[arch-commits] Commit in pcre/trunk (01-CVE-2016-1283.patch PKGBUILD)

Sébastien Luttringer seblu at archlinux.org
Sat Mar 12 15:27:40 UTC 2016 

    Date: Saturday, March 12, 2016 @ 16:27:40
  Author: seblu
Revision: 261359

upgpkg: pcre 8.38-3

Added:
  pcre/trunk/01-CVE-2016-1283.patch
Modified:
  pcre/trunk/PKGBUILD

------------------------+
 01-CVE-2016-1283.patch |   18 ++++++++++++++++++
 PKGBUILD               |   14 +++++++++++---
 2 files changed, 29 insertions(+), 3 deletions(-)

Added: 01-CVE-2016-1283.patch
===================================================================
--- 01-CVE-2016-1283.patch	                        (rev 0)
+++ 01-CVE-2016-1283.patch	2016-03-12 15:27:40 UTC (rev 261359)
@@ -0,0 +1,18 @@
+Index: pcre_compile.c
+===================================================================
+--- a/pcre_compile.c	(revision 1635)
++++ b/pcre_compile.c	(revision 1636)
+@@ -7311,7 +7311,12 @@
+           so far in order to get the number. If the name is not found, leave
+           the value of recno as 0 for a forward reference. */
+ 
+-          else
++          /* This patch (removing "else") fixes a problem when a reference is
++          to multiple identically named nested groups from within the nest.
++          Once again, it is not the "proper" fix, and it results in an
++          over-allocation of memory. */
++
++          /* else */
+             {
+             ng = cd->named_groups;
+             for (i = 0; i < cd->names_found; i++, ng++)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2016-03-12 12:02:27 UTC (rev 261358)
+++ PKGBUILD	2016-03-12 15:27:40 UTC (rev 261359)
@@ -6,7 +6,7 @@
 
 pkgname=pcre
 pkgver=8.38
-pkgrel=2
+pkgrel=3
 pkgdesc='A library that implements Perl 5-style regular expressions'
 arch=('i686' 'x86_64')
 url='http://www.pcre.org/'
@@ -13,10 +13,18 @@
 license=('BSD')
 depends=('gcc-libs' 'readline' 'zlib' 'bzip2' 'bash')
 validpgpkeys=('45F68D54BBE23FB3039B46E59766E084FB0F43D8') # Philip Hazel
-source=("ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/$pkgname-$pkgver.tar.bz2"{,.sig})
+source=("ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/$pkgname-$pkgver.tar.bz2"{,.sig}
+        '01-CVE-2016-1283.patch')
 md5sums=('00aabbfe56d5a48b270f999b508c5ad2'
-         'SKIP')
+         'SKIP'
+         '722aba6455a3f0240eaa22289f0176a0')
 
+prepare() {
+  for _f in "${source[@]}"; do
+    [[ "$_f" =~ \.patch$ ]] && { msg2 "$_f"; patch -p1 -d $pkgname-$pkgver < "$_f"; }
+  done
+  :
+}
 
 build() {
   cd $pkgname-$pkgver

More information about the arch-commits mailing list