summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorspz <spz>2014-11-30 14:48:43 +0000
committerspz <spz>2014-11-30 14:48:43 +0000
commit5f31657fe04629ab0f4f0d0fa479c9c4b7c9859b (patch)
tree5c2960569148eff6673dee2b69dc6b78af451cbf
parent6f2412456badec5772ad8719c31fcf7bbbe91d56 (diff)
downloadpkgsrc-5f31657fe04629ab0f4f0d0fa479c9c4b7c9859b.tar.gz
patch for CVE-2014-8964 from upstream
also, patch refresh
-rw-r--r--devel/pcre/Makefile3
-rw-r--r--devel/pcre/distinfo7
-rw-r--r--devel/pcre/patches/patch-CVE-2014-896420
-rw-r--r--devel/pcre/patches/patch-aa6
-rw-r--r--devel/pcre/patches/patch-ab10
5 files changed, 34 insertions, 12 deletions
diff --git a/devel/pcre/Makefile b/devel/pcre/Makefile
index eebdc2d9f26..2a2e9bbabfa 100644
--- a/devel/pcre/Makefile
+++ b/devel/pcre/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.74 2014/10/09 14:06:30 wiz Exp $
+# $NetBSD: Makefile,v 1.75 2014/11/30 14:48:43 spz Exp $
DISTNAME= pcre-8.36
+PKGREVISION= 1
CATEGORIES= devel
MASTER_SITES= ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ \
${MASTER_SITE_SOURCEFORGE:=pcre/}
diff --git a/devel/pcre/distinfo b/devel/pcre/distinfo
index 2bfc52df60d..3dd7a5775be 100644
--- a/devel/pcre/distinfo
+++ b/devel/pcre/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.54 2014/10/01 11:45:00 wiz Exp $
+$NetBSD: distinfo,v 1.55 2014/11/30 14:48:43 spz Exp $
SHA1 (pcre-8.36.tar.bz2) = 9a074e9cbf3eb9f05213fd9ca5bc188644845ccc
RMD160 (pcre-8.36.tar.bz2) = e13ce590fbb12aaa375645edeea6fa4938d31efb
Size (pcre-8.36.tar.bz2) = 1533818 bytes
-SHA1 (patch-aa) = 02c03145827eaf5ce5d267836d0a4c5f6c00ba99
-SHA1 (patch-ab) = 2e680087b9b302cf2ba2fbafc758820dfd85d9e1
+SHA1 (patch-CVE-2014-8964) = 4779bf53dd08d7be070c3860c35ab896a26d29e9
+SHA1 (patch-aa) = ed20cfb5ca7b1e620e368c8e41a7f691d6f93282
+SHA1 (patch-ab) = 0b8fbde09c27e2716e5bfa32abce8ee4a79fb7fb
SHA1 (patch-doc_pcredemo.3) = 90f9b3a021f58973149d839735d40c5e2e245912
diff --git a/devel/pcre/patches/patch-CVE-2014-8964 b/devel/pcre/patches/patch-CVE-2014-8964
new file mode 100644
index 00000000000..61bf1a9d106
--- /dev/null
+++ b/devel/pcre/patches/patch-CVE-2014-8964
@@ -0,0 +1,20 @@
+$NetBSD: patch-CVE-2014-8964,v 1.1 2014/11/30 14:48:43 spz Exp $
+
+patch for CVE-2014-8964 taken from
+http://bugs.exim.org/show_bug.cgi?id=1546
+
+--- pcre_exec.c.orig 2014-09-15 13:48:59.000000000 +0000
++++ pcre_exec.c
+@@ -1404,8 +1404,11 @@ for (;;)
+ condition = TRUE;
+
+ /* Advance ecode past the assertion to the start of the first branch,
+- but adjust it so that the general choosing code below works. */
++ but adjust it so that the general choosing code below works. If the
++ assertion has a quantifier that allows zero repeats we must skip over
++ the BRAZERO. This is a lunatic thing to do, but somebody did! */
+
++ if (*ecode == OP_BRAZERO) ecode++;
+ ecode += GET(ecode, 1);
+ while (*ecode == OP_ALT) ecode += GET(ecode, 1);
+ ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode];
diff --git a/devel/pcre/patches/patch-aa b/devel/pcre/patches/patch-aa
index 9b5c4367b5e..8d946f4e9b0 100644
--- a/devel/pcre/patches/patch-aa
+++ b/devel/pcre/patches/patch-aa
@@ -1,10 +1,10 @@
-$NetBSD: patch-aa,v 1.15 2012/03/02 15:24:48 wiz Exp $
+$NetBSD: patch-aa,v 1.16 2014/11/30 14:48:43 spz Exp $
Use pkgsrc's COMPILER_RPATH_FLAG variable, so this works on all pkgsrc platforms.
---- pcre-config.in.orig 2012-01-21 16:00:28.000000000 +0000
+--- pcre-config.in.orig 2014-01-31 14:32:51.000000000 +0000
+++ pcre-config.in
-@@ -28,15 +28,7 @@ if test $# -eq 0; then
+@@ -32,15 +32,7 @@ if test $# -eq 0; then
exit 1
fi
diff --git a/devel/pcre/patches/patch-ab b/devel/pcre/patches/patch-ab
index 7c21960f2b9..cc33871e385 100644
--- a/devel/pcre/patches/patch-ab
+++ b/devel/pcre/patches/patch-ab
@@ -1,4 +1,4 @@
-$NetBSD: patch-ab,v 1.8 2012/03/10 08:03:57 sbd Exp $
+$NetBSD: patch-ab,v 1.9 2014/11/30 14:48:43 spz Exp $
Remove a feeble attempt at providing ABI compatibility for the C++ portion
of the PCRE library. Relying on the C++ compiler to crunch symbols in a
@@ -6,9 +6,9 @@ particular way is platform dependent at best, and the comments indicate
that this was done for OSX.
Also, the test misfired on SunOS leading to breakage (PR pkg/38768).
---- configure.orig 2012-02-04 12:55:43.000000000 +0000
+--- configure.orig 2014-09-26 09:06:46.000000000 +0000
+++ configure
-@@ -16189,6 +16189,8 @@ ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS
+@@ -17603,6 +17603,8 @@ ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS
ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
@@ -17,7 +17,7 @@ Also, the test misfired on SunOS leading to breakage (PR pkg/38768).
# Older versions of pcre defined pcrecpp::no_arg, but in new versions
# it's called pcrecpp::RE::no_arg. For backwards ABI compatibility,
-@@ -16231,6 +16233,9 @@ rm -f core conftest.err conftest.$ac_obj
+@@ -17645,6 +17647,9 @@ rm -f core conftest.err conftest.$ac_obj
done
LDFLAGS="$OLD_LDFLAGS"
@@ -27,7 +27,7 @@ Also, the test misfired on SunOS leading to breakage (PR pkg/38768).
# We could be more clever here, given we're doing AC_SUBST with this
# (eg set a var to be the name of the include file we want). But we're not
# so it's easy to change back to 'regular' autoconf vars if we needed to.
-@@ -17014,6 +17019,10 @@ if test "$enable_pcretest_libreadline" =
+@@ -18952,6 +18957,10 @@ elif test "$enable_pcretest_libreadline"
$as_echo "#define SUPPORT_LIBREADLINE /**/" >>confdefs.h