kumquat-buildroot/package/pcre/0003-CVE-2017-6004.patch

Description: CVE-2017-6004: crafted regular expression may cause denial of service
Origin: upstream, https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
Bug: https://bugs.exim.org/show_bug.cgi?id=2035
Bug-Debian: https://bugs.debian.org/855405
Forwarded: not-needed
Author: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2017-02-17

Signed-off-by: Baruch Siach <baruch@tkos.co.il>

--- a/pcre_jit_compile.c
+++ b/pcre_jit_compile.c
@@ -8111,7 +8111,7 @@ if (opcode == OP_COND || opcode == OP_SC
 
     if (*matchingpath == OP_FAIL)
       stacksize = 0;
-    if (*matchingpath == OP_RREF)
+    else if (*matchingpath == OP_RREF)
       {
       stacksize = GET2(matchingpath, 1);
       if (common->currententry == NULL)
pcre: add upstream security fixes Take Debian adapted patches of upstream. Fixes: CVE-2017-6004: crafted regular expression may cause denial of service CVE-2017-7186: invalid Unicode property lookup may cause denial of service Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-03-31 13:09:36 +02:00			`Description: CVE-2017-6004: crafted regular expression may cause denial of service`
			`Origin: upstream, https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch`
			`Bug: https://bugs.exim.org/show_bug.cgi?id=2035`
			`Bug-Debian: https://bugs.debian.org/855405`
			`Forwarded: not-needed`
			`Author: Salvatore Bonaccorso <carnil@debian.org>`
			`Last-Update: 2017-02-17`

			`Signed-off-by: Baruch Siach <baruch@tkos.co.il>`

			`--- a/pcre_jit_compile.c`
			`+++ b/pcre_jit_compile.c`
			`@@ -8111,7 +8111,7 @@ if (opcode == OP_COND \|\| opcode == OP_SC`

			`if (*matchingpath == OP_FAIL)`
			`stacksize = 0;`
			`- if (*matchingpath == OP_RREF)`
			`+ else if (*matchingpath == OP_RREF)`
			`{`
			`stacksize = GET2(matchingpath, 1);`
			`if (common->currententry == NULL)`