svn commit: r395178 - in head/devel/pcre: . files
Mark Felder
feld at FreeBSD.org
Mon Aug 24 16:25:23 UTC 2015
Author: feld
Date: Mon Aug 24 16:25:22 2015
New Revision: 395178
URL: https://svnweb.freebsd.org/changeset/ports/395178
Log:
devel/pcre: Add patch to resolve heap overflow vulnerability
Obtained from: http://vcs.pcre.org/pcre?view=revision&revision=1594
Security: 6900e6f1-4a79-11e5-9ad8-14dae9d210b8
Added:
head/devel/pcre/files/patch-r1594-heap-overflow (contents, props changed)
Modified:
head/devel/pcre/Makefile
Modified: head/devel/pcre/Makefile
==============================================================================
--- head/devel/pcre/Makefile Mon Aug 24 16:10:57 2015 (r395177)
+++ head/devel/pcre/Makefile Mon Aug 24 16:25:22 2015 (r395178)
@@ -3,7 +3,7 @@
PORTNAME= pcre
PORTVERSION= 8.37
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= devel
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} \
ftp://ftp.csx.cam.ac.uk/pub/software/programming/${PORTNAME}/ \
Added: head/devel/pcre/files/patch-r1594-heap-overflow
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/pcre/files/patch-r1594-heap-overflow Mon Aug 24 16:25:22 2015 (r395178)
@@ -0,0 +1,20 @@
+--- pcre_compile.c 2015/08/14 09:34:32 1593
++++ pcre_compile.c 2015/08/21 16:08:33 1594
+@@ -7238,7 +7238,7 @@
+ encountered. In that case, we allow yet more memory, just in case.
+ (Again, this is fixed "properly" in PCRE2. */
+
+- if (cd->dupgroups) *lengthptr += 2 + 2*LINK_SIZE;
++ if (cd->dupgroups) *lengthptr += 4 + 4*LINK_SIZE;
+
+ /* Otherwise, check for recursion here. The name table does not exist
+ in the first pass; instead we must scan the list of names encountered
+@@ -9474,7 +9474,7 @@
+ "const" attribute if the cast (pcre_uchar *)codestart is used directly in the
+ function call. */
+
+-if ((options & PCRE_NO_AUTO_POSSESS) == 0)
++if (errorcode == 0 && (options & PCRE_NO_AUTO_POSSESS) == 0)
+ {
+ pcre_uchar *temp = (pcre_uchar *)codestart;
+ auto_possessify(temp, utf, cd);
More information about the svn-ports-all
mailing list