patch 01-CVE-2016-1283 added

3 files changed, 39 insertions, 5 deletions

diff --git a/.SRCINFO b/.SRCINFO
index dca18d5960dd..8d254d3f6830 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,9 @@
 # Generated by mksrcinfo v8
-# Tue Dec  8 01:08:27 UTC 2015
+# Fri Mar 18 11:35:17 UTC 2016
 pkgbase = mingw-w64-pcre
 	pkgdesc = A library that implements Perl 5-style regular expressions (mingw-w64)
 	pkgver = 8.38
-	pkgrel = 1
+	pkgrel = 2
 	url = http://www.pcre.org/
 	arch = any
 	license = BSD
@@ -14,8 +14,10 @@ pkgbase = mingw-w64-pcre
 	options = !buildflags
 	source = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.bz2
 	source = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.bz2.sig
+	source = 01-CVE-2016-1283.patch
 	md5sums = 00aabbfe56d5a48b270f999b508c5ad2
 	md5sums = SKIP
+	md5sums = 722aba6455a3f0240eaa22289f0176a0
 
 pkgname = mingw-w64-pcre
 
diff --git a/01-CVE-2016-1283.patch b/01-CVE-2016-1283.patch
new file mode 100644
index 000000000000..2c2dad29e929
--- /dev/null
+++ b/01-CVE-2016-1283.patch
@@ -0,0 +1,18 @@
+Index: pcre_compile.c
+===================================================================
+--- a/pcre_compile.c	(revision 1635)
++++ b/pcre_compile.c	(revision 1636)
+@@ -7311,7 +7311,12 @@
+           so far in order to get the number. If the name is not found, leave
+           the value of recno as 0 for a forward reference. */
+ 
+-          else
++          /* This patch (removing "else") fixes a problem when a reference is
++          to multiple identically named nested groups from within the nest.
++          Once again, it is not the "proper" fix, and it results in an
++          over-allocation of memory. */
++
++          /* else */
+             {
+             ng = cd->named_groups;
+             for (i = 0; i < cd->names_found; i++, ng++)
diff --git a/PKGBUILD b/PKGBUILD
index eebb0ff04805..8e73a1114a85 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,6 +1,6 @@
 pkgname=mingw-w64-pcre
 pkgver=8.38
-pkgrel=1
+pkgrel=2
 pkgdesc="A library that implements Perl 5-style regular expressions (mingw-w64)"
 arch=(any)
 url="http://www.pcre.org/"
@@ -8,13 +8,27 @@ license=("BSD")
 makedepends=(mingw-w64-configure)
 depends=(mingw-w64-crt)
 options=(staticlibs !strip !buildflags)
-source=("ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$pkgver.tar.bz2"{,.sig})
+source=("ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$pkgver.tar.bz2"{,.sig}
+"01-CVE-2016-1283.patch")
 validpgpkeys=('45F68D54BBE23FB3039B46E59766E084FB0F43D8') # Philip Hazel
 md5sums=('00aabbfe56d5a48b270f999b508c5ad2'
-         'SKIP')
+         'SKIP'
+         '722aba6455a3f0240eaa22289f0176a0')
 
 _architectures="i686-w64-mingw32 x86_64-w64-mingw32"
 
+prepare() {
+	cd "$srcdir/pcre-$pkgver"
+	# apply patch from the source array (should be a pacman feature)
+  local filename
+  for filename in "${source[@]}"; do
+    if [[ "$filename" =~ \.patch$ ]]; then
+      patch -p1 -N -i "$srcdir/$filename"
+    fi
+  done
+  :
+}
+
 build() {
 	cd "$srcdir/pcre-$pkgver"
   for _arch in ${_architectures}; do