diff --git a/backport-Fix-Bugzilla-2642-no-match-bug-in-8-bit-mode-for-cas.patch b/backport-Fix-Bugzilla-2642-no-match-bug-in-8-bit-mode-for-cas.patch new file mode 100644 index 0000000000000000000000000000000000000000..532102737ab7c5fd10f9c243f8ffa0359163bf3e --- /dev/null +++ b/backport-Fix-Bugzilla-2642-no-match-bug-in-8-bit-mode-for-cas.patch @@ -0,0 +1,76 @@ +From f8cbb1f58df05f175a6898f35dc18e26be6362d0 Mon Sep 17 00:00:00 2001 +From: "Philip.Hazel" +Date: Tue, 15 Sep 2020 14:36:23 +0000 +Subject: [PATCH] Fix Bugzilla #2642: no match bug in 8-bit mode for caseless + invalid utf matching. + +Conflict:delete Changelog +Reference:https://github.com/PhilipHazel/pcre2/commit/f8cbb1f58df05f175a6898f35dc18e26be6362d0 +--- + src/pcre2_match.c | 10 ++++++++-- + testdata/testinput10 | 3 +++ + testdata/testoutput10 | 4 ++++ + 3 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/src/pcre2_match.c b/src/pcre2_match.c +index 11289d5..3372410 100644 +--- a/src/pcre2_match.c ++++ b/src/pcre2_match.c +@@ -6115,8 +6115,8 @@ BOOL has_req_cu = FALSE; + BOOL startline; + + #if PCRE2_CODE_UNIT_WIDTH == 8 +-BOOL memchr_not_found_first_cu = FALSE; +-BOOL memchr_not_found_first_cu2 = FALSE; ++BOOL memchr_not_found_first_cu; ++BOOL memchr_not_found_first_cu2; + #endif + + PCRE2_UCHAR first_cu = 0; +@@ -6709,6 +6709,11 @@ FRAGMENT_RESTART: + start_partial = match_partial = NULL; + mb->hitend = FALSE; + ++#if PCRE2_CODE_UNIT_WIDTH == 8 ++memchr_not_found_first_cu = FALSE; ++memchr_not_found_first_cu2 = FALSE; ++#endif ++ + for(;;) + { + PCRE2_SPTR new_start_match; +@@ -7187,6 +7192,7 @@ if (utf && end_subject != true_end_subject && + starting code units in 8-bit and 16-bit modes. */ + + start_match = end_subject + 1; ++ + #if PCRE2_CODE_UNIT_WIDTH != 32 + while (start_match < true_end_subject && NOT_FIRSTCU(*start_match)) + start_match++; +diff --git a/testdata/testinput10 b/testdata/testinput10 +index b3c3197..efd3298 100644 +--- a/testdata/testinput10 ++++ b/testdata/testinput10 +@@ -610,4 +610,7 @@ + /X(\x{e1})Y/replace=>\U$1<,substitute_extended + X\x{e1}Y + ++/A/utf,match_invalid_utf,caseless ++ \xe5A ++ + # End of testinput10 +diff --git a/testdata/testoutput10 b/testdata/testoutput10 +index 59af535..2a3803f 100644 +--- a/testdata/testoutput10 ++++ b/testdata/testoutput10 +@@ -1871,4 +1871,8 @@ Subject length lower bound = 1 + X\x{e1}Y + 1: >\xe1< + ++/A/utf,match_invalid_utf,caseless ++ \xe5A ++ 0: A ++ + # End of testinput10 +-- +2.27.0 diff --git a/backport-Fix-K-within-recursion-bug-in-interpreter.patch b/backport-Fix-K-within-recursion-bug-in-interpreter.patch new file mode 100644 index 0000000000000000000000000000000000000000..6be214dd724e677319644d519cbe261cdf5c824b --- /dev/null +++ b/backport-Fix-K-within-recursion-bug-in-interpreter.patch @@ -0,0 +1,58 @@ +Date: Thu, 18 Feb 2021 09:46:08 +0000 +Subject: [PATCH] Fix \K within recursion bug in interpreter. + +Conflict:delete Changelog +Reference:https://github.com/PhilipHazel/pcre2/commit/2c4d3942e4dd0dbbfccc43b9cb28d8258afaaca4 + +--- + src/pcre2_match.c | 4 +++- + testdata/testinput1 | 3 +++ + testdata/testoutput1 | 4 ++++ + 3 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/pcre2_match.c b/src/pcre2_match.c +index e3f78c2..7d9cad0 100644 +--- a/src/pcre2_match.c ++++ b/src/pcre2_match.c +@@ -818,10 +818,12 @@ fprintf(stderr, "++ op=%d\n", *Fecode); + + /* N is now the frame of the recursion; the previous frame is at the + OP_RECURSE position. Go back there, copying the current subject position +- and mark, and move on past the OP_RECURSE. */ ++ and mark, and the start_match position (\K might have changed it), and ++ then move on past the OP_RECURSE. */ + + P->eptr = Feptr; + P->mark = Fmark; ++ P->start_match = Fstart_match; + F = P; + Fecode += 1 + LINK_SIZE; + continue; +diff --git a/testdata/testinput1 b/testdata/testinput1 +index 8409791..ae1e17e 100644 +--- a/testdata/testinput1 ++++ b/testdata/testinput1 +@@ -6436,4 +6436,7 @@ ef) x/x,mark + /a{65536/ + >a{65536< + ++/a\K.(?0)*/ ++ abac ++ + # End of testinput1 +diff --git a/testdata/testoutput1 b/testdata/testoutput1 +index 666ae8c..a65eb0e 100644 +--- a/testdata/testoutput1 ++++ b/testdata/testoutput1 +@@ -10198,4 +10198,8 @@ No match + >a{65536< + 0: a{65536 + ++/a\K.(?0)*/ ++ abac ++ 0: c ++ + # End of testinput1 +-- +2.27.0 + diff --git a/backport-Fix-recursion-issue-in-JIT.patch b/backport-Fix-recursion-issue-in-JIT.patch new file mode 100644 index 0000000000000000000000000000000000000000..ed815b98e2e172c48a88a38e4a35ccc3d5d417ee --- /dev/null +++ b/backport-Fix-recursion-issue-in-JIT.patch @@ -0,0 +1,44 @@ +From d07c967b3ac93a9bd8816837053a75b0f8a816c9 Mon Sep 17 00:00:00 2001 +From: Zoltan Herczeg +Date: Thu, 14 Apr 2022 19:09:40 +0000 +Subject: [PATCH] Fix recursion issue in JIT + +Conflict:NA +Reference:https://github.com/PhilipHazel/pcre2/commit/d07c967b3ac93a9bd8816837053a75b0f8a816c9 +--- + src/pcre2_jit_compile.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c +index e47a9f3..b98bf95 100644 +--- a/src/pcre2_jit_compile.c ++++ b/src/pcre2_jit_compile.c +@@ -2909,14 +2909,15 @@ while (cc < ccend) + i = 1 + 32 / (int)sizeof(PCRE2_UCHAR); + #endif + if (PRIVATE_DATA(cc) != 0) ++ { ++ private_count = 1; ++ private_srcw[0] = PRIVATE_DATA(cc); + switch(get_class_iterator_size(cc + i)) + { + case 1: +- private_srcw[0] = PRIVATE_DATA(cc); + break; + + case 2: +- private_srcw[0] = PRIVATE_DATA(cc); + if (recurse_check_bit(common, private_srcw[0])) + { + private_count = 2; +@@ -2929,6 +2930,7 @@ while (cc < ccend) + SLJIT_UNREACHABLE(); + break; + } ++ } + cc += i; + break; + +-- +2.27.0 + diff --git a/backport-Fix-some-numerical-checking-bugs-Bugzilla-2690.patch b/backport-Fix-some-numerical-checking-bugs-Bugzilla-2690.patch new file mode 100644 index 0000000000000000000000000000000000000000..d7951fe01821c615466c053679b5048ec5588c77 --- /dev/null +++ b/backport-Fix-some-numerical-checking-bugs-Bugzilla-2690.patch @@ -0,0 +1,256 @@ +From 3bdc76e4f35dc2f61ac788d829164367cc63fdb6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zolt=C3=A1n=20Herczeg?= +Date: Sat, 19 Sep 2020 03:49:32 +0000 +Subject: [PATCH] Fixed a bug in character set matching when JIT is enabled. + +Conflict:adapt context and delete Changelog +Reference:https://github.com/PhilipHazel/pcre2/commit/8144ae04e9c295641333f8f0087178e4e11432ec +--- + src/pcre2_compile.c | 52 +++++++++++++++++++++++++++------------- + testdata/testinput1 | 9 +++++++ + testdata/testinput11 | 3 +++ + testdata/testinput2 | 2 -- + testdata/testinput9 | 3 +++ + testdata/testoutput1 | 12 ++++++++++ + testdata/testoutput11-16 | 4 ++++ + testdata/testoutput11-32 | 4 ++++ + testdata/testoutput2 | 3 --- + testdata/testoutput9 | 4 ++++ + 10 files changed, 74 insertions(+), 22 deletions(-) + +diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c +index d52b5d3..fa95e73 100644 +--- a/src/pcre2_compile.c ++++ b/src/pcre2_compile.c +@@ -1398,32 +1398,47 @@ static BOOL + read_repeat_counts(PCRE2_SPTR *ptrptr, PCRE2_SPTR ptrend, uint32_t *minp, + uint32_t *maxp, int *errorcodeptr) + { +-PCRE2_SPTR p = *ptrptr; ++PCRE2_SPTR p; + BOOL yield = FALSE; ++BOOL had_comma = FALSE; + int32_t min = 0; + int32_t max = REPEAT_UNLIMITED; /* This value is larger than MAX_REPEAT_COUNT */ + +-/* NB read_number() initializes the error code to zero. The only error is for a +-number that is too big. */ ++/* Check the syntax */ + ++*errorcodeptr = 0; ++for (p = *ptrptr;; p++) ++ { ++ uint32_t c; ++ if (p >= ptrend) return FALSE; ++ c = *p; ++ if (IS_DIGIT(c)) continue; ++ if (c == CHAR_RIGHT_CURLY_BRACKET) break; ++ if (c == CHAR_COMMA) ++ { ++ if (had_comma) return FALSE; ++ had_comma = TRUE; ++ } ++ else return FALSE; ++ } ++ ++/* The only error from read_number() is for a number that is too big. */ ++ ++p = *ptrptr; + if (!read_number(&p, ptrend, -1, MAX_REPEAT_COUNT, ERR5, &min, errorcodeptr)) + goto EXIT; + +-if (p >= ptrend) goto EXIT; +- + if (*p == CHAR_RIGHT_CURLY_BRACKET) + { + p++; + max = min; + } +- + else + { +- if (*p++ != CHAR_COMMA || p >= ptrend) goto EXIT; +- if (*p != CHAR_RIGHT_CURLY_BRACKET) ++ if (*(++p) != CHAR_RIGHT_CURLY_BRACKET) + { + if (!read_number(&p, ptrend, -1, MAX_REPEAT_COUNT, ERR5, &max, +- errorcodeptr) || p >= ptrend || *p != CHAR_RIGHT_CURLY_BRACKET) ++ errorcodeptr)) + goto EXIT; + if (max < min) + { +@@ -1438,11 +1453,10 @@ yield = TRUE; + if (minp != NULL) *minp = (uint32_t)min; + if (maxp != NULL) *maxp = (uint32_t)max; + +-/* Update the pattern pointer on success, or after an error, but not when +-the result is "not a repeat quantifier". */ ++/* Update the pattern pointer */ + + EXIT: +-if (yield || *errorcodeptr != 0) *ptrptr = p; ++*ptrptr = p; + return yield; + } + +@@ -1776,19 +1790,23 @@ else + { + oldptr = ptr; + ptr--; /* Back to the digit */ +- if (!read_number(&ptr, ptrend, -1, INT_MAX/10 - 1, ERR61, &s, +- errorcodeptr)) +- break; + +- /* \1 to \9 are always back references. \8x and \9x are too; \1x to \7x ++ /* As we know we are at a digit, the only possible error from ++ read_number() is a number that is too large to be a group number. In this ++ case we fall through handle this as not a group reference. If we have ++ read a small enough number, check for a back reference. ++ ++ \1 to \9 are always back references. \8x and \9x are too; \1x to \7x + are octal escapes if there are not that many previous captures. */ + +- if (s < 10 || oldptr[-1] >= CHAR_8 || s <= (int)cb->bracount) ++ if (read_number(&ptr, ptrend, -1, INT_MAX/10 - 1, 0, &s, errorcodeptr) && ++ (s < 10 || oldptr[-1] >= CHAR_8 || s <= (int)cb->bracount)) + { + if (s > (int)MAX_GROUP_NUMBER) *errorcodeptr = ERR61; + else escape = -s; /* Indicates a back reference */ + break; + } ++ + ptr = oldptr; /* Put the pointer back and fall through */ + } + +diff --git a/testdata/testinput1 b/testdata/testinput1 +index 8d952e2..8409791 100644 +--- a/testdata/testinput1 ++++ b/testdata/testinput1 +@@ -6427,4 +6427,13 @@ ef) x/x,mark + "(?(DEFINE)(?bar))(?\x{8c}748364< ++ ++/a{65536/ ++ >a{65536< ++ + # End of testinput1 +diff --git a/testdata/testinput11 b/testdata/testinput11 +index 2d267d6..2bc8a25 100644 +--- a/testdata/testinput11 ++++ b/testdata/testinput11 +@@ -368,4 +368,7 @@ + abÿAz + ab\x{80000041}z + ++/(?i:A{1,}\6666666666)/ ++ A\x{1b6}6666666 ++ + # End of testinput11 +diff --git a/testdata/testinput2 b/testdata/testinput2 +index 47320eb..695bb60 100644 +--- a/testdata/testinput2 ++++ b/testdata/testinput2 +@@ -2189,8 +2189,6 @@ + + /a(*MARK)b/ + +-/(?i:A{1,}\6666666666)/ +- + /\g6666666666/ + + /[\g6666666666]/B +diff --git a/testdata/testinput9 b/testdata/testinput9 +index 7be4b15..4eb228a 100644 +--- a/testdata/testinput9 ++++ b/testdata/testinput9 +@@ -260,4 +260,7 @@ + + /(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':Æ¿)/ + ++/(?i:A{1,}\6666666666)/ ++ A\x{1b6}6666666 ++ + # End of testinput9 +diff --git a/testdata/testoutput1 b/testdata/testoutput1 +index 470e412..666ae8c 100644 +--- a/testdata/testoutput1 ++++ b/testdata/testoutput1 +@@ -10186,4 +10186,16 @@ No match + word + 0: word + ++/a{1,2,3}b/ ++ a{1,2,3}b ++ 0: a{1,2,3}b ++ ++/\214748364/ ++ >\x{8c}748364< ++ 0: \x8c748364 ++ ++/a{65536/ ++ >a{65536< ++ 0: a{65536 ++ + # End of testinput1 +diff --git a/testdata/testoutput11-16 b/testdata/testoutput11-16 +index 78bf7fb..8768785 100644 +--- a/testdata/testoutput11-16 ++++ b/testdata/testoutput11-16 +@@ -661,4 +661,8 @@ Subject length lower bound = 1 + abÿAz + ab\x{80000041}z + ++/(?i:A{1,}\6666666666)/ ++ A\x{1b6}6666666 ++ 0: A\x{1b6}6666666 ++ + # End of testinput11 +diff --git a/testdata/testoutput11-32 b/testdata/testoutput11-32 +index 4b00384..2c95f61 100644 +--- a/testdata/testoutput11-32 ++++ b/testdata/testoutput11-32 +@@ -667,4 +667,8 @@ Subject length lower bound = 1 + ab\x{80000041}z + 0: ab\x{80000041}z + ++/(?i:A{1,}\6666666666)/ ++ A\x{1b6}6666666 ++ 0: A\x{1b6}6666666 ++ + # End of testinput11 +diff --git a/testdata/testoutput2 b/testdata/testoutput2 +index c06363a..0fdbe13 100644 +--- a/testdata/testoutput2 ++++ b/testdata/testoutput2 +@@ -8374,9 +8374,6 @@ No match + /a(*MARK)b/ + Failed: error 166 at offset 7: (*MARK) must have an argument + +-/(?i:A{1,}\6666666666)/ +-Failed: error 161 at offset 19: subpattern number is too big +- + /\g6666666666/ + Failed: error 161 at offset 7: subpattern number is too big + +diff --git a/testdata/testoutput9 b/testdata/testoutput9 +index f98f276..1ec4317 100644 +--- a/testdata/testoutput9 ++++ b/testdata/testoutput9 +@@ -367,4 +367,8 @@ Failed: error 134 at offset 14: character code point value in \x{} or \o{} is to + /(*:*++++++++++++''''''''''''''''''''+''+++'+++x+++++++++++++++++++++++++++++++++++(++++++++++++++++++++:++++++%++:''''''''''''''''''''''''+++++++++++++++++++++++++++++++++++++++++++++++++++++-++++++++k+++++++''''+++'+++++++++++++++++++++++''''++++++++++++':Æ¿)/ + Failed: error 176 at offset 259: name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN) + ++/(?i:A{1,}\6666666666)/ ++Failed: error 151 at offset 13: octal value is greater than \377 in 8-bit non-UTF-8 mode ++ A\x{1b6}6666666 ++ + # End of testinput9 +-- +2.27.0 + diff --git a/backport-Fixed-a-bug-in-character-set-matching-when-JIT-is-en.patch b/backport-Fixed-a-bug-in-character-set-matching-when-JIT-is-en.patch new file mode 100644 index 0000000000000000000000000000000000000000..67ae0eaae21130b4d1482199d6280b053cc4d4e3 --- /dev/null +++ b/backport-Fixed-a-bug-in-character-set-matching-when-JIT-is-en.patch @@ -0,0 +1,92 @@ +From 3bdc76e4f35dc2f61ac788d829164367cc63fdb6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zolt=C3=A1n=20Herczeg?= +Date: Sat, 19 Sep 2020 03:49:32 +0000 +Subject: [PATCH] Fixed a bug in character set matching when JIT is enabled. + +Conflict:adapt context and delete Changelog +Reference:https://github.com/PhilipHazel/pcre2/commit/3bdc76e4f35dc2f61ac788d829164367cc63fdb6 +--- + src/pcre2_jit_compile.c | 36 ++++++++++++++++++++++++++++-------- + src/pcre2_jit_test.c | 1 + + 2 files changed, 29 insertions(+), 8 deletions(-) + +diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c +index fae0f7a..a65eafe 100644 +--- a/src/pcre2_jit_compile.c ++++ b/src/pcre2_jit_compile.c +@@ -7670,25 +7670,43 @@ if (needstype || needsscript) + } + + cc = ccbegin; +- } + +- if (needschar) +- OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); ++ if (needstype) ++ { ++ /* TMP2 has already been shifted by 2 */ ++ if (!needschar) ++ { ++ OP2(SLJIT_ADD, TMP1, 0, TMP2, 0, TMP2, 0); ++ OP2(SLJIT_ADD, TMP1, 0, TMP1, 0, TMP2, 0); ++ ++ OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype)); ++ } ++ else ++ { ++ OP2(SLJIT_ADD, TMP1, 0, TMP2, 0, TMP2, 0); ++ OP2(SLJIT_ADD, TMP2, 0, TMP2, 0, TMP1, 0); + +- if (needstype) ++ OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); ++ OP1(SLJIT_MOV_U8, RETURN_ADDR, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype)); ++ typereg = RETURN_ADDR; ++ } ++ } ++ else if (needschar) ++ OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); ++ } ++ else if (needstype) + { ++ OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 3); ++ OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 2); ++ + if (!needschar) + { +- OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 3); +- OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 2); + OP2(SLJIT_ADD, TMP1, 0, TMP1, 0, TMP2, 0); + + OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype)); + } + else + { +- OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 2); +- OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 3); + OP2(SLJIT_ADD, TMP2, 0, TMP2, 0, TMP1, 0); + + OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); +@@ -7696,6 +7714,8 @@ if (needstype || needsscript) + typereg = RETURN_ADDR; + } + } ++ else if (needschar) ++ OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); + } + #endif /* SUPPORT_UNICODE */ + +diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c +index 2f49867..40a20a1 100644 +--- a/src/pcre2_jit_test.c ++++ b/src/pcre2_jit_test.c +@@ -410,6 +410,7 @@ static struct regression_test_case regression_test_cases[] = { + { MUP, A, 0, 0 | F_PROPERTY, "[\\P{L&}]{2}[^\xc2\x85-\xc2\x89\\p{Ll}\\p{Lu}]{2}", "\xc3\xa9\xe6\x92\xad.a\xe6\x92\xad|\xc2\x8a#" }, + { PCRE2_UCP, 0, 0, 0 | F_PROPERTY, "[a-b\\s]{2,5}[^a]", "AB baaa" }, + { CMUP, 0, 0, 0, "[^S]\\B", "\xe2\x80\x8a" }, ++ { MUP, 0, 0, 0 | F_NOMATCH, "[^\\p{Hangul}\\p{Z}]", " " }, + + /* Possible empty brackets. */ + { MU, A, 0, 0, "(?:|ab||bc|a)+d", "abcxabcabd" }, +-- +2.27.0 + diff --git a/backport-Fixed-a-word-boundary-check-bug-in-JIT-when-partial-.patch b/backport-Fixed-a-word-boundary-check-bug-in-JIT-when-partial-.patch new file mode 100644 index 0000000000000000000000000000000000000000..860eb96ccfa81d4cef114c0eb3d05cc498a83db1 --- /dev/null +++ b/backport-Fixed-a-word-boundary-check-bug-in-JIT-when-partial-.patch @@ -0,0 +1,61 @@ +From 2451870e3c47a849d729ed83dce4d7434460f49b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zolt=C3=A1n=20Herczeg?= +Date: Tue, 27 Oct 2020 08:16:04 +0000 +Subject: [PATCH] Fixed a word boundary check bug in JIT when partial matching + is enabled. + +Conflict:delete Changelog +Reference:https://github.com/PhilipHazel/pcre2/commit/2451870e3c47a849d729ed83dce4d7434460f49b +--- + src/pcre2_jit_compile.c | 2 ++ + testdata/testinput10 | 4 ++++ + testdata/testoutput10 | 6 ++++++ + 3 files changed, 12 insertions(+) + +diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c +index 03726b8..3d699a0 100644 +--- a/src/pcre2_jit_compile.c ++++ b/src/pcre2_jit_compile.c +@@ -6571,9 +6571,11 @@ if (common->invalid_utf) + + if (common->mode != PCRE2_JIT_COMPLETE) + { ++ OP1(SLJIT_MOV, RETURN_ADDR, 0, TMP1, 0); + OP1(SLJIT_MOV, TMP2, 0, STR_PTR, 0); + move_back(common, NULL, TRUE); + check_start_used_ptr(common); ++ OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0); + OP1(SLJIT_MOV, STR_PTR, 0, TMP2, 0); + } + } +diff --git a/testdata/testinput10 b/testdata/testinput10 +index efd3298..53e37cb 100644 +--- a/testdata/testinput10 ++++ b/testdata/testinput10 +@@ -613,4 +613,8 @@ + /A/utf,match_invalid_utf,caseless + \xe5A + ++/\bch\b/utf,match_invalid_utf ++ qchq\=ph ++ qchq\=ps ++ + # End of testinput10 +diff --git a/testdata/testoutput10 b/testdata/testoutput10 +index 2a3803f..d408510 100644 +--- a/testdata/testoutput10 ++++ b/testdata/testoutput10 +@@ -1875,4 +1875,10 @@ Subject length lower bound = 1 + \xe5A + 0: A + ++/\bch\b/utf,match_invalid_utf ++ qchq\=ph ++Partial match: ++ qchq\=ps ++Partial match: ++ + # End of testinput10 +-- +2.27.0 + diff --git a/backport-Fixed-an-issue-in-the-backtracking-optimization-of-c.patch b/backport-Fixed-an-issue-in-the-backtracking-optimization-of-c.patch new file mode 100644 index 0000000000000000000000000000000000000000..27139769e7524824d872fbec2d18cf00a54d178c --- /dev/null +++ b/backport-Fixed-an-issue-in-the-backtracking-optimization-of-c.patch @@ -0,0 +1,62 @@ +From 4851890ede31313655e19180f4959ed348fee580 Mon Sep 17 00:00:00 2001 +From: Zoltan Herczeg +Date: Thu, 14 Jul 2022 05:25:39 +0200 +Subject: [PATCH] Fixed an issue in the backtracking optimization of character + repeats in JIT (#135) + +Conflict:NA +Reference:https://github.com/PhilipHazel/pcre2/commit/4851890ede31313655e19180f4959ed348fee580 +--- + src/pcre2_jit_compile.c | 20 ++++++++++---------- + src/pcre2_jit_test.c | 1 + + 2 files changed, 11 insertions(+), 10 deletions(-) + +diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c +index 9b6c580..3d699a0 100644 +--- a/src/pcre2_jit_compile.c ++++ b/src/pcre2_jit_compile.c +@@ -11286,19 +11286,19 @@ if (exact > 1) + } + } + else if (exact == 1) +- { + compile_char1_matchingpath(common, type, cc, &backtrack->topbacktracks, TRUE); + +- if (early_fail_type == type_fail_range) +- { +- OP1(SLJIT_MOV, TMP1, 0, SLJIT_MEM1(SLJIT_SP), early_fail_ptr); +- OP1(SLJIT_MOV, TMP2, 0, SLJIT_MEM1(SLJIT_SP), early_fail_ptr + (int)sizeof(sljit_sw)); +- OP2(SLJIT_SUB, TMP1, 0, TMP1, 0, TMP2, 0); +- OP2(SLJIT_SUB, TMP2, 0, STR_PTR, 0, TMP2, 0); +- add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_LESS_EQUAL, TMP2, 0, TMP1, 0)); ++if (early_fail_type == type_fail_range) ++ { ++ /* Range end first, followed by range start. */ ++ OP1(SLJIT_MOV, TMP1, 0, SLJIT_MEM1(SLJIT_SP), early_fail_ptr); ++ OP1(SLJIT_MOV, TMP2, 0, SLJIT_MEM1(SLJIT_SP), early_fail_ptr + (int)sizeof(sljit_sw)); ++ OP2(SLJIT_SUB, TMP1, 0, TMP1, 0, TMP2, 0); ++ OP2(SLJIT_SUB, TMP2, 0, STR_PTR, 0, TMP2, 0); ++ add_jump(compiler, &backtrack->topbacktracks, CMP(SLJIT_LESS_EQUAL, TMP2, 0, TMP1, 0)); + +- OP1(SLJIT_MOV, SLJIT_MEM1(SLJIT_SP), early_fail_ptr + (int)sizeof(sljit_sw), STR_PTR, 0); +- } ++ OP1(SLJIT_MOV, SLJIT_MEM1(SLJIT_SP), early_fail_ptr, STR_PTR, 0); ++ OP1(SLJIT_MOV, SLJIT_MEM1(SLJIT_SP), early_fail_ptr + (int)sizeof(sljit_sw), STR_PTR, 0); + } + + switch(opcode) +diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c +index dc54260..130e8d2 100644 +--- a/src/pcre2_jit_test.c ++++ b/src/pcre2_jit_test.c +@@ -351,6 +351,7 @@ static struct regression_test_case regression_test_cases[] = { + { MU, A, 0, 0, ".[ab]*a", "xxa" }, + { MU, A, 0, 0, ".[ab]?.", "xx" }, + { MU, A, 0, 0, "_[ab]+_*a", "_aa" }, ++ { M, PCRE2_NEWLINE_CRLF, 0, 0, "\\n?.+#", "\n,\n,#" }, + + /* Bracket repeats with limit. */ + { MU, A, 0, 0, "(?:(ab){2}){5}M", "abababababababababababM" }, +-- +2.27.0 + diff --git a/backport-Fixed-race-condition-that-occurs-when-initializing-t.patch b/backport-Fixed-race-condition-that-occurs-when-initializing-t.patch new file mode 100644 index 0000000000000000000000000000000000000000..739439ec50cbc5583dd18575327687b97867fff0 --- /dev/null +++ b/backport-Fixed-race-condition-that-occurs-when-initializing-t.patch @@ -0,0 +1,56 @@ +From 45af1203bdb5d1ccccc27526ce38c36f49196ccc Mon Sep 17 00:00:00 2001 +From: larinsv <97248465+larinsv@users.noreply.github.com> +Date: Wed, 18 May 2022 13:16:00 +0300 +Subject: [PATCH] Fixed race condition that occurs when initializing the + executable_allocator_is_working variable in the pcre2_jit_compile function + (#91) + +Conflict:adapt context +Reference:https://github.com/PhilipHazel/pcre2/commit/45af1203bdb5d1ccccc27526ce38c36f49196ccc +--- + src/pcre2_jit_compile.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c +index 64c18f7..6155ed7 100644 +--- a/src/pcre2_jit_compile.c ++++ b/src/pcre2_jit_compile.c +@@ -14184,7 +14184,7 @@ actions are needed: + + #ifdef SUPPORT_JIT + executable_functions *functions = (executable_functions *)re->executable_jit; +-static int executable_allocator_is_working = 0; ++static int executable_allocator_is_working = -1; + #endif + + if ((options & PCRE2_JIT_INVALID_UTF) != 0) +@@ -14211,23 +14211,22 @@ return PCRE2_ERROR_JIT_BADOPTION; + + if ((re->flags & PCRE2_NOJIT) != 0) return 0; + +-if (executable_allocator_is_working == 0) ++if (executable_allocator_is_working == -1) + { + /* Checks whether the executable allocator is working. This check + might run multiple times in multi-threaded environments, but the + result should not be affected by it. */ + void *ptr = SLJIT_MALLOC_EXEC(32); + +- executable_allocator_is_working = -1; +- + if (ptr != NULL) + { + SLJIT_FREE_EXEC(((sljit_u8*)(ptr)) + SLJIT_EXEC_OFFSET(ptr)); + executable_allocator_is_working = 1; + } ++ else executable_allocator_is_working = 0; + } + +-if (executable_allocator_is_working < 0) ++if (!executable_allocator_is_working) + return PCRE2_ERROR_NOMEMORY; + + if ((re->overall_options & PCRE2_MATCH_INVALID_UTF) != 0) +-- +2.27.0 + diff --git a/backport-jit-avoid-integer-wraparound-in-stack-size-definitio.patch b/backport-jit-avoid-integer-wraparound-in-stack-size-definitio.patch new file mode 100644 index 0000000000000000000000000000000000000000..e8411353907707f5231a438ef2414dc50a3867df --- /dev/null +++ b/backport-jit-avoid-integer-wraparound-in-stack-size-definitio.patch @@ -0,0 +1,60 @@ +From eb42305f072549facb3293f392f25768f35fa218 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= +Date: Fri, 19 Nov 2021 00:23:46 -0800 +Subject: [PATCH] jit: avoid integer wraparound in stack size definition (#42) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +pcre2_jit_stack_create() allows the user to indicate how big of a +stack size JIT should be able to allocate and use, using a size_t +variable which should be able to hold bigger values than reasonable. + +Internally, the value is rounded to the next 8K, but if the value +is unreasonable large, would overflow and could result in a smaller +than expected stack or a maximun size that is smaller than the +minimum.. + +Avoid the overflow by checking the value and failing early, and +while at it make the check clearer while documenting the failure +mode. + +Signed-off-by: Carlo Marcelo Arenas Belón + +Conflict:NA +Reference:https://github.com/PhilipHazel/pcre2/commit/eb42305f072549facb3293f392f25768f35fa218 +--- + doc/pcre2_jit_stack_create.3 | 3 ++- + src/pcre2_jit_misc.c | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/doc/pcre2_jit_stack_create.3 b/doc/pcre2_jit_stack_create.3 +index f0b29f0..d332b72 100644 +--- a/doc/pcre2_jit_stack_create.3 ++++ b/doc/pcre2_jit_stack_create.3 +@@ -22,7 +22,8 @@ allocation. The result can be passed to the JIT run-time code by calling + \fBpcre2_jit_stack_assign()\fP to associate the stack with a compiled pattern, + which can then be processed by \fBpcre2_match()\fP or \fBpcre2_jit_match()\fP. + A maximum stack size of 512KiB to 1MiB should be more than enough for any +-pattern. For more details, see the ++pattern. If the stack couldn't be allocated or the values passed were not ++reasonable, NULL will be returned. For more details, see the + .\" HREF + \fBpcre2jit\fP + .\" +diff --git a/src/pcre2_jit_misc.c b/src/pcre2_jit_misc.c +index ec924e0..d532df9 100644 +--- a/src/pcre2_jit_misc.c ++++ b/src/pcre2_jit_misc.c +@@ -135,7 +135,7 @@ return NULL; + + pcre2_jit_stack *jit_stack; + +-if (startsize < 1 || maxsize < 1) ++if (startsize == 0 || maxsize == 0 || maxsize > PCRE2_SIZE_MAX - STACK_GROWTH_RATE) + return NULL; + if (startsize > maxsize) + startsize = maxsize; +-- +2.27.0 + diff --git a/backport-jit-use-correct-type-when-checking-for-max-value-73.patch b/backport-jit-use-correct-type-when-checking-for-max-value-73.patch new file mode 100644 index 0000000000000000000000000000000000000000..b79ab56ebc5aeb630d7af639a3af663144efdd00 --- /dev/null +++ b/backport-jit-use-correct-type-when-checking-for-max-value-73.patch @@ -0,0 +1,45 @@ +From 14dbc6e6ec9900b2e06a04d2612de37ccd564dfc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= +Date: Thu, 6 Jan 2022 05:46:43 -0800 +Subject: [PATCH] jit: use correct type when checking for max value (#73) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +eb42305f (jit: avoid integer wraparound in stack size definition (#42), +2021-11-19) introduces a check to avoid an integer overflow when +allocating stack size for JIT. + +Unfortunately the maximum value was using PCRE2_SIZE_MAX, eventhough +the variable is of type size_t, so correct it. + +Practically; the issue shouldn't affect the most common configurations +where both values are the same, and it will be unlikely that there would +be a configuration where PCRE2_SIZE_MAX > SIZE_MAX, hence the mistake +is unlikely to have reintroduced the original bug and this change should +be therefore mostly equivalent. + +Signed-off-by: Carlo Marcelo Arenas Belón + +Conflict:NA +Reference:https://github.com/PhilipHazel/pcre2/commit/14dbc6e6ec9900b2e06a04d2612de37ccd564dfc +--- + src/pcre2_jit_misc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pcre2_jit_misc.c b/src/pcre2_jit_misc.c +index d532df9..e57afad 100644 +--- a/src/pcre2_jit_misc.c ++++ b/src/pcre2_jit_misc.c +@@ -135,7 +135,7 @@ return NULL; + + pcre2_jit_stack *jit_stack; + +-if (startsize == 0 || maxsize == 0 || maxsize > PCRE2_SIZE_MAX - STACK_GROWTH_RATE) ++if (startsize == 0 || maxsize == 0 || maxsize > SIZE_MAX - STACK_GROWTH_RATE) + return NULL; + if (startsize > maxsize) + startsize = maxsize; +-- +2.27.0 + diff --git a/backport-match-avoid-crash-if-subject-NULL-and-PCRE2_ZERO_TER.patch b/backport-match-avoid-crash-if-subject-NULL-and-PCRE2_ZERO_TER.patch new file mode 100644 index 0000000000000000000000000000000000000000..0b8c744976a998a46e8ff660dfdec85adde06a90 --- /dev/null +++ b/backport-match-avoid-crash-if-subject-NULL-and-PCRE2_ZERO_TER.patch @@ -0,0 +1,193 @@ +From ae4e6261e5681658f88a0dff8eb2d60112bd7e54 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Carlo=20Marcelo=20Arenas=20Bel=C3=B3n?= +Date: Sat, 27 Nov 2021 08:49:31 -0800 +Subject: [PATCH] match: avoid crash if subject NULL and PCRE2_ZERO_TERMINATED + (#53) + +* pcre2_match: avoid crash if subject NULL and PCRE2_ZERO_TERMINATED + +When length of subject is PCRE2_ZERO_TERMINATED strlen is used +to calculate its size, which will trigger a crash if subject is +also NULL. + +Move the NULL check before strlen on it would be used, and make +sure or dependent variables are set after the NULL validation +as well. + +While at it, fix a typo in a debug flag in the same file, which +is otherwise unrelated and make sure the full section of constrain +checks can be identified clearly using the leading comment alone. + +* pcre2_dfa_match: avoid crash if subject NULL and PCRE2_ZERO_TERMINATED + +When length of subject is PCRE2_ZERO_TERMINATED strlen is used +to calculate its size, which will trigger a crash if subject is +also NULL. + +Move the NULL check before the detection for subject sizes to +avoid this issue. + +* pcre2_substitute: avoid crash if subject or replacement are NULL + +The underlying pcre2_match() function will validate the subject if +needed, but will crash when length is PCRE2_ZERO_TERMINATED or if +subject == NULL and pcre2_match() is not being called because +match_data was provided. + +The replacement parameter is missing NULL checks, and so currently +allows for an equivalent response to "" if rlength == 0. + +Restrict all other cases to avoid strlen(NULL) crashes in the same +way that is done for subject, but also make sure to reject invalid +length values as early as possible. + +Conflict:NA +Reference:https://github.com/PhilipHazel/pcre2/commit/ae4e6261e5681658f88a0dff8eb2d60112bd7e54 +--- + doc/pcre2api.3 | 4 +++- + src/pcre2_dfa_match.c | 12 +++++------- + src/pcre2_match.c | 20 ++++++++++---------- + src/pcre2_substitute.c | 15 ++++++++++----- + 4 files changed, 28 insertions(+), 23 deletions(-) + +diff --git a/doc/pcre2api.3 b/doc/pcre2api.3 +index 1caccbb..fe84fa4 100644 +--- a/doc/pcre2api.3 ++++ b/doc/pcre2api.3 +@@ -3649,7 +3649,9 @@ needed is returned via \fIoutlengthptr\fP. Note that this does not happen by + default. + .P + PCRE2_ERROR_NULL is returned if PCRE2_SUBSTITUTE_MATCHED is set but the +-\fImatch_data\fP argument is NULL. ++\fImatch_data\fP argument is NULL or if the \fIsubject\fP or \fIreplacement\fP ++arguments are NULL. For backward compatibility reasons an exception is made for ++the \fIreplacement\fP argument if the \fIrlength\fP argument is also 0. + .P + PCRE2_ERROR_BADREPLACEMENT is used for miscellaneous syntax errors in the + replacement string, with more particular errors being PCRE2_ERROR_BADREPESCAPE +diff --git a/src/pcre2_dfa_match.c b/src/pcre2_dfa_match.c +index 060dc76..a97e071 100644 +--- a/src/pcre2_dfa_match.c ++++ b/src/pcre2_dfa_match.c +@@ -3285,8 +3285,11 @@ rws->next = NULL; + rws->size = RWS_BASE_SIZE; + rws->free = RWS_BASE_SIZE - RWS_ANCHOR_SIZE; + +-/* A length equal to PCRE2_ZERO_TERMINATED implies a zero-terminated +-subject string. */ ++/* Plausibility checks */ ++ ++if ((options & ~PUBLIC_DFA_MATCH_OPTIONS) != 0) return PCRE2_ERROR_BADOPTION; ++if (re == NULL || subject == NULL || workspace == NULL || match_data == NULL) ++ return PCRE2_ERROR_NULL; + + if (length == PCRE2_ZERO_TERMINATED) + { +@@ -3294,11 +3297,6 @@ if (length == PCRE2_ZERO_TERMINATED) + was_zero_terminated = 1; + } + +-/* Plausibility checks */ +- +-if ((options & ~PUBLIC_DFA_MATCH_OPTIONS) != 0) return PCRE2_ERROR_BADOPTION; +-if (re == NULL || subject == NULL || workspace == NULL || match_data == NULL) +- return PCRE2_ERROR_NULL; + if (wscount < 20) return PCRE2_ERROR_DFA_WSSIZE; + if (start_offset > length) return PCRE2_ERROR_BADOFFSET; + +diff --git a/src/pcre2_match.c b/src/pcre2_match.c +index f28cdbb..ea8ca5d 100644 +--- a/src/pcre2_match.c ++++ b/src/pcre2_match.c +@@ -49,7 +49,7 @@ POSSIBILITY OF SUCH DAMAGE. + /* #define DEBUG_SHOW_OPS */ + /* #define DEBUG_SHOW_RMATCH */ + +-#ifdef DEBUG_FRAME_DISPLAY ++#ifdef DEBUG_FRAMES_DISPLAY + #include + #endif + +@@ -6129,8 +6129,8 @@ PCRE2_UCHAR req_cu2 = 0; + PCRE2_SPTR bumpalong_limit; + PCRE2_SPTR end_subject; + PCRE2_SPTR true_end_subject; +-PCRE2_SPTR start_match = subject + start_offset; +-PCRE2_SPTR req_cu_ptr = start_match - 1; ++PCRE2_SPTR start_match; ++PCRE2_SPTR req_cu_ptr; + PCRE2_SPTR start_partial; + PCRE2_SPTR match_partial; + +@@ -6170,9 +6170,14 @@ PCRE2_SPTR stack_frames_vector[START_FRAMES_SIZE/sizeof(PCRE2_SPTR)] + PCRE2_KEEP_UNINITIALIZED; + mb->stack_frames = (heapframe *)stack_frames_vector; + +-/* A length equal to PCRE2_ZERO_TERMINATED implies a zero-terminated +-subject string. */ ++/* Plausibility checks */ ++ ++if ((options & ~PUBLIC_MATCH_OPTIONS) != 0) return PCRE2_ERROR_BADOPTION; ++if (code == NULL || subject == NULL || match_data == NULL) ++ return PCRE2_ERROR_NULL; + ++start_match = subject + start_offset; ++req_cu_ptr = start_match - 1; + if (length == PCRE2_ZERO_TERMINATED) + { + length = PRIV(strlen)(subject); +@@ -6180,11 +6185,6 @@ if (length == PCRE2_ZERO_TERMINATED) + } + true_end_subject = end_subject = subject + length; + +-/* Plausibility checks */ +- +-if ((options & ~PUBLIC_MATCH_OPTIONS) != 0) return PCRE2_ERROR_BADOPTION; +-if (code == NULL || subject == NULL || match_data == NULL) +- return PCRE2_ERROR_NULL; + if (start_offset > length) return PCRE2_ERROR_BADOFFSET; + + /* Check that the first field in the block is the magic number. */ +diff --git a/src/pcre2_substitute.c b/src/pcre2_substitute.c +index 981a106..7aefb60 100644 +--- a/src/pcre2_substitute.c ++++ b/src/pcre2_substitute.c +@@ -260,6 +260,12 @@ PCRE2_UNSET, so as not to imply an offset in the replacement. */ + if ((options & (PCRE2_PARTIAL_HARD|PCRE2_PARTIAL_SOFT)) != 0) + return PCRE2_ERROR_BADOPTION; + ++/* Validate length and find the end of the replacement. */ ++if (replacement == NULL && rlength > 0) return PCRE2_ERROR_NULL; ++else if (rlength == PCRE2_ZERO_TERMINATED) ++ rlength = PRIV(strlen)(replacement); ++repend = replacement + rlength; ++ + /* Check for using a match that has already happened. Note that the subject + pointer in the match data may be NULL after a no-match. */ + +@@ -292,6 +298,7 @@ else if (use_existing_match) + (pcre2_general_context *)mcontext; + int pairs = (code->top_bracket + 1 < match_data->oveccount)? + code->top_bracket + 1 : match_data->oveccount; ++ if (subject == NULL) return PCRE2_ERROR_NULL; + internal_match_data = pcre2_match_data_create(match_data->oveccount, + gcontext); + if (internal_match_data == NULL) return PCRE2_ERROR_NOMEMORY; +@@ -312,11 +319,9 @@ scb.input = subject; + scb.output = (PCRE2_SPTR)buffer; + scb.ovector = ovector; + +-/* Find lengths of zero-terminated strings and the end of the replacement. */ +- +-if (length == PCRE2_ZERO_TERMINATED) length = PRIV(strlen)(subject); +-if (rlength == PCRE2_ZERO_TERMINATED) rlength = PRIV(strlen)(replacement); +-repend = replacement + rlength; ++/* Find lengths of zero-terminated subject */ ++if (length == PCRE2_ZERO_TERMINATED) ++ length = subject? PRIV(strlen)(subject) : 0; + + /* Check UTF replacement string if necessary. */ + +-- +2.27.0 + diff --git a/pcre2.spec b/pcre2.spec index bd6d18e7f397eed71508c82c4d78c9d2ac3ab7ca..fee524c90befe228aef3f62a96df07be8725a99c 100644 --- a/pcre2.spec +++ b/pcre2.spec @@ -1,27 +1,38 @@ Name: pcre2 Version: 10.35 -Release: 2 +Release: 3 Summary: Perl Compatible Regular Expressions License: BSD URL: http://www.pcre.org/ Source0: https://ftp.pcre.org/pub/pcre/%{name}-%{version}.tar.bz2 # Do no set RPATH if libdir is not /usr/lib -Patch0: pcre2-10.10-Fix-multilib.patch +Patch6000: pcre2-10.10-Fix-multilib.patch # 1/2 Enable shadow stack built-in functions if -fcf-protection compiler flag is -Patch1: pcre2-10.35-Apply-H.J.-Lu-s-patch-to-pass-mshstk-to-the-compiler.patch +Patch6001: pcre2-10.35-Apply-H.J.-Lu-s-patch-to-pass-mshstk-to-the-compiler.patch # 2/2 Enable shadow stack built-in functions if -fcf-protection compiler flag is -Patch2: pcre2-10.35-Fix-previous-commit-include-CET_CFLAGS-in-16-bit-and.patch +Patch6002: pcre2-10.35-Fix-previous-commit-include-CET_CFLAGS-in-16-bit-and.patch # Fix an infinite loop when a single-byte newline is search in JIT if an -Patch3: pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch +Patch6003: pcre2-10.35-Fix-inifinite-loop-when-a-single-byte-newline-is-sea.patch # Fix a buffer overread when parsing an unterminated VERSION condition with # a single-digit minor number at the end of a regular expression, -Patch4: pcre2-10.35-Fix-read-overflow-for-invalid-VERSION-test-with-one-.patch +Patch6004: pcre2-10.35-Fix-read-overflow-for-invalid-VERSION-test-with-one-.patch # Fix an early fail optimization with character ranges and a buffer overread -Patch5: pcre2-10.35-Fix-an-early-fail-optimization-issue-and-a-buffer-ov.patch -Patch6: backport-CVE-2022-1586-1.patch -Patch7: backport-CVE-2022-1586-2.patch -Patch8: backport-CVE-2022-1587.patch +Patch6005: pcre2-10.35-Fix-an-early-fail-optimization-issue-and-a-buffer-ov.patch +Patch6006: backport-CVE-2022-1586-1.patch +Patch6007: backport-CVE-2022-1586-2.patch +Patch6008: backport-CVE-2022-1587.patch +Patch6009: backport-Fix-Bugzilla-2642-no-match-bug-in-8-bit-mode-for-cas.patch +Patch6010: backport-Fixed-a-bug-in-character-set-matching-when-JIT-is-en.patch +Patch6011: backport-Fixed-a-word-boundary-check-bug-in-JIT-when-partial-.patch +Patch6012: backport-Fix-some-numerical-checking-bugs-Bugzilla-2690.patch +Patch6013: backport-Fix-K-within-recursion-bug-in-interpreter.patch +Patch6014: backport-jit-avoid-integer-wraparound-in-stack-size-definitio.patch +Patch6015: backport-jit-use-correct-type-when-checking-for-max-value-73.patch +Patch6016: backport-match-avoid-crash-if-subject-NULL-and-PCRE2_ZERO_TER.patch +Patch6017: backport-Fix-recursion-issue-in-JIT.patch +Patch6018: backport-Fixed-race-condition-that-occurs-when-initializing-t.patch +Patch6019: backport-Fixed-an-issue-in-the-backtracking-optimization-of-c.patch BuildRequires: autoconf libtool automake coreutils gcc make readline-devel Obsoletes: pcre2-utf16 pcre2-utf32 pcre2-tools @@ -138,6 +149,9 @@ make check %{_pkgdocdir}/html/ %changelog +* Tue Oct 18 2022 yangmingtai - 10.35-3 +- DESC:sync community patchs + * Sat May 28 2022 yangmingtai - 10.35-2 - DESC:fix CVE-2022-1586 and CVE-2022-1587