pcre/Makefile b/devel/pcre/Makefile index 01ad3ca3706..53f78a4df88 100644 --- a/devel/pcre/Makefile +++ b/devel/pcre/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.82 2017/01/19 18:52:07 agc Exp $ +# $NetBSD: Makefile,v 1.83 2017/02/22 03:22:57 sevan Exp $ DISTNAME= pcre-8.40 +PKGREVISION= 1 CATEGORIES= devel MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ MASTER_SITES+= ${MASTER_SITE_SOURCEFORGE:=pcre/} diff --git a/devel/pcre/distinfo b/devel/pcre/distinfo index df50623caa3..a95abe26f18 100644 --- a/devel/pcre/distinfo +++ b/devel/pcre/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.62 2017/01/16 09:21:15 wiz Exp $ +$NetBSD: distinfo,v 1.63 2017/02/22 03:22:57 sevan Exp $ SHA1 (pcre-8.40.tar.bz2) = 12f338719b8b028a2eecbf9192fcc00a13fc04f6 RMD160 (pcre-8.40.tar.bz2) = 1e2ebc58764e3b990d475323b4ffc848979e9c5d @@ -7,3 +7,4 @@ Size (pcre-8.40.tar.bz2) = 1560119 bytes SHA1 (patch-aa) = ed20cfb5ca7b1e620e368c8e41a7f691d6f93282 SHA1 (patch-ab) = 0b8fbde09c27e2716e5bfa32abce8ee4a79fb7fb SHA1 (patch-doc_pcredemo.3) = 90f9b3a021f58973149d839735d40c5e2e245912 +SHA1 (patch-pcre_jit_compile.c) = 13c472caccc02e727d7d9377dba71f810feb89e9 diff --git a/devel/pcre/patches/patch-pcre_jit_compile.c b/devel/pcre/patches/patch-pcre_jit_compile.c new file mode 100644 index 00000000000..c8b497d8a88 --- /dev/null +++ b/devel/pcre/patches/patch-pcre_jit_compile.c @@ -0,0 +1,16 @@ +$NetBSD: patch-pcre_jit_compile.c,v 1.1 2017/02/22 03:22:57 sevan Exp $ + +CVE-2017-6004 +https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6004 + +--- pcre_jit_compile.c.orig 2016-07-02 15:53:59.000000000 +0000 ++++ pcre_jit_compile.c +@@ -8111,7 +8111,7 @@ if (opcode == OP_COND || opcode == OP_SC + + if (*matchingpath == OP_FAIL) + stacksize = 0; +- if (*matchingpath == OP_RREF) ++ else if (*matchingpath == OP_RREF) + { + stacksize = GET2(matchingpath, 1); + if (common->currententry == NULL) |