svn commit: r412473 - in branches/2016Q2/devel/pcre: . files
Jason Unovitch
junovitch at FreeBSD.org
Sun Apr 3 13:44:14 UTC 2016
Author: junovitch
Date: Sun Apr 3 13:44:12 2016
New Revision: 412473
URL: https://svnweb.freebsd.org/changeset/ports/412473
Log:
MFH: r412472
devel/pcre: Add patch to resolve heap overflow vulnerability
PR: 208260
Reported by: Sevan Janiyan <venture37 at geeklan.co.uk>
Approved by: ports-secteam (with hat)
Obtained from: PCRE svn (r1636)
Security: CVE-2016-1283
Security: https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html
Added:
branches/2016Q2/devel/pcre/files/patch-CVE-2016-1283
- copied unchanged from r412472, head/devel/pcre/files/patch-CVE-2016-1283
Modified:
branches/2016Q2/devel/pcre/Makefile
Directory Properties:
branches/2016Q2/ (props changed)
Modified: branches/2016Q2/devel/pcre/Makefile
==============================================================================
--- branches/2016Q2/devel/pcre/Makefile Sun Apr 3 13:43:29 2016 (r412472)
+++ branches/2016Q2/devel/pcre/Makefile Sun Apr 3 13:44:12 2016 (r412473)
@@ -3,7 +3,7 @@
PORTNAME= pcre
PORTVERSION= 8.38
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= devel
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} \
ftp://ftp.csx.cam.ac.uk/pub/software/programming/${PORTNAME}/ \
Copied: branches/2016Q2/devel/pcre/files/patch-CVE-2016-1283 (from r412472, head/devel/pcre/files/patch-CVE-2016-1283)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2016Q2/devel/pcre/files/patch-CVE-2016-1283 Sun Apr 3 13:44:12 2016 (r412473, copy of r412472, head/devel/pcre/files/patch-CVE-2016-1283)
@@ -0,0 +1,18 @@
+Index: pcre_compile.c
+===================================================================
+--- pcre_compile.c (revision 1635)
++++ pcre_compile.c (revision 1636)
+@@ -7311,7 +7311,12 @@
+ so far in order to get the number. If the name is not found, leave
+ the value of recno as 0 for a forward reference. */
+
+- else
++ /* This patch (removing "else") fixes a problem when a reference is
++ to multiple identically named nested groups from within the nest.
++ Once again, it is not the "proper" fix, and it results in an
++ over-allocation of memory. */
++
++ /* else */
+ {
+ ng = cd->named_groups;
+ for (i = 0; i < cd->names_found; i++, ng++)
More information about the svn-ports-all
mailing list