aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-01-25 10:30:30 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2015-08-07 14:55:46 +0000
commit75e0c2eedee7d425dde5ea121e5919bc9f00347e (patch)
treeedccdaa0d7afb8569df964cf0f547b17756b4b56
parenta6a9c2d4498adb2c5f11f9957a04444f36891051 (diff)
downloadaports-75e0c2eedee7d425dde5ea121e5919bc9f00347e.tar.bz2
aports-75e0c2eedee7d425dde5ea121e5919bc9f00347e.tar.xz
main/pcre: security fix for CVE-2014-8964
ref #3731 fixes #3733 Conflicts: main/pcre/APKBUILD
Diffstat
-rw-r--r--main/pcre/APKBUILD15
-rw-r--r--main/pcre/CVE-2014-8964.patch72
2 files changed, 82 insertions, 5 deletions
diff --git a/main/pcre/APKBUILD b/main/pcre/APKBUILD
index c90d95069a..512612e832 100644
--- a/main/pcre/APKBUILD
+++ b/main/pcre/APKBUILD
@@ -1,14 +1,16 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=pcre
pkgver=8.33
-pkgrel=1
+pkgrel=2
pkgdesc="Perl-compatible regular expression library"
url="http://pcre.sourceforge.net"
arch="all"
license="BSD"
depends=
makedepends=""
-source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2"
+source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2
+ CVE-2014-8964.patch
+ "
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools
libpcrecpp libpcre16 libpcre32"
@@ -72,6 +74,9 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-md5sums="21514018448ac10062ece7a668fca949 pcre-8.33.tar.bz2"
-sha256sums="c603957a4966811c04af5f6048c71cfb4966ec93312d7b3118116ed9f3bc0478 pcre-8.33.tar.bz2"
-sha512sums="12ff53127c549a37241a32ad22b6d0dd50eb3c44546c56f4ddd5dd3e23b0c71060d5b9d12583f9ad98354ff01804269a4d51b166561787014b820e4c72e2e599 pcre-8.33.tar.bz2"
+md5sums="21514018448ac10062ece7a668fca949 pcre-8.33.tar.bz2
+8ff63301ef88a1aa9a4dde5613036cf1 CVE-2014-8964.patch"
+sha256sums="c603957a4966811c04af5f6048c71cfb4966ec93312d7b3118116ed9f3bc0478 pcre-8.33.tar.bz2
+58ae3ea05a2ef55078c1b8e96b7e082a6d3eb59461206fd7d11852d249f3c6dc CVE-2014-8964.patch"
+sha512sums="12ff53127c549a37241a32ad22b6d0dd50eb3c44546c56f4ddd5dd3e23b0c71060d5b9d12583f9ad98354ff01804269a4d51b166561787014b820e4c72e2e599 pcre-8.33.tar.bz2
+188333cb0b5e39bc2aee192d19057328ec4826a95b529775dc6a3473bb9b871fa167e2e2df88e5e32f7410398e0318d00bfb7de04d590f934c6efccff9704097 CVE-2014-8964.patch"
diff --git a/main/pcre/CVE-2014-8964.patch b/main/pcre/CVE-2014-8964.patch
new file mode 100644
index 0000000000..cfaf064389
--- /dev/null
+++ b/main/pcre/CVE-2014-8964.patch
@@ -0,0 +1,72 @@
+From db5ce1f052c354faff0b74832934659753dfaae7 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Wed, 19 Nov 2014 20:57:13 +0000
+Subject: [PATCH] Fix zero-repeat assertion condition bug.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1513 2f5784b3-3f2a-0410-8824-cb99058d5e15
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+Petr Pisar: Ported to 8.33.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ pcre_exec.c | 4 +++-
+ testdata/testinput2 | 6 ++++++
+ testdata/testoutput2 | 10 ++++++++++
+ 3 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/pcre_exec.c b/pcre_exec.c
+index 970ed3e..a8fe12b 100644
+--- a/pcre_exec.c
++++ b/pcre_exec.c
+@@ -1488,7 +1488,9 @@ for (;;)
+ if (md->end_offset_top > offset_top)
+ offset_top = md->end_offset_top; /* Captures may have happened */
+ condition = TRUE;
+- ecode += 1 + LINK_SIZE + GET(ecode, LINK_SIZE + 2);
++ ecode += 1 + LINK_SIZE;
++ if (*ecode == OP_BRAZERO) ecode++;
++ ecode += GET(ecode, 1);
+ while (*ecode == OP_ALT) ecode += GET(ecode, 1);
+ }
+
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index 3b26f4b..aba73af 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -3839,4 +3839,10 @@ backtracking verbs. --/
+
+ /(((a\2)|(a*)\g<-1>))*a?/BZ
+
++"((?=(?(?=(?(?=(?(?=())))*)))))"
++ a
++
++"(?(?=)?==)(((((((((?=)))))))))"
++ a
++
+ /-- End of testinput2 --/
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index e884638..0dcc5f9 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -12689,4 +12689,14 @@ Error -21 (recursion limit exceeded)
+ End
+ ------------------------------------------------------------------
+
++"((?=(?(?=(?(?=(?(?=())))*)))))"
++ a
++ 0:
++ 1:
++ 2:
++
++"(?(?=)?==)(((((((((?=)))))))))"
++ a
++No match
++
+ /-- End of testinput2 --/
+--
+1.9.3
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-16 13:14:39 +0000