From owner-svn-ports-branches@freebsd.org Mon Mar 21 02:41:23 2016 Return-Path: Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 091F5AD61DF; Mon, 21 Mar 2016 02:41:23 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D781099D; Mon, 21 Mar 2016 02:41:22 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2L2fMrG079537; Mon, 21 Mar 2016 02:41:22 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2L2fLbB079533; Mon, 21 Mar 2016 02:41:21 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201603210241.u2L2fLbB079533@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Mon, 21 Mar 2016 02:41:21 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r411533 - in branches/2016Q1/devel/pcre: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2016 02:41:23 -0000 Author: feld Date: Mon Mar 21 02:41:21 2016 New Revision: 411533 URL: https://svnweb.freebsd.org/changeset/ports/411533 Log: MFH: r411532 devel/pcre: Update to 8.38 - Remove patches now in the 8.38 release - Add patch to resolve outstanding CVE PR: 208167 Obtained from: PCRE svn (r1631) Security: CVE-2016-3191 Approved by: ports-secteam (with hat) Added: branches/2016Q1/devel/pcre/files/patch-CVE-2016-3191 - copied unchanged from r411532, head/devel/pcre/files/patch-CVE-2016-3191 Deleted: branches/2016Q1/devel/pcre/files/patch-CVE-2015-5073 branches/2016Q1/devel/pcre/files/patch-buffer-overflow branches/2016Q1/devel/pcre/files/patch-r1585-buffer-overflow branches/2016Q1/devel/pcre/files/patch-r1594-heap-overflow Modified: branches/2016Q1/devel/pcre/Makefile branches/2016Q1/devel/pcre/distinfo branches/2016Q1/devel/pcre/pkg-plist Directory Properties: branches/2016Q1/ (props changed) Modified: branches/2016Q1/devel/pcre/Makefile ============================================================================== --- branches/2016Q1/devel/pcre/Makefile Mon Mar 21 02:40:25 2016 (r411532) +++ branches/2016Q1/devel/pcre/Makefile Mon Mar 21 02:41:21 2016 (r411533) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= pcre -PORTVERSION= 8.37 -PORTREVISION= 4 +PORTVERSION= 8.38 +PORTREVISION= 0 CATEGORIES= devel MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} \ ftp://ftp.csx.cam.ac.uk/pub/software/programming/${PORTNAME}/ \ Modified: branches/2016Q1/devel/pcre/distinfo ============================================================================== --- branches/2016Q1/devel/pcre/distinfo Mon Mar 21 02:40:25 2016 (r411532) +++ branches/2016Q1/devel/pcre/distinfo Mon Mar 21 02:41:21 2016 (r411533) @@ -1,2 +1,2 @@ -SHA256 (pcre-8.37.tar.bz2) = 51679ea8006ce31379fb0860e46dd86665d864b5020fc9cd19e71260eef4789d -SIZE (pcre-8.37.tar.bz2) = 1557603 +SHA256 (pcre-8.38.tar.bz2) = b9e02d36e23024d6c02a2e5b25204b3a4fa6ade43e0a5f869f254f49535079df +SIZE (pcre-8.38.tar.bz2) = 1562265 Copied: branches/2016Q1/devel/pcre/files/patch-CVE-2016-3191 (from r411532, head/devel/pcre/files/patch-CVE-2016-3191) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q1/devel/pcre/files/patch-CVE-2016-3191 Mon Mar 21 02:41:21 2016 (r411533, copy of r411532, head/devel/pcre/files/patch-CVE-2016-3191) @@ -0,0 +1,94 @@ +--- pcre_compile.c 2016/02/10 10:53:45 1630 ++++ pcre_compile.c 2016/02/10 19:13:17 1631 +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -560,6 +560,7 @@ + /* 85 */ + "parentheses are too deeply nested (stack check)\0" + "digits missing in \\x{} or \\o{}\0" ++ "regular expression is too complicated\0" + ; + + /* Table to identify digits and hex digits. This is used when compiling +@@ -4591,7 +4592,8 @@ + if (code > cd->start_workspace + cd->workspace_size - + WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */ + { +- *errorcodeptr = ERR52; ++ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)? ++ ERR52 : ERR87; + goto FAILED; + } + +@@ -6626,8 +6628,21 @@ + cd->had_accept = TRUE; + for (oc = cd->open_caps; oc != NULL; oc = oc->next) + { +- *code++ = OP_CLOSE; +- PUT2INC(code, 0, oc->number); ++ if (lengthptr != NULL) ++ { ++#ifdef COMPILE_PCRE8 ++ *lengthptr += 1 + IMM2_SIZE; ++#elif defined COMPILE_PCRE16 ++ *lengthptr += 2 + IMM2_SIZE; ++#elif defined COMPILE_PCRE32 ++ *lengthptr += 4 + IMM2_SIZE; ++#endif ++ } ++ else ++ { ++ *code++ = OP_CLOSE; ++ PUT2INC(code, 0, oc->number); ++ } + } + setverb = *code++ = + (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT; +--- pcre_internal.h 2016/02/10 10:53:45 1630 ++++ pcre_internal.h 2016/02/10 19:13:17 1631 +@@ -7,7 +7,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -2289,7 +2289,7 @@ + ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59, + ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, + ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, +- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT }; ++ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT }; + + /* JIT compiling modes. The function list is indexed by them. */ + +--- pcreposix.c 2016/02/10 10:53:45 1630 ++++ pcreposix.c 2016/02/10 19:13:17 1631 +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -173,7 +173,8 @@ + REG_BADPAT, /* group name must start with a non-digit */ + /* 85 */ + REG_BADPAT, /* parentheses too deeply nested (stack check) */ +- REG_BADPAT /* missing digits in \x{} or \o{} */ ++ REG_BADPAT, /* missing digits in \x{} or \o{} */ ++ REG_BADPAT /* pattern too complicated */ + }; + + /* Table of texts corresponding to POSIX error codes */ Modified: branches/2016Q1/devel/pcre/pkg-plist ============================================================================== --- branches/2016Q1/devel/pcre/pkg-plist Mon Mar 21 02:40:25 2016 (r411532) +++ branches/2016Q1/devel/pcre/pkg-plist Mon Mar 21 02:41:21 2016 (r411533) @@ -10,16 +10,16 @@ include/pcrecpp.h lib/libpcre.a lib/libpcre.so lib/libpcre.so.1 -lib/libpcre.so.1.2.5 +lib/libpcre.so.1.2.6 lib/libpcre.so.3 lib/libpcre16.a lib/libpcre16.so lib/libpcre16.so.0 -lib/libpcre16.so.0.2.5 +lib/libpcre16.so.0.2.6 lib/libpcre32.a lib/libpcre32.so lib/libpcre32.so.0 -lib/libpcre32.so.0.0.5 +lib/libpcre32.so.0.0.6 lib/libpcrecpp.a lib/libpcrecpp.so lib/libpcrecpp.so.0