Mail archive
alpine-aports

[alpine-aports] [PATCH] main/pcre: new upstream version 8.38

From: Christian Kampka <christian_at_kampka.net>
Date: Sat, 28 Nov 2015 23:13:00 +0100

---
 main/pcre/APKBUILD            | 27 ++++----------
 main/pcre/CVE-2015-3210.patch | 87 -------------------------------------------
 main/pcre/CVE-2015-3217.patch | 59 -----------------------------
 main/pcre/CVE-2015-5073.patch | 14 -------
 4 files changed, 7 insertions(+), 180 deletions(-)
 delete mode 100644 main/pcre/CVE-2015-3210.patch
 delete mode 100644 main/pcre/CVE-2015-3217.patch
 delete mode 100644 main/pcre/CVE-2015-5073.patch
diff --git a/main/pcre/APKBUILD b/main/pcre/APKBUILD
index 3e67bde..650ead8 100644
--- a/main/pcre/APKBUILD
+++ b/main/pcre/APKBUILD
_at_@ -1,18 +1,14 @@
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=pcre
-pkgver=8.37
-pkgrel=2
+pkgver=8.38
+pkgrel=0
 pkgdesc="Perl-compatible regular expression library"
 url="http://pcre.sourceforge.net"
 arch="all"
 license="BSD"
 depends=
 makedepends=""
-source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2
-	CVE-2015-3210.patch
-	CVE-2015-3217.patch
-	CVE-2015-5073.patch
-	"
+source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-tools
 	libpcrecpp libpcre16 libpcre32"
 
_at_@ -26,7 +22,7 @@ prepare() {
 	done
 }
 
-build() { 
+build() {
 	cd "$_builddir"
 	./configure \
 		--build=$CBUILD \
_at_@ -75,15 +71,6 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="ed91be292cb01d21bc7e526816c26981  pcre-8.37.tar.bz2
-7d59ff55389d5df2a000594d8aba2593  CVE-2015-3210.patch
-ebb29968952dae14ed8fde9cbb701619  CVE-2015-3217.patch
-d49dfd30eacbb5ce0e6e1a90144fa723  CVE-2015-5073.patch"
-sha256sums="51679ea8006ce31379fb0860e46dd86665d864b5020fc9cd19e71260eef4789d  pcre-8.37.tar.bz2
-a11c73e5bcd977bc331896326cf8e3c8a63ece9a7ab6c307522bc84466a04c09  CVE-2015-3210.patch
-47a162e734c9e2054f2ab2f8e78f1e9950338352c02020a11424a6176b06a53b  CVE-2015-3217.patch
-24ac18ca955a0961242ef71e565c2afa7b67209753f7043fc9a2405443558eeb  CVE-2015-5073.patch"
-sha512sums="19344c9add2ebbd26c528505d07d3b028d79bc3e6103d51453a449cebd76bc76f5bc7ddd9ef0de41f98c50be74a2d9a65db539ed60f1add1086d99bde8a81466  pcre-8.37.tar.bz2
-4705296239db0b04567f77ae15c68203b9e9be7f7294568cbff096a069ea53fcd8428eb187b1dd39e469d55318410052995782b94bfeb5837ba4a02c7466a31d  CVE-2015-3210.patch
-4eef9271b4fab53e3b69d4602c4f57086ec22ec69a1c12edfd391d0bfaf69a4bb5a190e3061871e86565c58e9da10ad72fa543f1c13d9c09d3c21f2c1c0dd9c6  CVE-2015-3217.patch
-5e7921d81e23a11df02648d90a7b4817e29e440662408a14b5c1dc4d227b217beecd788fa90ee4fddfaa47475badba78ce8f8521533bacf6a362e716ed6ad5b8  CVE-2015-5073.patch"
+md5sums="00aabbfe56d5a48b270f999b508c5ad2  pcre-8.38.tar.bz2"
+sha256sums="b9e02d36e23024d6c02a2e5b25204b3a4fa6ade43e0a5f869f254f49535079df  pcre-8.38.tar.bz2"
+sha512sums="ad3412ceee8f992787a3e7cbe0155ffba67affd4b2dfece6c4501dc8d2012f52dcc1ee1f56759362e04bbbd10ea9370b3e46f238e2f75005cb69f6c8439e52c0  pcre-8.38.tar.bz2"
diff --git a/main/pcre/CVE-2015-3210.patch b/main/pcre/CVE-2015-3210.patch
deleted file mode 100644
index c97849f..0000000
--- a/main/pcre/CVE-2015-3210.patch
+++ /dev/null
_at_@ -1,87 +0,0 @@
-From 68ff1beb43bb3d4d8838f3285c97023d1e50513a Mon Sep 17 00:00:00 2001
-From: ph10 <ph10_at_2f5784b3-3f2a-0410-8824-cb99058d5e15>
-Date: Fri, 15 May 2015 17:17:03 +0000
-Subject: [PATCH] Fix buffer overflow for named recursive back reference when
- the name is duplicated.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Upstream commit ported to pcre-8.37:
-
-commit 4b79af6b4cbeb5326ae5e4d83f3e935e00286c19
-Author: ph10 <ph10_at_2f5784b3-3f2a-0410-8824-cb99058d5e15>
-Date:   Fri May 15 17:17:03 2015 +0000
-
-    Fix buffer overflow for named recursive back reference when the name is
-    duplicated.
-
-    git-svn-id: svn://vcs.exim.org/pcre/code/trunk_at_1558 2f5784b3-3f2a-0410-8824-cb99058d5e15
-
-This fixes CVE-2015-3210.
-
-Signed-off-by: Petr Písař <ppisar_at_redhat.com>
----
- pcre_compile.c       | 16 ++++++++++++++--
- testdata/testinput2  |  2 ++
- testdata/testoutput2 |  2 ++
- 3 files changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/pcre_compile.c b/pcre_compile.c
-index 0efad26..6f06912 100644
---- a/pcre_compile.c
-+++ b/pcre_compile.c
-_at_@ -7173,14 +7173,26 @@ for (;; ptr++)
-           number. If the name is not found, set the value to 0 for a forward
-           reference. */
- 
-+          recno = 0;
-           ng = cd->named_groups;
-           for (i = 0; i < cd->names_found; i++, ng++)
-             {
-             if (namelen == ng->length &&
-                 STRNCMP_UC_UC(name, ng->name, namelen) == 0)
--              break;
-+              {
-+              open_capitem *oc;
-+              recno = ng->number;
-+              if (is_recurse) break;
-+              for (oc = cd->open_caps; oc != NULL; oc = oc->next)         
-+                {          
-+                if (oc->number == recno)                                     
-+                  {               
-+                  oc->flag = TRUE;                                      
-+                  break;
-+                  }                                                         
-+                }                          
-+              }    
-             }
--          recno = (i < cd->names_found)? ng->number : 0;
- 
-           /* Count named back references. */
- 
-diff --git a/testdata/testinput2 b/testdata/testinput2
-index 58fe53b..83bb471 100644
---- a/testdata/testinput2
-+++ b/testdata/testinput2
-_at_@ -4152,4 +4152,6 @@ backtracking verbs. --/
- 
- /((?2){73}(?2))((?1))/
- 
-+"(?J)(?'d'(?'d'\g{d}))"
-+
- /-- End of testinput2 --/
-diff --git a/testdata/testoutput2 b/testdata/testoutput2
-index b718df0..7dff52a 100644
---- a/testdata/testoutput2
-+++ b/testdata/testoutput2
-_at_@ -14423,4 +14423,6 @@ Failed: lookbehind assertion is not fixed length at offset 17
- 
- /((?2){73}(?2))((?1))/
- 
-+"(?J)(?'d'(?'d'\g{d}))"
-+
- /-- End of testinput2 --/
--- 
-2.4.3
-
diff --git a/main/pcre/CVE-2015-3217.patch b/main/pcre/CVE-2015-3217.patch
deleted file mode 100644
index 8e74a99..0000000
--- a/main/pcre/CVE-2015-3217.patch
+++ /dev/null
_at_@ -1,59 +0,0 @@
-https://bugs.exim.org/show_bug.cgi?id=1638
-
-Index: pcre_compile.c
-===================================================================
---- a/pcre_compile.c	(revision 1558)
-+++ b/pcre_compile.c	(revision 1562)
-_at_@ -1799,7 +1799,7 @@
-     case OP_ASSERTBACK:
-     case OP_ASSERTBACK_NOT:
-     do cc += GET(cc, 1); while (*cc == OP_ALT);
--    cc += PRIV(OP_lengths)[*cc];
-+    cc += 1 + LINK_SIZE;
-     break;
- 
-     /* Skip over things that don't match chars */
-_at_@ -7187,15 +7187,15 @@
-               open_capitem *oc;
-               recno = ng->number;
-               if (is_recurse) break;
--              for (oc = cd->open_caps; oc != NULL; oc = oc->next)         
--                {          
--                if (oc->number == recno)                                     
--                  {               
--                  oc->flag = TRUE;                                      
-+              for (oc = cd->open_caps; oc != NULL; oc = oc->next)
-+                {
-+                if (oc->number == recno)
-+                  {
-+                  oc->flag = TRUE;
-                   break;
--                  }                                                         
--                }                          
--              }    
-+                  }
-+                }
-+              }
-             }
- 
-           /* Count named back references. */
-_at_@ -7207,6 +7207,19 @@
-           16-bit data item. */
- 
-           *lengthptr += IMM2_SIZE;
-+
-+          /* If this is a forward reference and we are within a (?|...) group,
-+          the reference may end up as the number of a group which we are
-+          currently inside, that is, it could be a recursive reference. In the
-+          real compile this will be picked up and the reference wrapped with
-+          OP_ONCE to make it atomic, so we must space in case this occurs. */
-+
-+          /* In fact, this can happen for a non-forward reference because
-+          another group with the same number might be created later. This
-+          issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
-+          only mode, we finesse the bug by allowing more memory always. */
-+
-+          /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
-           }
- 
-         /* In the real compile, search the name table. We check the name
diff --git a/main/pcre/CVE-2015-5073.patch b/main/pcre/CVE-2015-5073.patch
deleted file mode 100644
index e6981ec..0000000
--- a/main/pcre/CVE-2015-5073.patch
+++ /dev/null
_at_@ -1,14 +0,0 @@
-Index: pcre_compile.c
-===================================================================
---- a/pcre_compile.c	(revision 1569)
-+++ b/pcre_compile.c	(revision 1575)
-_at_@ -9449,7 +9449,7 @@
- exceptional ones forgo this. We scan the pattern to check that they are fixed
- length, and set their lengths. */
- 
--if (cd->check_lookbehind)
-+if (errorcode == 0 && cd->check_lookbehind)
-   {
-   pcre_uchar *cc = (pcre_uchar *)codestart;
- 
-
-- 
2.6.2
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Sat Nov 28 2015 - 23:13:00 GMT