head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.10 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.8 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.6 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.2 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.1.0.32 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.30 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.28 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.26 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.24 pkgsrc-2008Q1:1.1.0.22 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.20 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.18 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.16 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.14 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.12 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.10 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.8 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.6 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2009.02.09.21.09.21; author joerg; state dead; branches; next 1.1; 1.1 date 2005.11.01.21.49.31; author adrianp; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.11.01.21.49.31; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.11.05.15.47.36; author salo; state Exp; branches; next ; desc @@ 1.2 log @Remove Python 2.1 support. @ text @$NetBSD: patch-bf,v 1.1 2005/11/01 21:49:31 adrianp Exp $ --- Modules/pypcre.c.orig 2000-08-02 14:41:18.000000000 +0100 +++ Modules/pypcre.c @@@@ -1162,14 +1162,31 @@@@ read_repeat_counts(const uschar *p, int int min = 0; int max = -1; +/* Read the minimum value and do a paranoid check: a negative value indicates +an integer overflow. */ + while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + +/* Read the maximum value if there is one, and again do a paranoid on its size +. Also, max must not be less than min. */ + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; @@@@ -2266,6 +2283,7 @@@@ int c, size; int bracount = 0; int brastack[200]; int top_backref = 0; +BOOL capturing; unsigned int brastackptr = 0; uschar *code; const uschar *ptr; @@@@ -2445,7 +2463,8 @@@@ while ((c = *(++ptr)) != 0) /* Brackets may be genuine groups or special things */ case '(': - + capturing = FALSE; + /* Handle special forms of bracket, which all start (? */ if (ptr[1] == '?') switch (c = ptr[2]) @@@@ -2541,11 +2560,16 @@@@ while ((c = *(++ptr)) != 0) } continue; /* End of this bracket handling */ } + + /* Ordinary parentheses, not followed by '?', are capturing unless + PCRE_NO_AUTO_CAPTURE is set. */ + else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0; + /* Extracting brackets must be counted so we can process escapes in a Perlish way. */ - - else bracount++; + + if (capturing) bracount++; /* Non-special forms of bracket. Save length for computing whole length at end if there's a repeat that requires duplication of the group. */ @ 1.1 log @Bump to nb8 for PCRE security issue @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-bf was added on branch pkgsrc-2005Q3 on 2005-11-01 21:49:31 +0000 @ text @d1 73 @ 1.1.2.2 log @Pullup ticket 895 - requested by Adrian Portelli security fix for python21 Revisions pulled up: - pkgsrc/lang/python21/Makefile 1.24 - pkgsrc/lang/python21/distinfo 1.20 - pkgsrc/lang/python21/patches/patch-bd 1.1 - pkgsrc/lang/python21/patches/patch-be 1.1 - pkgsrc/lang/python21/patches/patch-bf 1.1 - pkgsrc/lang/python21-pth/Makefile 1.17 Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 21:48:32 UTC 2005 Modified Files: pkgsrc/lang/python21-pth: Makefile Log Message: nb bump for security fix --- Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 21:49:31 UTC 2005 Modified Files: pkgsrc/lang/python21: Makefile distinfo Added Files: pkgsrc/lang/python21/patches: patch-bd patch-be patch-bf Log Message: Bump to nb8 for PCRE security issue @ text @a0 73 $NetBSD: patch-bf,v 1.1.2.1 2005/11/05 15:47:36 salo Exp $ --- Modules/pypcre.c.orig 2000-08-02 14:41:18.000000000 +0100 +++ Modules/pypcre.c @@@@ -1162,14 +1162,31 @@@@ read_repeat_counts(const uschar *p, int int min = 0; int max = -1; +/* Read the minimum value and do a paranoid check: a negative value indicates +an integer overflow. */ + while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + +/* Read the maximum value if there is one, and again do a paranoid on its size +. Also, max must not be less than min. */ + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; @@@@ -2266,6 +2283,7 @@@@ int c, size; int bracount = 0; int brastack[200]; int top_backref = 0; +BOOL capturing; unsigned int brastackptr = 0; uschar *code; const uschar *ptr; @@@@ -2445,7 +2463,8 @@@@ while ((c = *(++ptr)) != 0) /* Brackets may be genuine groups or special things */ case '(': - + capturing = FALSE; + /* Handle special forms of bracket, which all start (? */ if (ptr[1] == '?') switch (c = ptr[2]) @@@@ -2541,11 +2560,16 @@@@ while ((c = *(++ptr)) != 0) } continue; /* End of this bracket handling */ } + + /* Ordinary parentheses, not followed by '?', are capturing unless + PCRE_NO_AUTO_CAPTURE is set. */ + else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0; + /* Extracting brackets must be counted so we can process escapes in a Perlish way. */ - - else bracount++; + + if (capturing) bracount++; /* Non-special forms of bracket. Save length for computing whole length at end if there's a repeat that requires duplication of the group. */ @