rpms/pcre/devel pcre-7.3-CVE-2008-0674.patch, NONE, 1.1 pcre.spec, 1.26, 1.27

Fri Feb 15 07:48:50 UTC 2008

Author: thoger

Update of /cvs/extras/rpms/pcre/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9606

Modified Files:
	pcre.spec 
Added Files:
	pcre-7.3-CVE-2008-0674.patch 
Log Message:
Add patch to address CVE-2008-0674, #431660 (buffer overflow via large unicode
character class)


pcre-7.3-CVE-2008-0674.patch:

--- NEW FILE pcre-7.3-CVE-2008-0674.patch ---
Fix for CVE-2008-0674:

1.  A character class containing a very large number of characters with
    codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
    overflow.

Included in upstream pcre-7.6.

diff -pruN pcre-7.5/pcre_compile.c pcre-7.6/pcre_compile.c
--- pcre-7.5/pcre_compile.c	2008-01-10 18:06:49.000000000 +0100
+++ pcre-7.6/pcre_compile.c	2008-01-21 16:20:18.000000000 +0100
@@ -2376,6 +2376,7 @@ uschar classbits[32];
 BOOL class_utf8;
 BOOL utf8 = (options & PCRE_UTF8) != 0;
 uschar *class_utf8data;
+uschar *class_utf8data_base;
 uschar utf8_char[6];
 #else
 BOOL utf8 = FALSE;
@@ -2687,6 +2688,7 @@ for (;; ptr++)
 #ifdef SUPPORT_UTF8
     class_utf8 = FALSE;                       /* No chars >= 256 */
     class_utf8data = code + LINK_SIZE + 2;    /* For UTF-8 items */
+    class_utf8data_base = class_utf8data;     /* For resetting in pass 1 */
 #endif
 
     /* Process characters until ] is reached. By writing this as a "do" it
@@ -2702,6 +2704,18 @@ for (;; ptr++)
         {                           /* Braces are required because the */
         GETCHARLEN(c, ptr, ptr);    /* macro generates multiple statements */
         }
+
+      /* In the pre-compile phase, accumulate the length of any UTF-8 extra
+      data and reset the pointer. This is so that very large classes that
+      contain a zillion UTF-8 characters no longer overwrite the work space
+      (which is on the stack). */
+
+      if (lengthptr != NULL)
+        {
+        *lengthptr += class_utf8data - class_utf8data_base;
+        class_utf8data = class_utf8data_base;
+        }
+
 #endif
 
       /* Inside \Q...\E everything is literal except \E */
diff -pruN pcre-7.5/testdata/testinput4 pcre-7.6/testdata/testinput4
--- pcre-7.5/testdata/testinput4	2007-11-14 12:33:39.000000000 +0100
+++ pcre-7.6/testdata/testinput4	2008-01-14 18:51:57.000000000 +0100
@@ -607,4 +607,6 @@
 /[[:^xdigit:]]/8g
     M\x{442}
 
+/[^ABCDEFGHIJKLMNOPQRSTUVWXYZÃ€ÃÃ‚ÃƒÃ„Ã…Ã†Ã‡ÃˆÃ‰ÃŠÃ‹ÃŒÃÃŽÃÃÃ‘Ã’Ã“Ã”Ã•Ã–Ã˜Ã™ÃšÃ›ÃœÃÃžÄ€Ä‚Ä„Ä†ÄˆÄŠÄŒÄŽÄÄ’Ä”Ä–Ä˜ÄšÄœÄžÄ Ä¢Ä¤Ä¦Ä¨ÄªÄ¬Ä®Ä°Ä²Ä´Ä¶Ä¹Ä»Ä½Ä¿ÅÅƒÅ…Å‡ÅŠÅŒÅŽÅÅ’Å”Å–Å˜ÅšÅœÅžÅ Å¢Å¤Å¦Å¨ÅªÅ¬Å®Å°Å²Å´Å¶Å¸Å¹Å»Å½ÆÆ‚Æ„Æ†Æ‡Æ‰ÆŠÆ‹ÆŽÆÆÆ‘Æ“Æ”Æ–Æ—Æ˜ÆœÆÆŸÆ Æ¢Æ¤Æ¦Æ§Æ©Æ¬Æ®Æ¯Æ±Æ²Æ³ÆµÆ·Æ¸Æ¼Ç„Ç‡ÇŠÇÇÇ‘Ç“Ç•Ç—Ç™Ç›ÇžÇ Ç¢Ç¤Ç¦Ç¨ÇªÇ¬Ç®Ç±Ç´Ç¶Ç·Ç¸ÇºÇ¼Ç¾È€È‚È„È†ÈˆÈŠÈŒÈŽÈÈ’È”È–È˜ÈšÈœÈžÈ È¢È¤È¦È¨ÈªÈ¬È®È°È²ÈºÈ»È½È¾ÉÎ†ÎˆÎ‰ÎŠÎŒÎŽÎÎ‘Î’Î“Î”Î•Î–Î—Î˜Î™ÎšÎ›ÎœÎÎžÎŸÎ Î¡Î£Î¤Î¥Î¦Î§Î¨Î©ÎªÎ«Ï’Ï“Ï”Ï˜ÏšÏœÏžÏ Ï¢Ï¤Ï¦Ï¨ÏªÏ¬Ï®Ï´Ï·Ï¹ÏºÏ½Ï¾Ï¿Ð€ÐÐ‚ÐƒÐ„Ð…Ð†Ð‡ÐˆÐ‰ÐŠÐ‹ÐŒÐÐŽÐÐÐ‘Ð’Ð“Ð”Ð•Ð–Ð—Ð˜Ð™ÐšÐ›ÐœÐÐžÐŸÐ Ð¡Ð¢Ð£Ð¤Ð¥Ð¦Ð§Ð¨Ð©ÐªÐ«Ð¬ÐÐ®Ð¯Ñ Ñ¢Ñ¤Ñ¦Ñ¨ÑªÑ¬Ñ®Ñ°Ñ²Ñ´Ñ¶Ñ¸ÑºÑ¼Ñ¾Ò€ÒŠÒŒÒŽÒÒ’Ò”Ò–Ò˜ÒšÒœÒžÒ Ò¢Ò¤Ò¦Ò¨ÒªÒ¬Ò®Ò°Ò²Ò´Ò¶Ò¸ÒºÒ¼Ò¾Ó€ÓÓƒÓ…Ó‡Ó‰Ó‹ÓÓÓ’Ó”Ó–Ó˜ÓšÓœÓžÓ Ó¢Ó¤Ó¦Ó¨ÓªÓ¬Ó®Ó°Ó²Ó´Ó¶Ó¸Ô€Ô‚Ô„Ô†ÔˆÔŠÔŒÔŽÔ±Ô²Ô³Ô´ÔµÔ¶Ô·Ô¸Ô¹ÔºÔ»Ô¼Ô½Ô¾Ô¿Õ€ÕÕ‚ÕƒÕ„Õ…Õ†Õ‡ÕˆÕ‰ÕŠÕ‹ÕŒÕÕŽÕÕÕ‘Õ’Õ“Õ”Õ•Õ–á‚ á‚¡á‚¢á‚£á‚¤á‚¥á‚¦á‚§á‚¨á‚©á‚ªá‚«á‚¬á‚á‚®á‚¯á‚°á‚±á‚²á‚³á‚´á‚µá‚¶á‚·á‚¸á‚¹á‚ºá‚»á‚¼á‚½á‚¾á‚¿áƒ€áƒáƒ‚áƒƒáƒ„áƒ…á¸€á¸‚á¸„á¸†á¸ˆá¸Šá¸Œá¸Žá!
 ¸á¸’á¸”á¸–á¸˜á¸šá¸œá¸žá¸ á¸¢á¸¤á¸¦á¸¨á¸ªá¸¬á¸®á¸°á¸²á¸´á¸¶á¸¸á¸ºá¸¼á¸¾á¹€á¹‚á¹„á¹†á¹ˆá¹Šá¹Œá¹Žá¹á¹’á¹”á¹–á¹˜á¹šá¹œá¹žá¹ á¹¢á¹¤á¹¦á¹¨á¹ªá¹¬á¹®á¹°á¹²á¹´á¹¶á¹¸á¹ºá¹¼á¹¾áº€áº‚áº„áº†áºˆáºŠáºŒáºŽáºáº’áº”áº áº¢áº¤áº¦áº¨áºªáº¬áº®áº°áº²áº´áº¶áº¸áººáº¼áº¾á»€á»‚á»„á»†á»ˆá»Šá»Œá»Žá»á»’á»”á»–á»˜á»šá»œá»žá» á»¢á»¤á»¦á»¨á»ªá»¬á»®á»°á»²á»´á»¶á»¸á¼ˆá¼‰á¼Šá¼‹á¼Œá¼á¼Žá¼á¼˜á¼™á¼šá¼›á¼œá¼á¼¨á¼©á¼ªá¼«á¼¬á¼á¼®á¼¯á¼¸á¼¹á¼ºá¼»á¼¼á¼½á¼¾á¼¿á½ˆá½‰á½Šá½‹á½Œá½á½™á½›á½á½Ÿá½¨á½©á½ªá½«á½¬á½á½®á½¯á¾¸á¾¹á¾ºá¾»á¿ˆá¿‰á¿Šá¿‹á¿˜á¿™á¿šá¿›á¿¨á¿©á¿ªá¿«á¿¬á¿¸á¿¹á¿ºá¿»abcdefghijklmnopqrstuvwxyzÂªÂµÂºÃŸÃ Ã¡Ã¢Ã£Ã¤Ã¥Ã¦Ã§Ã¨Ã©ÃªÃ«Ã¬ÃÃ®Ã¯Ã°Ã±Ã²Ã³Ã´ÃµÃ¶Ã¸Ã¹ÃºÃ»Ã¼Ã½Ã¾Ã¿ÄÄƒÄ…Ä‡Ä‰Ä‹ÄÄÄ‘Ä“Ä•Ä—Ä™Ä›ÄÄŸÄ¡Ä£Ä¥Ä§Ä©Ä«ÄÄ¯Ä±Ä³ÄµÄ·Ä¸ÄºÄ¼Ä¾Å€Å‚Å„Å†ÅˆÅ‰Å‹ÅÅÅ‘Å“Å•Å—Å™Å›ÅÅŸÅ¡Å£Å¥Å§Å©Å«ÅÅ¯Å±Å³ÅµÅ·ÅºÅ¼Å¾Å¿Æ€ÆƒÆ…ÆˆÆŒÆÆ’Æ•Æ™ÆšÆ›ÆžÆ¡Æ£Æ¥Æ¨ÆªÆ«ÆÆ°Æ´Æ¶Æ¹ÆºÆ½Æ¾Æ¿Ç†Ç‰ÇŒÇŽÇÇ’Ç”Ç–Ç˜ÇšÇœÇÇŸÇ¡Ç£Ç¥Ç§Ç©Ç«ÇÇ¯Ç°Ç³ÇµÇ¹Ç»Ç½Ç¿ÈÈƒÈ…È‡È‰È‹ÈÈÈ‘È“È•È—È™È›ÈÈŸÈ¡È£È¥È§È©È«ÈÈ¯È±È³È´ÈµÈ¶È·È¸È¹È¼È¿É€ÉÉ‘É’É“É”É•É–É—É˜É™ÉšÉ›ÉœÉÉžÉŸÉ É¡É¢É£!
 É¤É¥É¦É§É¨É©ÉªÉ«É¬ÉÉ®É¯É°É±É²É³É´ÉµÉ¶É·É¸É¹ÉºÉ»É¼É½É¾É¿Ê€ÊÊ‚!
 ÊƒÊ„Ê…Ê†
Ê‡ÊˆÊ‰ÊŠÊ‹ÊŒÊÊŽÊÊÊ‘Ê’Ê“Ê”Ê•Ê–Ê—Ê˜Ê™ÊšÊ›ÊœÊÊžÊŸÊ Ê¡Ê¢Ê£Ê¤Ê¥Ê¦Ê§Ê¨Ê©ÊªÊ«Ê¬ÊÊ®Ê¯ÎÎ¬ÎÎ®Î¯Î°Î±Î²Î³Î´ÎµÎ¶Î·Î¸Î¹ÎºÎ»Î¼Î½Î¾Î¿Ï€ÏÏ‚ÏƒÏ„Ï…Ï†Ï‡ÏˆÏ‰ÏŠÏ‹ÏŒÏÏŽÏÏ‘Ï•Ï–Ï—Ï™Ï›ÏÏŸÏ¡Ï£Ï¥Ï§Ï©Ï«ÏÏ¯Ï°Ï±Ï²Ï³ÏµÏ¸Ï»Ï¼Ð°Ð±Ð²Ð³Ð´ÐµÐ¶Ð·Ð¸Ð¹ÐºÐ»Ð¼Ð½Ð¾Ð¿Ñ€ÑÑ‚ÑƒÑ„Ñ…Ñ†Ñ‡ÑˆÑ‰ÑŠÑ‹ÑŒÑÑŽÑÑÑ‘Ñ’Ñ“Ñ”Ñ•Ñ–Ñ—Ñ˜Ñ™ÑšÑ›ÑœÑÑžÑŸÑ¡Ñ£Ñ¥Ñ§Ñ©Ñ«ÑÑ¯Ñ±Ñ³ÑµÑ·Ñ¹Ñ»Ñ½Ñ¿ÒÒ‹ÒÒÒ‘Ò“Ò•Ò—Ò™Ò›ÒÒŸÒ¡Ò£Ò¥Ò§Ò©Ò«ÒÒ¯Ò±Ò³ÒµÒ·Ò¹Ò»Ò½Ò¿Ó‚Ó„Ó†ÓˆÓŠÓŒÓŽÓ‘Ó“Ó•Ó—Ó™Ó›ÓÓŸÓ¡Ó£Ó¥Ó§Ó©Ó«ÓÓ¯Ó±Ó³ÓµÓ·Ó¹ÔÔƒÔ…Ô‡Ô‰Ô‹ÔÔÕ¡Õ¢Õ£Õ¤Õ¥Õ¦Õ§Õ¨Õ©ÕªÕ«Õ¬ÕÕ®Õ¯Õ°Õ±Õ²Õ³Õ´ÕµÕ¶Õ·Õ¸Õ¹ÕºÕ»Õ¼Õ½Õ¾Õ¿Ö€ÖÖ‚ÖƒÖ„Ö…Ö†Ö‡á´€á´á´‚á´ƒá´„á´…á´†á´‡á´ˆá´‰á´Šá´‹á´Œá´á´Žá´á´á´‘á´’á´“á´”á´•á´–á´—á´˜á´™á´šá´›á´œá´á´žá´Ÿá´ á´¡á´¢á´£á´¤á´¥á´¦á´§á´¨á´©á´ªá´«áµ¢áµ£áµ¤áµ¥áµ¦áµ§áµ¨áµ©áµªáµ«áµ¬áµáµ®áµ¯áµ°áµ±áµ²áµ³áµ´áµµáµ¶áµ·áµ¹áµºáµ»áµ¼áµ½áµ¾áµ¿á¶€á¶á¶‚á¶ƒá¶„á¶…á¶†á¶‡á¶ˆá¶‰á¶Šá¶‹á¶Œá¶á¶Žá¶á¶á¶‘á¶’á¶“á¶”á¶•á¶–á¶—á¶˜á¶™á¶šá¸á¸ƒá¸…á¸‡á¸‰á¸‹á¸á¸á¸‘á¸“á¸•á¸—á¸™á¸›á¸á¸Ÿá¸¡á¸£á¸¥á¸§á¸©á¸«á¸á¸¯á¸±á¸³á¸µá¸·á¸¹á¸»á¸½á¸¿á¹á¹ƒá¹…á¹‡á¹‰á¹‹á¹á¹á¹‘á¹“á¹•á¹—á¹™á¹›á¹á¹Ÿá¹¡á¹£á!
 ¹¥á¹§á¹©á¹«á¹á¹¯á¹±á¹³á¹µá¹·á¹¹á¹»á¹½á¹¿áºáºƒáº…áº‡áº‰áº‹áºáºáº‘áº“áº•áº–áº—áº˜áº™áºšáº›áº¡áº£áº¥áº§áº©áº«áºáº¯áº±áº³áºµáº·áº¹áº»áº½áº¿á»á»ƒá»…á»‡á»‰á»‹á»á»á»‘á»“á»•á»—á»™á»›á»á»Ÿá»¡á»£á»¥á»§á»©á»«á»á»¯á»±á»³á»µá»·á»¹á¼€á¼á¼‚á¼ƒá¼„á¼…á¼†á¼‡á¼á¼‘á¼’á¼“á¼”á¼•á¼ á¼¡á¼¢á¼£á¼¤á¼¥á¼¦á¼§á¼°á¼±á¼²á¼³á¼´á¼µá¼¶á¼·á½€á½á½‚á½ƒá½„á½…á½á½‘á½’á½“á½”á½•á½–á½—á½ á½¡á½¢á½£á½¤á½¥á½¦á½§á½°á½±á½²á½³á½´á½µá½¶á½·á½¸á½¹á½ºá½»á½¼á½½á¾€á¾á¾‚á¾ƒá¾„á¾…á¾†á¾‡á¾á¾‘á¾’á¾“á¾”á¾•á¾–á¾—á¾ á¾¡á¾¢á¾£á¾¤á¾¥á¾¦á¾§á¾°á¾±á¾²á¾³á¾´á¾¶á¾·á¾¾á¿‚á¿ƒá¿„á¿†á¿‡á¿á¿‘á¿’á¿“á¿–á¿—á¿ á¿¡á¿¢á¿£á¿¤á¿¥á¿¦á¿§á¿²á¿³á¿´á¿¶á¿·â²â²ƒâ²…â²‡â²‰â²‹â²â²â²‘â²“â²•â²—â²™â²›â²â²Ÿâ²¡â²£â²¥â²§â²©â²«â²â²¯â²±â²³â²µâ²·â²¹â²»â²½â²¿â³â³ƒâ³…â³‡â³‰â³‹â³â³â³‘â³“â³•â³—â³™â³›â³â³Ÿâ³¡â³£â³¤â´€â´â´‚â´ƒâ´„â´…â´†â´‡â´ˆâ´‰â´Šâ´‹â´Œâ´â´Žâ´â´â´‘â´’â´“â´”â´•â´–â´—â´˜â´™â´šâ´›â´œâ´â´žâ´Ÿâ´ â´¡â´¢â´£â´¤â´¥ï¬€ï¬ï¬‚ï¬ƒï¬„ï¬…ï¬†ï¬“ï¬”ï¬•ï¬–ï¬—\d-_^]/8
+
 / End of testinput4 /
diff -pruN pcre-7.5/testdata/testoutput4 pcre-7.6/testdata/testoutput4
--- pcre-7.5/testdata/testoutput4	2007-11-14 12:33:50.000000000 +0100
+++ pcre-7.6/testdata/testoutput4	2008-01-14 18:52:13.000000000 +0100
@@ -1069,4 +1069,6 @@ No match
  0: M
  0: \x{442}
 
+/[^ABCDEFGHIJKLMNOPQRSTUVWXYZÃ€ÃÃ‚ÃƒÃ„Ã…Ã†Ã‡ÃˆÃ‰ÃŠÃ‹ÃŒÃÃŽÃÃÃ‘Ã’Ã“Ã”Ã•Ã–Ã˜Ã™ÃšÃ›ÃœÃÃžÄ€Ä‚Ä„Ä†ÄˆÄŠÄŒÄŽÄÄ’Ä”Ä–Ä˜ÄšÄœÄžÄ Ä¢Ä¤Ä¦Ä¨ÄªÄ¬Ä®Ä°Ä²Ä´Ä¶Ä¹Ä»Ä½Ä¿ÅÅƒÅ…Å‡ÅŠÅŒÅŽÅÅ’Å”Å–Å˜ÅšÅœÅžÅ Å¢Å¤Å¦Å¨ÅªÅ¬Å®Å°Å²Å´Å¶Å¸Å¹Å»Å½ÆÆ‚Æ„Æ†Æ‡Æ‰ÆŠÆ‹ÆŽÆÆÆ‘Æ“Æ”Æ–Æ—Æ˜ÆœÆÆŸÆ Æ¢Æ¤Æ¦Æ§Æ©Æ¬Æ®Æ¯Æ±Æ²Æ³ÆµÆ·Æ¸Æ¼Ç„Ç‡ÇŠÇÇÇ‘Ç“Ç•Ç—Ç™Ç›ÇžÇ Ç¢Ç¤Ç¦Ç¨ÇªÇ¬Ç®Ç±Ç´Ç¶Ç·Ç¸ÇºÇ¼Ç¾È€È‚È„È†ÈˆÈŠÈŒÈŽÈÈ’È”È–È˜ÈšÈœÈžÈ È¢È¤È¦È¨ÈªÈ¬È®È°È²ÈºÈ»È½È¾ÉÎ†ÎˆÎ‰ÎŠÎŒÎŽÎÎ‘Î’Î“Î”Î•Î–Î—Î˜Î™ÎšÎ›ÎœÎÎžÎŸÎ Î¡Î£Î¤Î¥Î¦Î§Î¨Î©ÎªÎ«Ï’Ï“Ï”Ï˜ÏšÏœÏžÏ Ï¢Ï¤Ï¦Ï¨ÏªÏ¬Ï®Ï´Ï·Ï¹ÏºÏ½Ï¾Ï¿Ð€ÐÐ‚ÐƒÐ„Ð…Ð†Ð‡ÐˆÐ‰ÐŠÐ‹ÐŒÐÐŽÐÐÐ‘Ð’Ð“Ð”Ð•Ð–Ð—Ð˜Ð™ÐšÐ›ÐœÐÐžÐŸÐ Ð¡Ð¢Ð£Ð¤Ð¥Ð¦Ð§Ð¨Ð©ÐªÐ«Ð¬ÐÐ®Ð¯Ñ Ñ¢Ñ¤Ñ¦Ñ¨ÑªÑ¬Ñ®Ñ°Ñ²Ñ´Ñ¶Ñ¸ÑºÑ¼Ñ¾Ò€ÒŠÒŒÒŽÒÒ’Ò”Ò–Ò˜ÒšÒœÒžÒ Ò¢Ò¤Ò¦Ò¨ÒªÒ¬Ò®Ò°Ò²Ò´Ò¶Ò¸ÒºÒ¼Ò¾Ó€ÓÓƒÓ…Ó‡Ó‰Ó‹ÓÓÓ’Ó”Ó–Ó˜ÓšÓœÓžÓ Ó¢Ó¤Ó¦Ó¨ÓªÓ¬Ó®Ó°Ó²Ó´Ó¶Ó¸Ô€Ô‚Ô„Ô†ÔˆÔŠÔŒÔŽÔ±Ô²Ô³Ô´ÔµÔ¶Ô·Ô¸Ô¹ÔºÔ»Ô¼Ô½Ô¾Ô¿Õ€ÕÕ‚ÕƒÕ„Õ…Õ†Õ‡ÕˆÕ‰ÕŠÕ‹ÕŒÕÕŽÕÕÕ‘Õ’Õ“Õ”Õ•Õ–á‚ á‚¡á‚¢á‚£á‚¤á‚¥á‚¦á‚§á‚¨á‚©á‚ªá‚«á‚¬á‚á‚®á‚¯á‚°á‚±á‚²á‚³á‚´á‚µá‚¶á‚·á‚¸á‚¹á‚ºá‚»á‚¼á‚½á‚¾á‚¿áƒ€áƒáƒ‚áƒƒáƒ„áƒ…á¸€á¸‚á¸„á¸†á¸ˆá¸Šá¸Œá¸Žá!
 ¸á¸’á¸”á¸–á¸˜á¸šá¸œá¸žá¸ á¸¢á¸¤á¸¦á¸¨á¸ªá¸¬á¸®á¸°á¸²á¸´á¸¶á¸¸á¸ºá¸¼á¸¾á¹€á¹‚á¹„á¹†á¹ˆá¹Šá¹Œá¹Žá¹á¹’á¹”á¹–á¹˜á¹šá¹œá¹žá¹ á¹¢á¹¤á¹¦á¹¨á¹ªá¹¬á¹®á¹°á¹²á¹´á¹¶á¹¸á¹ºá¹¼á¹¾áº€áº‚áº„áº†áºˆáºŠáºŒáºŽáºáº’áº”áº áº¢áº¤áº¦áº¨áºªáº¬áº®áº°áº²áº´áº¶áº¸áººáº¼áº¾á»€á»‚á»„á»†á»ˆá»Šá»Œá»Žá»á»’á»”á»–á»˜á»šá»œá»žá» á»¢á»¤á»¦á»¨á»ªá»¬á»®á»°á»²á»´á»¶á»¸á¼ˆá¼‰á¼Šá¼‹á¼Œá¼á¼Žá¼á¼˜á¼™á¼šá¼›á¼œá¼á¼¨á¼©á¼ªá¼«á¼¬á¼á¼®á¼¯á¼¸á¼¹á¼ºá¼»á¼¼á¼½á¼¾á¼¿á½ˆá½‰á½Šá½‹á½Œá½á½™á½›á½á½Ÿá½¨á½©á½ªá½«á½¬á½á½®á½¯á¾¸á¾¹á¾ºá¾»á¿ˆá¿‰á¿Šá¿‹á¿˜á¿™á¿šá¿›á¿¨á¿©á¿ªá¿«á¿¬á¿¸á¿¹á¿ºá¿»abcdefghijklmnopqrstuvwxyzÂªÂµÂºÃŸÃ Ã¡Ã¢Ã£Ã¤Ã¥Ã¦Ã§Ã¨Ã©ÃªÃ«Ã¬ÃÃ®Ã¯Ã°Ã±Ã²Ã³Ã´ÃµÃ¶Ã¸Ã¹ÃºÃ»Ã¼Ã½Ã¾Ã¿ÄÄƒÄ…Ä‡Ä‰Ä‹ÄÄÄ‘Ä“Ä•Ä—Ä™Ä›ÄÄŸÄ¡Ä£Ä¥Ä§Ä©Ä«ÄÄ¯Ä±Ä³ÄµÄ·Ä¸ÄºÄ¼Ä¾Å€Å‚Å„Å†ÅˆÅ‰Å‹ÅÅÅ‘Å“Å•Å—Å™Å›ÅÅŸÅ¡Å£Å¥Å§Å©Å«ÅÅ¯Å±Å³ÅµÅ·ÅºÅ¼Å¾Å¿Æ€ÆƒÆ…ÆˆÆŒÆÆ’Æ•Æ™ÆšÆ›ÆžÆ¡Æ£Æ¥Æ¨ÆªÆ«ÆÆ°Æ´Æ¶Æ¹ÆºÆ½Æ¾Æ¿Ç†Ç‰ÇŒÇŽÇÇ’Ç”Ç–Ç˜ÇšÇœÇÇŸÇ¡Ç£Ç¥Ç§Ç©Ç«ÇÇ¯Ç°Ç³ÇµÇ¹Ç»Ç½Ç¿ÈÈƒÈ…È‡È‰È‹ÈÈÈ‘È“È•È—È™È›ÈÈŸÈ¡È£È¥È§È©È«ÈÈ¯È±È³È´ÈµÈ¶È·È¸È¹È¼È¿É€ÉÉ‘É’É“É”É•É–É—É˜É™ÉšÉ›ÉœÉÉžÉŸÉ É¡É¢É£!
 É¤É¥É¦É§É¨É©ÉªÉ«É¬ÉÉ®É¯É°É±É²É³É´ÉµÉ¶É·É¸É¹ÉºÉ»É¼É½É¾É¿Ê€ÊÊ‚!
 ÊƒÊ„Ê…Ê†
Ê‡ÊˆÊ‰ÊŠÊ‹ÊŒÊÊŽÊÊÊ‘Ê’Ê“Ê”Ê•Ê–Ê—Ê˜Ê™ÊšÊ›ÊœÊÊžÊŸÊ Ê¡Ê¢Ê£Ê¤Ê¥Ê¦Ê§Ê¨Ê©ÊªÊ«Ê¬ÊÊ®Ê¯ÎÎ¬ÎÎ®Î¯Î°Î±Î²Î³Î´ÎµÎ¶Î·Î¸Î¹ÎºÎ»Î¼Î½Î¾Î¿Ï€ÏÏ‚ÏƒÏ„Ï…Ï†Ï‡ÏˆÏ‰ÏŠÏ‹ÏŒÏÏŽÏÏ‘Ï•Ï–Ï—Ï™Ï›ÏÏŸÏ¡Ï£Ï¥Ï§Ï©Ï«ÏÏ¯Ï°Ï±Ï²Ï³ÏµÏ¸Ï»Ï¼Ð°Ð±Ð²Ð³Ð´ÐµÐ¶Ð·Ð¸Ð¹ÐºÐ»Ð¼Ð½Ð¾Ð¿Ñ€ÑÑ‚ÑƒÑ„Ñ…Ñ†Ñ‡ÑˆÑ‰ÑŠÑ‹ÑŒÑÑŽÑÑÑ‘Ñ’Ñ“Ñ”Ñ•Ñ–Ñ—Ñ˜Ñ™ÑšÑ›ÑœÑÑžÑŸÑ¡Ñ£Ñ¥Ñ§Ñ©Ñ«ÑÑ¯Ñ±Ñ³ÑµÑ·Ñ¹Ñ»Ñ½Ñ¿ÒÒ‹ÒÒÒ‘Ò“Ò•Ò—Ò™Ò›ÒÒŸÒ¡Ò£Ò¥Ò§Ò©Ò«ÒÒ¯Ò±Ò³ÒµÒ·Ò¹Ò»Ò½Ò¿Ó‚Ó„Ó†ÓˆÓŠÓŒÓŽÓ‘Ó“Ó•Ó—Ó™Ó›ÓÓŸÓ¡Ó£Ó¥Ó§Ó©Ó«ÓÓ¯Ó±Ó³ÓµÓ·Ó¹ÔÔƒÔ…Ô‡Ô‰Ô‹ÔÔÕ¡Õ¢Õ£Õ¤Õ¥Õ¦Õ§Õ¨Õ©ÕªÕ«Õ¬ÕÕ®Õ¯Õ°Õ±Õ²Õ³Õ´ÕµÕ¶Õ·Õ¸Õ¹ÕºÕ»Õ¼Õ½Õ¾Õ¿Ö€ÖÖ‚ÖƒÖ„Ö…Ö†Ö‡á´€á´á´‚á´ƒá´„á´…á´†á´‡á´ˆá´‰á´Šá´‹á´Œá´á´Žá´á´á´‘á´’á´“á´”á´•á´–á´—á´˜á´™á´šá´›á´œá´á´žá´Ÿá´ á´¡á´¢á´£á´¤á´¥á´¦á´§á´¨á´©á´ªá´«áµ¢áµ£áµ¤áµ¥áµ¦áµ§áµ¨áµ©áµªáµ«áµ¬áµáµ®áµ¯áµ°áµ±áµ²áµ³áµ´áµµáµ¶áµ·áµ¹áµºáµ»áµ¼áµ½áµ¾áµ¿á¶€á¶á¶‚á¶ƒá¶„á¶…á¶†á¶‡á¶ˆá¶‰á¶Šá¶‹á¶Œá¶á¶Žá¶á¶á¶‘á¶’á¶“á¶”á¶•á¶–á¶—á¶˜á¶™á¶šá¸á¸ƒá¸…á¸‡á¸‰á¸‹á¸á¸á¸‘á¸“á¸•á¸—á¸™á¸›á¸á¸Ÿá¸¡á¸£á¸¥á¸§á¸©á¸«á¸á¸¯á¸±á¸³á¸µá¸·á¸¹á¸»á¸½á¸¿á¹á¹ƒá¹…á¹‡á¹‰á¹‹á¹á¹á¹‘á¹“á¹•á¹—á¹™á¹›á¹á¹Ÿá¹¡á¹£á!
 ¹¥á¹§á¹©á¹«á¹á¹¯á¹±á¹³á¹µá¹·á¹¹á¹»á¹½á¹¿áºáºƒáº…áº‡áº‰áº‹áºáºáº‘áº“áº•áº–áº—áº˜áº™áºšáº›áº¡áº£áº¥áº§áº©áº«áºáº¯áº±áº³áºµáº·áº¹áº»áº½áº¿á»á»ƒá»…á»‡á»‰á»‹á»á»á»‘á»“á»•á»—á»™á»›á»á»Ÿá»¡á»£á»¥á»§á»©á»«á»á»¯á»±á»³á»µá»·á»¹á¼€á¼á¼‚á¼ƒá¼„á¼…á¼†á¼‡á¼á¼‘á¼’á¼“á¼”á¼•á¼ á¼¡á¼¢á¼£á¼¤á¼¥á¼¦á¼§á¼°á¼±á¼²á¼³á¼´á¼µá¼¶á¼·á½€á½á½‚á½ƒá½„á½…á½á½‘á½’á½“á½”á½•á½–á½—á½ á½¡á½¢á½£á½¤á½¥á½¦á½§á½°á½±á½²á½³á½´á½µá½¶á½·á½¸á½¹á½ºá½»á½¼á½½á¾€á¾á¾‚á¾ƒá¾„á¾…á¾†á¾‡á¾á¾‘á¾’á¾“á¾”á¾•á¾–á¾—á¾ á¾¡á¾¢á¾£á¾¤á¾¥á¾¦á¾§á¾°á¾±á¾²á¾³á¾´á¾¶á¾·á¾¾á¿‚á¿ƒá¿„á¿†á¿‡á¿á¿‘á¿’á¿“á¿–á¿—á¿ á¿¡á¿¢á¿£á¿¤á¿¥á¿¦á¿§á¿²á¿³á¿´á¿¶á¿·â²â²ƒâ²…â²‡â²‰â²‹â²â²â²‘â²“â²•â²—â²™â²›â²â²Ÿâ²¡â²£â²¥â²§â²©â²«â²â²¯â²±â²³â²µâ²·â²¹â²»â²½â²¿â³â³ƒâ³…â³‡â³‰â³‹â³â³â³‘â³“â³•â³—â³™â³›â³â³Ÿâ³¡â³£â³¤â´€â´â´‚â´ƒâ´„â´…â´†â´‡â´ˆâ´‰â´Šâ´‹â´Œâ´â´Žâ´â´â´‘â´’â´“â´”â´•â´–â´—â´˜â´™â´šâ´›â´œâ´â´žâ´Ÿâ´ â´¡â´¢â´£â´¤â´¥ï¬€ï¬ï¬‚ï¬ƒï¬„ï¬…ï¬†ï¬“ï¬”ï¬•ï¬–ï¬—\d-_^]/8
+
 / End of testinput4 /


Index: pcre.spec
===================================================================
RCS file: /cvs/extras/rpms/pcre/devel/pcre.spec,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- pcre.spec	16 Nov 2007 17:59:11 -0000	1.26
+++ pcre.spec	15 Feb 2008 07:48:09 -0000	1.27
@@ -1,10 +1,11 @@
 Name: pcre
 Version: 7.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Perl-compatible regular expression library
 URL: http://www.pcre.org/
 Source: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/%{name}-%{version}.tar.bz2
-Patch: pcre-7.3-multilib.patch
+Patch0: pcre-7.3-multilib.patch
+Patch1: pcre-7.3-CVE-2008-0674.patch
 License: BSD
 Group: System Environment/Libraries
 BuildRoot:      %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
@@ -27,7 +28,8 @@
 
 %prep
 %setup -q
-%patch -p1 -b .multilib
+%patch0 -p1 -b .multilib
+%patch1 -p1 -b .CVE-2008-0674
 
 %build
 %configure --enable-utf8 --enable-unicode-properties
@@ -48,10 +50,8 @@
 # get rid of unneeded *.la files
 rm -f %{buildroot}%{_libdir}/*.la
 
-%if 0
 %check
 make check
-%endif
 
 %post -p /sbin/ldconfig
 
@@ -84,6 +84,13 @@
 
 
 %changelog
+* Tue Feb 12 2008 Tomas Hoger <thoger at redhat.com> - 7.3-3
+- Backport patch from upstream pcre 7.6 to address buffer overflow
+  caused by "a character class containing a very large number of
+  characters with codepoints greater than 255 (in UTF-8 mode)"
+  CVE-2008-0674, #431660
+- Try re-enabling make check again.
+
 * Fri Nov 16 2007 Stepan Kasal <skasal at redhat.com> - 7.3-2
 - Remove obsolete ``reqs''
 - add dist tag


