Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 3 Apr 2016 13:43:30 +0000 (UTC)
From:      Jason Unovitch <junovitch@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r412472 - in head/devel/pcre: . files
Message-ID:  <201604031343.u33DhU2w038367@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: junovitch
Date: Sun Apr  3 13:43:29 2016
New Revision: 412472
URL: https://svnweb.freebsd.org/changeset/ports/412472

Log:
  devel/pcre: Add patch to resolve heap overflow vulnerability
  
  PR:		208260
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Approved by:	ports-secteam (with hat)
  Obtained from:	PCRE svn (r1636)
  Security:	CVE-2016-1283
  Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html
  MFH:		2016Q2

Added:
  head/devel/pcre/files/patch-CVE-2016-1283   (contents, props changed)
Modified:
  head/devel/pcre/Makefile

Modified: head/devel/pcre/Makefile
==============================================================================
--- head/devel/pcre/Makefile	Sun Apr  3 13:43:13 2016	(r412471)
+++ head/devel/pcre/Makefile	Sun Apr  3 13:43:29 2016	(r412472)
@@ -3,7 +3,7 @@
 
 PORTNAME=	pcre
 PORTVERSION=	8.38
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} \
 		ftp://ftp.csx.cam.ac.uk/pub/software/programming/${PORTNAME}/ \

Added: head/devel/pcre/files/patch-CVE-2016-1283
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/devel/pcre/files/patch-CVE-2016-1283	Sun Apr  3 13:43:29 2016	(r412472)
@@ -0,0 +1,18 @@
+Index: pcre_compile.c
+===================================================================
+--- pcre_compile.c	(revision 1635)
++++ pcre_compile.c	(revision 1636)
+@@ -7311,7 +7311,12 @@
+           so far in order to get the number. If the name is not found, leave
+           the value of recno as 0 for a forward reference. */
+ 
+-          else
++          /* This patch (removing "else") fixes a problem when a reference is
++          to multiple identically named nested groups from within the nest.
++          Once again, it is not the "proper" fix, and it results in an
++          over-allocation of memory. */
++
++          /* else */
+             {
+             ng = cd->named_groups;
+             for (i = 0; i < cd->names_found; i++, ng++)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604031343.u33DhU2w038367>