--- - branch: pkgsrc-2014Q3 date: Thu Dec 4 19:28:20 UTC 2014 files: - new: 1.72.4.1 old: '1.72' path: pkgsrc/devel/pcre/Makefile pathrev: pkgsrc/devel/pcre/Makefile@1.72.4.1 type: modified - new: 1.53.4.1 old: '1.53' path: pkgsrc/devel/pcre/distinfo pathrev: pkgsrc/devel/pcre/distinfo@1.53.4.1 type: modified - new: 1.1.2.2 old: '0' path: pkgsrc/devel/pcre/patches/patch-CVE-2014-8964 pathrev: pkgsrc/devel/pcre/patches/patch-CVE-2014-8964@1.1.2.2 type: added - new: 1.15.22.1 old: '1.15' path: pkgsrc/devel/pcre/patches/patch-aa pathrev: pkgsrc/devel/pcre/patches/patch-aa@1.15.22.1 type: modified - new: 1.8.22.1 old: '1.8' path: pkgsrc/devel/pcre/patches/patch-ab pathrev: pkgsrc/devel/pcre/patches/patch-ab@1.8.22.1 type: modified id: 20141204T192820Z.cdcdaec2d4b971b52c7bcfa0c32a60be275085d6 log: "Pullup ticket #4565 - requested by he\ndevel/pcre: security update\n\nRevisions pulled up:\n- devel/pcre/Makefile 1.73,1.75\n- devel/pcre/distinfo 1.54-1.55\n- devel/pcre/patches/patch-CVE-2014-8964 \ 1.1\n- devel/pcre/patches/patch-aa 1.16\n- devel/pcre/patches/patch-ab 1.9\n\n---\n Module Name:\tpkgsrc\n Committed By:\twiz\n Date:\t\tWed Oct 1 11:45:00 UTC 2014\n\n \ Modified Files:\n \tpkgsrc/devel/pcre: Makefile distinfo\n\n Log Message:\n \ Update to 8.36:\n\n Version 8.36 26-September-2014\n ------------------------------\n\n \ 1. Got rid of some compiler warnings in the C++ modules that were shown up by\n -Wmissing-field-initializers and -Wunused-parameter.\n\n 2. The tests for quantifiers being too big (greater than 65535) were being\n applied after reading the number, and stupidly assuming that integer\n overflow would give a negative number. The tests are now applied as the\n numbers are read.\n\n 3. Tidy code in pcre_exec.c where two branches that used to be different are\n now the same.\n\n 4. The JIT compiler did not generate match limit checks for certain\n bracketed expressions with quantifiers. This may lead to exponential\n backtracking, instead of returning with PCRE_ERROR_MATCHLIMIT. This\n issue should be resolved now.\n\n 5. Fixed an issue, which occures when nested alternatives are optimized\n with table jumps.\n\n 6. Inserted two casts and changed some ints to size_t in the light of some\n reported 64-bit compiler warnings (Bugzilla 1477).\n\n 7. Fixed a bug concerned with zero-minimum possessive groups that could match\n an empty string, which sometimes were behaving incorrectly in the\n interpreter (though correctly in the JIT matcher). This pcretest input is\n an example:\n\n '\\A(?:[^\"]++|\"(?:[^\"]*+|\"\")*+\")++'\n \ NON QUOTED \"QUOT\"\"ED\" AFTER \"NOT MATCHED\n\n the interpreter was reporting a match of 'NON QUOTED ' only, whereas the\n JIT matcher and Perl both matched 'NON QUOTED \"QUOT\"\"ED\" AFTER '. The test\n for an empty string was breaking the inner loop and carrying on at a lower\n level, when possessive repeated groups should always return to a higher\n level as they have no backtrack points in them. The empty string test now\n occurs at the outer level.\n\n 8. Fixed a bug that was incorrectly auto-possessifying \\w+ in the pattern\n ^\\w+(?>\\s*)(?<=\\w) which caused it not to match \"test test\".\n\n 9. Give a compile-time error for \\o{} (as Perl does) and for \\x{} (which Perl\n doesn't).\n\n 10. Change 8.34/15 introduced a bug that caused the amount of memory needed\n to hold a pattern to be incorrectly computed (too small) when there were\n named back references to duplicated names. This could cause \"internal\n error: code overflow\" or \"double free or corruption\" or other memory\n handling errors.\n\n 11. When named subpatterns had the same prefixes, back references could be\n confused. For example, in this pattern:\n\n /(?Pa)?(?Pb)?(?()c|d)*l/\n\n \ the reference to 'Name' was incorrectly treated as a reference to a\n duplicate name.\n\n 12. A pattern such as /^s?c/mi8 where the optional character has more than\n one \"other case\" was incorrectly compiled such that it would only try to\n match starting at \"c\".\n\n 13. When a pattern starting with \\s was studied, VT was not included in the\n list of possible starting characters; this should have been part of the\n 8.34/18 patch.\n\n 14. If a character class started [\\Qx]... where x is any character, the class\n was incorrectly terminated at the ].\n\n 15. If a pattern that started with a caseless match for a character with more\n than one \"other case\" was studied, PCRE did not set up the starting code\n unit bit map for the list of possible characters. Now it does. This is an\n optimization improvement, not a bug fix.\n\n 16. The Unicode data tables have been updated to Unicode 7.0.0.\n\n \ 17. Fixed a number of memory leaks in pcregrep.\n\n 18. Avoid a compiler warning (from some compilers) for a function call with\n a cast that removes \"const\" from an lvalue by using an intermediate\n variable (to which the compiler does not object).\n\n 19. Incorrect code was compiled if a group that contained an internal recursive\n back reference was optional (had quantifier with a minimum of zero). This\n example compiled incorrect code: /(((a\\2)|(a*)\\g<-1>))*/ and other examples\n caused segmentation faults because of stack overflows at compile time.\n\n 20. A pattern such as /((?(R)a|(?1)))+/, which contains a recursion within a\n group that is quantified with an indefinite repeat, caused a compile-time\n loop which used up all the system stack and provoked a segmentation fault.\n This was not the same bug as 19 above.\n\n 21. Add PCRECPP_EXP_DECL declaration to operator<< in pcre_stringpiece.h.\n Patch by Mike Frysinger.\n\n---\n Module Name:\tpkgsrc\n Committed By:\tspz\n Date:\t\tSun Nov 30 14:48:43 UTC 2014\n\n Modified Files:\n \tpkgsrc/devel/pcre: Makefile distinfo\n \tpkgsrc/devel/pcre/patches: patch-aa patch-ab\n Added Files:\n \ \tpkgsrc/devel/pcre/patches: patch-CVE-2014-8964\n\n Log Message:\n patch for CVE-2014-8964 from upstream\n\n also, patch refresh\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2014Q3] pkgsrc/devel/pcre' unixtime: '1417721300' user: tron