rpms/pcre/F-8 pcre-7.3-CVE-2008-0674.patch, NONE, 1.1 pcre.spec, 1.25, 1.26
Tomas Hoger (thoger)
fedora-extras-commits at redhat.com
Fri Feb 15 09:02:32 UTC 2008
Author: thoger
Update of /cvs/extras/rpms/pcre/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25517
Modified Files:
pcre.spec
Added Files:
pcre-7.3-CVE-2008-0674.patch
Log Message:
Sync with devel branch to address CVE-2008-0674, #431660
pcre-7.3-CVE-2008-0674.patch:
--- NEW FILE pcre-7.3-CVE-2008-0674.patch ---
Fix for CVE-2008-0674:
1. A character class containing a very large number of characters with
codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
overflow.
Included in upstream pcre-7.6.
diff -pruN pcre-7.5/pcre_compile.c pcre-7.6/pcre_compile.c
--- pcre-7.5/pcre_compile.c 2008-01-10 18:06:49.000000000 +0100
+++ pcre-7.6/pcre_compile.c 2008-01-21 16:20:18.000000000 +0100
@@ -2376,6 +2376,7 @@ uschar classbits[32];
BOOL class_utf8;
BOOL utf8 = (options & PCRE_UTF8) != 0;
uschar *class_utf8data;
+uschar *class_utf8data_base;
uschar utf8_char[6];
#else
BOOL utf8 = FALSE;
@@ -2687,6 +2688,7 @@ for (;; ptr++)
#ifdef SUPPORT_UTF8
class_utf8 = FALSE; /* No chars >= 256 */
class_utf8data = code + LINK_SIZE + 2; /* For UTF-8 items */
+ class_utf8data_base = class_utf8data; /* For resetting in pass 1 */
#endif
/* Process characters until ] is reached. By writing this as a "do" it
@@ -2702,6 +2704,18 @@ for (;; ptr++)
{ /* Braces are required because the */
GETCHARLEN(c, ptr, ptr); /* macro generates multiple statements */
}
+
+ /* In the pre-compile phase, accumulate the length of any UTF-8 extra
+ data and reset the pointer. This is so that very large classes that
+ contain a zillion UTF-8 characters no longer overwrite the work space
+ (which is on the stack). */
+
+ if (lengthptr != NULL)
+ {
+ *lengthptr += class_utf8data - class_utf8data_base;
+ class_utf8data = class_utf8data_base;
+ }
+
#endif
/* Inside \Q...\E everything is literal except \E */
diff -pruN pcre-7.5/testdata/testinput4 pcre-7.6/testdata/testinput4
--- pcre-7.5/testdata/testinput4 2007-11-14 12:33:39.000000000 +0100
+++ pcre-7.6/testdata/testinput4 2008-01-14 18:51:57.000000000 +0100
@@ -607,4 +607,6 @@
/[[:^xdigit:]]/8g
M\x{442}
+/[^ABCDEFGHIJKLMNOPQRSTUVWXYZÃÃÃÃÃÃ
ÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Ä¢Ä¤Ä¦Ä¨ÄªÄ¬Ä®Ä°Ä²Ä´Ä¶Ä¹Ä»Ä½Ä¿ÅÅÅ
ÅÅÅÅÅÅÅÅÅÅÅÅŠŢŤŦŨŪŬŮŰŲŴŶŸŹŻŽÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆ Æ¢Æ¤Æ¦Æ§Æ©Æ¬Æ®Æ¯Æ±Æ²Æ³ÆµÆ·Æ¸Æ¼ÇÇÇÇÇÇÇÇÇÇÇÇÇ Ç¢Ç¤Ç¦Ç¨ÇªÇ¬Ç®Ç±Ç´Ç¶Ç·Ç¸ÇºÇ¼Ç¾ÈÈÈÈÈÈÈÈÈÈÈÈÈÈÈÈÈ È¢È¤È¦È¨ÈªÈ¬È®È°È²ÈºÈ»È½È¾ÉÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎΠΡΣΤΥΦΧΨΩΪΫÏÏÏÏÏÏÏÏ Ï¢Ï¤Ï¦Ï¨ÏªÏ¬Ï®Ï´Ï·Ï¹ÏºÏ½Ï¾Ï¿ÐÐÐÐÐÐ
ÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐРСТУФХЦЧШЩЪЫЬÐÐ®Ð¯Ñ Ñ¢Ñ¤Ñ¦Ñ¨ÑªÑ¬Ñ®Ñ°Ñ²Ñ´Ñ¶Ñ¸ÑºÑ¼Ñ¾ÒÒÒÒÒÒÒÒÒÒÒÒÒ Ò¢Ò¤Ò¦Ò¨ÒªÒ¬Ò®Ò°Ò²Ò´Ò¶Ò¸ÒºÒ¼Ò¾ÓÓÓÓ
ÓÓÓÓÓÓÓÓÓÓÓÓÓ Ó¢Ó¤Ó¦Ó¨ÓªÓ¬Ó®Ó°Ó²Ó´Ó¶Ó¸ÔÔÔÔÔÔÔÔÔ±Ô²Ô³Ô´ÔµÔ¶Ô·Ô¸Ô¹ÔºÔ»Ô¼Ô½Ô¾Ô¿ÕÕÕÕÕÕ
ÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕá á¡á¢á£á¤á¥á¦á§á¨á©áªá«á¬áá®á¯á°á±á²á³á´áµá¶á·á¸á¹áºá»á¼á½á¾á¿áááááá
á¸á¸á¸á¸á¸á¸á¸á¸á!
¸á¸á¸á¸á¸á¸á¸á¸á¸ ḢḤḦḨḪḬḮḰḲḴḶḸḺḼḾá¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹ ṢṤṦṨṪṬṮṰṲṴṶṸṺṼṾáºáºáºáºáºáºáºáºáºáºáºáº ẢẤẦẨẪẬẮẰẲẴẶẸẺẼẾá»á»á»á»á»á»á»á»á»á»á»á»á»á»á»á»á» ỢỤỦỨỪỬỮỰỲỴỶỸá¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼¨á¼©á¼ªá¼«á¼¬á¼á¼®á¼¯á¼¸á¼¹á¼ºá¼»á¼¼á¼½á¼¾á¼¿á½á½á½á½á½á½á½á½á½á½á½¨á½©á½ªá½«á½¬á½á½®á½¯á¾¸á¾¹á¾ºá¾»á¿á¿á¿á¿á¿á¿á¿á¿á¿¨á¿©á¿ªá¿«á¿¬á¿¸á¿¹á¿ºá¿»abcdefghijklmnopqrstuvwxyzªµºÃà áâãäåæçèéêëìÃîïðñòóôõöøùúûüýþÿÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄġģĥħĩīÄįıijĵķĸĺļľÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅšţťŧũūÅůűųŵŷźżžſÆÆÆ
ÆÆÆÆÆÆÆÆÆơƣƥƨƪƫÆưƴƶƹƺƽƾƿÇÇÇÇÇÇÇÇÇÇÇÇÇǡǣǥǧǩǫÇǯǰdzǵǹǻǽǿÈÈÈ
ÈÈÈÈÈÈÈÈÈÈÈÈÈȡȣȥȧȩȫÈȯȱȳȴȵȶȷȸȹȼȿÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉ É¡É¢É£!
ɤɥɦɧɨɩɪɫɬÉɮɯɰɱɲɳɴɵɶɷɸɹɺɻɼɽɾɿÊÊÊ!
ÊÊÊ
Ê
ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Ê¡Ê¢Ê£Ê¤Ê¥Ê¦Ê§Ê¨Ê©ÊªÊ«Ê¬ÊʮʯÎάÎήίΰαβγδεζηθικλμνξοÏÏÏÏÏÏ
ÏÏÏÏÏÏÏÏÏÏÏÏÏÏÏÏÏÏϡϣϥϧϩϫÏϯϰϱϲϳϵϸϻϼабвгдежзийклмнопÑÑÑÑÑÑ
ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑѡѣѥѧѩѫÑѯѱѳѵѷѹѻѽѿÒÒÒÒÒÒÒÒÒÒÒÒÒ¡Ò£Ò¥Ò§Ò©Ò«ÒÒ¯Ò±Ò³ÒµÒ·Ò¹Ò»Ò½Ò¿ÓÓÓÓÓÓÓÓÓÓÓÓÓÓÓÓ¡Ó£Ó¥Ó§Ó©Ó«ÓÓ¯Ó±Ó³ÓµÓ·Ó¹ÔÔÔ
ÔÔÔÔÔÕ¡Õ¢Õ£Õ¤Õ¥Õ¦Õ§Õ¨Õ©ÕªÕ«Õ¬ÕÕ®Õ¯Õ°Õ±Õ²Õ³Õ´ÕµÕ¶Õ·Õ¸Õ¹ÕºÕ»Õ¼Õ½Õ¾Õ¿ÖÖÖÖÖÖ
ÖÖá´á´á´á´á´á´
á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´ ᴡᴢᴣᴤᴥᴦᴧᴨᴩᴪᴫᵢᵣᵤᵥᵦᵧᵨᵩᵪᵫᵬáµáµ®áµ¯áµ°áµ±áµ²áµ³áµ´áµµáµ¶áµ·áµ¹áµºáµ»áµ¼áµ½áµ¾áµ¿á¶á¶á¶á¶á¶á¶
á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¸á¸á¸
á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸¡á¸£á¸¥á¸§á¸©á¸«á¸á¸¯á¸±á¸³á¸µá¸·á¸¹á¸»á¸½á¸¿á¹á¹á¹
á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹¡á¹£á!
¹¥á¹§á¹©á¹«á¹á¹¯á¹±á¹³á¹µá¹·á¹¹á¹»á¹½á¹¿áºáºáº
áºáºáºáºáºáºáºáºáºáºáºáºáºáºáº¡áº£áº¥áº§áº©áº«áºáº¯áº±áº³áºµáº·áº¹áº»áº½áº¿á»á»á»
á»á»á»á»á»á»á»á»á»á»á»á»á»á»¡á»£á»¥á»§á»©á»«á»á»¯á»±á»³á»µá»·á»¹á¼á¼á¼á¼á¼á¼
á¼á¼á¼á¼á¼á¼á¼á¼á¼ ἡἢἣἤἥἦἧἰἱἲἳἴἵἶἷá½á½á½á½á½á½
á½á½á½á½á½á½á½á½á½ ὡὢὣὤὥὦὧὰάὲέὴήὶίὸόὺύὼώá¾á¾á¾á¾á¾á¾
á¾á¾á¾á¾á¾á¾á¾á¾á¾á¾á¾ ᾡᾢᾣᾤᾥᾦᾧᾰᾱᾲᾳᾴᾶᾷιá¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿ ῡῢΰῤῥῦῧῲῳῴῶῷâ²â²â²
â²â²â²â²â²â²â²â²â²â²â²â²â²â²¡â²£â²¥â²§â²©â²«â²â²¯â²±â²³â²µâ²·â²¹â²»â²½â²¿â³â³â³
â³â³â³â³â³â³â³â³â³â³â³â³â³â³¡â³£â³¤â´â´â´â´â´â´
â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´ ⴡⴢⴣⴤⴥï¬ï¬ï¬ï¬ï¬ï¬
ï¬ï¬ï¬ï¬ï¬ï¬\d-_^]/8
+
/ End of testinput4 /
diff -pruN pcre-7.5/testdata/testoutput4 pcre-7.6/testdata/testoutput4
--- pcre-7.5/testdata/testoutput4 2007-11-14 12:33:50.000000000 +0100
+++ pcre-7.6/testdata/testoutput4 2008-01-14 18:52:13.000000000 +0100
@@ -1069,4 +1069,6 @@ No match
0: M
0: \x{442}
+/[^ABCDEFGHIJKLMNOPQRSTUVWXYZÃÃÃÃÃÃ
ÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÃÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Ä¢Ä¤Ä¦Ä¨ÄªÄ¬Ä®Ä°Ä²Ä´Ä¶Ä¹Ä»Ä½Ä¿ÅÅÅ
ÅÅÅÅÅÅÅÅÅÅÅÅŠŢŤŦŨŪŬŮŰŲŴŶŸŹŻŽÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆÆ Æ¢Æ¤Æ¦Æ§Æ©Æ¬Æ®Æ¯Æ±Æ²Æ³ÆµÆ·Æ¸Æ¼ÇÇÇÇÇÇÇÇÇÇÇÇÇ Ç¢Ç¤Ç¦Ç¨ÇªÇ¬Ç®Ç±Ç´Ç¶Ç·Ç¸ÇºÇ¼Ç¾ÈÈÈÈÈÈÈÈÈÈÈÈÈÈÈÈÈ È¢È¤È¦È¨ÈªÈ¬È®È°È²ÈºÈ»È½È¾ÉÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎÎΠΡΣΤΥΦΧΨΩΪΫÏÏÏÏÏÏÏÏ Ï¢Ï¤Ï¦Ï¨ÏªÏ¬Ï®Ï´Ï·Ï¹ÏºÏ½Ï¾Ï¿ÐÐÐÐÐÐ
ÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐÐРСТУФХЦЧШЩЪЫЬÐÐ®Ð¯Ñ Ñ¢Ñ¤Ñ¦Ñ¨ÑªÑ¬Ñ®Ñ°Ñ²Ñ´Ñ¶Ñ¸ÑºÑ¼Ñ¾ÒÒÒÒÒÒÒÒÒÒÒÒÒ Ò¢Ò¤Ò¦Ò¨ÒªÒ¬Ò®Ò°Ò²Ò´Ò¶Ò¸ÒºÒ¼Ò¾ÓÓÓÓ
ÓÓÓÓÓÓÓÓÓÓÓÓÓ Ó¢Ó¤Ó¦Ó¨ÓªÓ¬Ó®Ó°Ó²Ó´Ó¶Ó¸ÔÔÔÔÔÔÔÔÔ±Ô²Ô³Ô´ÔµÔ¶Ô·Ô¸Ô¹ÔºÔ»Ô¼Ô½Ô¾Ô¿ÕÕÕÕÕÕ
ÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕá á¡á¢á£á¤á¥á¦á§á¨á©áªá«á¬áá®á¯á°á±á²á³á´áµá¶á·á¸á¹áºá»á¼á½á¾á¿áááááá
á¸á¸á¸á¸á¸á¸á¸á¸á!
¸á¸á¸á¸á¸á¸á¸á¸á¸ ḢḤḦḨḪḬḮḰḲḴḶḸḺḼḾá¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹ ṢṤṦṨṪṬṮṰṲṴṶṸṺṼṾáºáºáºáºáºáºáºáºáºáºáºáº ẢẤẦẨẪẬẮẰẲẴẶẸẺẼẾá»á»á»á»á»á»á»á»á»á»á»á»á»á»á»á»á» ỢỤỦỨỪỬỮỰỲỴỶỸá¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼á¼¨á¼©á¼ªá¼«á¼¬á¼á¼®á¼¯á¼¸á¼¹á¼ºá¼»á¼¼á¼½á¼¾á¼¿á½á½á½á½á½á½á½á½á½á½á½¨á½©á½ªá½«á½¬á½á½®á½¯á¾¸á¾¹á¾ºá¾»á¿á¿á¿á¿á¿á¿á¿á¿á¿¨á¿©á¿ªá¿«á¿¬á¿¸á¿¹á¿ºá¿»abcdefghijklmnopqrstuvwxyzªµºÃà áâãäåæçèéêëìÃîïðñòóôõöøùúûüýþÿÄÄÄ
ÄÄÄÄÄÄÄÄÄÄÄÄÄġģĥħĩīÄįıijĵķĸĺļľÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅÅšţťŧũūÅůűųŵŷźżžſÆÆÆ
ÆÆÆÆÆÆÆÆÆơƣƥƨƪƫÆưƴƶƹƺƽƾƿÇÇÇÇÇÇÇÇÇÇÇÇÇǡǣǥǧǩǫÇǯǰdzǵǹǻǽǿÈÈÈ
ÈÈÈÈÈÈÈÈÈÈÈÈÈȡȣȥȧȩȫÈȯȱȳȴȵȶȷȸȹȼȿÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉÉ É¡É¢É£!
ɤɥɦɧɨɩɪɫɬÉɮɯɰɱɲɳɴɵɶɷɸɹɺɻɼɽɾɿÊÊÊ!
ÊÊÊ
Ê
ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ Ê¡Ê¢Ê£Ê¤Ê¥Ê¦Ê§Ê¨Ê©ÊªÊ«Ê¬ÊʮʯÎάÎήίΰαβγδεζηθικλμνξοÏÏÏÏÏÏ
ÏÏÏÏÏÏÏÏÏÏÏÏÏÏÏÏÏÏϡϣϥϧϩϫÏϯϰϱϲϳϵϸϻϼабвгдежзийклмнопÑÑÑÑÑÑ
ÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑÑѡѣѥѧѩѫÑѯѱѳѵѷѹѻѽѿÒÒÒÒÒÒÒÒÒÒÒÒÒ¡Ò£Ò¥Ò§Ò©Ò«ÒÒ¯Ò±Ò³ÒµÒ·Ò¹Ò»Ò½Ò¿ÓÓÓÓÓÓÓÓÓÓÓÓÓÓÓÓ¡Ó£Ó¥Ó§Ó©Ó«ÓÓ¯Ó±Ó³ÓµÓ·Ó¹ÔÔÔ
ÔÔÔÔÔÕ¡Õ¢Õ£Õ¤Õ¥Õ¦Õ§Õ¨Õ©ÕªÕ«Õ¬ÕÕ®Õ¯Õ°Õ±Õ²Õ³Õ´ÕµÕ¶Õ·Õ¸Õ¹ÕºÕ»Õ¼Õ½Õ¾Õ¿ÖÖÖÖÖÖ
ÖÖá´á´á´á´á´á´
á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´á´ ᴡᴢᴣᴤᴥᴦᴧᴨᴩᴪᴫᵢᵣᵤᵥᵦᵧᵨᵩᵪᵫᵬáµáµ®áµ¯áµ°áµ±áµ²áµ³áµ´áµµáµ¶áµ·áµ¹áµºáµ»áµ¼áµ½áµ¾áµ¿á¶á¶á¶á¶á¶á¶
á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¶á¸á¸á¸
á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸á¸¡á¸£á¸¥á¸§á¸©á¸«á¸á¸¯á¸±á¸³á¸µá¸·á¸¹á¸»á¸½á¸¿á¹á¹á¹
á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹á¹¡á¹£á!
¹¥á¹§á¹©á¹«á¹á¹¯á¹±á¹³á¹µá¹·á¹¹á¹»á¹½á¹¿áºáºáº
áºáºáºáºáºáºáºáºáºáºáºáºáºáºáº¡áº£áº¥áº§áº©áº«áºáº¯áº±áº³áºµáº·áº¹áº»áº½áº¿á»á»á»
á»á»á»á»á»á»á»á»á»á»á»á»á»á»¡á»£á»¥á»§á»©á»«á»á»¯á»±á»³á»µá»·á»¹á¼á¼á¼á¼á¼á¼
á¼á¼á¼á¼á¼á¼á¼á¼á¼ ἡἢἣἤἥἦἧἰἱἲἳἴἵἶἷá½á½á½á½á½á½
á½á½á½á½á½á½á½á½á½ ὡὢὣὤὥὦὧὰάὲέὴήὶίὸόὺύὼώá¾á¾á¾á¾á¾á¾
á¾á¾á¾á¾á¾á¾á¾á¾á¾á¾á¾ ᾡᾢᾣᾤᾥᾦᾧᾰᾱᾲᾳᾴᾶᾷιá¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿á¿ ῡῢΰῤῥῦῧῲῳῴῶῷâ²â²â²
â²â²â²â²â²â²â²â²â²â²â²â²â²â²¡â²£â²¥â²§â²©â²«â²â²¯â²±â²³â²µâ²·â²¹â²»â²½â²¿â³â³â³
â³â³â³â³â³â³â³â³â³â³â³â³â³â³¡â³£â³¤â´â´â´â´â´â´
â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´â´ ⴡⴢⴣⴤⴥï¬ï¬ï¬ï¬ï¬ï¬
ï¬ï¬ï¬ï¬ï¬ï¬\d-_^]/8
+
/ End of testinput4 /
Index: pcre.spec
===================================================================
RCS file: /cvs/extras/rpms/pcre/F-8/pcre.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- pcre.spec 17 Sep 2007 14:04:55 -0000 1.25
+++ pcre.spec 15 Feb 2008 09:01:54 -0000 1.26
@@ -1,15 +1,14 @@
Name: pcre
Version: 7.3
-Release: 1
+Release: 3%{?dist}
Summary: Perl-compatible regular expression library
URL: http://www.pcre.org/
Source: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/%{name}-%{version}.tar.bz2
-Patch: pcre-7.3-multilib.patch
+Patch0: pcre-7.3-multilib.patch
+Patch1: pcre-7.3-CVE-2008-0674.patch
License: BSD
Group: System Environment/Libraries
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-Prereq: /sbin/ldconfig
-BuildPrereq: sed
+BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
%description
Perl-compatible regular expression library.
@@ -29,7 +28,8 @@
%prep
%setup -q
-%patch -p1 -b .multilib
+%patch0 -p1 -b .multilib
+%patch1 -p1 -b .CVE-2008-0674
%build
%configure --enable-utf8 --enable-unicode-properties
@@ -50,10 +50,8 @@
# get rid of unneeded *.la files
rm -f %{buildroot}%{_libdir}/*.la
-%if 0
%check
make check
-%endif
%post -p /sbin/ldconfig
@@ -86,6 +84,18 @@
%changelog
+* Tue Feb 12 2008 Tomas Hoger <thoger at redhat.com> - 7.3-3
+- Backport patch from upstream pcre 7.6 to address buffer overflow
+ caused by "a character class containing a very large number of
+ characters with codepoints greater than 255 (in UTF-8 mode)"
+ CVE-2008-0674, #431660
+- Try re-enabling make check again.
+
+* Fri Nov 16 2007 Stepan Kasal <skasal at redhat.com> - 7.3-2
+- Remove obsolete ``reqs''
+- add dist tag
+- update BuildRoot
+
* Mon Sep 17 2007 Than Ngo <than at redhat.com> - 7.3-1
- bz292501, update to 7.3
More information about the fedora-extras-commits
mailing list