Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libpcre1-8.45-150000.20.13.1 RPM for x86_64

From OpenSuSE Leap 15.5 for x86_64

Name: libpcre1 Distribution: SUSE Linux Enterprise 15
Version: 8.45 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150000.20.13.1 Build date: Thu Jun 23 10:03:24 2022
Group: System/Libraries Build host: sheep58
Size: 938521 Source RPM: pcre-8.45-150000.20.13.1.src.rpm
Packager: https://www.suse.com/
Url: http://www.pcre.org/
Summary: A library for Perl-compatible regular expressions
The PCRE library is a set of functions that implement regular
expression pattern matching using the same syntax and semantics
as Perl 5.

This PCRE library variant supports 8-bit and UTF-8 strings.
(See also libpcre16.)

Provides

Requires

License

BSD-3-Clause

Changelog

* Wed May 11 2022 jsikes@suse.com
  - Added pcre-8.45-bsc1199232-unicode-property-matching.patch
    * bsc#1199232
    * CVE-2022-1586
    * Fixes unicode property matching issue
* Tue Oct 19 2021 coolo@suse.com
  - pcre 8.45 (the final release)
    * Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
  - pcre 8.44
    * Small patch to pcreposix.c to set the erroroffset field to -1 immediately
    after a successful compile, instead of at the start of matching to avoid a
    sanitizer complaint (regexec is supposed to be thread safe).
    * Check the size of the number after (?C as it is read, in order to avoid
    integer overflow. (bsc#1172974, CVE-2020-14155)
    * Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
    in pcretest.
  - pcre 8.43
    * In a pattern such as /[^\x{100}-\x{ffff}]*[\x80-\xff]/ which has a repeated
    negative class with no characters less than 0x100 followed by a positive class
    with only characters less than 0x100, the first class was incorrectly being
    auto-possessified, causing incorrect match failures.
    * If the only branch in a conditional subpattern was anchored, the whole
    subpattern was treated as anchored, when it should not have been, since the
    assumed empty second branch cannot be anchored. Demonstrated by test patterns
    such as /(?(1)^())b/ or /(?(?=^))b/.
    * Fix subject buffer overread in JIT when UTF is disabled and \X or \R has
    a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
    (bsc#1172973 CVE-2019-20838)
    * If a pattern started with a subroutine call that had a quantifier with a
    minimum of zero, an incorrect "match must start with this character" could be
    recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
    be the first character of a match.
  - pcre 8.42
    * If a backreference with a minimum repeat count of zero was first in a
    pattern, apart from assertions, an incorrect first matching character could be
    recorded. For example, for the pattern /(?=(a))\1?b/, "b" was incorrectly set
    as the first character of a match.
    * Fix out-of-bounds read for partial matching of /./ against an empty string
    when the newline type is CRLF.
    * When matching using the the REG_STARTEND feature of the POSIX API with a
    non-zero starting offset, unset capturing groups with lower numbers than a
    group that did capture something were not being correctly returned as "unset"
    (that is, with offset values of -1).
    * Matching the pattern /(*UTF)\C[^\v]+\x80/ against an 8-bit string
    containing multi-code-unit characters caused bad behaviour and possibly a
    crash. This issue was fixed for other kinds of repeat in release 8.37 by change
    38, but repeating character classes were overlooked.
* Tue May 11 2021 bwiedemann@suse.com
  - Do not run profiling 'check' in parallel
    to make package build reproducible (boo#1040589)
* Thu Feb 22 2018 fvogt@suse.com
  - Use %license (boo#1082318)
* Wed Nov 01 2017 kstreitova@suse.com
  - add pcre-8.41-stack_frame_size_detection.patch to fix pcre stack
    frame size detection because modern compilers broke it by cloning
    and inlining pcre match() function [bsc#1058722]
* Tue Sep 12 2017 matz@suse.com
  - RunTest needs much stack, on s390x more than the default
    8 MB.  [bnc#1046102]
* Tue Jul 25 2017 astieger@suse.com
  - pcre 8.41:
    * If pcregrep in multiline mode with --only-matching matched
      several lines, it restarted scanning at the next line instead
      of moving on to the end of the matched string, which can be
      several lines after the start.
    * Fix a missing else in the JIT compiler reported by 'idaifish'.
      CVE-2017-6004 bsc#1025709
    * A (?# style comment is now ignored between a basic quantifier
      and a following '+' or '?' (example: /X+(?#comment)?Y/.
    * Avoid use of a potentially overflowing buffer in pcregrep
    * Fix issues reported by fuzzers in pcretest:
    - Check for values < 256 when calling isprint() in pcretest.
    - Give an error for too big a number after \O.
    * In the 32-bit library in non-UTF mode, an attempt to find a
      Unicode property for a character with a code point greater than
      0x10ffff (the Unicode maximum) caused a crash.
      CVE-2017-7186 bsc#1030066, CVE-2017-7244 bsc#1030807
    * The alternative matching function, pcre_dfa_exec() misbehaved
      if it encountered a character class with a possessive repeat,
      for example [a-f]{3}+.
    * When pcretest called pcre_copy_substring() in 32-bit mode, it
      set the buffer length incorrectly, which could result in buffer
      overflow. CVE-2017-7245 bsc#1030805, CVE-2017-7246 bsc#1030803
* Fri Jun 02 2017 mpluskal@suse.com
  - Enable jit on aarch64
  - Enable profiled building
* Thu Feb 09 2017 astieger@suse.com
  - pcre 8.40:
    * Using -o with -M in pcregrep could cause unnecessary repeated
      output when the match extended over a line boundary.
    * Fix register overwite in JIT when SSE2 acceleration is enabled.
    * Ignore "show all captures" (/=) for DFA matching.
    * Fix JIT unaligned accesses on x86
    * In any wide-character mode (8-bit UTF or any 16-bit or 32-bit
      mode), without PCRE_UCP set, a negative character type such as
      \D in a positive class should cause all characters greater than
      255 to match, whatever else is in the class. There was a bug
      that caused this not to happen if a Unicode property item was
      added to such a class, for example [\D\P{Nd}] or [\W\pL].
    * When pcretest was outputing information from a callout, the
      caret indicator for the current position in the subject line
      was incorrect if it was after an escape sequence for a
      character whose code point was greater than \x{ff}.
    * A pattern such as (?<RA>abc)(?(R)xyz) was incorrectly compiled
      such that the conditional was interpreted as a reference to
      capturing group 1 instead of a test for recursion. Any group
      whose name began with R was misinterpreted in this way. (The
      reference interpretation should only happen if the group's name
      is precisely "R".)
    * A number of bugs have been mended relating to match start-up
      optimizations when the first thing in a pattern is a positive
      lookahead. These all applied only when PCRE_NO_START_OPTIMIZE
      was *not* set:
      + A pattern such as (?=.*X)X$ was incorrectly optimized as if
      it needed both an initial 'X' and a following 'X'.
      + Some patterns starting with an assertion that started with
      .* were incorrectly optimized as having to match at the start
      of the subject or after a newline. There are cases where this
      is not true, for example, (?=.*[A-Z])(?=.{8,16})(?!.*[\s])
      matches after the start in lines that start with spaces.
      Starting .* in an assertion is no longer taken as an
      indication of matching at the start (or after a newline).
* Tue Feb 07 2017 dimstar@opensuse.org
  - Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13.
* Mon Aug 01 2016 astieger@suse.com
  - record minor vulnerabilities fixed in 8.39
* Wed Jun 15 2016 mpluskal@suse.com
  - Update to version 8.39:
    * Some appropriate PCRE2 JIT improvements have been retro-fitted
      to PCRE1.
    * CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply
      nested parentheses (boo#971741)
    * CVE-2016-1283: Heap buffer overflow DoS (boo#960837)
    * Apart from that, this is another bug-fix release.
* Thu Nov 26 2015 astieger@suse.com
  - pcre 8.38:
    * CVE-2015-3217: Call Stack Overflow Vulnerability in match()
      bsc#933878
    * Other fixes to assertions, crashes, buffer overflows and
      performance issues found by fuzzer, affecting applications
      accepting regular expression from untrusted sources
* Thu Apr 30 2015 astieger@suse.com
  - pcre 8.37:
    * CVE-2015-2325: Patterns with certain groups specifying a zero
      minimum quantifier caused incorrect code to be compiled,
      leading to an incorrect memory read. [boo#924960]
    * CVE-2015-2326: Specific patterns containing a forward reference
      with subroutine calls caused incorrect code to be compiled
      [boo#924961]
    * CVE-2014-8964: If an assertion condition was quantified with a
      minimum of zero, SIGSEGV or other misbehaviour could occur.
      [boo#906574]
    * further bug fixes as listed in ChangeLog
* Mon Mar 09 2015 p.drouand@gmail.com
  - Update to version 3.16
    * This is primarily a bug-fix release.
    * The Unicode data tables have been updated to Unicode 7.0.0.
  - Remove pcre-commit1472.patch; fixed on upstream release
  - Remove obsolete "Obsoletes" tag

Files

/usr/lib64/libpcre.so.1
/usr/lib64/libpcre.so.1.2.13
/usr/share/doc/packages/libpcre1
/usr/share/doc/packages/libpcre1/AUTHORS
/usr/share/doc/packages/libpcre1/ChangeLog
/usr/share/doc/packages/libpcre1/NEWS
/usr/share/doc/packages/libpcre1/README
/usr/share/licenses/libpcre1
/usr/share/licenses/libpcre1/COPYING
/usr/share/licenses/libpcre1/LICENCE


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 18:11:13 2024