main/pcre: security fix for CVE-2014-8964

ref #3731

2 files changed, 78 insertions, 5 deletions

diff --git a/main/pcre/APKBUILD b/main/pcre/APKBUILD
index f50b316237..3b7de6cc58 100644
--- a/main/pcre/APKBUILD
+++ b/main/pcre/APKBUILD
@@ -1,14 +1,16 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=pcre
 pkgver=8.36
-pkgrel=0
+pkgrel=1
 pkgdesc="Perl-compatible regular expression library"
 url="http://pcre.sourceforge.net"
 arch="all"
 license="BSD"
 depends=
 makedepends=""
-source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2"
+source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2
+	CVE-2014-8964.patch
+	"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-tools
 	libpcrecpp libpcre16 libpcre32"
 
@@ -72,6 +74,9 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="b767bc9af0c20bc9c1fe403b0d41ad97  pcre-8.36.tar.bz2"
-sha256sums="ef833457de0c40e82f573e34528f43a751ff20257ad0e86d272ed5637eb845bb  pcre-8.36.tar.bz2"
-sha512sums="acd2bc6911be7b518ad4aca3c3ccbe98bdbeabf0e77d6b04009838c7825b563a001377f8c3a6a8a0583ec32ee9fefe05e3c1a69f272fe5084469a6b6c2148fbf  pcre-8.36.tar.bz2"
+md5sums="b767bc9af0c20bc9c1fe403b0d41ad97  pcre-8.36.tar.bz2
+b12d6e88e250a051348aef84b3ab3cc6  CVE-2014-8964.patch"
+sha256sums="ef833457de0c40e82f573e34528f43a751ff20257ad0e86d272ed5637eb845bb  pcre-8.36.tar.bz2
+20831da29fbc9aa4389bca0c3970090df453ef2205ff44dbb723e928e642dbde  CVE-2014-8964.patch"
+sha512sums="acd2bc6911be7b518ad4aca3c3ccbe98bdbeabf0e77d6b04009838c7825b563a001377f8c3a6a8a0583ec32ee9fefe05e3c1a69f272fe5084469a6b6c2148fbf  pcre-8.36.tar.bz2
+2e5503732f9f325ab3e038dc66dada8eeade4607253b52fb3db326efdd320044d0546a5d4d4b7eb80857e8c3de28b3564714e67feeab23b2ed52422bc7f5de85  CVE-2014-8964.patch"
diff --git a/main/pcre/CVE-2014-8964.patch b/main/pcre/CVE-2014-8964.patch
new file mode 100644
index 0000000000..1fb303624d
--- /dev/null
+++ b/main/pcre/CVE-2014-8964.patch
@@ -0,0 +1,68 @@
+From 48d2472840efc4dc54dfc698d64aa086332a9033 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Wed, 19 Nov 2014 20:57:13 +0000
+Subject: [PATCH] Fix zero-repeat assertion condition bug.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1513 2f5784b3-3f2a-0410-8824-cb99058d5e15
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+Petr Pisar: Ported to 8.36.
+
+diff --git a/pcre_exec.c b/pcre_exec.c
+index fdf7067..bb5620d 100644
+--- a/pcre_exec.c
++++ b/pcre_exec.c
+@@ -1404,8 +1404,11 @@ for (;;)
+         condition = TRUE;
+ 
+         /* Advance ecode past the assertion to the start of the first branch,
+-        but adjust it so that the general choosing code below works. */
+-
++        but adjust it so that the general choosing code below works. If the 
++        assertion has a quantifier that allows zero repeats we must skip over 
++        the BRAZERO. This is a lunatic thing to do, but somebody did! */
++        
++        if (*ecode == OP_BRAZERO) ecode++; 
+         ecode += GET(ecode, 1);
+         while (*ecode == OP_ALT) ecode += GET(ecode, 1);
+         ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode];
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index c6816bf..015422e 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4078,4 +4078,10 @@ backtracking verbs. --/
+ 
+ /\x{whatever}/
+ 
++"((?=(?(?=(?(?=(?(?=())))*)))))"
++    a
++
++"(?(?=)?==)(((((((((?=)))))))))"
++    a
++
+ /-- End of testinput2 --/
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 1e87026..9a1b14e 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14206,4 +14206,14 @@ Failed: digits missing in \x{} or \o{} at offset 3
+ /\x{whatever}/
+ Failed: non-hex character in \x{} (closing brace missing?) at offset 3
+ 
++"((?=(?(?=(?(?=(?(?=())))*)))))"
++    a
++ 0: 
++ 1: 
++ 2: 
++
++"(?(?=)?==)(((((((((?=)))))))))"
++    a
++No match
++
+ /-- End of testinput2 --/
+-- 
+1.9.3
+