svn commit: r411530 - in head/devel/pcre2: . files
Mark Felder
feld at FreeBSD.org
Mon Mar 21 02:34:52 UTC 2016
Author: feld
Date: Mon Mar 21 02:34:50 2016
New Revision: 411530
URL: https://svnweb.freebsd.org/changeset/ports/411530
Log:
devel/pcre2: Add patch to resolve CVE
PR: 208167
Obtained from: PCRE svn (r489)
Security: CVE-2016-3191
Added:
head/devel/pcre2/files/patch-CVE-2016-3191 (contents, props changed)
Modified:
head/devel/pcre2/Makefile
Modified: head/devel/pcre2/Makefile
==============================================================================
--- head/devel/pcre2/Makefile Mon Mar 21 02:32:27 2016 (r411529)
+++ head/devel/pcre2/Makefile Mon Mar 21 02:34:50 2016 (r411530)
@@ -3,7 +3,7 @@
PORTNAME= pcre2
PORTVERSION= 10.20
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= devel
MASTER_SITES= SF/pcre/${PORTNAME}/${PORTVERSION} \
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ \
Added: head/devel/pcre2/files/patch-CVE-2016-3191
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/pcre2/files/patch-CVE-2016-3191 Mon Mar 21 02:34:50 2016 (r411530)
@@ -0,0 +1,27 @@
+--- src/pcre2_compile.c 2016/02/06 16:40:59 488
++++ src/pcre2_compile.c 2016/02/10 18:24:02 489
+@@ -5901,10 +5901,22 @@
+ goto FAILED;
+ }
+ cb->had_accept = TRUE;
++
++ /* In the first pass, just accumulate the length required;
++ otherwise hitting (*ACCEPT) inside many nested parentheses can
++ cause workspace overflow. */
++
+ for (oc = cb->open_caps; oc != NULL; oc = oc->next)
+ {
+- *code++ = OP_CLOSE;
+- PUT2INC(code, 0, oc->number);
++ if (lengthptr != NULL)
++ {
++ *lengthptr += CU2BYTES(1) + IMM2_SIZE;
++ }
++ else
++ {
++ *code++ = OP_CLOSE;
++ PUT2INC(code, 0, oc->number);
++ }
+ }
+ setverb = *code++ =
+ (cb->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
More information about the svn-ports-all
mailing list