diff --git a/.gitignore b/.gitignore index 3e37b73..066aaf3 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ /pcre-8.32.tar.gz /pcre-8.33.tar.gz /pcre-8.34.tar.gz +/pcre-8.36.tar.bz2 diff --git a/mingw-pcre.spec b/mingw-pcre.spec index e3092ae..69939a4 100644 --- a/mingw-pcre.spec +++ b/mingw-pcre.spec @@ -1,14 +1,20 @@ %?mingw_package_header Name: mingw-pcre -Version: 8.34 -Release: 2%{?dist} +Version: 8.36 +Release: 1%{?dist} Summary: MinGW Windows pcre library Group: Development/Libraries License: BSD URL: http://www.pcre.org/ -Source0: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-%{version}.tar.gz +Source0: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-%{version}.tar.bz2 +# Reset non-matched groups within capturing group up to forced match, +# bug #1161587, in upstream after 8.36 +Patch2: pcre-8.36-Fix-bug-when-there-are-unset-groups-prior-to-ACCEPT-.patch +# Fix unused memory usage on zero-repeat assertion condition, bug #1165626, +# CVE-2014-8964, in upstream after 8.36 +Patch3: pcre-8.36-Fix-zero-repeat-assertion-condition-bug.patch BuildArch: noarch @@ -85,6 +91,8 @@ Static version of the mingw64-pcre library. %prep %setup -q -n pcre-%{version} +%patch2 -p1 -b .reset_groups +%patch3 -p1 -b .zero_repeat_assertion %build @@ -176,6 +184,10 @@ find $RPM_BUILD_ROOT -name "*.la" -delete %changelog +* Thu Dec 25 2014 Yaakov Selkowitz - 8.36-1 +- Update to 8.36 +- Add upstream patches from main pcre package + * Sat Jun 07 2014 Fedora Release Engineering - 8.34-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild diff --git a/pcre-8.36-Fix-bug-when-there-are-unset-groups-prior-to-ACCEPT-.patch b/pcre-8.36-Fix-bug-when-there-are-unset-groups-prior-to-ACCEPT-.patch new file mode 100644 index 0000000..13eb08d --- /dev/null +++ b/pcre-8.36-Fix-bug-when-there-are-unset-groups-prior-to-ACCEPT-.patch @@ -0,0 +1,71 @@ +From e2eeaf85f1b5d6c4669b621d309ff904cbf96f4b Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Wed, 5 Nov 2014 15:08:03 +0000 +Subject: [PATCH] Fix bug when there are unset groups prior to (*ACCEPT) within + a capturing group. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1510 2f5784b3-3f2a-0410-8824-cb99058d5e15 +Signed-off-by: Petr Písař + +Petr Pisar: Ported to 8.36 + +diff --git a/pcre_exec.c b/pcre_exec.c +index 654eb9e..fdf7067 100644 +--- a/pcre_exec.c ++++ b/pcre_exec.c +@@ -1474,7 +1474,18 @@ for (;;) + md->offset_vector[offset] = + md->offset_vector[md->offset_end - number]; + md->offset_vector[offset+1] = (int)(eptr - md->start_subject); +- if (offset_top <= offset) offset_top = offset + 2; ++ ++ /* If this group is at or above the current highwater mark, ensure that ++ any groups between the current high water mark and this group are marked ++ unset and then update the high water mark. */ ++ ++ if (offset >= offset_top) ++ { ++ register int *iptr = md->offset_vector + offset_top; ++ register int *iend = md->offset_vector + offset; ++ while (iptr < iend) *iptr++ = -1; ++ offset_top = offset + 2; ++ } + } + ecode += 1 + IMM2_SIZE; + break; +diff --git a/testdata/testinput1 b/testdata/testinput1 +index 123e3d3..091e307 100644 +--- a/testdata/testinput1 ++++ b/testdata/testinput1 +@@ -5720,4 +5720,7 @@ AbcdCBefgBhiBqz + /[\Q]a\E]+/ + aa]] + ++/(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ ++ 1234abcd ++ + /-- End of testinput1 --/ +diff --git a/testdata/testoutput1 b/testdata/testoutput1 +index 5e71900..ba7ca37 100644 +--- a/testdata/testoutput1 ++++ b/testdata/testoutput1 +@@ -9411,4 +9411,13 @@ No match + aa]] + 0: aa]] + ++/(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ ++ 1234abcd ++ 0: ++ 1: ++ 2: ++ 3: ++ 4: ++ 5: ++ + /-- End of testinput1 --/ +-- +1.9.3 + diff --git a/pcre-8.36-Fix-zero-repeat-assertion-condition-bug.patch b/pcre-8.36-Fix-zero-repeat-assertion-condition-bug.patch new file mode 100644 index 0000000..1fb3036 --- /dev/null +++ b/pcre-8.36-Fix-zero-repeat-assertion-condition-bug.patch @@ -0,0 +1,68 @@ +From 48d2472840efc4dc54dfc698d64aa086332a9033 Mon Sep 17 00:00:00 2001 +From: ph10 +Date: Wed, 19 Nov 2014 20:57:13 +0000 +Subject: [PATCH] Fix zero-repeat assertion condition bug. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1513 2f5784b3-3f2a-0410-8824-cb99058d5e15 +Signed-off-by: Petr Písař + +Petr Pisar: Ported to 8.36. + +diff --git a/pcre_exec.c b/pcre_exec.c +index fdf7067..bb5620d 100644 +--- a/pcre_exec.c ++++ b/pcre_exec.c +@@ -1404,8 +1404,11 @@ for (;;) + condition = TRUE; + + /* Advance ecode past the assertion to the start of the first branch, +- but adjust it so that the general choosing code below works. */ +- ++ but adjust it so that the general choosing code below works. If the ++ assertion has a quantifier that allows zero repeats we must skip over ++ the BRAZERO. This is a lunatic thing to do, but somebody did! */ ++ ++ if (*ecode == OP_BRAZERO) ecode++; + ecode += GET(ecode, 1); + while (*ecode == OP_ALT) ecode += GET(ecode, 1); + ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode]; +diff --git a/testdata/testinput2 b/testdata/testinput2 +index c6816bf..015422e 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -4078,4 +4078,10 @@ backtracking verbs. --/ + + /\x{whatever}/ + ++"((?=(?(?=(?(?=(?(?=())))*)))))" ++ a ++ ++"(?(?=)?==)(((((((((?=)))))))))" ++ a ++ + /-- End of testinput2 --/ +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index 1e87026..9a1b14e 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -14206,4 +14206,14 @@ Failed: digits missing in \x{} or \o{} at offset 3 + /\x{whatever}/ + Failed: non-hex character in \x{} (closing brace missing?) at offset 3 + ++"((?=(?(?=(?(?=(?(?=())))*)))))" ++ a ++ 0: ++ 1: ++ 2: ++ ++"(?(?=)?==)(((((((((?=)))))))))" ++ a ++No match ++ + /-- End of testinput2 --/ +-- +1.9.3 + diff --git a/sources b/sources index 62629af..a5fed82 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -eb34b2c9c727fd64940d6fd9a00995eb pcre-8.34.tar.gz +b767bc9af0c20bc9c1fe403b0d41ad97 pcre-8.36.tar.bz2