Fix a potential buffer overflow in libpcre's compiler (CVE-2008-2371).

3 files changed, 17 insertions, 3 deletions

diff --git a/devel/pcre/Makefile b/devel/pcre/Makefile
index cc0b84d50bb..9068ee91ede 100644
--- a/devel/pcre/Makefile
+++ b/devel/pcre/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.50 2008/05/27 16:20:52 tnn Exp $
+# $NetBSD: Makefile,v 1.51 2008/07/04 21:30:24 tonnerre Exp $
 
 DISTNAME=	pcre-7.7
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	devel
 MASTER_SITES=	ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ \
 		${MASTER_SITE_SOURCEFORGE:=pcre/}
diff --git a/devel/pcre/distinfo b/devel/pcre/distinfo
index 7de8a8a6bec..7fdd6c4d477 100644
--- a/devel/pcre/distinfo
+++ b/devel/pcre/distinfo
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.32 2008/05/27 16:20:52 tnn Exp $
+$NetBSD: distinfo,v 1.33 2008/07/04 21:30:24 tonnerre Exp $
 
 SHA1 (pcre-7.7.tar.bz2) = f1f54d3e13e6cb427de962e62eaaee32c74cba38
 RMD160 (pcre-7.7.tar.bz2) = fdf7785b982879ce91847130960fa1531caffaeb
 Size (pcre-7.7.tar.bz2) = 818897 bytes
 SHA1 (patch-aa) = 2bca13cdd4a398ae3dbf26f75fd94557cb076dbe
 SHA1 (patch-ab) = a51a173c41825effd94c104f3b7eea3e48d019f9
+SHA1 (patch-ac) = 3e161c431ffe0d1b0361eea12e5347cd5c3aebaa
diff --git a/devel/pcre/patches/patch-ac b/devel/pcre/patches/patch-ac
new file mode 100644
index 00000000000..423ae9147b2
--- /dev/null
+++ b/devel/pcre/patches/patch-ac
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.5 2008/07/04 21:30:24 tonnerre Exp $
+
+--- pcre_compile.c.orig	2008-04-28 17:06:46.000000000 +0200
++++ pcre_compile.c
+@@ -4931,7 +4931,7 @@ we set the flag only if there is a liter
+                (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
+             {
+             cd->external_options = newoptions;
+-            options = newoptions;
++            options = *optionsptr = newoptions;
+             }
+          else
+             {