Date: Mon, 21 Mar 2016 02:35:45 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r411531 - in branches/2016Q1/devel/pcre2: . files Message-ID: <201603210235.u2L2Zj37078079@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Mon Mar 21 02:35:44 2016 New Revision: 411531 URL: https://svnweb.freebsd.org/changeset/ports/411531 Log: MFH: r411530 devel/pcre2: Add patch to resolve CVE PR: 208167 Obtained from: PCRE svn (r489) Security: CVE-2016-3191 Approved by: ports-secteam (with hat) Added: branches/2016Q1/devel/pcre2/files/patch-CVE-2016-3191 - copied unchanged from r411530, head/devel/pcre2/files/patch-CVE-2016-3191 Modified: branches/2016Q1/devel/pcre2/Makefile Directory Properties: branches/2016Q1/ (props changed) Modified: branches/2016Q1/devel/pcre2/Makefile ============================================================================== --- branches/2016Q1/devel/pcre2/Makefile Mon Mar 21 02:34:50 2016 (r411530) +++ branches/2016Q1/devel/pcre2/Makefile Mon Mar 21 02:35:44 2016 (r411531) @@ -3,7 +3,7 @@ PORTNAME= pcre2 PORTVERSION= 10.20 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= devel MASTER_SITES= SF/pcre/${PORTNAME}/${PORTVERSION} \ ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ \ Copied: branches/2016Q1/devel/pcre2/files/patch-CVE-2016-3191 (from r411530, head/devel/pcre2/files/patch-CVE-2016-3191) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q1/devel/pcre2/files/patch-CVE-2016-3191 Mon Mar 21 02:35:44 2016 (r411531, copy of r411530, head/devel/pcre2/files/patch-CVE-2016-3191) @@ -0,0 +1,27 @@ +--- src/pcre2_compile.c 2016/02/06 16:40:59 488 ++++ src/pcre2_compile.c 2016/02/10 18:24:02 489 +@@ -5901,10 +5901,22 @@ + goto FAILED; + } + cb->had_accept = TRUE; ++ ++ /* In the first pass, just accumulate the length required; ++ otherwise hitting (*ACCEPT) inside many nested parentheses can ++ cause workspace overflow. */ ++ + for (oc = cb->open_caps; oc != NULL; oc = oc->next) + { +- *code++ = OP_CLOSE; +- PUT2INC(code, 0, oc->number); ++ if (lengthptr != NULL) ++ { ++ *lengthptr += CU2BYTES(1) + IMM2_SIZE; ++ } ++ else ++ { ++ *code++ = OP_CLOSE; ++ PUT2INC(code, 0, oc->number); ++ } + } + setverb = *code++ = + (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603210235.u2L2Zj37078079>