rpms/pcre/F-7 pcre-7.3-CVE-2008-0674.patch, NONE, 1.1 pcre-7.3-multilib.patch, NONE, 1.1 .cvsignore, 1.9, 1.10 pcre.spec, 1.22, 1.23 sources, 1.10, 1.11 pcre-6.6-multilib.patch, 1.1, NONE pcre-6.6-stack.patch, 1.1, NONE
Tomas Hoger (thoger)
fedora-extras-commits at redhat.com
Fri Feb 15 10:43:33 UTC 2008
Author: thoger
Update of /cvs/extras/rpms/pcre/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4083
Modified Files:
.cvsignore pcre.spec sources
Added Files:
pcre-7.3-CVE-2008-0674.patch pcre-7.3-multilib.patch
Removed Files:
pcre-6.6-multilib.patch pcre-6.6-stack.patch
Log Message:
Rebase to 7.3 (sync with F-8/devel) to address multiple security issues.
pcre-7.3-CVE-2008-0674.patch:
--- NEW FILE pcre-7.3-CVE-2008-0674.patch ---
Fix for CVE-2008-0674:
1. A character class containing a very large number of characters with
codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
overflow.
Included in upstream pcre-7.6.
diff -pruN pcre-7.5/pcre_compile.c pcre-7.6/pcre_compile.c
--- pcre-7.5/pcre_compile.c 2008-01-10 18:06:49.000000000 +0100
+++ pcre-7.6/pcre_compile.c 2008-01-21 16:20:18.000000000 +0100
@@ -2376,6 +2376,7 @@ uschar classbits[32];
BOOL class_utf8;
BOOL utf8 = (options & PCRE_UTF8) != 0;
uschar *class_utf8data;
+uschar *class_utf8data_base;
uschar utf8_char[6];
#else
BOOL utf8 = FALSE;
@@ -2687,6 +2688,7 @@ for (;; ptr++)
#ifdef SUPPORT_UTF8
class_utf8 = FALSE; /* No chars >= 256 */
class_utf8data = code + LINK_SIZE + 2; /* For UTF-8 items */
+ class_utf8data_base = class_utf8data; /* For resetting in pass 1 */
#endif
/* Process characters until ] is reached. By writing this as a "do" it
@@ -2702,6 +2704,18 @@ for (;; ptr++)
{ /* Braces are required because the */
GETCHARLEN(c, ptr, ptr); /* macro generates multiple statements */
}
+
+ /* In the pre-compile phase, accumulate the length of any UTF-8 extra
+ data and reset the pointer. This is so that very large classes that
+ contain a zillion UTF-8 characters no longer overwrite the work space
+ (which is on the stack). */
+
+ if (lengthptr != NULL)
+ {
+ *lengthptr += class_utf8data - class_utf8data_base;
+ class_utf8data = class_utf8data_base;
+ }
+
#endif
/* Inside \Q...\E everything is literal except \E */
diff -pruN pcre-7.5/testdata/testinput4 pcre-7.6/testdata/testinput4
--- pcre-7.5/testdata/testinput4 2007-11-14 12:33:39.000000000 +0100
+++ pcre-7.6/testdata/testinput4 2008-01-14 18:51:57.000000000 +0100
@@ -607,4 +607,6 @@
/[[:^xdigit:]]/8g
M\x{442}
+/[^ABCDEFGHIJKLMNOPQRSTUVWXYZÀÃÂÃÄÅÆÇÈÉÊËÌÃÃŽÃÃÑÒÓÔÕÖØÙÚÛÜÃÞĀĂĄĆĈĊČĎÄÄ’Ä”Ä–Ä˜ÄšÄœÄžÄ Ä¢Ä¤Ä¦Ä¨ÄªÄ¬Ä®Ä°Ä²Ä´Ä¶Ä¹Ä»Ä½Ä¿ÅŃŅŇŊŌŎÅŒŔŖŘŚŜŞŠŢŤŦŨŪŬŮŰŲŴŶŸŹŻŽÆƂƄƆƇƉƊƋƎÆÆƑƓƔƖƗƘƜÆÆŸÆ Æ¢Æ¤Æ¦Æ§Æ©Æ¬Æ®Æ¯Æ±Æ²Æ³ÆµÆ·Æ¸Æ¼Ç„Ç‡ÇŠÇÇÇ‘Ç“Ç•Ç—Ç™Ç›ÇžÇ Ç¢Ç¤Ç¦Ç¨ÇªÇ¬Ç®Ç±Ç´Ç¶Ç·Ç¸ÇºÇ¼Ç¾È€È‚È„È†ÈˆÈŠÈŒÈŽÈÈ’È”È–È˜ÈšÈœÈžÈ È¢È¤È¦È¨ÈªÈ¬È®È°È²ÈºÈ»È½È¾ÉΆΈΉΊΌΎÎΑΒΓΔΕΖΗΘΙΚΛΜÎÎžÎŸÎ Î¡Î£Î¤Î¥Î¦Î§Î¨Î©ÎªÎ«Ï’Ï“Ï”Ï˜ÏšÏœÏžÏ Ï¢Ï¤Ï¦Ï¨ÏªÏ¬Ï®Ï´Ï·Ï¹ÏºÏ½Ï¾Ï¿Ð€ÐЂЃЄЅІЇЈЉЊЋЌÐÐŽÐÐБВГДЕЖЗИЙКЛМÐОПРСТУФХЦЧШЩЪЫЬÐÐ®Ð¯Ñ Ñ¢Ñ¤Ñ¦Ñ¨ÑªÑ¬Ñ®Ñ°Ñ²Ñ´Ñ¶Ñ¸ÑºÑ¼Ñ¾Ò€ÒŠÒŒÒŽÒÒ’Ò”Ò–Ò˜ÒšÒœÒžÒ Ò¢Ò¤Ò¦Ò¨ÒªÒ¬Ò®Ò°Ò²Ò´Ò¶Ò¸ÒºÒ¼Ò¾Ó€ÓÓƒÓ…Ó‡Ó‰Ó‹ÓÓÓ’Ó”Ó–Ó˜ÓšÓœÓžÓ Ó¢Ó¤Ó¦Ó¨ÓªÓ¬Ó®Ó°Ó²Ó´Ó¶Ó¸Ô€Ô‚Ô„Ô†ÔˆÔŠÔŒÔŽÔ±Ô²Ô³Ô´ÔµÔ¶Ô·Ô¸Ô¹ÔºÔ»Ô¼Ô½Ô¾Ô¿Õ€ÕÕ‚ÕƒÕ„Õ…Õ†Õ‡ÕˆÕ‰ÕŠÕ‹ÕŒÕÕŽÕÕՑՒՓՔՕՖႠႡႢႣႤႥႦႧႨႩႪႫႬá‚ႮႯႰႱႲႳႴႵႶႷႸႹႺႻႼႽႾႿჀáƒáƒ‚ჃჄჅḀḂḄḆḈḊḌḎá!
¸á¸’ḔḖḘḚḜḞḠḢḤḦḨḪḬḮḰḲḴḶḸḺḼḾṀṂṄṆṈṊṌṎá¹á¹’ṔṖṘṚṜṞṠṢṤṦṨṪṬṮṰṲṴṶṸṺṼṾẀẂẄẆẈẊẌẎáºáº’ẔẠẢẤẦẨẪẬẮẰẲẴẶẸẺẼẾỀỂỄỆỈỊỌỎá»á»’ỔỖỘỚỜỞỠỢỤỦỨỪỬỮỰỲỴỶỸἈἉἊἋἌá¼á¼Žá¼á¼˜á¼™á¼šá¼›á¼œá¼á¼¨á¼©á¼ªá¼«á¼¬á¼á¼®á¼¯á¼¸á¼¹á¼ºá¼»á¼¼á¼½á¼¾á¼¿á½ˆá½‰á½Šá½‹á½Œá½á½™á½›á½á½Ÿá½¨á½©á½ªá½«á½¬á½á½®á½¯á¾¸á¾¹á¾ºá¾»á¿ˆá¿‰á¿Šá¿‹á¿˜á¿™á¿šá¿›á¿¨á¿©á¿ªá¿«á¿¬á¿¸á¿¹á¿ºá¿»abcdefghijklmnopqrstuvwxyzªµºßà áâãäåæçèéêëìÃîïðñòóôõöøùúûüýþÿÄăąćĉċÄÄđēĕėęěÄğġģĥħĩīÄįıijĵķĸĺļľŀłńņňʼnŋÅÅőœŕŗřśÅşšţťŧũūÅůűųŵŷźżžſƀƃƅƈƌƃƕƙƚƛƞơƣƥƨƪƫÆưƴƶƹƺƽƾƿdžljnjǎÇǒǔǖǘǚǜÇǟǡǣǥǧǩǫÇǯǰdzǵǹǻǽǿÈȃȅȇȉȋÈÈȑȓȕȗșțÈȟȡȣȥȧȩȫÈȯȱȳȴȵȶȷȸȹȼȿɀÉɑɒɓɔɕɖɗɘəɚɛɜÉÉžÉŸÉ É¡É¢É£!
ɤɥɦɧɨɩɪɫɬÉɮɯɰɱɲɳɴɵɶɷɸɹɺɻɼɽɾɿʀÊÊ‚!
ʃʄʅʆ
ʇʈʉʊʋʌÊÊŽÊÊʑʒʓʔʕʖʗʘʙʚʛʜÊÊžÊŸÊ Ê¡Ê¢Ê£Ê¤Ê¥Ê¦Ê§Ê¨Ê©ÊªÊ«Ê¬ÊʮʯÎάÎήίΰαβγδεζηθικλμνξοπÏςστυφχψωϊϋόÏÏŽÏϑϕϖϗϙϛÏϟϡϣϥϧϩϫÏϯϰϱϲϳϵϸϻϼабвгдежзийклмнопрÑтуфхцчшщъыьÑÑŽÑÑёђѓєѕіїјљњћќÑўџѡѣѥѧѩѫÑѯѱѳѵѷѹѻѽѿÒÒ‹ÒÒÒ‘Ò“Ò•Ò—Ò™Ò›ÒÒŸÒ¡Ò£Ò¥Ò§Ò©Ò«ÒүұҳҵҷҹһҽҿӂӄӆӈӊӌӎӑӓӕӗәӛÓÓŸÓ¡Ó£Ó¥Ó§Ó©Ó«ÓÓ¯Ó±Ó³ÓµÓ·Ó¹ÔÔƒÔ…Ô‡Ô‰Ô‹ÔÔÕ¡Õ¢Õ£Õ¤Õ¥Õ¦Õ§Õ¨Õ©ÕªÕ«Õ¬ÕÕ®Õ¯Õ°Õ±Õ²Õ³Õ´ÕµÕ¶Õ·Õ¸Õ¹ÕºÕ»Õ¼Õ½Õ¾Õ¿Ö€Öւփքօֆևᴀá´á´‚ᴃᴄᴅᴆᴇᴈᴉᴊᴋᴌá´á´Žá´á´á´‘ᴒᴓᴔᴕᴖᴗᴘᴙᴚᴛᴜá´á´žá´Ÿá´ ᴡᴢᴣᴤᴥᴦᴧᴨᴩᴪᴫᵢᵣᵤᵥᵦᵧᵨᵩᵪᵫᵬáµáµ®áµ¯áµ°áµ±áµ²áµ³áµ´áµµáµ¶áµ·áµ¹áµºáµ»áµ¼áµ½áµ¾áµ¿á¶€á¶á¶‚ᶃᶄᶅᶆᶇᶈᶉᶊᶋᶌá¶á¶Žá¶á¶á¶‘ᶒᶓᶔᶕᶖᶗᶘᶙᶚá¸á¸ƒá¸…ḇḉḋá¸á¸á¸‘ḓḕḗḙḛá¸á¸Ÿá¸¡á¸£á¸¥á¸§á¸©á¸«á¸á¸¯á¸±á¸³á¸µá¸·á¸¹á¸»á¸½á¸¿á¹á¹ƒá¹…ṇṉṋá¹á¹á¹‘ṓṕṗṙṛá¹á¹Ÿá¹¡á¹£á!
¹¥á¹§á¹©á¹«á¹á¹¯á¹±á¹³á¹µá¹·á¹¹á¹»á¹½á¹¿áºáºƒáº…ẇẉẋáºáºáº‘ẓẕẖẗẘẙẚẛạảấầẩẫáºáº¯áº±áº³áºµáº·áº¹áº»áº½áº¿á»á»ƒá»…ệỉịá»á»á»‘ồổỗộớá»á»Ÿá»¡á»£á»¥á»§á»©á»«á»á»¯á»±á»³á»µá»·á»¹á¼€á¼á¼‚ἃἄἅἆἇá¼á¼‘ἒἓἔἕἠἡἢἣἤἥἦἧἰἱἲἳἴἵἶἷὀá½á½‚ὃὄὅá½á½‘ὒὓὔὕὖὗὠὡὢὣὤὥὦὧὰάὲέὴήὶίὸόὺύὼώᾀá¾á¾‚ᾃᾄᾅᾆᾇá¾á¾‘ᾒᾓᾔᾕᾖᾗᾠᾡᾢᾣᾤᾥᾦᾧᾰᾱᾲᾳᾴᾶᾷιῂῃῄῆῇá¿á¿‘ῒΐῖῗῠῡῢΰῤῥῦῧῲῳῴῶῷâ²â²ƒâ²…ⲇⲉⲋâ²â²â²‘ⲓⲕⲗⲙⲛâ²â²Ÿâ²¡â²£â²¥â²§â²©â²«â²â²¯â²±â²³â²µâ²·â²¹â²»â²½â²¿â³â³ƒâ³…ⳇⳉⳋâ³â³â³‘ⳓⳕⳗⳙⳛâ³â³Ÿâ³¡â³£â³¤â´€â´â´‚ⴃⴄⴅⴆⴇⴈⴉⴊⴋⴌâ´â´Žâ´â´â´‘ⴒⴓⴔⴕⴖⴗⴘⴙⴚⴛⴜâ´â´žâ´Ÿâ´ ⴡⴢⴣⴤⴥffï¬ï¬‚ffifflſtstﬓﬔﬕﬖﬗ\d-_^]/8
+
/ End of testinput4 /
diff -pruN pcre-7.5/testdata/testoutput4 pcre-7.6/testdata/testoutput4
--- pcre-7.5/testdata/testoutput4 2007-11-14 12:33:50.000000000 +0100
+++ pcre-7.6/testdata/testoutput4 2008-01-14 18:52:13.000000000 +0100
@@ -1069,4 +1069,6 @@ No match
0: M
0: \x{442}
+/[^ABCDEFGHIJKLMNOPQRSTUVWXYZÀÃÂÃÄÅÆÇÈÉÊËÌÃÃŽÃÃÑÒÓÔÕÖØÙÚÛÜÃÞĀĂĄĆĈĊČĎÄÄ’Ä”Ä–Ä˜ÄšÄœÄžÄ Ä¢Ä¤Ä¦Ä¨ÄªÄ¬Ä®Ä°Ä²Ä´Ä¶Ä¹Ä»Ä½Ä¿ÅŃŅŇŊŌŎÅŒŔŖŘŚŜŞŠŢŤŦŨŪŬŮŰŲŴŶŸŹŻŽÆƂƄƆƇƉƊƋƎÆÆƑƓƔƖƗƘƜÆÆŸÆ Æ¢Æ¤Æ¦Æ§Æ©Æ¬Æ®Æ¯Æ±Æ²Æ³ÆµÆ·Æ¸Æ¼Ç„Ç‡ÇŠÇÇÇ‘Ç“Ç•Ç—Ç™Ç›ÇžÇ Ç¢Ç¤Ç¦Ç¨ÇªÇ¬Ç®Ç±Ç´Ç¶Ç·Ç¸ÇºÇ¼Ç¾È€È‚È„È†ÈˆÈŠÈŒÈŽÈÈ’È”È–È˜ÈšÈœÈžÈ È¢È¤È¦È¨ÈªÈ¬È®È°È²ÈºÈ»È½È¾ÉΆΈΉΊΌΎÎΑΒΓΔΕΖΗΘΙΚΛΜÎÎžÎŸÎ Î¡Î£Î¤Î¥Î¦Î§Î¨Î©ÎªÎ«Ï’Ï“Ï”Ï˜ÏšÏœÏžÏ Ï¢Ï¤Ï¦Ï¨ÏªÏ¬Ï®Ï´Ï·Ï¹ÏºÏ½Ï¾Ï¿Ð€ÐЂЃЄЅІЇЈЉЊЋЌÐÐŽÐÐБВГДЕЖЗИЙКЛМÐОПРСТУФХЦЧШЩЪЫЬÐÐ®Ð¯Ñ Ñ¢Ñ¤Ñ¦Ñ¨ÑªÑ¬Ñ®Ñ°Ñ²Ñ´Ñ¶Ñ¸ÑºÑ¼Ñ¾Ò€ÒŠÒŒÒŽÒÒ’Ò”Ò–Ò˜ÒšÒœÒžÒ Ò¢Ò¤Ò¦Ò¨ÒªÒ¬Ò®Ò°Ò²Ò´Ò¶Ò¸ÒºÒ¼Ò¾Ó€ÓÓƒÓ…Ó‡Ó‰Ó‹ÓÓÓ’Ó”Ó–Ó˜ÓšÓœÓžÓ Ó¢Ó¤Ó¦Ó¨ÓªÓ¬Ó®Ó°Ó²Ó´Ó¶Ó¸Ô€Ô‚Ô„Ô†ÔˆÔŠÔŒÔŽÔ±Ô²Ô³Ô´ÔµÔ¶Ô·Ô¸Ô¹ÔºÔ»Ô¼Ô½Ô¾Ô¿Õ€ÕÕ‚ÕƒÕ„Õ…Õ†Õ‡ÕˆÕ‰ÕŠÕ‹ÕŒÕÕŽÕÕՑՒՓՔՕՖႠႡႢႣႤႥႦႧႨႩႪႫႬá‚ႮႯႰႱႲႳႴႵႶႷႸႹႺႻႼႽႾႿჀáƒáƒ‚ჃჄჅḀḂḄḆḈḊḌḎá!
¸á¸’ḔḖḘḚḜḞḠḢḤḦḨḪḬḮḰḲḴḶḸḺḼḾṀṂṄṆṈṊṌṎá¹á¹’ṔṖṘṚṜṞṠṢṤṦṨṪṬṮṰṲṴṶṸṺṼṾẀẂẄẆẈẊẌẎáºáº’ẔẠẢẤẦẨẪẬẮẰẲẴẶẸẺẼẾỀỂỄỆỈỊỌỎá»á»’ỔỖỘỚỜỞỠỢỤỦỨỪỬỮỰỲỴỶỸἈἉἊἋἌá¼á¼Žá¼á¼˜á¼™á¼šá¼›á¼œá¼á¼¨á¼©á¼ªá¼«á¼¬á¼á¼®á¼¯á¼¸á¼¹á¼ºá¼»á¼¼á¼½á¼¾á¼¿á½ˆá½‰á½Šá½‹á½Œá½á½™á½›á½á½Ÿá½¨á½©á½ªá½«á½¬á½á½®á½¯á¾¸á¾¹á¾ºá¾»á¿ˆá¿‰á¿Šá¿‹á¿˜á¿™á¿šá¿›á¿¨á¿©á¿ªá¿«á¿¬á¿¸á¿¹á¿ºá¿»abcdefghijklmnopqrstuvwxyzªµºßà áâãäåæçèéêëìÃîïðñòóôõöøùúûüýþÿÄăąćĉċÄÄđēĕėęěÄğġģĥħĩīÄįıijĵķĸĺļľŀłńņňʼnŋÅÅőœŕŗřśÅşšţťŧũūÅůűųŵŷźżžſƀƃƅƈƌƃƕƙƚƛƞơƣƥƨƪƫÆưƴƶƹƺƽƾƿdžljnjǎÇǒǔǖǘǚǜÇǟǡǣǥǧǩǫÇǯǰdzǵǹǻǽǿÈȃȅȇȉȋÈÈȑȓȕȗșțÈȟȡȣȥȧȩȫÈȯȱȳȴȵȶȷȸȹȼȿɀÉɑɒɓɔɕɖɗɘəɚɛɜÉÉžÉŸÉ É¡É¢É£!
ɤɥɦɧɨɩɪɫɬÉɮɯɰɱɲɳɴɵɶɷɸɹɺɻɼɽɾɿʀÊÊ‚!
ʃʄʅʆ
ʇʈʉʊʋʌÊÊŽÊÊʑʒʓʔʕʖʗʘʙʚʛʜÊÊžÊŸÊ Ê¡Ê¢Ê£Ê¤Ê¥Ê¦Ê§Ê¨Ê©ÊªÊ«Ê¬ÊʮʯÎάÎήίΰαβγδεζηθικλμνξοπÏςστυφχψωϊϋόÏÏŽÏϑϕϖϗϙϛÏϟϡϣϥϧϩϫÏϯϰϱϲϳϵϸϻϼабвгдежзийклмнопрÑтуфхцчшщъыьÑÑŽÑÑёђѓєѕіїјљњћќÑўџѡѣѥѧѩѫÑѯѱѳѵѷѹѻѽѿÒÒ‹ÒÒÒ‘Ò“Ò•Ò—Ò™Ò›ÒÒŸÒ¡Ò£Ò¥Ò§Ò©Ò«ÒүұҳҵҷҹһҽҿӂӄӆӈӊӌӎӑӓӕӗәӛÓÓŸÓ¡Ó£Ó¥Ó§Ó©Ó«ÓÓ¯Ó±Ó³ÓµÓ·Ó¹ÔÔƒÔ…Ô‡Ô‰Ô‹ÔÔÕ¡Õ¢Õ£Õ¤Õ¥Õ¦Õ§Õ¨Õ©ÕªÕ«Õ¬ÕÕ®Õ¯Õ°Õ±Õ²Õ³Õ´ÕµÕ¶Õ·Õ¸Õ¹ÕºÕ»Õ¼Õ½Õ¾Õ¿Ö€Öւփքօֆևᴀá´á´‚ᴃᴄᴅᴆᴇᴈᴉᴊᴋᴌá´á´Žá´á´á´‘ᴒᴓᴔᴕᴖᴗᴘᴙᴚᴛᴜá´á´žá´Ÿá´ ᴡᴢᴣᴤᴥᴦᴧᴨᴩᴪᴫᵢᵣᵤᵥᵦᵧᵨᵩᵪᵫᵬáµáµ®áµ¯áµ°áµ±áµ²áµ³áµ´áµµáµ¶áµ·áµ¹áµºáµ»áµ¼áµ½áµ¾áµ¿á¶€á¶á¶‚ᶃᶄᶅᶆᶇᶈᶉᶊᶋᶌá¶á¶Žá¶á¶á¶‘ᶒᶓᶔᶕᶖᶗᶘᶙᶚá¸á¸ƒá¸…ḇḉḋá¸á¸á¸‘ḓḕḗḙḛá¸á¸Ÿá¸¡á¸£á¸¥á¸§á¸©á¸«á¸á¸¯á¸±á¸³á¸µá¸·á¸¹á¸»á¸½á¸¿á¹á¹ƒá¹…ṇṉṋá¹á¹á¹‘ṓṕṗṙṛá¹á¹Ÿá¹¡á¹£á!
¹¥á¹§á¹©á¹«á¹á¹¯á¹±á¹³á¹µá¹·á¹¹á¹»á¹½á¹¿áºáºƒáº…ẇẉẋáºáºáº‘ẓẕẖẗẘẙẚẛạảấầẩẫáºáº¯áº±áº³áºµáº·áº¹áº»áº½áº¿á»á»ƒá»…ệỉịá»á»á»‘ồổỗộớá»á»Ÿá»¡á»£á»¥á»§á»©á»«á»á»¯á»±á»³á»µá»·á»¹á¼€á¼á¼‚ἃἄἅἆἇá¼á¼‘ἒἓἔἕἠἡἢἣἤἥἦἧἰἱἲἳἴἵἶἷὀá½á½‚ὃὄὅá½á½‘ὒὓὔὕὖὗὠὡὢὣὤὥὦὧὰάὲέὴήὶίὸόὺύὼώᾀá¾á¾‚ᾃᾄᾅᾆᾇá¾á¾‘ᾒᾓᾔᾕᾖᾗᾠᾡᾢᾣᾤᾥᾦᾧᾰᾱᾲᾳᾴᾶᾷιῂῃῄῆῇá¿á¿‘ῒΐῖῗῠῡῢΰῤῥῦῧῲῳῴῶῷâ²â²ƒâ²…ⲇⲉⲋâ²â²â²‘ⲓⲕⲗⲙⲛâ²â²Ÿâ²¡â²£â²¥â²§â²©â²«â²â²¯â²±â²³â²µâ²·â²¹â²»â²½â²¿â³â³ƒâ³…ⳇⳉⳋâ³â³â³‘ⳓⳕⳗⳙⳛâ³â³Ÿâ³¡â³£â³¤â´€â´â´‚ⴃⴄⴅⴆⴇⴈⴉⴊⴋⴌâ´â´Žâ´â´â´‘ⴒⴓⴔⴕⴖⴗⴘⴙⴚⴛⴜâ´â´žâ´Ÿâ´ ⴡⴢⴣⴤⴥffï¬ï¬‚ffifflſtstﬓﬔﬕﬖﬗ\d-_^]/8
+
/ End of testinput4 /
pcre-7.3-multilib.patch:
--- NEW FILE pcre-7.3-multilib.patch ---
--- pcre-7.3/pcre-config.in.orig 2007-09-17 15:58:11.000000000 +0200
+++ pcre-7.3/pcre-config.in 2007-09-17 16:02:50.000000000 +0200
@@ -12,16 +12,6 @@
exit 1
fi
-libR=
-case `uname -s` in
- *SunOS*)
- libR=" -R at libdir@"
- ;;
- *BSD*)
- libR=" -Wl,-R at libdir@"
- ;;
-esac
-
while test $# -gt 0; do
case "$1" in
-*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
@@ -55,10 +45,10 @@
echo $includes
;;
--libs-posix)
- echo -L at libdir@$libR -lpcreposix -lpcre
+ echo -lpcreposix -lpcre
;;
--libs)
- echo -L at libdir@$libR -lpcre
+ echo -lpcre
;;
*)
echo "${usage}" 1>&2
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/pcre/F-7/.cvsignore,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- .cvsignore 27 Nov 2006 19:43:55 -0000 1.9
+++ .cvsignore 15 Feb 2008 10:42:51 -0000 1.10
@@ -3,3 +3,4 @@
pcre-6.3.tar.bz2
pcre-6.6.tar.bz2
pcre-6.7.tar.bz2
+pcre-7.3.tar.bz2
Index: pcre.spec
===================================================================
RCS file: /cvs/extras/rpms/pcre/F-7/pcre.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- pcre.spec 22 Jan 2007 10:59:48 -0000 1.22
+++ pcre.spec 15 Feb 2008 10:42:51 -0000 1.23
@@ -1,16 +1,14 @@
Name: pcre
-Version: 7.0
-Release: 2
+Version: 7.3
+Release: 3%{?dist}
Summary: Perl-compatible regular expression library
URL: http://www.pcre.org/
Source: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/%{name}-%{version}.tar.bz2
-Patch1: pcre-6.6-multilib.patch
+Patch0: pcre-7.3-multilib.patch
+Patch1: pcre-7.3-CVE-2008-0674.patch
License: BSD
Group: System Environment/Libraries
-Prefix: %{_prefix}
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-Prereq: /sbin/ldconfig
-BuildPrereq: sed
+BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
%description
Perl-compatible regular expression library.
@@ -30,7 +28,8 @@
%prep
%setup -q
-%patch1 -p1 -b .multilib
+%patch0 -p1 -b .multilib
+%patch1 -p1 -b .CVE-2008-0674
%build
%configure --enable-utf8 --enable-unicode-properties
@@ -51,10 +50,8 @@
# get rid of unneeded *.la files
rm -f %{buildroot}%{_libdir}/*.la
-%if 0
%check
make check
-%endif
%post -p /sbin/ldconfig
@@ -70,7 +67,8 @@
%{_mandir}/man1/*
%{_bindir}/pcregrep
%{_bindir}/pcretest
-%doc LICENCE AUTHORS
+%doc %{_docdir}/pcre/LICENCE
+%doc %{_docdir}/pcre/AUTHORS
%files devel
%defattr(-,root,root)
@@ -80,8 +78,27 @@
%{_includedir}/*.h
%{_mandir}/man3/*
%{_bindir}/pcre-config
+%doc %{_docdir}/pcre
+%exclude %{_docdir}/pcre/LICENCE
+%exclude %{_docdir}/pcre/AUTHORS
+
%changelog
+* Tue Feb 12 2008 Tomas Hoger <thoger at redhat.com> - 7.3-3
+- Backport patch from upstream pcre 7.6 to address buffer overflow
+ caused by "a character class containing a very large number of
+ characters with codepoints greater than 255 (in UTF-8 mode)"
+ CVE-2008-0674, #431660
+- Try re-enabling make check again.
+
+* Fri Nov 16 2007 Stepan Kasal <skasal at redhat.com> - 7.3-2
+- Remove obsolete ``reqs''
+- add dist tag
+- update BuildRoot
+
+* Mon Sep 17 2007 Than Ngo <than at redhat.com> - 7.3-1
+- bz292501, update to 7.3
+
* Mon Jan 22 2007 Than Ngo <than at redhat.com> - 7.0-1
- 7.0
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/pcre/F-7/sources,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- sources 22 Jan 2007 10:15:40 -0000 1.10
+++ sources 15 Feb 2008 10:42:51 -0000 1.11
@@ -1 +1 @@
-b97e3bb84bd665e0fbb7a90344d65a43 pcre-7.0.tar.bz2
+08b48bf97ff84a9dea07d6be518f0046 pcre-7.3.tar.bz2
--- pcre-6.6-multilib.patch DELETED ---
--- pcre-6.6-stack.patch DELETED ---
More information about the fedora-extras-commits
mailing list