[arch-commits] Commit in pcre/trunk (01-CVE-2016-1283.patch PKGBUILD)
Sébastien Luttringer
seblu at archlinux.org
Sat Mar 12 15:27:40 UTC 2016
Date: Saturday, March 12, 2016 @ 16:27:40
Author: seblu
Revision: 261359
upgpkg: pcre 8.38-3
Added:
pcre/trunk/01-CVE-2016-1283.patch
Modified:
pcre/trunk/PKGBUILD
------------------------+
01-CVE-2016-1283.patch | 18 ++++++++++++++++++
PKGBUILD | 14 +++++++++++---
2 files changed, 29 insertions(+), 3 deletions(-)
Added: 01-CVE-2016-1283.patch
===================================================================
--- 01-CVE-2016-1283.patch (rev 0)
+++ 01-CVE-2016-1283.patch 2016-03-12 15:27:40 UTC (rev 261359)
@@ -0,0 +1,18 @@
+Index: pcre_compile.c
+===================================================================
+--- a/pcre_compile.c (revision 1635)
++++ b/pcre_compile.c (revision 1636)
+@@ -7311,7 +7311,12 @@
+ so far in order to get the number. If the name is not found, leave
+ the value of recno as 0 for a forward reference. */
+
+- else
++ /* This patch (removing "else") fixes a problem when a reference is
++ to multiple identically named nested groups from within the nest.
++ Once again, it is not the "proper" fix, and it results in an
++ over-allocation of memory. */
++
++ /* else */
+ {
+ ng = cd->named_groups;
+ for (i = 0; i < cd->names_found; i++, ng++)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-03-12 12:02:27 UTC (rev 261358)
+++ PKGBUILD 2016-03-12 15:27:40 UTC (rev 261359)
@@ -6,7 +6,7 @@
pkgname=pcre
pkgver=8.38
-pkgrel=2
+pkgrel=3
pkgdesc='A library that implements Perl 5-style regular expressions'
arch=('i686' 'x86_64')
url='http://www.pcre.org/'
@@ -13,10 +13,18 @@
license=('BSD')
depends=('gcc-libs' 'readline' 'zlib' 'bzip2' 'bash')
validpgpkeys=('45F68D54BBE23FB3039B46E59766E084FB0F43D8') # Philip Hazel
-source=("ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/$pkgname-$pkgver.tar.bz2"{,.sig})
+source=("ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/$pkgname-$pkgver.tar.bz2"{,.sig}
+ '01-CVE-2016-1283.patch')
md5sums=('00aabbfe56d5a48b270f999b508c5ad2'
- 'SKIP')
+ 'SKIP'
+ '722aba6455a3f0240eaa22289f0176a0')
+prepare() {
+ for _f in "${source[@]}"; do
+ [[ "$_f" =~ \.patch$ ]] && { msg2 "$_f"; patch -p1 -d $pkgname-$pkgver < "$_f"; }
+ done
+ :
+}
build() {
cd $pkgname-$pkgver
More information about the arch-commits
mailing list