summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortez <tez@pkgsrc.org>2016-03-18 21:25:10 +0000
committertez <tez@pkgsrc.org>2016-03-18 21:25:10 +0000
commit1395a406de6d66b84a2c0716bd6d673a3014afef (patch)
tree5dd7b2fb7dbb689a51a8c92707d0efa05fec65ee
parentf905867e83f64caa6fd423d4014114b8767e43aa (diff)
downloadpkgsrc-1395a406de6d66b84a2c0716bd6d673a3014afef.tar.gz
Fix for CVE-2016-1283 from
http://vcs.pcre.org/pcre?view=revision&revision=1636
-rw-r--r--devel/pcre/Makefile4
-rw-r--r--devel/pcre/distinfo3
-rw-r--r--devel/pcre/patches/patch-pcre_compile.c21
3 files changed, 26 insertions, 2 deletions
diff --git a/devel/pcre/Makefile b/devel/pcre/Makefile
index 0195267dd6b..2887c79d386 100644
--- a/devel/pcre/Makefile
+++ b/devel/pcre/Makefile
@@ -1,6 +1,8 @@
-# $NetBSD: Makefile,v 1.77 2015/11/24 11:04:03 wiz Exp $
+# $NetBSD: Makefile,v 1.78 2016/03/18 21:25:10 tez Exp $
DISTNAME= pcre-8.38
+PKGREVISION= 1
+
CATEGORIES= devel
MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ \
${MASTER_SITE_SOURCEFORGE:=pcre/}
diff --git a/devel/pcre/distinfo b/devel/pcre/distinfo
index 4e1e24851b8..93c5fb991e2 100644
--- a/devel/pcre/distinfo
+++ b/devel/pcre/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.58 2015/11/24 11:04:03 wiz Exp $
+$NetBSD: distinfo,v 1.59 2016/03/18 21:25:10 tez Exp $
SHA1 (pcre-8.38.tar.bz2) = ae84e3b3ef0764788ce33b1adeff1add938126e1
RMD160 (pcre-8.38.tar.bz2) = eba6da5ef34780f63f8b96c60bd70ac197df3b52
@@ -7,3 +7,4 @@ Size (pcre-8.38.tar.bz2) = 1562265 bytes
SHA1 (patch-aa) = ed20cfb5ca7b1e620e368c8e41a7f691d6f93282
SHA1 (patch-ab) = 0b8fbde09c27e2716e5bfa32abce8ee4a79fb7fb
SHA1 (patch-doc_pcredemo.3) = 90f9b3a021f58973149d839735d40c5e2e245912
+SHA1 (patch-pcre_compile.c) = a901b33130bc421eb16883cc2de959b452e13840
diff --git a/devel/pcre/patches/patch-pcre_compile.c b/devel/pcre/patches/patch-pcre_compile.c
new file mode 100644
index 00000000000..62b62de1717
--- /dev/null
+++ b/devel/pcre/patches/patch-pcre_compile.c
@@ -0,0 +1,21 @@
+$NetBSD: patch-pcre_compile.c,v 1.1 2016/03/18 21:25:10 tez Exp $
+
+Fix for CVE-2016-1283 from
+ http://vcs.pcre.org/pcre?view=revision&revision=1636
+
+--- pcre_compile.c.orig 2016-03-18 21:00:47.095736300 +0000
++++ pcre_compile.c
+@@ -7274,7 +7274,12 @@ for (;; ptr++)
+ so far in order to get the number. If the name is not found, leave
+ the value of recno as 0 for a forward reference. */
+
+- else
++ /* This patch (removing "else") fixes a problem when a reference is
++ to multiple identically named nested groups from within the nest.
++ Once again, it is not the "proper" fix, and it results in an
++ over-allocation of memory. */
++
++ /* else */
+ {
+ ng = cd->named_groups;
+ for (i = 0; i < cd->names_found; i++, ng++)