Sevan Janiyan <ventur...@geeklan.co.uk> writes: > net/quagga - CVE-2016-2342
An update has been committed today, but I doubt that OpenBSD users would be affected. > devel/pcre - CVE-2016-3191 Blindly copy/pasted from upstream's repo. Index: Makefile =================================================================== RCS file: /cvs/ports/devel/pcre/Makefile,v retrieving revision 1.61 diff -u -p -r1.61 Makefile --- Makefile 11 Mar 2016 20:28:24 -0000 1.61 +++ Makefile 22 Mar 2016 19:45:47 -0000 @@ -3,6 +3,7 @@ COMMENT= perl-compatible regular expression library DISTNAME= pcre-8.38 +REVISION= 0 SHARED_LIBS += pcre 3.0 # 0.1 SHARED_LIBS += pcre16 0.0 # 0.0 Index: patches/patch-pcre_compile_c =================================================================== RCS file: patches/patch-pcre_compile_c diff -N patches/patch-pcre_compile_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-pcre_compile_c 22 Mar 2016 19:45:47 -0000 @@ -0,0 +1,59 @@ +$OpenBSD$ + +CVE-2016-3191 + + Upstream commit: http://vcs.pcre.org/pcre?view=revision&revision=1631 + +--- pcre_compile.c.orig Tue Mar 22 20:27:48 2016 ++++ pcre_compile.c Tue Mar 22 20:39:59 2016 +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -560,6 +560,7 @@ static const char error_texts[] = + /* 85 */ + "parentheses are too deeply nested (stack check)\0" + "digits missing in \\x{} or \\o{}\0" ++ "regular expression is too complicated\0" + ; + + /* Table to identify digits and hex digits. This is used when compiling +@@ -4591,7 +4592,8 @@ for (;; ptr++) + if (code > cd->start_workspace + cd->workspace_size - + WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */ + { +- *errorcodeptr = ERR52; ++ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)? ++ ERR52 : ERR87; + goto FAILED; + } + +@@ -6604,8 +6606,21 @@ for (;; ptr++) + cd->had_accept = TRUE; + for (oc = cd->open_caps; oc != NULL; oc = oc->next) + { +- *code++ = OP_CLOSE; +- PUT2INC(code, 0, oc->number); ++ if (lengthptr != NULL) ++ { ++#ifdef COMPILE_PCRE8 ++ *lengthptr += 1 + IMM2_SIZE; ++#elif defined COMPILE_PCRE16 ++ *lengthptr += 2 + IMM2_SIZE; ++#elif defined COMPILE_PCRE32 ++ *lengthptr += 4 + IMM2_SIZE; ++#endif ++ } ++ else ++ { ++ *code++ = OP_CLOSE; ++ PUT2INC(code, 0, oc->number); ++ } + } + setverb = *code++ = + (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT; Index: patches/patch-pcre_internal_h =================================================================== RCS file: patches/patch-pcre_internal_h diff -N patches/patch-pcre_internal_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-pcre_internal_h 22 Mar 2016 19:45:47 -0000 @@ -0,0 +1,26 @@ +$OpenBSD$ + +CVE-2016-3191 + + Upstream commit: http://vcs.pcre.org/pcre?view=revision&revision=1631 + +--- pcre_internal.h.orig Tue Mar 22 20:28:40 2016 ++++ pcre_internal.h Tue Mar 22 20:30:29 2016 +@@ -7,7 +7,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -2289,7 +2289,7 @@ enum { ERR0, ERR1, ERR2, ERR3, ERR4, ERR5, ERR6, + ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59, + ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69, + ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79, +- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT }; ++ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT }; + + /* JIT compiling modes. The function list is indexed by them. */ + Index: patches/patch-pcreposix_c =================================================================== RCS file: patches/patch-pcreposix_c diff -N patches/patch-pcreposix_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-pcreposix_c 22 Mar 2016 19:45:47 -0000 @@ -0,0 +1,27 @@ +$OpenBSD$ + +CVE-2016-3191 + + Upstream commit: http://vcs.pcre.org/pcre?view=revision&revision=1631 + +--- pcreposix.c.orig Tue Mar 22 20:27:39 2016 ++++ pcreposix.c Tue Mar 22 20:27:55 2016 +@@ -6,7 +6,7 @@ + and semantics are as close as possible to those of the Perl 5 language. + + Written by Philip Hazel +- Copyright (c) 1997-2014 University of Cambridge ++ Copyright (c) 1997-2016 University of Cambridge + + ----------------------------------------------------------------------------- + Redistribution and use in source and binary forms, with or without +@@ -173,7 +173,8 @@ static const int eint[] = { + REG_BADPAT, /* group name must start with a non-digit */ + /* 85 */ + REG_BADPAT, /* parentheses too deeply nested (stack check) */ +- REG_BADPAT /* missing digits in \x{} or \o{} */ ++ REG_BADPAT, /* missing digits in \x{} or \o{} */ ++ REG_BADPAT /* pattern too complicated */ + }; + + /* Table of texts corresponding to POSIX error codes */ -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
