diff options
Diffstat (limited to 'main')
| -rw-r--r-- | main/pcre/APKBUILD | 12 | ||||
| -rw-r--r-- | main/pcre/CVE-2020-14155.patch | 31 |
2 files changed, 40 insertions, 3 deletions
diff --git a/main/pcre/APKBUILD b/main/pcre/APKBUILD index df56bda972..e230f3e9e2 100644 --- a/main/pcre/APKBUILD +++ b/main/pcre/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=pcre pkgver=8.43 -pkgrel=0 +pkgrel=1 pkgdesc="Perl-compatible regular expression library" url="http://pcre.sourceforge.net" arch="all" @@ -12,8 +12,13 @@ makedepends="" checkdepends="paxmark" subpackages="$pkgname-dev $pkgname-doc $pkgname-tools libpcrecpp libpcre16 libpcre32" -source="https://ftp.pcre.org/pub/pcre/pcre-$pkgver.tar.bz2" +source="https://ftp.pcre.org/pub/pcre/pcre-$pkgver.tar.bz2 + CVE-2020-14155.patch + " + # secfixes: +# 8.43-r0: +# - CVE-2020-14155 # 8.40-r2: # - CVE-2017-7186 # 7.8-r0: @@ -93,4 +98,5 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="3b4ac2c7ccd77c9575d07a33c3456f40b50731029e62d01fb8f2f5871d7118e12bc9e6bc7a8079769c765e38da5ecf98c4b261b10ff0a2f14f0881b434f67af7 pcre-8.43.tar.bz2" +sha512sums="3b4ac2c7ccd77c9575d07a33c3456f40b50731029e62d01fb8f2f5871d7118e12bc9e6bc7a8079769c765e38da5ecf98c4b261b10ff0a2f14f0881b434f67af7 pcre-8.43.tar.bz2 +23baa5fbaff7b52e861a539a83ad4406937d7a8a85d2a4e2419d0bea99204659e350caab68091d6354842297df2bb3097204bc63c4e1d3d9d1b94427efc46748 CVE-2020-14155.patch" diff --git a/main/pcre/CVE-2020-14155.patch b/main/pcre/CVE-2020-14155.patch new file mode 100644 index 0000000000..3bfa119f3b --- /dev/null +++ b/main/pcre/CVE-2020-14155.patch @@ -0,0 +1,31 @@ +pcre: Fix int overflow when parsing "?C<arg>" callout args. + +Numerical args must be 0-255, so this shouldn't break correct usage. + +--- a/pcre_compile.c 2020/02/10 17:01:27 1760 ++++ b/pcre_compile.c 2020/02/10 17:17:34 1761 +@@ -7130,17 +7130,19 @@ + int n = 0; + ptr++; + while(IS_DIGIT(*ptr)) ++ { + n = n * 10 + *ptr++ - CHAR_0; ++ if (n > 255) ++ { ++ *errorcodeptr = ERR38; ++ goto FAILED; ++ } ++ } + if (*ptr != CHAR_RIGHT_PARENTHESIS) + { + *errorcodeptr = ERR39; + goto FAILED; + } +- if (n > 255) +- { +- *errorcodeptr = ERR38; +- goto FAILED; +- } + *code++ = n; + PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */ + PUT(code, LINK_SIZE, 0); /* Default length */ |