svn commit: r395179 - in branches/2015Q3/devel/pcre: . files
Mark Felder
feld at FreeBSD.org
Mon Aug 24 16:30:17 UTC 2015
Author: feld
Date: Mon Aug 24 16:30:16 2015
New Revision: 395179
URL: https://svnweb.freebsd.org/changeset/ports/395179
Log:
MFH: r395178
devel/pcre: Add patch to resolve heap overflow vulnerability
Obtained from: http://vcs.pcre.org/pcre?view=revision&revision=1594
Security: 6900e6f1-4a79-11e5-9ad8-14dae9d210b8
Approved by: ports-secteam (with hat)
Added:
branches/2015Q3/devel/pcre/files/patch-r1594-heap-overflow
- copied unchanged from r395178, head/devel/pcre/files/patch-r1594-heap-overflow
Modified:
branches/2015Q3/devel/pcre/Makefile
Directory Properties:
branches/2015Q3/ (props changed)
Modified: branches/2015Q3/devel/pcre/Makefile
==============================================================================
--- branches/2015Q3/devel/pcre/Makefile Mon Aug 24 16:25:22 2015 (r395178)
+++ branches/2015Q3/devel/pcre/Makefile Mon Aug 24 16:30:16 2015 (r395179)
@@ -3,7 +3,7 @@
PORTNAME= pcre
PORTVERSION= 8.37
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= devel
MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} \
ftp://ftp.csx.cam.ac.uk/pub/software/programming/${PORTNAME}/ \
Copied: branches/2015Q3/devel/pcre/files/patch-r1594-heap-overflow (from r395178, head/devel/pcre/files/patch-r1594-heap-overflow)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2015Q3/devel/pcre/files/patch-r1594-heap-overflow Mon Aug 24 16:30:16 2015 (r395179, copy of r395178, head/devel/pcre/files/patch-r1594-heap-overflow)
@@ -0,0 +1,20 @@
+--- pcre_compile.c 2015/08/14 09:34:32 1593
++++ pcre_compile.c 2015/08/21 16:08:33 1594
+@@ -7238,7 +7238,7 @@
+ encountered. In that case, we allow yet more memory, just in case.
+ (Again, this is fixed "properly" in PCRE2. */
+
+- if (cd->dupgroups) *lengthptr += 2 + 2*LINK_SIZE;
++ if (cd->dupgroups) *lengthptr += 4 + 4*LINK_SIZE;
+
+ /* Otherwise, check for recursion here. The name table does not exist
+ in the first pass; instead we must scan the list of names encountered
+@@ -9474,7 +9474,7 @@
+ "const" attribute if the cast (pcre_uchar *)codestart is used directly in the
+ function call. */
+
+-if ((options & PCRE_NO_AUTO_POSSESS) == 0)
++if (errorcode == 0 && (options & PCRE_NO_AUTO_POSSESS) == 0)
+ {
+ pcre_uchar *temp = (pcre_uchar *)codestart;
+ auto_possessify(temp, utf, cd);
More information about the svn-ports-branches
mailing list