[arch-commits] Commit in lib32-pcre/trunk (01-CVE-2016-1283.patch PKGBUILD)

Felix Yan fyan at archlinux.org
Tue Mar 15 15:44:36 UTC 2016


    Date: Tuesday, March 15, 2016 @ 16:44:35
  Author: fyan
Revision: 166829

upgpkg: lib32-pcre 8.38-2

Added:
  lib32-pcre/trunk/01-CVE-2016-1283.patch
Modified:
  lib32-pcre/trunk/PKGBUILD

------------------------+
 01-CVE-2016-1283.patch |   18 ++++++++++++++++++
 PKGBUILD               |   21 ++++++++++++++++++---
 2 files changed, 36 insertions(+), 3 deletions(-)

Added: 01-CVE-2016-1283.patch
===================================================================
--- 01-CVE-2016-1283.patch	                        (rev 0)
+++ 01-CVE-2016-1283.patch	2016-03-15 15:44:35 UTC (rev 166829)
@@ -0,0 +1,18 @@
+Index: pcre_compile.c
+===================================================================
+--- a/pcre_compile.c	(revision 1635)
++++ b/pcre_compile.c	(revision 1636)
+@@ -7311,7 +7311,12 @@
+           so far in order to get the number. If the name is not found, leave
+           the value of recno as 0 for a forward reference. */
+ 
+-          else
++          /* This patch (removing "else") fixes a problem when a reference is
++          to multiple identically named nested groups from within the nest.
++          Once again, it is not the "proper" fix, and it results in an
++          over-allocation of memory. */
++
++          /* else */
+             {
+             ng = cd->named_groups;
+             for (i = 0; i < cd->names_found; i++, ng++)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2016-03-15 15:18:42 UTC (rev 166828)
+++ PKGBUILD	2016-03-15 15:44:35 UTC (rev 166829)
@@ -4,7 +4,7 @@
 _pkgbasename=pcre
 pkgname=lib32-$_pkgbasename
 pkgver=8.38
-pkgrel=1
+pkgrel=2
 pkgdesc="A library that implements Perl 5-style regular expressions (32-bit)"
 arch=('x86_64')
 url="http://pcre.sourceforge.net"
@@ -11,11 +11,26 @@
 license=('custom')
 depends=('lib32-gcc-libs' $_pkgbasename)
 makedepends=('gcc-multilib')
-source=(ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${_pkgbasename}-${pkgver}.tar.bz2{,.sig})
+source=(ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${_pkgbasename}-${pkgver}.tar.bz2{,.sig}
+        '01-CVE-2016-1283.patch')
 md5sums=('00aabbfe56d5a48b270f999b508c5ad2'
-         'SKIP')
+         'SKIP'
+         '722aba6455a3f0240eaa22289f0176a0')
 validpgpkeys=('45F68D54BBE23FB3039B46E59766E084FB0F43D8') # Philip Hazel
 
+prepare() {
+  cd "${srcdir}"/${_pkgbasename}-${pkgver}
+  # apply patch from the source array (should be a pacman feature)
+  local filename
+  for filename in "${source[@]}"; do
+    if [[ "$filename" =~ \.patch$ ]]; then
+      msg2 "Applying patch $filename"
+      patch -p1 -N -i "$srcdir/$filename"
+    fi
+  done
+  :
+}
+
 build() {
   cd "${srcdir}"/${_pkgbasename}-${pkgver}
   export CC="gcc -m32"



More information about the arch-commits mailing list