devel/pcre: Add patch to resolve heap overflow vulnerability

PR:		208260
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Approved by:	ports-secteam (with hat)
Obtained from:	PCRE svn (r1636)
Security:	CVE-2016-1283
Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html
MFH:		2016Q2

2 files changed, 19 insertions, 1 deletions

diff --git a/devel/pcre/Makefile b/devel/pcre/Makefile
index 9ec6e414e406..f23f52ea1c31 100644
--- a/devel/pcre/Makefile
+++ b/devel/pcre/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	pcre
 PORTVERSION=	8.38
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/${PORTVERSION} \
 		ftp://ftp.csx.cam.ac.uk/pub/software/programming/${PORTNAME}/ \
diff --git a/devel/pcre/files/patch-CVE-2016-1283 b/devel/pcre/files/patch-CVE-2016-1283
new file mode 100644
index 000000000000..2488bc03a878
--- /dev/null
+++ b/devel/pcre/files/patch-CVE-2016-1283
@@ -0,0 +1,18 @@
+Index: pcre_compile.c
+===================================================================
+--- pcre_compile.c	(revision 1635)
++++ pcre_compile.c	(revision 1636)
+@@ -7311,7 +7311,12 @@
+           so far in order to get the number. If the name is not found, leave
+           the value of recno as 0 for a forward reference. */
+ 
+-          else
++          /* This patch (removing "else") fixes a problem when a reference is
++          to multiple identically named nested groups from within the nest.
++          Once again, it is not the "proper" fix, and it results in an
++          over-allocation of memory. */
++
++          /* else */
+             {
+             ng = cd->named_groups;
+             for (i = 0; i < cd->names_found; i++, ng++)