Date: Mon, 21 Mar 2016 02:34:50 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r411530 - in head/devel/pcre2: . files Message-ID: <201603210234.u2L2YoKO077868@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Mon Mar 21 02:34:50 2016 New Revision: 411530 URL: https://svnweb.freebsd.org/changeset/ports/411530 Log: devel/pcre2: Add patch to resolve CVE PR: 208167 Obtained from: PCRE svn (r489) Security: CVE-2016-3191 Added: head/devel/pcre2/files/patch-CVE-2016-3191 (contents, props changed) Modified: head/devel/pcre2/Makefile Modified: head/devel/pcre2/Makefile ============================================================================== --- head/devel/pcre2/Makefile Mon Mar 21 02:32:27 2016 (r411529) +++ head/devel/pcre2/Makefile Mon Mar 21 02:34:50 2016 (r411530) @@ -3,7 +3,7 @@ PORTNAME= pcre2 PORTVERSION= 10.20 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= devel MASTER_SITES= SF/pcre/${PORTNAME}/${PORTVERSION} \ ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ \ Added: head/devel/pcre2/files/patch-CVE-2016-3191 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/pcre2/files/patch-CVE-2016-3191 Mon Mar 21 02:34:50 2016 (r411530) @@ -0,0 +1,27 @@ +--- src/pcre2_compile.c 2016/02/06 16:40:59 488 ++++ src/pcre2_compile.c 2016/02/10 18:24:02 489 +@@ -5901,10 +5901,22 @@ + goto FAILED; + } + cb->had_accept = TRUE; ++ ++ /* In the first pass, just accumulate the length required; ++ otherwise hitting (*ACCEPT) inside many nested parentheses can ++ cause workspace overflow. */ ++ + for (oc = cb->open_caps; oc != NULL; oc = oc->next) + { +- *code++ = OP_CLOSE; +- PUT2INC(code, 0, oc->number); ++ if (lengthptr != NULL) ++ { ++ *lengthptr += CU2BYTES(1) + IMM2_SIZE; ++ } ++ else ++ { ++ *code++ = OP_CLOSE; ++ PUT2INC(code, 0, oc->number); ++ } + } + setverb = *code++ = + (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603210234.u2L2YoKO077868>