import pcre2-10.32-3.el8_6

This commit is contained in:
CentOS Sources 2022-09-27 16:09:26 -04:00 committed by Stepan Oksanichenko
parent d3b1260ab5
commit 41f9c1a59b
2 changed files with 31 additions and 1 deletions

View File

@ -0,0 +1,21 @@
--- pcre2-10.32/src/pcre2_jit_compile.c.old 2022-05-13 09:13:06.188574517 +0000
+++ pcre2-10.32/src/pcre2_jit_compile.c 2022-05-13 09:27:57.189574517 +0000
@@ -6494,7 +6494,7 @@ while (*cc != XCL_END)
{
SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP);
cc++;
- if (*cc == PT_CLIST)
+ if (*cc == PT_CLIST && cc[-1] == XCL_PROP)
{
other_cases = PRIV(ucd_caseless_sets) + cc[1];
while (*other_cases != NOTACHAR)
--- pcre2-10.32/src/pcre2_jit_test.c.old 2022-05-13 09:29:27.531574517 +0000
+++ pcre2-10.32/src/pcre2_jit_test.c 2022-05-13 09:32:50.666574517 +0000
@@ -397,6 +397,7 @@ static struct regression_test_case regre
{ MUP, A, 0, 0 | F_PROPERTY, "[\xc3\xa2-\xc3\xa6\xc3\x81-\xc3\x84\xe2\x80\xa8-\xe2\x80\xa9\xe6\x92\xad\\p{Zs}]{2,}", "\xe2\x80\xa7\xe2\x80\xa9\xe6\x92\xad \xe6\x92\xae" },
{ MUP, A, 0, 0 | F_PROPERTY, "[\\P{L&}]{2}[^\xc2\x85-\xc2\x89\\p{Ll}\\p{Lu}]{2}", "\xc3\xa9\xe6\x92\xad.a\xe6\x92\xad|\xc2\x8a#" },
{ PCRE2_UCP, 0, 0, 0 | F_PROPERTY, "[a-b\\s]{2,5}[^a]", "AB baaa" },
+ { CMUP, 0, 0, 0, "[^S]\\B", "\xe2\x80\x8a" },
/* Possible empty brackets. */
{ MU, A, 0, 0, "(?:|ab||bc|a)+d", "abcxabcabd" },

View File

@ -9,7 +9,7 @@
#%%global rcversion RC1
Name: pcre2
Version: 10.32
Release: %{?rcversion:0.}2%{?rcversion:.%rcversion}%{?dist}
Release: %{?rcversion:0.}3%{?rcversion:.%rcversion}%{?dist}
%global myversion %{version}%{?rcversion:-%rcversion}
Summary: Perl-compatible regular expression library
# the library: BSD with exceptions
@ -68,6 +68,11 @@ Patch5: pcre2-10.32-Fix-crash-when-X-is-used-without-UTF-in-JIT.patch
# 2/2 Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT),
# upstream bug #2399, bug #1734468, in upstream after 10.33
Patch6: pcre2-10.32-Forgot-this-file-in-previous-commit.-Fixes-JIT-non-U.patch
# Fix CVE-2022-1586 (Out-of-bounds read in compile_xclass_matchingpath)
# Downstream patch backport
# Ref: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a
# https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c
Patch7: pcre2-10.32-Fix-CVE-2022-1586
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: coreutils
@ -150,6 +155,7 @@ Utilities demonstrating PCRE2 capabilities like pcre2grep or pcre2test.
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
# Because of multilib patch
libtoolize --copy --force
autoreconf -vif
@ -251,6 +257,9 @@ make %{?_smp_mflags} check VERBOSE=yes
%{_mandir}/man1/pcre2test.*
%changelog
* Fri May 13 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.32-3
- Resolves: CVE-2022-1586
* Mon May 13 2019 Petr Pisar <ppisar@redhat.com> - 10.32-2
- Fix CVE-2019-20454 (a crash when \X is used without UTF mode in a JIT)
(bug #1734468)