# HG changeset patch
# User Rich Burridge <rich.burridge@oracle.com>
# Date 1457127154 28800
# Node ID 4e17dd2a1b16865d83fdc61b752264557c5114b9
# Parent  6d32c82eb4f5696eec9b0bb879618279ba1ee5e4
22492633 problem in LIBRARY/PCRE

diff -r 6d32c82eb4f5 -r 4e17dd2a1b16 components/pcre/patches/04-pcre_compile.c.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/pcre/patches/04-pcre_compile.c.patch	Fri Mar 04 13:32:34 2016 -0800
@@ -0,0 +1,28 @@
+This patch fixes CVE-2016-1283, filed upstream as:
+
+  https://bugs.exim.org/show_bug.cgi?id=1767
+
+See also:
+
+  http://www.cvedetails.com/cve-details.php?t=1&cve_id=cve-2016-1283
+
+This problem has already been fixed upstream in the svn code repository at:
+
+  svn://vcs.exim.org/pcre/code/trunk
+
+--- pcre-8.38/pcre_compile.c.orig	2016-03-02 10:28:48.735223798 -0800
++++ pcre-8.38/pcre_compile.c	2016-03-02 10:30:50.856995461 -0800
+@@ -7274,7 +7274,12 @@
+           so far in order to get the number. If the name is not found, leave
+           the value of recno as 0 for a forward reference. */
+ 
+-          else
++          /* This patch (removing "else") fixes a problem when a reference is
++          to multiple identically named nested groups from within the nest.
++          Once again, it is not the "proper" fix, and it results in an
++          over-allocation of memory. */
++
++          /* else */
+             {
+             ng = cd->named_groups;
+             for (i = 0; i < cd->names_found; i++, ng++)