SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libpcre1-8.45-8.15.3.uyuni.x86_64.rpm :

* Wed May 11 2022 jsikesAATTsuse.com- Added pcre-8.45-bsc1199232-unicode-property-matching.patch
* bsc#1199232
* CVE-2022-1586
* Fixes unicode property matching issue
* Tue Oct 19 2021 cooloAATTsuse.com- pcre 8.45 (the final release)
* Fixed a small (
*MARK) bug in the interpreter (Bugzilla #2771).- pcre 8.44
* Small patch to pcreposix.c to set the erroroffset field to -1 immediately after a successful compile, instead of at the start of matching to avoid a sanitizer complaint (regexec is supposed to be thread safe).
* Check the size of the number after (?C as it is read, in order to avoid integer overflow. (bsc#1172974, CVE-2020-14155)
* Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference in pcretest.- pcre 8.43
* In a pattern such as /[^\\x{100}-\\x{ffff}]
*[\\x80-\\xff]/ which has a repeated negative class with no characters less than 0x100 followed by a positive class with only characters less than 0x100, the first class was incorrectly being auto-possessified, causing incorrect match failures.
* If the only branch in a conditional subpattern was anchored, the whole subpattern was treated as anchored, when it should not have been, since the assumed empty second branch cannot be anchored. Demonstrated by test patterns such as /(?(1)^())b/ or /(?(?=^))b/.
* Fix subject buffer overread in JIT when UTF is disabled and \\X or \\R has a greater than 1 fixed quantifier. This issue was found by Yunho Kim. (bsc#1172973 CVE-2019-20838)
* If a pattern started with a subroutine call that had a quantifier with a minimum of zero, an incorrect \"match must start with this character\" could be recorded. Example: /(?&xxx)
*ABC(?XYZ)/ would (incorrectly) expect \'A\' to be the first character of a match.- pcre 8.42
* If a backreference with a minimum repeat count of zero was first in a pattern, apart from assertions, an incorrect first matching character could be recorded. For example, for the pattern /(?=(a))\\1?b/, \"b\" was incorrectly set as the first character of a match.
* Fix out-of-bounds read for partial matching of /./ against an empty string when the newline type is CRLF.
* When matching using the the REG_STARTEND feature of the POSIX API with a non-zero starting offset, unset capturing groups with lower numbers than a group that did capture something were not being correctly returned as \"unset\" (that is, with offset values of -1).
* Matching the pattern /(
*UTF)\\C[^\\v]+\\x80/ against an 8-bit string containing multi-code-unit characters caused bad behaviour and possibly a crash. This issue was fixed for other kinds of repeat in release 8.37 by change 38, but repeating character classes were overlooked.- pcre 8.41
* Fix a missing else in the JIT compiler (bsc#1025709 CVE-2017-6004)
* A (?# style comment is now ignored between a basic quantifier and a following \'+\' or \'?\' (example: /X+(?#comment)?Y/.
* Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr Pisar).
* In the 32-bit library in non-UTF mode, an attempt to find a Unicode property for a character with a code point greater than 0x10ffff (the Unicode maximum) caused a crash. (bsc#1030807 CVE-2017-7244)
* The alternative matching function, pcre_dfa_exec() misbehaved if it encountered a character class with a possessive repeat, for example [a-f]{3}+. (bsc#1030066 CVE-2017-7186)
* When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer length incorrectly, which could result in buffer overflow. (bsc#1030805 CVE-2017-7245, bsc#1030803 CVE-2017-7246)
* Fix returned offsets from regexec() when REG_STARTEND is used with a starting offset greater than zero.- pcre 8.40
* Fix register overwite in JIT when SSE2 acceleration is enabled.
* Ignore \"show all captures\" (/=) for DFA matching.
* Fix JIT unaligned accesses on x86. Patch by Marc Mutz.
* In any wide-character mode (8-bit UTF or any 16-bit or 32-bit mode), without PCRE_UCP set, a negative character type such as \\D in a positive class should cause all characters greater than 255 to match, whatever else is in the class. There was a bug that caused this not to happen if a Unicode property item was added to such a class, for example [\\D\\P{Nd}] or [\\W\\pL].
* A pattern such as (?abc)(?(R)xyz) was incorrectly compiled such that the conditional was interpreted as a reference to capturing group 1 instead of a test for recursion. Any group whose name began with R was misinterpreted in this way. (The reference interpretation should only happen if the group\'s name is precisely \"R\".)
* A number of bugs have been mended relating to match start-up optimizations when the first thing in a pattern is a positive lookahead. These all applied only when PCRE_NO_START_OPTIMIZE was
*not
* set: (a) A pattern such as (?=.
*X)X$ was incorrectly optimized as if it needed both an initial \'X\' and a following \'X\'. (b) Some patterns starting with an assertion that started with .
* were incorrectly optimized as having to match at the start of the subject or after a newline. There are cases where this is not true, for example, (?=.
*[A-Z])(?=.{8,16})(?!.
*[\\s]) matches after the start in lines that start with spaces. Starting .
* in an assertion is no longer taken as an indication of matching at the start (or after a newline).
* Thu Oct 19 2017 kstreitovaAATTsuse.com- add pcre-8.39-stack_frame_size_detection.patch to fix pcre stack frame size detection because modern compilers broke it by cloning and inlining pcre match() function [bsc#1058722]
* Wed Oct 26 2016 astiegerAATTsuse.com- Update to PCRE 8.39 FATE#320298 bsc#972127. This version fixes a number of vulnerabilities that affect pcre and applications using the libary when accepting untrusted input as regular expressions or as part thereof. Remote attackers could have caused the application to crash, disclose information or potentially execute arbitrary code.
* CVE-2014-8964: pcre: heap buffer overflow (bsc#906574)
* CVE-2015-2325: pcre: heap buffer overflow in compile_branch() (bsc#924960)
* CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex() (bsc#933288)
* CVE-2015-3217: pcre: PCRE Library Call Stack Overflow Vulnerability in match() (bsc#933878)
* CVE-2015-5073: pcre: Library Heap Overflow Vulnerability in find_fixedlength() (bsc#936227)
* bsc#942865: heap overflow in compile_regex()
* CVE-2015-8380: pcre: heap overflow in pcre_exec (bsc#957566)
* CVE-2015-2327: pcre: mishandling of patterns with backreferences (bsc#957567)
* bsc#957598: various security issues fixed in pcre 8.37 and 8.38 release
* CVE-2015-2328: pcre: mishandled recursion patterns (bsc#957600)
* CVE-2016-1283: pcre: Heap buffer overflow in pcre_compile2 causes DoS (bsc#960837)
* CVE-2016-3191: pcre: workspace overflow for (
*ACCEPT) with deeply nested parentheses (bsc#971741)- These other changes are included:
* JIT compiler improvements
* performance improvements
* The Unicode data tables have been updated to Unicode 7.0.0.
* Thu Jun 13 2013 jengelhAATTinai.de- Update to new upstream release 8.33
* The Just-In-Time compiler (JIT) now supports all pattern features, including callouts and the backtracking verbs. In addition, some bugs are fixed and there are minor performance enhancements.- More robust make install call. Provide signature verification files (avoid depending on gpg-offline due to bootstrap cycle).
* Sat Jun 08 2013 crrodriguezAATTopensuse.org- Ensure the PCRE library and tools are built with large file support in 32 bit archs.
* Sun Jan 06 2013 p.drouandAATTgmail.com- Update to 8.32 version:
* There is now support for 32-bit character strings and UTF-32. Like the 16-bit support, this is done by compiling a separate 32-bit library.
* \\X now matches a Unicode extended grapheme cluster.
* Case-independent matching of Unicode characters that have more than one \"other case\" now makes all three (or more) characters equivalent. This applies, for example, to Greek Sigma, which has two lowercase versions.
* Unicode character properties are updated to Unicode 6.2.0.
* The EBCDIC support, which had decayed, has had a spring clean.
* A number of JIT optimizations have been added, which give faster JIT execution speed. In addition, a new direct interface to JIT execution is available. This bypasses some of the sanity checks of pcre_exec() to give a noticeable speed-up.
* A number of issues in pcregrep have been fixed, making it more compatible with GNU grep. In particular, --exclude and --include (and variants) apply to all files now, not just those obtained from scanning a directory recursively. In Windows environments, the default action for directories is now \"skip\" instead of \"read\" (which provokes an error).
* If the --only-matching (-o) option in pcregrep is specified multiple times, each one causes appropriate output. For example, -o1 -o2 outputs the substrings matched by the 1st and 2nd capturing parentheses. A separating string can be specified by --om-separator (default empty).
* When PCRE is built via Autotools using a version of gcc that has the \"visibility\" feature, it is used to hide internal library functions that are not part of the public API.- updated and versionned pcre-visibility.patch to svn trunk
* Modifications on configure.ac and makefile have been merged on upstream release
* Fri Nov 23 2012 jengelhAATTinai.de- Update package descriptions about the differences between the PCRE library subpackages.
* Wed Nov 07 2012 cgiboudeauxAATTgmx.com- Use the --enable-pcre16 configure flag. This switch enables 16 bit character support that will be required by Qt5
* Fri Aug 17 2012 dimstarAATTopensuse.org- Upate to version 8.31: + The JIT compiler now supports partial matching and the (
*MARK) and (
*COMMIT) verbs + PCRE_INFO_MAXLOOKBEHIND can be used to find the longest lookbehing in a pattern. + There should be a performance improvement when using the heap instead of the stack for recursion + pcregrep can now be linked with libedit as an alternative to libreadline + pcregrep now has a --file-list option where the list of files to scan is given as a file + pcregrep now recognizes binary files and there are related options + The Unicode tables have been updated to 6.1.0- Rebase pcre-visibility.patch.
* Thu Jul 19 2012 jengelhAATTinai.de- Only use --enable-jit on supported architectures; the build will otherwise fail (e.g. on sparc).
* Thu May 10 2012 afaerberAATTsuse.de- Add devel-static package
* Tue Feb 07 2012 crrodriguezAATTopensuse.org- fix baselibs
* Tue Feb 07 2012 crrodriguezAATTopensuse.org- Update to PCRE 8.30, upstream SONAME bump, libpcre1- Drop no longer needed ppc patch.- move library back to %{_libdir}
* Wed Feb 01 2012 dvaleevAATTsuse.com- Fix cache-flush on PPC
* Wed Nov 16 2011 cooloAATTsuse.com- add libtool as buildrequire to avoid implicit dependency
* Tue Nov 01 2011 crrodriguezAATTopensuse.org- Update to version 8.20
* too many fixes to list here, see included ChangeLog
* replace pcre-visibility patch with the one I submitted to upstream for inclusion.
* Tue Oct 11 2011 dmuellerAATTsuse.de- udpate to 8.13:
* too many fixes to list here, see included ChangeLog
* the Unicode data tables have been updated to Unicode 6.0.0.
* Mon Sep 19 2011 cooloAATTsuse.com- remove fragile _service
* Wed Mar 09 2011 cooloAATTnovell.com- Update to version 8.12
* This release fixes some bugs in pcregrep, one of which caused the tests to fail on 64-bit big-endian systems. There are no changes to the code of the library.- Update to version 8.11
* A number of bugs in the library and in pcregrep have been fixed. As always, see ChangeLog for details. The following are the non-bug-fix changes: Added --match-limit and --recursion-limit to pcregrep. Added an optional parentheses number to the -o and --only-matching options of pcregrep. Changed the way PCRE_PARTIAL_HARD affects the matching of $, \\z, \\Z, \\b, and \\B. Added PCRE_ERROR_SHORTUTF8 to make it possible to distinguish between a bad UTF-8 sequence and one that is incomplete when using PCRE_PARTIAL_HARD. Recognize (
*NO_START_OPT) at the start of a pattern to set the PCRE_NO_ START_OPTIMIZE option, which is now allowed at compile time
* Sat Oct 30 2010 cristian.rodriguezAATTopensuse.org- Support GCC visibility, symbol clashes no more.
* Sun Sep 19 2010 vuntzAATTopensuse.org- Update to version 8.10: + Major additions: - support for (
*MARK) and friends - PCRE_UCP option, which changes the behaviour of \\b, \\d, \\s, and \\w (and their opposites) so that they make use of Unicode properties + Other additions: - support for \\N, which always matches any character other than newline - added --line-buffered to pcregrep + Several small new features and bugfixes- Changes from version 8.02: + Update Unicode data tables to Unicode 5.2.0 + Update the licensing terms in the pcregexp.pas file + Several bug fixes- Changes from version 8.01: + Several bug fixes and build system improvements- Changes from version 8.00: + Enhancements: - remove restrictions on patterns used for partial matching - give extra information for partial matches - improve the partial matching process - add option to make a partial match override a full match - enhance \"study\" process by finding a lower bound matching length - groups with duplicate numbers may now have duplicated names without the use of PCRE_DUPNAMES, but they may not have different names - add REG_UNGREEDY to the pcreposix interface, which maps to PCRE_UNGREEDY. + Several bug fixes- Drop pcre-7.9.patch: fixed upstream.- Rearrange spec file to have all the %files sections together, as well as all the scriptlets together.- Kill the main package that only included doc files like AUTHORS, NEWS, and license, and put those files in libpcre0: this really makes more sense. Therefore, make libpcre0 Provides/Obsoletes libpcre0.- We can also remove the other dependencies on the main package, since everything already depends on libpcre0.- Remove AutoReqProv: it\'s default now.- Remove references to perl 5.005 in descriptons: it\'s not mentioned anywhere anymore upstream.
* Mon Jun 28 2010 jengelhAATTmedozas.de- use %_smp_mflags
* Sat Apr 24 2010 cooloAATTnovell.com- buildrequire pkg-config to fix provides
* Thu Feb 25 2010 prusnakAATTsuse.cz- build noarch docs only for >= 11.2
* Wed Feb 10 2010 msAATTsuse.de- fixed license statement according to the conversation and permissions granted in (bnc #578724)
* Sat Dec 12 2009 jengelhAATTmedozas.de- add baselibs.conf as a source- package documentation as noarch
* Wed Oct 07 2009 cooloAATTnovell.com- add obsolete/provides for pcre-32bit (bnc#539543)
* Wed Jun 10 2009 cooloAATTnovell.com- split package into tools, docs and libraries
* Fri Jun 05 2009 crrodriguezAATTsuse.de- disable static libraries, shouldn\'t be used now
* Sat May 30 2009 dmuellerAATTsuse.de- fix symlinks to libpcre and libpcreposix to fix the build
* Wed May 27 2009 msAATTsuse.de- moved libpcre and libpcreposix to %{_lib} (bnc #507449)
* Tue May 05 2009 msAATTsuse.de- Release 7.9 11-Apr-09 (bnc #500734) Mostly bugfixes and tidies with just a couple of minor functional additions.
  
ICM