diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-07-07 13:39:52 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-08-07 15:06:43 +0000 |
| commit | b92ff50592e393708ec454dde3030a768d999e6e (patch) | |
| tree | b273c079c437b9515017fae39c1049b829b4cf5e | |
| parent | 75e0c2eedee7d425dde5ea121e5919bc9f00347e (diff) | |
| download | aports-b92ff50592e393708ec454dde3030a768d999e6e.tar.bz2 aports-b92ff50592e393708ec454dde3030a768d999e6e.tar.xz | |
main/pcre: security fix for CVE-2015-5073
fixes #4401
| -rw-r--r-- | main/pcre/APKBUILD | 14 | ||||
| -rw-r--r-- | main/pcre/CVE-2015-5073.patch | 14 |
2 files changed, 23 insertions, 5 deletions
diff --git a/main/pcre/APKBUILD b/main/pcre/APKBUILD index 512612e832..9038df3d1a 100644 --- a/main/pcre/APKBUILD +++ b/main/pcre/APKBUILD @@ -10,6 +10,7 @@ depends= makedepends="" source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2 CVE-2014-8964.patch + CVE-2015-5073.patch " subpackages="$pkgname-dev $pkgname-doc $pkgname-tools libpcrecpp libpcre16 libpcre32" @@ -19,12 +20,12 @@ prepare() { cd "$_builddir" for i in $source; do case $i in - *.patch) patch -p1 -i "$srcdir"/$i || return 1;; + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; esac done } -build() { +build() { cd "$_builddir" ./configure \ --build=$CBUILD \ @@ -75,8 +76,11 @@ tools() { } md5sums="21514018448ac10062ece7a668fca949 pcre-8.33.tar.bz2 -8ff63301ef88a1aa9a4dde5613036cf1 CVE-2014-8964.patch" +8ff63301ef88a1aa9a4dde5613036cf1 CVE-2014-8964.patch +d49dfd30eacbb5ce0e6e1a90144fa723 CVE-2015-5073.patch" sha256sums="c603957a4966811c04af5f6048c71cfb4966ec93312d7b3118116ed9f3bc0478 pcre-8.33.tar.bz2 -58ae3ea05a2ef55078c1b8e96b7e082a6d3eb59461206fd7d11852d249f3c6dc CVE-2014-8964.patch" +58ae3ea05a2ef55078c1b8e96b7e082a6d3eb59461206fd7d11852d249f3c6dc CVE-2014-8964.patch +24ac18ca955a0961242ef71e565c2afa7b67209753f7043fc9a2405443558eeb CVE-2015-5073.patch" sha512sums="12ff53127c549a37241a32ad22b6d0dd50eb3c44546c56f4ddd5dd3e23b0c71060d5b9d12583f9ad98354ff01804269a4d51b166561787014b820e4c72e2e599 pcre-8.33.tar.bz2 -188333cb0b5e39bc2aee192d19057328ec4826a95b529775dc6a3473bb9b871fa167e2e2df88e5e32f7410398e0318d00bfb7de04d590f934c6efccff9704097 CVE-2014-8964.patch" +188333cb0b5e39bc2aee192d19057328ec4826a95b529775dc6a3473bb9b871fa167e2e2df88e5e32f7410398e0318d00bfb7de04d590f934c6efccff9704097 CVE-2014-8964.patch +5e7921d81e23a11df02648d90a7b4817e29e440662408a14b5c1dc4d227b217beecd788fa90ee4fddfaa47475badba78ce8f8521533bacf6a362e716ed6ad5b8 CVE-2015-5073.patch" diff --git a/main/pcre/CVE-2015-5073.patch b/main/pcre/CVE-2015-5073.patch new file mode 100644 index 0000000000..e6981ecb2c --- /dev/null +++ b/main/pcre/CVE-2015-5073.patch @@ -0,0 +1,14 @@ +Index: pcre_compile.c +=================================================================== +--- a/pcre_compile.c (revision 1569) ++++ b/pcre_compile.c (revision 1575) +@@ -9449,7 +9449,7 @@ + exceptional ones forgo this. We scan the pattern to check that they are fixed + length, and set their lengths. */ + +-if (cd->check_lookbehind) ++if (errorcode == 0 && cd->check_lookbehind) + { + pcre_uchar *cc = (pcre_uchar *)codestart; + + |