[arch-commits] Commit in lib32-pcre/trunk (01-CVE-2016-1283.patch PKGBUILD)
Felix Yan
fyan at archlinux.org
Tue Mar 15 15:44:36 UTC 2016
Date: Tuesday, March 15, 2016 @ 16:44:35
Author: fyan
Revision: 166829
upgpkg: lib32-pcre 8.38-2
Added:
lib32-pcre/trunk/01-CVE-2016-1283.patch
Modified:
lib32-pcre/trunk/PKGBUILD
------------------------+
01-CVE-2016-1283.patch | 18 ++++++++++++++++++
PKGBUILD | 21 ++++++++++++++++++---
2 files changed, 36 insertions(+), 3 deletions(-)
Added: 01-CVE-2016-1283.patch
===================================================================
--- 01-CVE-2016-1283.patch (rev 0)
+++ 01-CVE-2016-1283.patch 2016-03-15 15:44:35 UTC (rev 166829)
@@ -0,0 +1,18 @@
+Index: pcre_compile.c
+===================================================================
+--- a/pcre_compile.c (revision 1635)
++++ b/pcre_compile.c (revision 1636)
+@@ -7311,7 +7311,12 @@
+ so far in order to get the number. If the name is not found, leave
+ the value of recno as 0 for a forward reference. */
+
+- else
++ /* This patch (removing "else") fixes a problem when a reference is
++ to multiple identically named nested groups from within the nest.
++ Once again, it is not the "proper" fix, and it results in an
++ over-allocation of memory. */
++
++ /* else */
+ {
+ ng = cd->named_groups;
+ for (i = 0; i < cd->names_found; i++, ng++)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-03-15 15:18:42 UTC (rev 166828)
+++ PKGBUILD 2016-03-15 15:44:35 UTC (rev 166829)
@@ -4,7 +4,7 @@
_pkgbasename=pcre
pkgname=lib32-$_pkgbasename
pkgver=8.38
-pkgrel=1
+pkgrel=2
pkgdesc="A library that implements Perl 5-style regular expressions (32-bit)"
arch=('x86_64')
url="http://pcre.sourceforge.net"
@@ -11,11 +11,26 @@
license=('custom')
depends=('lib32-gcc-libs' $_pkgbasename)
makedepends=('gcc-multilib')
-source=(ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${_pkgbasename}-${pkgver}.tar.bz2{,.sig})
+source=(ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${_pkgbasename}-${pkgver}.tar.bz2{,.sig}
+ '01-CVE-2016-1283.patch')
md5sums=('00aabbfe56d5a48b270f999b508c5ad2'
- 'SKIP')
+ 'SKIP'
+ '722aba6455a3f0240eaa22289f0176a0')
validpgpkeys=('45F68D54BBE23FB3039B46E59766E084FB0F43D8') # Philip Hazel
+prepare() {
+ cd "${srcdir}"/${_pkgbasename}-${pkgver}
+ # apply patch from the source array (should be a pacman feature)
+ local filename
+ for filename in "${source[@]}"; do
+ if [[ "$filename" =~ \.patch$ ]]; then
+ msg2 "Applying patch $filename"
+ patch -p1 -N -i "$srcdir/$filename"
+ fi
+ done
+ :
+}
+
build() {
cd "${srcdir}"/${_pkgbasename}-${pkgver}
export CC="gcc -m32"
More information about the arch-commits
mailing list