From owner-svn-ports-head@freebsd.org Sun Apr 3 13:43:31 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 758EAADE737; Sun, 3 Apr 2016 13:43:31 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 29FDA13B5; Sun, 3 Apr 2016 13:43:31 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u33DhUVp038369; Sun, 3 Apr 2016 13:43:30 GMT (envelope-from junovitch@FreeBSD.org) Received: (from junovitch@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u33DhU2w038367; Sun, 3 Apr 2016 13:43:30 GMT (envelope-from junovitch@FreeBSD.org) Message-Id: <201604031343.u33DhU2w038367@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: junovitch set sender to junovitch@FreeBSD.org using -f From: Jason Unovitch Date: Sun, 3 Apr 2016 13:43:30 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r412472 - in head/devel/pcre: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2016 13:43:31 -0000 Author: junovitch Date: Sun Apr 3 13:43:29 2016 New Revision: 412472 URL: https://svnweb.freebsd.org/changeset/ports/412472 Log: devel/pcre: Add patch to resolve heap overflow vulnerability PR: 208260 Reported by: Sevan Janiyan Approved by: ports-secteam (with hat) Obtained from: PCRE svn (r1636) Security: CVE-2016-1283 Security: https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html MFH: 2016Q2 Added: head/devel/pcre/files/patch-CVE-2016-1283 (contents, props changed) Modified: head/devel/pcre/Makefile Modified: head/devel/pcre/Makefile ============================================================================== --- head/devel/pcre/Makefile Sun Apr 3 13:43:13 2016 (r412471) +++ head/devel/pcre/Makefile Sun Apr 3 13:43:29 2016 (r412472) @@ -3,7 +3,7 @@ PORTNAME= pcre PORTVERSION= 8.38 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= devel MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} \ ftp://ftp.csx.cam.ac.uk/pub/software/programming/${PORTNAME}/ \ Added: head/devel/pcre/files/patch-CVE-2016-1283 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/pcre/files/patch-CVE-2016-1283 Sun Apr 3 13:43:29 2016 (r412472) @@ -0,0 +1,18 @@ +Index: pcre_compile.c +=================================================================== +--- pcre_compile.c (revision 1635) ++++ pcre_compile.c (revision 1636) +@@ -7311,7 +7311,12 @@ + so far in order to get the number. If the name is not found, leave + the value of recno as 0 for a forward reference. */ + +- else ++ /* This patch (removing "else") fixes a problem when a reference is ++ to multiple identically named nested groups from within the nest. ++ Once again, it is not the "proper" fix, and it results in an ++ over-allocation of memory. */ ++ ++ /* else */ + { + ng = cd->named_groups; + for (i = 0; i < cd->names_found; i++, ng++)