Changelog for
pcre-devel-8.41-lp152.7.3.1.x86_64.rpm :
* Tue May 11 2021 Bernhard Wiedemann
- Do not run profiling \'check\' in parallel to make package build reproducible (boo#1040589)
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
* Wed Nov 01 2017 kstreitovaAATTsuse.com- add pcre-8.41-stack_frame_size_detection.patch to fix pcre stack frame size detection because modern compilers broke it by cloning and inlining pcre match() function [bsc#1058722]
* Tue Sep 12 2017 matzAATTsuse.com- RunTest needs much stack, on s390x more than the default 8 MB. [bnc#1046102]
* Tue Jul 25 2017 astiegerAATTsuse.com- pcre 8.41:
* If pcregrep in multiline mode with --only-matching matched several lines, it restarted scanning at the next line instead of moving on to the end of the matched string, which can be several lines after the start.
* Fix a missing else in the JIT compiler reported by \'idaifish\'. CVE-2017-6004 bsc#1025709
* A (?# style comment is now ignored between a basic quantifier and a following \'+\' or \'?\' (example: /X+(?#comment)?Y/.
* Avoid use of a potentially overflowing buffer in pcregrep
* Fix issues reported by fuzzers in pcretest: - Check for values < 256 when calling isprint() in pcretest. - Give an error for too big a number after \\O.
* In the 32-bit library in non-UTF mode, an attempt to find a Unicode property for a character with a code point greater than 0x10ffff (the Unicode maximum) caused a crash. CVE-2017-7186 bsc#1030066, CVE-2017-7244 bsc#1030807
* The alternative matching function, pcre_dfa_exec() misbehaved if it encountered a character class with a possessive repeat, for example [a-f]{3}+.
* When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer length incorrectly, which could result in buffer overflow. CVE-2017-7245 bsc#1030805, CVE-2017-7246 bsc#1030803
* Fri Jun 02 2017 mpluskalAATTsuse.com- Enable jit on aarch64- Enable profiled building
* Thu Feb 09 2017 astiegerAATTsuse.com- pcre 8.40:
* Using -o with -M in pcregrep could cause unnecessary repeated output when the match extended over a line boundary.
* Fix register overwite in JIT when SSE2 acceleration is enabled.
* Ignore \"show all captures\" (/=) for DFA matching.
* Fix JIT unaligned accesses on x86
* In any wide-character mode (8-bit UTF or any 16-bit or 32-bit mode), without PCRE_UCP set, a negative character type such as \\D in a positive class should cause all characters greater than 255 to match, whatever else is in the class. There was a bug that caused this not to happen if a Unicode property item was added to such a class, for example [\\D\\P{Nd}] or [\\W\\pL].
* When pcretest was outputing information from a callout, the caret indicator for the current position in the subject line was incorrect if it was after an escape sequence for a character whose code point was greater than \\x{ff}.
* A pattern such as (?abc)(?(R)xyz) was incorrectly compiled such that the conditional was interpreted as a reference to capturing group 1 instead of a test for recursion. Any group whose name began with R was misinterpreted in this way. (The reference interpretation should only happen if the group\'s name is precisely \"R\".)
* A number of bugs have been mended relating to match start-up optimizations when the first thing in a pattern is a positive lookahead. These all applied only when PCRE_NO_START_OPTIMIZE was
*not
* set: + A pattern such as (?=.
*X)X$ was incorrectly optimized as if it needed both an initial \'X\' and a following \'X\'. + Some patterns starting with an assertion that started with .
* were incorrectly optimized as having to match at the start of the subject or after a newline. There are cases where this is not true, for example, (?=.
*[A-Z])(?=.{8,16})(?!.
*[\\s]) matches after the start in lines that start with spaces. Starting .
* in an assertion is no longer taken as an indication of matching at the start (or after a newline).
* Tue Feb 07 2017 dimstarAATTopensuse.org- Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13.
* Mon Aug 01 2016 astiegerAATTsuse.com- record minor vulnerabilities fixed in 8.39
* Wed Jun 15 2016 mpluskalAATTsuse.com- Update to version 8.39:
* Some appropriate PCRE2 JIT improvements have been retro-fitted to PCRE1.
* CVE-2016-3191: workspace overflow for (
*ACCEPT) with deeply nested parentheses (boo#971741)
* CVE-2016-1283: Heap buffer overflow DoS (boo#960837)
* Apart from that, this is another bug-fix release.
* Thu Nov 26 2015 astiegerAATTsuse.com- pcre 8.38:
* CVE-2015-3217: Call Stack Overflow Vulnerability in match() bsc#933878
* Other fixes to assertions, crashes, buffer overflows and performance issues found by fuzzer, affecting applications accepting regular expression from untrusted sources
* Thu Apr 30 2015 astiegerAATTsuse.com- pcre 8.37:
* CVE-2015-2325: Patterns with certain groups specifying a zero minimum quantifier caused incorrect code to be compiled, leading to an incorrect memory read. [boo#924960]
* CVE-2015-2326: Specific patterns containing a forward reference with subroutine calls caused incorrect code to be compiled [boo#924961]
* CVE-2014-8964: If an assertion condition was quantified with a minimum of zero, SIGSEGV or other misbehaviour could occur. [boo#906574]
* further bug fixes as listed in ChangeLog
* Mon Mar 09 2015 p.drouandAATTgmail.com- Update to version 3.16
* This is primarily a bug-fix release.
* The Unicode data tables have been updated to Unicode 7.0.0.- Remove pcre-commit1472.patch; fixed on upstream release- Remove obsolete \"Obsoletes\" tag