rpms/pcre
6
0
Fork 0
Code Issues Pull Requests Releases Activity

8.38-RC1 bump

Browse Source
This commit is contained in:
Petr Písař 2015-10-29 16:53:30 +01:00
parent 3416550d41
commit 8800903048
10 changed files with 39 additions and 776 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -22,3 +22,4 @@ pcre-8.10.tar.bz2
/pcre-8.36.tar.bz2
/pcre-8.37-RC1.tar.bz2
/pcre-8.37.tar.bz2
/pcre-8.38-RC1.tar.bz2

110
pcre-8.37-Fix-another-buffer-overflow.patch
View File

@ -1,110 +0,0 @@
From f6efcf125123199d446c5561266c3c3846ed9f30 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Wed, 3 Jun 2015 16:51:59 +0000
Subject: [PATCH] Fix another buffer overflow.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ported to 8.37:
commit 225f0d5eb16c7a26591a1e3f286c7476907b5a6a
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Wed Jun 3 16:51:59 2015 +0000
Fix another buffer overflow.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1562 2f5784b3-3f2a-0410-8824-cb99058d5e15
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pcre_compile.c | 7 ++++++-
testdata/testinput2 | 2 ++
testdata/testoutput11-16 | 2 +-
testdata/testoutput11-32 | 2 +-
testdata/testoutput11-8 | 2 +-
testdata/testoutput2 | 2 ++
6 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/pcre_compile.c b/pcre_compile.c
index 8b4aaef..f5d2384 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7210,7 +7210,12 @@ for (;; ptr++)
real compile this will be picked up and the reference wrapped with
OP_ONCE to make it atomic, so we must space in case this occurs. */
- if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
+ /* In fact, this can happen for a non-forward reference because
+ another group with the same number might be created later. This
+ issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
+ only mode, we finesse the bug by allowing more memory always. */
+
+ /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
}
/* In the real compile, search the name table. We check the name
diff --git a/testdata/testinput2 b/testdata/testinput2
index 5cc9ce6..e12de3a 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4156,4 +4156,6 @@ backtracking verbs. --/
/(?=di(?<=(?1))|(?=(.))))/
+"(?J:(?|(?'R')(\k'R')|((?'R'))))"
+
/-- End of testinput2 --/
diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16
index 422f2ad..e222e7c 100644
--- a/testdata/testoutput11-16
+++ b/testdata/testoutput11-16
@@ -231,7 +231,7 @@ Memory allocation (code space): 73
------------------------------------------------------------------
/(?P<a>a)...(?P=a)bbb(?P>a)d/BM
-Memory allocation (code space): 61
+Memory allocation (code space): 77
------------------------------------------------------------------
0 24 Bra
2 5 CBra 1
diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32
index d953ec8..9a80ec9 100644
--- a/testdata/testoutput11-32
+++ b/testdata/testoutput11-32
@@ -231,7 +231,7 @@ Memory allocation (code space): 155
------------------------------------------------------------------
/(?P<a>a)...(?P=a)bbb(?P>a)d/BM
-Memory allocation (code space): 125
+Memory allocation (code space): 157
------------------------------------------------------------------
0 24 Bra
2 5 CBra 1
diff --git a/testdata/testoutput11-8 b/testdata/testoutput11-8
index 6ec18ec..3adaca2 100644
--- a/testdata/testoutput11-8
+++ b/testdata/testoutput11-8
@@ -231,7 +231,7 @@ Memory allocation (code space): 45
------------------------------------------------------------------
/(?P<a>a)...(?P=a)bbb(?P>a)d/BM
-Memory allocation (code space): 38
+Memory allocation (code space): 50
------------------------------------------------------------------
0 30 Bra
3 7 CBra 1
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 4decb8d..5bad26c 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14428,4 +14428,6 @@ Failed: lookbehind assertion is not fixed length at offset 17
/(?=di(?<=(?1))|(?=(.))))/
Failed: unmatched parentheses at offset 23
+"(?J:(?|(?'R')(\k'R')|((?'R'))))"
+
/-- End of testinput2 --/
--
2.4.3

68
pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch
View File

@ -1,68 +0,0 @@
From 354e1f8e921dcb9cf2f3a5eac93cd826d01a7d8a Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Tue, 23 Jun 2015 16:34:53 +0000
Subject: [PATCH] Fix buffer overflow for forward reference within backward
assertion with excess closing parenthesis. Bugzilla 1651.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is upstream commit ported to 8.37:
commit 764692f9aea9eab50fdba6cb537441d8b34c6c37
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Tue Jun 23 16:34:53 2015 +0000
Fix buffer overflow for forward reference within backward assertion with excess
closing parenthesis. Bugzilla 1651.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1571 2f5784b3-3f2a-0410-8824-cb99058d5e15
It fixes CVE-2015-5073.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pcre_compile.c | 2 +-
testdata/testinput2 | 2 ++
testdata/testoutput2 | 3 +++
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/pcre_compile.c b/pcre_compile.c
index 6f06912..b66b1f6 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -9392,7 +9392,7 @@ OP_RECURSE that are not fixed length get a diagnosic with a useful offset. The
exceptional ones forgo this. We scan the pattern to check that they are fixed
length, and set their lengths. */
-if (cd->check_lookbehind)
+if (errorcode == 0 && cd->check_lookbehind)
{
pcre_uchar *cc = (pcre_uchar *)codestart;
diff --git a/testdata/testinput2 b/testdata/testinput2
index 83bb471..5cc9ce6 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4154,4 +4154,6 @@ backtracking verbs. --/
"(?J)(?'d'(?'d'\g{d}))"
+/(?=di(?<=(?1))|(?=(.))))/
+
/-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 7dff52a..4decb8d 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14425,4 +14425,7 @@ Failed: lookbehind assertion is not fixed length at offset 17
"(?J)(?'d'(?'d'\g{d}))"
+/(?=di(?<=(?1))|(?=(.))))/
+Failed: unmatched parentheses at offset 23
+
/-- End of testinput2 --/
--
2.4.3

87
pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch
View File

@ -1,87 +0,0 @@
From 68ff1beb43bb3d4d8838f3285c97023d1e50513a Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Fri, 15 May 2015 17:17:03 +0000
Subject: [PATCH] Fix buffer overflow for named recursive back reference when
the name is duplicated.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Upstream commit ported to pcre-8.37:
commit 4b79af6b4cbeb5326ae5e4d83f3e935e00286c19
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Fri May 15 17:17:03 2015 +0000
Fix buffer overflow for named recursive back reference when the name is
duplicated.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1558 2f5784b3-3f2a-0410-8824-cb99058d5e15
This fixes CVE-2015-3210.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pcre_compile.c | 16 ++++++++++++++--
testdata/testinput2 | 2 ++
testdata/testoutput2 | 2 ++
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/pcre_compile.c b/pcre_compile.c
index 0efad26..6f06912 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7173,14 +7173,26 @@ for (;; ptr++)
number. If the name is not found, set the value to 0 for a forward
reference. */
+ recno = 0;
ng = cd->named_groups;
for (i = 0; i < cd->names_found; i++, ng++)
{
if (namelen == ng->length &&
STRNCMP_UC_UC(name, ng->name, namelen) == 0)
- break;
+ {
+ open_capitem *oc;
+ recno = ng->number;
+ if (is_recurse) break;
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+ {
+ if (oc->number == recno)
+ {
+ oc->flag = TRUE;
+ break;
+ }
+ }
+ }
}
- recno = (i < cd->names_found)? ng->number : 0;
/* Count named back references. */
diff --git a/testdata/testinput2 b/testdata/testinput2
index 58fe53b..83bb471 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4152,4 +4152,6 @@ backtracking verbs. --/
/((?2){73}(?2))((?1))/
+"(?J)(?'d'(?'d'\g{d}))"
+
/-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index b718df0..7dff52a 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14423,4 +14423,6 @@ Failed: lookbehind assertion is not fixed length at offset 17
/((?2){73}(?2))((?1))/
+"(?J)(?'d'(?'d'\g{d}))"
+
/-- End of testinput2 --/
--
2.4.3

190
pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch
View File

@ -1,190 +0,0 @@
From b3f0b0dd971314df8f865e221aa1a88e75d6d1a6 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Wed, 5 Aug 2015 15:38:32 +0000
Subject: [PATCH] Fix buffer overflow for named references in (?| situations.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Ported for 8.37:
commit 7af8e8717def179fd7b69e173abd347c1a3547cb
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Wed Aug 5 15:38:32 2015 +0000
Fix buffer overflow for named references in (?| situations.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1585 2f5784b3-3f2a-0410-8824-cb99058d5e15
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pcre_compile.c | 74 ++++++++++++++++++++++++++++++----------------------
pcre_internal.h | 1 +
testdata/testinput2 | 2 ++
testdata/testoutput2 | 2 ++
4 files changed, 48 insertions(+), 31 deletions(-)
diff --git a/pcre_compile.c b/pcre_compile.c
index f5d2384..5fe5c1d 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -6641,6 +6641,7 @@ for (;; ptr++)
/* ------------------------------------------------------------ */
case CHAR_VERTICAL_LINE: /* Reset capture count for each branch */
reset_bracount = TRUE;
+ cd->dupgroups = TRUE; /* Record (?| encountered */
/* Fall through */
/* ------------------------------------------------------------ */
@@ -7151,7 +7152,8 @@ for (;; ptr++)
if (lengthptr != NULL)
{
named_group *ng;
-
+ recno = 0;
+
if (namelen == 0)
{
*errorcodeptr = ERR62;
@@ -7168,32 +7170,6 @@ for (;; ptr++)
goto FAILED;
}
- /* The name table does not exist in the first pass; instead we must
- scan the list of names encountered so far in order to get the
- number. If the name is not found, set the value to 0 for a forward
- reference. */
-
- recno = 0;
- ng = cd->named_groups;
- for (i = 0; i < cd->names_found; i++, ng++)
- {
- if (namelen == ng->length &&
- STRNCMP_UC_UC(name, ng->name, namelen) == 0)
- {
- open_capitem *oc;
- recno = ng->number;
- if (is_recurse) break;
- for (oc = cd->open_caps; oc != NULL; oc = oc->next)
- {
- if (oc->number == recno)
- {
- oc->flag = TRUE;
- break;
- }
- }
- }
- }
-
/* Count named back references. */
if (!is_recurse) cd->namedrefcount++;
@@ -7215,7 +7191,44 @@ for (;; ptr++)
issue is fixed "properly" in PCRE2. As PCRE1 is now in maintenance
only mode, we finesse the bug by allowing more memory always. */
- /* if (recno == 0) */ *lengthptr += 2 + 2*LINK_SIZE;
+ *lengthptr += 2 + 2*LINK_SIZE;
+
+ /* It is even worse than that. The current reference may be to an
+ existing named group with a different number (so apparently not
+ recursive) but which later on is also attached to a group with the
+ current number. This can only happen if $(| has been previous
+ encountered. In that case, we allow yet more memory, just in case.
+ (Again, this is fixed "properly" in PCRE2. */
+
+ if (cd->dupgroups) *lengthptr += 2 + 2*LINK_SIZE;
+
+ /* Otherwise, check for recursion here. The name table does not exist
+ in the first pass; instead we must scan the list of names encountered
+ so far in order to get the number. If the name is not found, leave
+ the value of recno as 0 for a forward reference. */
+
+ else
+ {
+ ng = cd->named_groups;
+ for (i = 0; i < cd->names_found; i++, ng++)
+ {
+ if (namelen == ng->length &&
+ STRNCMP_UC_UC(name, ng->name, namelen) == 0)
+ {
+ open_capitem *oc;
+ recno = ng->number;
+ if (is_recurse) break;
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+ {
+ if (oc->number == recno)
+ {
+ oc->flag = TRUE;
+ break;
+ }
+ }
+ }
+ }
+ }
}
/* In the real compile, search the name table. We check the name
@@ -7262,8 +7275,6 @@ for (;; ptr++)
for (i++; i < cd->names_found; i++)
{
if (STRCMP_UC_UC(slot + IMM2_SIZE, cslot + IMM2_SIZE) != 0) break;
-
-
count++;
cslot += cd->name_entry_size;
}
@@ -9189,6 +9200,7 @@ cd->names_found = 0;
cd->name_entry_size = 0;
cd->name_table = NULL;
cd->dupnames = FALSE;
+cd->dupgroups = FALSE;
cd->namedrefcount = 0;
cd->start_code = cworkspace;
cd->hwm = cworkspace;
@@ -9223,7 +9235,7 @@ if (errorcode != 0) goto PCRE_EARLY_ERROR_RETURN;
DPRINTF(("end pre-compile: length=%d workspace=%d\n", length,
(int)(cd->hwm - cworkspace)));
-
+
if (length > MAX_PATTERN_SIZE)
{
errorcode = ERR20;
diff --git a/pcre_internal.h b/pcre_internal.h
index dd0ac7f..7ca6020 100644
--- a/pcre_internal.h
+++ b/pcre_internal.h
@@ -2446,6 +2446,7 @@ typedef struct compile_data {
BOOL had_pruneorskip; /* (*PRUNE) or (*SKIP) encountered */
BOOL check_lookbehind; /* Lookbehinds need later checking */
BOOL dupnames; /* Duplicate names exist */
+ BOOL dupgroups; /* Duplicate groups exist: (?| found */
BOOL iscondassert; /* Next assert is a condition */
int nltype; /* Newline type */
int nllen; /* Newline string length */
diff --git a/testdata/testinput2 b/testdata/testinput2
index e12de3a..8e044f8 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4158,4 +4158,6 @@ backtracking verbs. --/
"(?J:(?|(?'R')(\k'R')|((?'R'))))"
+/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
+
/-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 5bad26c..6019425 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14430,4 +14430,6 @@ Failed: unmatched parentheses at offset 23
"(?J:(?|(?'R')(\k'R')|((?'R'))))"
+/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
+
/-- End of testinput2 --/
--
2.4.3

91
pcre-8.37-Fix-compile-bug-for-classes-like-W-p-Any.patch
View File

@ -1,91 +0,0 @@
From 7b67e393f64afd69c48e585d3e4291d7d1b3a0f5 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Fri, 9 Oct 2015 16:11:18 +0000
Subject: [PATCH] Fix compile bug for classes like [\W\p{Any}].
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1601 2f5784b3-3f2a-0410-8824-cb99058d5e15
Signed-off-by: Petr Písař <ppisar@redhat.com>
Petr Pisar: Ported to 8.37.
---
pcre_compile.c | 5 +++--
testdata/testinput5 | 9 +++++++++
testdata/testoutput5 | 26 ++++++++++++++++++++++++++
4 files changed, 42 insertions(+), 2 deletions(-)
diff --git a/pcre_compile.c b/pcre_compile.c
index 191330a..f8ce576 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -5512,9 +5512,10 @@ for (;; ptr++)
actual compiled code. */
#ifdef SUPPORT_UTF
- if (xclass && (!should_flip_negation || (options & PCRE_UCP) != 0))
+ if (xclass && (xclass_has_prop || !should_flip_negation ||
+ (options & PCRE_UCP) != 0))
#elif !defined COMPILE_PCRE8
- if (xclass && !should_flip_negation)
+ if (xclass && (xclass_has_prop || !should_flip_negation))
#endif
#if defined SUPPORT_UTF || !defined COMPILE_PCRE8
{
diff --git a/testdata/testinput5 b/testdata/testinput5
index 28561a9..c825ca2 100644
--- a/testdata/testinput5
+++ b/testdata/testinput5
@@ -798,4 +798,13 @@
/(?<=\K\x{17f})/8G+
\x{17f}\x{17f}\x{17f}\x{17f}\x{17f}
+/[\W\p{Any}]/BZ
+ abc
+ 123
+
+/[\W\pL]/BZ
+ abc
+ ** Failers
+ 123
+
/-- End of testinput5 --/
diff --git a/testdata/testoutput5 b/testdata/testoutput5
index bab989c..42e5e16 100644
--- a/testdata/testoutput5
+++ b/testdata/testoutput5
@@ -1942,4 +1942,30 @@ Need char = 'z'
0: \x{17f}
0+
+/[\W\p{Any}]/BZ
+------------------------------------------------------------------
+ Bra
+ [\x00-/:-@[-^`{-\xff\p{Any}]
+ Ket
+ End
+------------------------------------------------------------------
+ abc
+ 0: a
+ 123
+ 0: 1
+
+/[\W\pL]/BZ
+------------------------------------------------------------------
+ Bra
+ [\x00-/:-@[-^`{-\xff\p{L}]
+ Ket
+ End
+------------------------------------------------------------------
+ abc
+ 0: a
+ ** Failers
+ 0: *
+ 123
+No match
+
/-- End of testinput5 --/
--
2.4.3

98
pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch
View File

@ -1,98 +0,0 @@
From 83ed574998fe7b844b98ab7cd56291068feb9e31 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Sat, 16 May 2015 11:05:40 +0000
Subject: [PATCH] Fix named forward reference to duplicate group number
overflow bug.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Port to 8.37:
commit 2fa78aa4e42bcebf2d616c4ee89c012f29dc3447
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Sat May 16 11:05:40 2015 +0000
Fix named forward reference to duplicate group number overflow bug.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1559 2f5784b3-3f2a-0410-8824-cb99058d5e15
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pcre_compile.c | 24 ++++++++++++++++--------
testdata/testinput1 | 3 +++
testdata/testoutput1 | 5 +++++
3 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/pcre_compile.c b/pcre_compile.c
index b66b1f6..8b4aaef 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7183,15 +7183,15 @@ for (;; ptr++)
open_capitem *oc;
recno = ng->number;
if (is_recurse) break;
- for (oc = cd->open_caps; oc != NULL; oc = oc->next)
- {
- if (oc->number == recno)
- {
- oc->flag = TRUE;
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+ {
+ if (oc->number == recno)
+ {
+ oc->flag = TRUE;
break;
- }
- }
- }
+ }
+ }
+ }
}
/* Count named back references. */
@@ -7203,6 +7203,14 @@ for (;; ptr++)
16-bit data item. */
*lengthptr += IMM2_SIZE;
+
+ /* If this is a forward reference and we are within a (?|...) group,
+ the reference may end up as the number of a group which we are
+ currently inside, that is, it could be a recursive reference. In the
+ real compile this will be picked up and the reference wrapped with
+ OP_ONCE to make it atomic, so we must space in case this occurs. */
+
+ if (recno == 0) *lengthptr += 2 + 2*LINK_SIZE;
}
/* In the real compile, search the name table. We check the name
diff --git a/testdata/testinput1 b/testdata/testinput1
index 73c2f4d..8379ce0 100644
--- a/testdata/testinput1
+++ b/testdata/testinput1
@@ -5730,4 +5730,7 @@ AbcdCBefgBhiBqz
"(?1)(?#?'){8}(a)"
baaaaaaaaac
+"(?|(\k'Pm')|(?'Pm'))"
+ abcd
+
/-- End of testinput1 --/
diff --git a/testdata/testoutput1 b/testdata/testoutput1
index 0a53fd0..e852ab9 100644
--- a/testdata/testoutput1
+++ b/testdata/testoutput1
@@ -9429,4 +9429,9 @@ No match
0: aaaaaaaaa
1: a
+"(?|(\k'Pm')|(?'Pm'))"
+ abcd
+ 0:
+ 1:
+
/-- End of testinput1 --/
--
2.4.3

79
pcre-8.37-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch
View File

@ -1,79 +0,0 @@
From cf3a19441dc85daf8f91d5b84f42021dc1007251 Mon Sep 17 00:00:00 2001
From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Fri, 21 Aug 2015 16:08:33 +0000
Subject: [PATCH] Hack in yet other patch for a bug in size computation that is
fixed "properly" in PCRE2.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Upstream commit ported to 8.37:
commit f25903ade90a9177cf1175eb48fb36e500b3cca4
Author: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
Date: Fri Aug 21 16:08:33 2015 +0000
Hack in yet other patch for a bug in size computation that is fixed "properly"
in PCRE2.
git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1594 2f5784b3-3f2a-0410-8824-cb99058d5e15
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
pcre_compile.c | 5 ++---
testdata/testinput2 | 2 ++
testdata/testoutput2 | 2 ++
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/pcre_compile.c b/pcre_compile.c
index 5fe5c1d..681d2a1 100644
--- a/pcre_compile.c
+++ b/pcre_compile.c
@@ -7200,7 +7200,7 @@ for (;; ptr++)
encountered. In that case, we allow yet more memory, just in case.
(Again, this is fixed "properly" in PCRE2. */
- if (cd->dupgroups) *lengthptr += 2 + 2*LINK_SIZE;
+ if (cd->dupgroups) *lengthptr += 4 + 4*LINK_SIZE;
/* Otherwise, check for recursion here. The name table does not exist
in the first pass; instead we must scan the list of names encountered
@@ -9403,7 +9403,7 @@ used in this code because at least one compiler gives a warning about loss of
"const" attribute if the cast (pcre_uchar *)codestart is used directly in the
function call. */
-if ((options & PCRE_NO_AUTO_POSSESS) == 0)
+if (errorcode == 0 && (options & PCRE_NO_AUTO_POSSESS) == 0)
{
pcre_uchar *temp = (pcre_uchar *)codestart;
auto_possessify(temp, utf, cd);
@@ -9630,4 +9630,3 @@ return (pcre32 *)re;
}
/* End of pcre_compile.c */
-
diff --git a/testdata/testinput2 b/testdata/testinput2
index 8e044f8..feca135 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -4160,4 +4160,6 @@ backtracking verbs. --/
/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
+/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/
+
/-- End of testinput2 --/
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 6019425..3b06f85 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -14432,4 +14432,6 @@ Failed: unmatched parentheses at offset 23
/(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R')))/
+/(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/
+
/-- End of testinput2 --/
--
2.4.3

89
pcre.spec
View File

@ -1,11 +1,11 @@
# Is this a stable/testing release:
#%%global rcversion RC1
Name: pcre
Version: 8.37
Release: %{?rcversion:0.}5%{?rcversion:.%rcversion}%{?dist}
%global rcversion RC1
Name: pcre
Version: 8.38
Release: %{?rcversion:0.}1%{?rcversion:.%rcversion}%{?dist}
%global myversion %{version}%{?rcversion:-%rcversion}
Summary: Perl-compatible regular expression library
Group: System Environment/Libraries
Summary: Perl-compatible regular expression library
Group: System Environment/Libraries
## Source package only:
# ltmain.sh: (GPLv2+ or BSD) and GPLv3+
# missing: GPLv2+ or BSD
@ -24,37 +24,25 @@ Group: System Environment/Libraries
# testdata: Public Domain (see LICENSE file)
## Binary packages:
# other files: BSD
License: BSD
URL: http://www.pcre.org/
Source: ftp://ftp.csx.cam.ac.uk/pub/software/programming/%{name}/%{?rcversion:Testing/}%{name}-%{myversion}.tar.bz2
License: BSD
URL: http://www.pcre.org/
Source: ftp://ftp.csx.cam.ac.uk/pub/software/programming/%{name}/%{?rcversion:Testing/}%{name}-%{myversion}.tar.bz2
# Upstream thinks RPATH is good idea.
Patch0: pcre-8.21-multilib.patch
Patch0: pcre-8.21-multilib.patch
# Refused by upstream, bug #675477
Patch1: pcre-8.32-refused_spelling_terminated.patch
# Fix CVE-2015-3210, bug #1236659
Patch2: pcre-8.37-Fix-buffer-overflow-for-named-recursive-back-referen.patch
# Fix CVE-2015-5073, bug #1237224
Patch3: pcre-8.37-Fix-buffer-overflow-for-forward-reference-within-bac.patch
# Needed for Fix-buffer-overflow-for-named-references-in-situatio.patch,
# in upstream after 8.37
Patch4: pcre-8.37-Fix-named-forward-reference-to-duplicate-group-numbe.patch
# Needed for Fix-buffer-overflow-for-named-references-in-situatio.patch,
# in upstream after 8.37
Patch5: pcre-8.37-Fix-another-buffer-overflow.patch
# Fix a buffer overflow with duplicated named groups and an occurrence of "(?|",
# <https://bugs.exim.org/show_bug.cgi?id=1667>, bug #1250946,
# in upstream after 8.37
Patch6: pcre-8.37-Fix-buffer-overflow-for-named-references-in-situatio.patch
# Fix a heap overflow when compiling certain expression with named references,
# <https://bugs.exim.org/show_bug.cgi?id=1672>, bug #1256452,
# in upstream after 8.37
Patch7: pcre-8.37-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch
# Fix compiling classes with a negative escape and a property escape,
# upstream bug #1697, fixed in upstream after 8.37.
Patch8: pcre-8.37-Fix-compile-bug-for-classes-like-W-p-Any.patch
BuildRequires: readline-devel
# New libtool to get rid of rpath
BuildRequires: autoconf, automake, libtool
Patch1: pcre-8.32-refused_spelling_terminated.patch
BuildRequires: readline-devel
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: coreutils
BuildRequires: gcc
BuildRequires: glibc-common
BuildRequires: libtool
# perl not used because config.h.generic is pregenerated
# Tests:
BuildRequires: bash
BuildRequires: diffutils
BuildRequires: grep
%description
Perl-compatible regular expression library.
@ -65,25 +53,25 @@ themselves still follow Perl syntax and semantics. The header file
for the POSIX-style functions is called pcreposix.h.
%package devel
Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
Development files (Headers, libraries for dynamic linking, etc) for %{name}.
%package static
Summary: Static library for %{name}
Group: Development/Libraries
Requires: %{name}-devel%{_isa} = %{version}-%{release}
Summary: Static library for %{name}
Group: Development/Libraries
Requires: %{name}-devel%{_isa} = %{version}-%{release}
%description static
Library for static linking for %{name}.
%package tools
Summary: Auxiliary utilities for %{name}
Group: Development/Tools
Requires: %{name}%{_isa} = %{version}-%{release}
Summary: Auxiliary utilities for %{name}
Group: Development/Tools
Requires: %{name}%{_isa} = %{version}-%{release}
%description tools
Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
@ -93,15 +81,9 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
# Get rid of rpath
%patch0 -p1 -b .multilib
%patch1 -p1 -b .terminated_typos
%patch2 -p1 -b .CVE-2015-3210
%patch3 -p1 -b .CVE-2015-5073
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
# Because of rpath patch
libtoolize --copy --force && autoreconf -vif
libtoolize --copy --force
autoreconf -vif
# One contributor's name is non-UTF-8
for F in ChangeLog; do
iconv -f latin1 -t utf8 "$F" >"${F}.utf8"
@ -170,6 +152,9 @@ make %{?_smp_mflags} check VERBOSE=yes
%{_mandir}/man1/pcretest.*
%changelog
* Thu Oct 29 2015 Petr Pisar <ppisar@redhat.com> - 8.38-0.1.RC1
- 8.38-RC1 bump
* Mon Oct 12 2015 Petr Pisar <ppisar@redhat.com> - 8.37-5
- Fix compiling classes with a negative escape and a property escape
(upstream bug #1697)

2
sources
View File

@ -1 +1 @@
ed91be292cb01d21bc7e526816c26981 pcre-8.37.tar.bz2
553ae88ac9e125564e9fb443a5f17ca3 pcre-8.38-RC1.tar.bz2