svn commit: r411533 - in branches/2016Q1/devel/pcre: . files

Mark Felder feld at FreeBSD.org
Mon Mar 21 02:41:23 UTC 2016 

Author: feld
Date: Mon Mar 21 02:41:21 2016
New Revision: 411533
URL: https://svnweb.freebsd.org/changeset/ports/411533

Log:
  MFH: r411532
  
  devel/pcre: Update to 8.38
  
  - Remove patches now in the 8.38 release
  - Add patch to resolve outstanding CVE
  
  PR:		208167
  Obtained from:	PCRE svn (r1631)
  Security:	CVE-2016-3191
  Approved by:	ports-secteam (with hat)

Added:
  branches/2016Q1/devel/pcre/files/patch-CVE-2016-3191
     - copied unchanged from r411532, head/devel/pcre/files/patch-CVE-2016-3191
Deleted:
  branches/2016Q1/devel/pcre/files/patch-CVE-2015-5073
  branches/2016Q1/devel/pcre/files/patch-buffer-overflow
  branches/2016Q1/devel/pcre/files/patch-r1585-buffer-overflow
  branches/2016Q1/devel/pcre/files/patch-r1594-heap-overflow
Modified:
  branches/2016Q1/devel/pcre/Makefile
  branches/2016Q1/devel/pcre/distinfo
  branches/2016Q1/devel/pcre/pkg-plist
Directory Properties:
  branches/2016Q1/   (props changed)

Modified: branches/2016Q1/devel/pcre/Makefile
==============================================================================
--- branches/2016Q1/devel/pcre/Makefile	Mon Mar 21 02:40:25 2016	(r411532)
+++ branches/2016Q1/devel/pcre/Makefile	Mon Mar 21 02:41:21 2016	(r411533)
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	pcre
-PORTVERSION=	8.37
-PORTREVISION=	4
+PORTVERSION=	8.38
+PORTREVISION=	0
 CATEGORIES=	devel
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} \
 		ftp://ftp.csx.cam.ac.uk/pub/software/programming/${PORTNAME}/ \

Modified: branches/2016Q1/devel/pcre/distinfo
==============================================================================
--- branches/2016Q1/devel/pcre/distinfo	Mon Mar 21 02:40:25 2016	(r411532)
+++ branches/2016Q1/devel/pcre/distinfo	Mon Mar 21 02:41:21 2016	(r411533)
@@ -1,2 +1,2 @@
-SHA256 (pcre-8.37.tar.bz2) = 51679ea8006ce31379fb0860e46dd86665d864b5020fc9cd19e71260eef4789d
-SIZE (pcre-8.37.tar.bz2) = 1557603
+SHA256 (pcre-8.38.tar.bz2) = b9e02d36e23024d6c02a2e5b25204b3a4fa6ade43e0a5f869f254f49535079df
+SIZE (pcre-8.38.tar.bz2) = 1562265

Copied: branches/2016Q1/devel/pcre/files/patch-CVE-2016-3191 (from r411532, head/devel/pcre/files/patch-CVE-2016-3191)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2016Q1/devel/pcre/files/patch-CVE-2016-3191	Mon Mar 21 02:41:21 2016	(r411533, copy of r411532, head/devel/pcre/files/patch-CVE-2016-3191)
@@ -0,0 +1,94 @@
+--- pcre_compile.c	2016/02/10 10:53:45	1630
++++ pcre_compile.c	2016/02/10 19:13:17	1631
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+ 
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2014 University of Cambridge
++           Copyright (c) 1997-2016 University of Cambridge
+ 
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -560,6 +560,7 @@
+   /* 85 */
+   "parentheses are too deeply nested (stack check)\0"
+   "digits missing in \\x{} or \\o{}\0"
++  "regular expression is too complicated\0"
+   ;
+ 
+ /* Table to identify digits and hex digits. This is used when compiling
+@@ -4591,7 +4592,8 @@
+     if (code > cd->start_workspace + cd->workspace_size -
+         WORK_SIZE_SAFETY_MARGIN)                       /* Check for overrun */
+       {
+-      *errorcodeptr = ERR52;
++      *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
++        ERR52 : ERR87;
+       goto FAILED;
+       }
+ 
+@@ -6626,8 +6628,21 @@
+             cd->had_accept = TRUE;
+             for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+               {
+-              *code++ = OP_CLOSE;
+-              PUT2INC(code, 0, oc->number);
++              if (lengthptr != NULL)
++                {
++#ifdef COMPILE_PCRE8
++                *lengthptr += 1 + IMM2_SIZE;
++#elif defined COMPILE_PCRE16
++                *lengthptr += 2 + IMM2_SIZE;
++#elif defined COMPILE_PCRE32
++                *lengthptr += 4 + IMM2_SIZE;
++#endif
++                }
++              else
++                {
++                *code++ = OP_CLOSE;
++                PUT2INC(code, 0, oc->number);
++                }
+               }
+             setverb = *code++ =
+               (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
+--- pcre_internal.h	2016/02/10 10:53:45	1630
++++ pcre_internal.h	2016/02/10 19:13:17	1631
+@@ -7,7 +7,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+ 
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2014 University of Cambridge
++           Copyright (c) 1997-2016 University of Cambridge
+ 
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -2289,7 +2289,7 @@
+        ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
+        ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
+        ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
+-       ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
++       ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
+ 
+ /* JIT compiling modes. The function list is indexed by them. */
+ 
+--- pcreposix.c	2016/02/10 10:53:45	1630
++++ pcreposix.c	2016/02/10 19:13:17	1631
+@@ -6,7 +6,7 @@
+ and semantics are as close as possible to those of the Perl 5 language.
+ 
+                        Written by Philip Hazel
+-           Copyright (c) 1997-2014 University of Cambridge
++           Copyright (c) 1997-2016 University of Cambridge
+ 
+ -----------------------------------------------------------------------------
+ Redistribution and use in source and binary forms, with or without
+@@ -173,7 +173,8 @@
+   REG_BADPAT,  /* group name must start with a non-digit */
+   /* 85 */
+   REG_BADPAT,  /* parentheses too deeply nested (stack check) */
+-  REG_BADPAT   /* missing digits in \x{} or \o{} */
++  REG_BADPAT,  /* missing digits in \x{} or \o{} */
++  REG_BADPAT   /* pattern too complicated */
+ };
+ 
+ /* Table of texts corresponding to POSIX error codes */

Modified: branches/2016Q1/devel/pcre/pkg-plist
==============================================================================
--- branches/2016Q1/devel/pcre/pkg-plist	Mon Mar 21 02:40:25 2016	(r411532)
+++ branches/2016Q1/devel/pcre/pkg-plist	Mon Mar 21 02:41:21 2016	(r411533)
@@ -10,16 +10,16 @@ include/pcrecpp.h
 lib/libpcre.a
 lib/libpcre.so
 lib/libpcre.so.1
-lib/libpcre.so.1.2.5
+lib/libpcre.so.1.2.6
 lib/libpcre.so.3
 lib/libpcre16.a
 lib/libpcre16.so
 lib/libpcre16.so.0
-lib/libpcre16.so.0.2.5
+lib/libpcre16.so.0.2.6
 lib/libpcre32.a
 lib/libpcre32.so
 lib/libpcre32.so.0
-lib/libpcre32.so.0.0.5
+lib/libpcre32.so.0.0.6
 lib/libpcrecpp.a
 lib/libpcrecpp.so
 lib/libpcrecpp.so.0

More information about the svn-ports-branches mailing list