+++ /dev/null
-Description: CVE-2014-8964, heap buffer overflow
- Heap buffer overflow if an assertion with a zero minimum repeat is used as
- the condition in a conditional group.
-Origin: upstream http://bugs.exim.org/show_bug.cgi?id=1546
-Bug: http://bugs.exim.org/show_bug.cgi?id=1546
-Applied-Upstream: Yes, after 8.36
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/pcre_exec.c
-+++ b/pcre_exec.c
-@@ -1404,8 +1404,11 @@
- condition = TRUE;
-
- /* Advance ecode past the assertion to the start of the first branch,
-- but adjust it so that the general choosing code below works. */
-+ but adjust it so that the general choosing code below works. If the
-+ assertion has a quantifier that allows zero repeats we must skip over
-+ the BRAZERO. This is a lunatic thing to do, but somebody did! */
-
-+ if (*ecode == OP_BRAZERO) ecode++;
- ecode += GET(ecode, 1);
- while (*ecode == OP_ALT) ecode += GET(ecode, 1);
- ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode];
-# From http://sourceforge.net/projects/pcre/files/pcre/8.36/
-md5 ff7b4bb14e355f04885cf18ff4125c98 pcre-8.36.tar.gz
-sha1 fb537757756818133d8157ec878bc11f5a93ef4d pcre-8.36.tar.gz
+# From http://sourceforge.net/projects/pcre/files/pcre/8.37/
+md5 ed91be292cb01d21bc7e526816c26981 pcre-8.37.tar.bz2
+sha1 4c629b3f582366fae4e8912f0d9fa3140347d6e7 pcre-8.37.tar.bz2
#
################################################################################
-PCRE_VERSION = 8.36
+PCRE_VERSION = 8.37
PCRE_SITE = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre
+PCRE_SOURCE = pcre-$(PCRE_VERSION).tar.bz2
PCRE_LICENSE = BSD-3c
PCRE_LICENSE_FILES = LICENCE
PCRE_INSTALL_STAGING = YES
projects / buildroot.git / commitdiff