pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2014Q3] pkgsrc/devel/pcre
Module Name: pkgsrc
Committed By: tron
Date: Thu Dec 4 19:28:20 UTC 2014
Modified Files:
pkgsrc/devel/pcre [pkgsrc-2014Q3]: Makefile distinfo
pkgsrc/devel/pcre/patches [pkgsrc-2014Q3]: patch-aa patch-ab
Added Files:
pkgsrc/devel/pcre/patches [pkgsrc-2014Q3]: patch-CVE-2014-8964
Log Message:
Pullup ticket #4565 - requested by he
devel/pcre: security update
Revisions pulled up:
- devel/pcre/Makefile 1.73,1.75
- devel/pcre/distinfo 1.54-1.55
- devel/pcre/patches/patch-CVE-2014-8964 1.1
- devel/pcre/patches/patch-aa 1.16
- devel/pcre/patches/patch-ab 1.9
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 1 11:45:00 UTC 2014
Modified Files:
pkgsrc/devel/pcre: Makefile distinfo
Log Message:
Update to 8.36:
Version 8.36 26-September-2014
------------------------------
1. Got rid of some compiler warnings in the C++ modules that were shown up by
-Wmissing-field-initializers and -Wunused-parameter.
2. The tests for quantifiers being too big (greater than 65535) were being
applied after reading the number, and stupidly assuming that integer
overflow would give a negative number. The tests are now applied as the
numbers are read.
3. Tidy code in pcre_exec.c where two branches that used to be different are
now the same.
4. The JIT compiler did not generate match limit checks for certain
bracketed expressions with quantifiers. This may lead to exponential
backtracking, instead of returning with PCRE_ERROR_MATCHLIMIT. This
issue should be resolved now.
5. Fixed an issue, which occures when nested alternatives are optimized
with table jumps.
6. Inserted two casts and changed some ints to size_t in the light of some
reported 64-bit compiler warnings (Bugzilla 1477).
7. Fixed a bug concerned with zero-minimum possessive groups that could match
an empty string, which sometimes were behaving incorrectly in the
interpreter (though correctly in the JIT matcher). This pcretest input is
an example:
'\A(?:[^"]++|"(?:[^"]*+|"")*+")++'
NON QUOTED "QUOT""ED" AFTER "NOT MATCHED
the interpreter was reporting a match of 'NON QUOTED ' only, whereas the
JIT matcher and Perl both matched 'NON QUOTED "QUOT""ED" AFTER '. The test
for an empty string was breaking the inner loop and carrying on at a lower
level, when possessive repeated groups should always return to a higher
level as they have no backtrack points in them. The empty string test now
occurs at the outer level.
8. Fixed a bug that was incorrectly auto-possessifying \w+ in the pattern
^\w+(?>\s*)(?<=\w) which caused it not to match "test test".
9. Give a compile-time error for \o{} (as Perl does) and for \x{} (which Perl
doesn't).
10. Change 8.34/15 introduced a bug that caused the amount of memory needed
to hold a pattern to be incorrectly computed (too small) when there were
named back references to duplicated names. This could cause "internal
error: code overflow" or "double free or corruption" or other memory
handling errors.
11. When named subpatterns had the same prefixes, back references could be
confused. For example, in this pattern:
/(?P<Name>a)?(?P<Name2>b)?(?(<Name>)c|d)*l/
the reference to 'Name' was incorrectly treated as a reference to a
duplicate name.
12. A pattern such as /^s?c/mi8 where the optional character has more than
one "other case" was incorrectly compiled such that it would only try to
match starting at "c".
13. When a pattern starting with \s was studied, VT was not included in the
list of possible starting characters; this should have been part of the
8.34/18 patch.
14. If a character class started [\Qx]... where x is any character, the class
was incorrectly terminated at the ].
15. If a pattern that started with a caseless match for a character with more
than one "other case" was studied, PCRE did not set up the starting code
unit bit map for the list of possible characters. Now it does. This is an
optimization improvement, not a bug fix.
16. The Unicode data tables have been updated to Unicode 7.0.0.
17. Fixed a number of memory leaks in pcregrep.
18. Avoid a compiler warning (from some compilers) for a function call with
a cast that removes "const" from an lvalue by using an intermediate
variable (to which the compiler does not object).
19. Incorrect code was compiled if a group that contained an internal recursive
back reference was optional (had quantifier with a minimum of zero). This
example compiled incorrect code: /(((a\2)|(a*)\g<-1>))*/ and other examples
caused segmentation faults because of stack overflows at compile time.
20. A pattern such as /((?(R)a|(?1)))+/, which contains a recursion within a
group that is quantified with an indefinite repeat, caused a compile-time
loop which used up all the system stack and provoked a segmentation fault.
This was not the same bug as 19 above.
21. Add PCRECPP_EXP_DECL declaration to operator<< in pcre_stringpiece.h.
Patch by Mike Frysinger.
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Nov 30 14:48:43 UTC 2014
Modified Files:
pkgsrc/devel/pcre: Makefile distinfo
pkgsrc/devel/pcre/patches: patch-aa patch-ab
Added Files:
pkgsrc/devel/pcre/patches: patch-CVE-2014-8964
Log Message:
patch for CVE-2014-8964 from upstream
also, patch refresh
To generate a diff of this commit:
cvs rdiff -u -r1.72 -r1.72.4.1 pkgsrc/devel/pcre/Makefile
cvs rdiff -u -r1.53 -r1.53.4.1 pkgsrc/devel/pcre/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/devel/pcre/patches/patch-CVE-2014-8964
cvs rdiff -u -r1.15 -r1.15.22.1 pkgsrc/devel/pcre/patches/patch-aa
cvs rdiff -u -r1.8 -r1.8.22.1 pkgsrc/devel/pcre/patches/patch-ab
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index