CVS commit: pkgsrc/devel/pcre

["Sevan Janiyan" <sevan%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   sevan
Date:           Wed Feb 22 03:22:57 UTC 2017

Modified Files:
        pkgsrc/devel/pcre: Makefile distinfo
Added Files:
        pkgsrc/devel/pcre/patches: patch-pcre_jit_compile.c

Log Message:
Add a patch for CVE-2017-6004 - Denial of service (out-of-bounds read and
application crash) via a crafted regular expression.
Bump revision.


To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.83 pkgsrc/devel/pcre/Makefile
cvs rdiff -u -r1.62 -r1.63 pkgsrc/devel/pcre/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/devel/pcre/patches/patch-pcre_jit_compile.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/pcre/Makefile
diff -u pkgsrc/devel/pcre/Makefile:1.82 pkgsrc/devel/pcre/Makefile:1.83
--- pkgsrc/devel/pcre/Makefile:1.82     Thu Jan 19 18:52:07 2017
+++ pkgsrc/devel/pcre/Makefile  Wed Feb 22 03:22:57 2017
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.82 2017/01/19 18:52:07 agc Exp $
+# $NetBSD: Makefile,v 1.83 2017/02/22 03:22:57 sevan Exp $
 
 DISTNAME=      pcre-8.40
+PKGREVISION=   1
 CATEGORIES=    devel
 MASTER_SITES=  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
 MASTER_SITES+= ${MASTER_SITE_SOURCEFORGE:=pcre/}

Index: pkgsrc/devel/pcre/distinfo
diff -u pkgsrc/devel/pcre/distinfo:1.62 pkgsrc/devel/pcre/distinfo:1.63
--- pkgsrc/devel/pcre/distinfo:1.62     Mon Jan 16 09:21:15 2017
+++ pkgsrc/devel/pcre/distinfo  Wed Feb 22 03:22:57 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.62 2017/01/16 09:21:15 wiz Exp $
+$NetBSD: distinfo,v 1.63 2017/02/22 03:22:57 sevan Exp $
 
 SHA1 (pcre-8.40.tar.bz2) = 12f338719b8b028a2eecbf9192fcc00a13fc04f6
 RMD160 (pcre-8.40.tar.bz2) = 1e2ebc58764e3b990d475323b4ffc848979e9c5d
@@ -7,3 +7,4 @@ Size (pcre-8.40.tar.bz2) = 1560119 bytes
 SHA1 (patch-aa) = ed20cfb5ca7b1e620e368c8e41a7f691d6f93282
 SHA1 (patch-ab) = 0b8fbde09c27e2716e5bfa32abce8ee4a79fb7fb
 SHA1 (patch-doc_pcredemo.3) = 90f9b3a021f58973149d839735d40c5e2e245912
+SHA1 (patch-pcre_jit_compile.c) = 13c472caccc02e727d7d9377dba71f810feb89e9

Added files:

Index: pkgsrc/devel/pcre/patches/patch-pcre_jit_compile.c
diff -u /dev/null pkgsrc/devel/pcre/patches/patch-pcre_jit_compile.c:1.1
--- /dev/null   Wed Feb 22 03:22:57 2017
+++ pkgsrc/devel/pcre/patches/patch-pcre_jit_compile.c  Wed Feb 22 03:22:57 2017
@@ -0,0 +1,16 @@
+$NetBSD: patch-pcre_jit_compile.c,v 1.1 2017/02/22 03:22:57 sevan Exp $
+
+CVE-2017-6004
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6004
+
+--- pcre_jit_compile.c.orig    2016-07-02 15:53:59.000000000 +0000
++++ pcre_jit_compile.c
+@@ -8111,7 +8111,7 @@ if (opcode == OP_COND || opcode == OP_SC
+ 
+     if (*matchingpath == OP_FAIL)
+       stacksize = 0;
+-    if (*matchingpath == OP_RREF)
++    else if (*matchingpath == OP_RREF)
+       {
+       stacksize = GET2(matchingpath, 1);
+       if (common->currententry == NULL)