Index: ossp-pkg/pcre/ChangeLog.OSSP RCS File: /v/ossp/cvs/ossp-pkg/pcre/ChangeLog.OSSP,v rcsdiff -q -kk '-r1.22' '-r1.23' -u '/v/ossp/cvs/ossp-pkg/pcre/ChangeLog.OSSP,v' 2>/dev/null --- ChangeLog.OSSP 2005/02/02 12:25:44 1.22 +++ ChangeLog.OSSP 2005/10/03 09:22:04 1.23 @@ -1,8 +1,17 @@ OSSP ChangeLog for PCRE ======================= + + Mon Oct 3 11:20:31 CEST 2005 + + *) Apply Security Fix (CAN-2005-2491, partially only) + [Ralf S. Engelschall ] + + *) Upgraded GNU shtool to 2.0.3 and GNU libtool to 1.5.20 + [Ralf S. Engelschall ] Wed Feb 2 13:23:26 CET 2005 + *) Upgraded GNU shtool to 2.0.1 and GNU libtool to 1.5.10 [Thomas Lotterer ] Index: ossp-pkg/pcre/devtool.conf RCS File: /v/ossp/cvs/ossp-pkg/pcre/devtool.conf,v rcsdiff -q -kk '-r1.9' '-r1.10' -u '/v/ossp/cvs/ossp-pkg/pcre/devtool.conf,v' 2>/dev/null --- devtool.conf 2005/02/02 12:25:44 1.9 +++ devtool.conf 2005/10/03 09:22:04 1.10 @@ -3,8 +3,8 @@ ## %autogen - @autogen shtool 2.0.1 "2.0.*" echo fixperm install mkdir tarball version - @autogen libtool 1.5.10 "1.5.*" + @autogen shtool 2.0.3 "2.0.*" echo fixperm install mkdir tarball version + @autogen libtool 1.5.20 "1.5.*" @autogen autoconf 2.59 "2.5[4-9]*" %autoclean Index: ossp-pkg/pcre/pcre.c RCS File: /v/ossp/cvs/ossp-pkg/pcre/pcre.c,v rcsdiff -q -kk '-r1.8' '-r1.9' -u '/v/ossp/cvs/ossp-pkg/pcre/pcre.c,v' 2>/dev/null --- pcre.c 2002/01/07 15:21:06 1.8 +++ pcre.c 2005/10/03 09:22:04 1.9 @@ -716,12 +716,23 @@ while ((cd->ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((cd->ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4;