diff options
author | tez <tez@pkgsrc.org> | 2016-03-18 21:25:10 +0000 |
---|---|---|
committer | tez <tez@pkgsrc.org> | 2016-03-18 21:25:10 +0000 |
commit | 1395a406de6d66b84a2c0716bd6d673a3014afef (patch) | |
tree | 5dd7b2fb7dbb689a51a8c92707d0efa05fec65ee | |
parent | f905867e83f64caa6fd423d4014114b8767e43aa (diff) | |
download | pkgsrc-1395a406de6d66b84a2c0716bd6d673a3014afef.tar.gz |
Fix for CVE-2016-1283 from
http://vcs.pcre.org/pcre?view=revision&revision=1636
-rw-r--r-- | devel/pcre/Makefile | 4 | ||||
-rw-r--r-- | devel/pcre/distinfo | 3 | ||||
-rw-r--r-- | devel/pcre/patches/patch-pcre_compile.c | 21 |
3 files changed, 26 insertions, 2 deletions
diff --git a/devel/pcre/Makefile b/devel/pcre/Makefile index 0195267dd6b..2887c79d386 100644 --- a/devel/pcre/Makefile +++ b/devel/pcre/Makefile @@ -1,6 +1,8 @@ -# $NetBSD: Makefile,v 1.77 2015/11/24 11:04:03 wiz Exp $ +# $NetBSD: Makefile,v 1.78 2016/03/18 21:25:10 tez Exp $ DISTNAME= pcre-8.38 +PKGREVISION= 1 + CATEGORIES= devel MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ \ ${MASTER_SITE_SOURCEFORGE:=pcre/} diff --git a/devel/pcre/distinfo b/devel/pcre/distinfo index 4e1e24851b8..93c5fb991e2 100644 --- a/devel/pcre/distinfo +++ b/devel/pcre/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.58 2015/11/24 11:04:03 wiz Exp $ +$NetBSD: distinfo,v 1.59 2016/03/18 21:25:10 tez Exp $ SHA1 (pcre-8.38.tar.bz2) = ae84e3b3ef0764788ce33b1adeff1add938126e1 RMD160 (pcre-8.38.tar.bz2) = eba6da5ef34780f63f8b96c60bd70ac197df3b52 @@ -7,3 +7,4 @@ Size (pcre-8.38.tar.bz2) = 1562265 bytes SHA1 (patch-aa) = ed20cfb5ca7b1e620e368c8e41a7f691d6f93282 SHA1 (patch-ab) = 0b8fbde09c27e2716e5bfa32abce8ee4a79fb7fb SHA1 (patch-doc_pcredemo.3) = 90f9b3a021f58973149d839735d40c5e2e245912 +SHA1 (patch-pcre_compile.c) = a901b33130bc421eb16883cc2de959b452e13840 diff --git a/devel/pcre/patches/patch-pcre_compile.c b/devel/pcre/patches/patch-pcre_compile.c new file mode 100644 index 00000000000..62b62de1717 --- /dev/null +++ b/devel/pcre/patches/patch-pcre_compile.c @@ -0,0 +1,21 @@ +$NetBSD: patch-pcre_compile.c,v 1.1 2016/03/18 21:25:10 tez Exp $ + +Fix for CVE-2016-1283 from + http://vcs.pcre.org/pcre?view=revision&revision=1636 + +--- pcre_compile.c.orig 2016-03-18 21:00:47.095736300 +0000 ++++ pcre_compile.c +@@ -7274,7 +7274,12 @@ for (;; ptr++) + so far in order to get the number. If the name is not found, leave + the value of recno as 0 for a forward reference. */ + +- else ++ /* This patch (removing "else") fixes a problem when a reference is ++ to multiple identically named nested groups from within the nest. ++ Once again, it is not the "proper" fix, and it results in an ++ over-allocation of memory. */ ++ ++ /* else */ + { + ng = cd->named_groups; + for (i = 0; i < cd->names_found; i++, ng++) |