* SECURITY UPDATE: buffer over-read in JIT
- debian/patches/CVE-2019-20838.patch: check if type is not
extended Unicode parameter or Unicode new line in
pcre_jit_compile.c.
- CVE-2019-20838
* SECURITY UPDATE: integer overflow via a large number
- debian/patches/CVE-2020-14155.patch: ensure that the number
is lower than 256 in pcre_compile.c.
- CVE-2020-14155
* No-change rebuild for libgcc-s1 package name change.
* Patch from Andrej Shadura <andrew.shadura@collabora.co.uk> to mark one
more STL symbol as optional (Closes: #923743).
[ Matthias Klose ]
* Mark 2 STL symbols as optional (Closes: #904008)
[ Matthew Vernon ]
* Bump debian/compat to 11 (Closes: #646973)
* Fixes to debian/rules so package builds with dh compat 11
* Update symbols file (Closes: #897834
* Update symbols file (Closes: #888921)
* drive ulimit correctly (Closes: #876299)
* increase stack limit before running tests (Closes: #876299)
* patch from Sergei from MariaDB (via Ondřej Surý) to fix stack frame
size detection (Closes: #878107, #876299)
* patch from Katsuhiko Nishimra to symbols file to fix FTBFS with gcc7
(Closes: #876046, #853606)
* Remove now-deprecated Pre-Depends on multiarch-support (not needed
since jessie) (Closes: #865987)
* CVE-2017-7186: invalid Unicode property lookup may cause denial of
service (Closes: #858238)
* Non-maintainer upload.
* CVE-2017-6004: crafted regular expression may cause denial of service
(Closes: #855405)
* Update symbols file to reflect compilation with gcc6 (Closes: #811969)
[ Ian Jackson ]
* New upstream version (Closes: #832354).
- Drop CVE-2016-1283.patch (now in upstream).
- Adjusted sonames: bumped each minor number where upstream
bumped theirs.
[ Matthew Vernon ]
* Add notes encouraging people to move to pcre2
* Non-maintainer upload.
* CVE-2016-1283: heap buffer overflow in handling of duplicate named
groups (Closes: #809706)
* Apply Ubuntu patch from Iain Lane (modified by Graham Inggs) to add
symbols files (Closes: #767374)
* Apply upstream patch to fix workspace overflow for (*ACCEPT) with
deeply nested parentheses (Closes: #815921)
* New upstream version
* Remove conflicts with long-vanished pcre{1,2}-dev packages (so new PCRE2 packages can co-exist)
* Non-maintainer upload.
* Fix copy-and-paste error in Disable_JIT_on_sparc64.patch.
* Non-maintainer upload.
* Add Disable_JIT_on_sparc64.patch to disable JIT on sparc64. The patch
no_jit_x32_powerpcspe.patch to disable JIT on powerpcspe was already
added in 2:8.35-6 (Closes: #765079).
* Non-maintainer upload (with maintainer's permission).
* Add Fix-compiler-crash-misbehaviour-for-zero-repeated-gr.patch.
Fixes "PCRE Library Stack Overflow Vulnerability" (Upstream bug 1503)
* Add Fix-compile-time-loop-for-recursive-reference-within.patch.
Fixes "PCRE Call Stack Overflow Vulnerability" (Upstream bug 1515)
* Add 794589-information-disclosure.patch.
Fixes "pcre_exec does not fill offsets for certain regexps" leading to
information disclosure. (Closes: #794589)
* Add Fix-bad-compile-for-groups-like-2-0-1999.patch.
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
* Add Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch.
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
* Add Fix-buffer-overflow-for-named-recursive-back-referen.patch.
CVE-2015-3210: heap buffer overflow in pcre_compile2() /
compile_regex(). (Closes: #787433)
* Rename libpcrecpp0 to libpcrecpp0v5. Addresses: #791236.
* Add Conflict/Replaces to the old library.
* Add libpcrecpp0v5 symbols file for GCC 5.
* Apply upstream patch to fix buffer overflow for forward reference
within backward assertion with excess closing parenthesis
(Closes: #790000)
[ Thorsten Glaser ]
* Re-add patch disabling JIT on powerpcspe and x32 (Closes: #760327)
* Add back missing debian/changelog entries for 1:8.35-3.2 and 1:8.36-1
* re-enable jit on ppc64el (by dropping the patch that disables it)
(Closes: #786530)
* patch from Frederic Bonnard to fix the watch file (Closes: #785726)
[ Mattia Rizzolo ]
* Add a libpcre16-3 package with the 16 bit pcre16 library (Closes: 748781).
* Add a libpcre32-3 package with the 32 bit pcre32 library.
[ Matthew Vernon ]
* Adopt this package (Closes: #772994)
* Non-maintainer upload.
* Upstream patch for heap buffer overflow, CVE-2014-8964, taken from
1:8.36-1 (Closes: #770478)
Thanks to Salvatore Bonaccorso for the reminder.
* Non-maintainer upload.
* Update shlibs dependency to 1:8.35 for new symbol introduced in upstream
version 8.35 (Closes: #767907)
* Revert upload of upstream version 8.36 to allow this upload to migrate to
jessie.
* New upstream release
* Upped shlibs dependency to 8.35 (Closes: #767903)
* Upstream patch for heap buffer overflow, CVE-2014-8964 (Closes: #770478)
* Non-maintainer upload with maintainer permission.
* Disable JIT on x32 and powerpcspe (Closes: #760327).
* Non-maintainer upload.
* Enable build hardening flags (closes: #656008).
Thanks to Simon McVittie for all of the work on this:
* Run tests with VERBOSE=1 so we can see the logs for failing tests
(Closes: #755052)
* Apply part of upstream r1472 to fix undefined behaviour when parsing
{n} or {m,n} quantifiers, which causes mis-parsing and test failures
under gcc 4.9 (Closes: #751828)
* Build-depends on auto-reconf (Closes: 754540)
* New upstream release
* Use dh-autoreconf
* Disable JIT on ppc64el (Closes: 751390) (Thanks Erwan Prioul)
* Previous attempt at detecting JIT support didn't work when cross
compiling. Now runs the host compiler, and doesn't try to run the
output (Closes: 745222)
* Enable JIT compilation only on architectures where it is supported -
fixes FTBFS on ones where it isn't (Closes: 745114)
* Verbose build logs (Closes: 745069)
* Enable JIT regex compilation (http://sljit.sourceforge.net/pcre).
Note that this has no effect by default so should not break anything;
to use it you need to pass a flag to pcre_compile_regex()
(Closes: 740954)
* Changed shlibs:Depends to 8.20 as pcre_free_study() is not in older
versions (Closes: 743164)
* Build -dev package as Multi-arch: same. Thanks Steve Langasek / Ubuntu
for the patch (Closes: 696217)
* New upstream release
* Applied patch from upstream bugzilla #1287 to fix bug where wrong
value is in re_nsub in some cases (Closes: #686495)
* There is no use in including debug information for the libraries from
the udeb in the debug package; more importantly, because the
installation system isn't multiarch, if they are included they result
in arch specific files in arch independent paths (debug package is
Multi-arch:same). Removed. (Closes: #670018)
* Reluctantly using an epoch, as it seems the funny version number with
extra dots causes problems
* Bumped standard version to 3.9.3. No changes needed
* Converted to use new source format / quilt
* Put back obsolete pcre_info() API that up
* Don't include pcregrep binary in debug package
Thanks to Elimar Riesebieter for the conversion to the new source format.
* configure: fixed libpcreposix version (this is not the same bug as the
previous one, though it's in the same few lines)
* configure: Correct library version so soname is libpcre.so.3 instead
of .2 (Closes: #664983)
* Horrible version number is because of NMU of "8.30.really8.12-1.1";
this will sort between that and 8.31-1
* New upstream release (Closes:#664166)
* Multi-arch support. Thanks Steve Langasek for patch (Closes: 634250)
* debian/rules: Increased shlib version to 8.10 (Closes: #612942,
#613227, #613469, #614012, #615019)
* Include changes from Stéphane's NMU (including fix for bug 581202)
that were accidentally omitted in previous release.
* debian/control: -dbg package should be section debug, priority extra
* New upstream release (Closes: #554242)
* Non-maintainer upload.
* Add explicit Breaks to applications using libpcre-ocaml, to allow
proper upgrades from lenny (Closes: #581202)
* Add debian/watch
* Add debian/source/format
* Remove duplicate fields spotted by Lintian
* Promote XC-Package-Type field to Package-Type
* New upstream release
* debian/rules: Install main library in /lib (Closes: 350468, #549608)
* debian/pcre-config.1: Minor formatting changes (thanks Alexander
Peslyak) (Closes: 338658)
* Makefile.am,Makefile.in: Added libpcre.la to LDADD for various things;
apparently this will make it cross-build successfully (Closes: 492565)
* debian/control: Added ${misc:Depends} to dependencies for all the
binary packages
* debian/rules: Don't ignore errors from make distclean
* debian/rules: Bumped shlib version to 7.7 because of new feature in
that version (Closes: #500987)
* New upstream release
* Non-maintainer upload.
* Fix heap overflow in the pcre compiler triggered by
patterns which contain options and multiple branches
(CVE-2008-2371; Closes: #488919).
* debian/rules (patch by Bryan Donlan): Update shlibdeps invocation for
libpcrecpp0 due to new symbols (Closes: #476925).
* debian/copyright: replace license information with the current license
information shipped with upstream sources (Closes: #489318).
* pcrecpp.cc: Applied patch from PCRE bugzilla (bug 664) to fix ABI
breakage (Closes: #463170, #463266, #463413, #464974)
* New upstream release
* Ship pcredemo.c in examples directory (Closes: #377587)
* Build a -dbg package with debug symbols
Thanks to Sebastian Dröge <slomo@debian.org>,for all of the following:
* New upstream release (Closes: #453372).
* debian/control,
debian/rules:
+ Provide udeb (Closes: #443114). Build depend on debhelper (>= 5.0.22)
for this.
* debian/rules:
+ Bump shlibs to >= 7.4 (Closes: #449289).
* debian/compat:
+ Update debhelper compat level to 5.
* debian/control:
+ Update Standards-Version to 3.7.3, no additional changes needed.
+ Use ${binary:Version} instead of ${Source-Version} to make package
binNMU safe.
* debian/*.files,
debian/*.install,
debian/rules:
+ Convert from dh_movefiles to dh_install.
* debian/*.dirs:
+ Removed, not necessary.
* Overloaded RE::Init(), for compatibility with PCRE 6.x API (Closes
#436210). Thanks to Matthias Klose for the patch.
* Increased shlibdeps from 4.5 to 6.0. 6.0 introduced a new function
(pcre_compile2) to the API, so anything using that requires at least
6.0. (Closes #441345)
* New upstream release
* New upstream release (Closes: #420280)
* debian/rules: dummy binary-indep target (Closes: #395730)
* New upstream release (Closes: #389305)
* Makefile.in: Install pcrepartial.3 (Closes: #362011)
* doc/pcreapi.3, doc/pcre_version.3: document pcre_version() as
returning a const char * not a char * (Closes: #278619)
* debian/libpcre3-dev.files: install libpcre.pc (Closes: #359662)
* doc/pcregrep.1: fixed typo (Closes: #310338)
* debian/control: drop dummy pgrep package (Closes: #247550)
* Split out the C++ library into it's own package libpcrecpp0, as
discussed in #339250. The C++ library was recently added, no
package references the C++ library yet.
Closes: #339250.
* debian/rules: Remove testsavedregex in clean target.
* New upstream release (Closes: 333191)
* New upstream release (Closes: 323761).
* This includes fix to security issue CAN-2005-2491 (Closes: 324531)
* Non-maintainer upload.
* Correct an alignment error in the pcretest.c test case, which was
causing build failures on ia64 (closes: #309606).
* New upstream release (Closes: #295287)
- compatible, so same soname and package name can be used.
* Compile with --enable-unicode-properties, a new feature of PCRE 5.0
* Removed . from description in control file
* Included patch from Niibe Yutaka for cross building (Closes: #285407)
Thanks Andreas for the NMU, which this is based on (Closes: #237644, #237265)
* NMU to fix rc-bugs.
* Update libtool related files to fix build-error on mips, keep original
config.in, as it is no generated file. (Closes: #237265)
* pcregrep replaces pgrep. (Closes: #237564)
* Bump shlibs, pcre 4.5 includes two new functions.
* Let pgrep's /usr/share/doc symlink point to the package it depends on,
pcregrep.
* New upstream release
Thanks to Andreas Metzler for patches for all the following:
* doc/pcregrep.1: added newline between synopsis for pcregrep and that
for zpcregrp (Closes: #197899)
* debian/control: Change package descriptions (Closes: #209904)
* debian/rules and others: Renamed pgrep package to pcregrep, to match
name of binary and avoid confusion with pgrep (which greps for
processes, and is in the procps package; a dummy pgrep package will
ease upgrades (Closes: #217076)
* debian/libpcre3.files: include pcrepattern(3) manpage in libpcre3
package instead of libpcre3-dev package. This means that anyone using
a PCRE based application will have the man page available.
* ltmain.sh: Replaced with standard version from debian libtool package,
but with Phil Hazel's patch applied (although I suspect his patch
isn't necessary on debian systems). (Closes: #198147, #198668) I hope.
* pcretest.c: Cheat at test! Always print 40 instead of the size,
because the size varies on different architectures, and we don't
really want to fail the test because of this.
This release is entirely the work of Andreas Metzler <ametzler@debian.org>.
Thanks Andreas.
* new upstream version (Closes: 182570)
* this version apparently fixes infinite loop bug (Closes: 161184)
* repacked using debhelper and upstream's Makefile. Switch to libtool's
versioning scheme, see debian/README.Versioning.libtool for details.
(Closes: #187371)
* (however, don't ship .la files, they only give libtool strange ideas, see
http://lists.debian.org/debian-devel/2003/debian-devel-200304/msg00827.html
for an example.)
* changed compile-options to really follow policy 3.5.7
* debian/control: changed description to say "Perl 5" as Perl 6, when it
eventually appears, will have yet another different regex syntax
(Closes: #166939)
* New upstream version (Closes: #119429, #161424)
* Added zpcregrep script by Samuel Tardieu (Closes: #36897)
* doc/pcregrep.1: mention zpcregrep
* debian/rules: use && in test rule rather than -a option to test, for
better POSIX compatibility (Closes: #158775)
* debian/Makefile: build pcretest once with -rpath for doing tests, and
once without, so that:
* debian/rules: install pcretest program (Closes: #162998)
* Don't create or remove /usr/doc/foo symlinks. This means that none of
the packages have prerms and only libpcre3 has a postinst
* debian/copyright: corrected to "Debian GNU/Linux"
* debian/control: standards version updated to 3.5.7.0
* debian/rules: strip comment and note sections from libraries
* The result of the last four changes is that it should now be
lintian-clean apart from one caused by a known bug in lintian (see
lintian bug #117260) (Closes: #162999)
* Non-maintainer upload.
* Rebuild with a version of libc6 without a broken atexit() symbol
(closes: #108597, critical).
* Add to LD_LIBRARY_PATH rather than clobbering it, to avoid fakeroot
dying (closes: #108661, #108891).
* new upstream version (Closes: #93876)
* debian/rules: install pcregrep as that name (only) rather than as
pgrep with a symlink called pcregrep. This avoids a name clash with
the process table grepper also called pgrep.
* doc/pcregrep.1: change name of program being documented (back) to
pcregrep.
* debian/rules: only install config files that are meant to be installed
in libpcre3-dev package (Closes: #78354)
* debian/Makefile: distclean target clears up configure output
* debian/rules: make debian/Makefile executable before trying to run it
(Closes: #74316)
* debian/rules: pgrep should symlink to docs in /usr/doc/libpcre3, not
/usr/doc/libpcre2
* debian/rules: manpage pgrep.1.gz should not be installed as executable!
* debian/rules: pcregrep.1.gz is symlink to pgrep.1.gz
* doc/pcre-config.1: basic manpage for pcre-config written
* debian/rules: install pcre-config.1
* debian/rules: use -isp option to dpkg-gencontrol
* new package for pcre 3.x
What follows is the changelog from pcre2, up to the point where the pcre3
package was made.
* new upstream version (#50386)
* put -lc after -lpcre when linking libpcreposix (#50046)
* debian/rules: use /usr/share/doc and /usr/share/man, as mandated by
policy 3.1.0
* debian/postinst: create /usr/doc symlink; don't install library
* debian/postinst-lib (new file): create /usr/doc symlink and install library
* debian/prerm: remove /usr/doc symlink
* debian/rules: install postinst and prerm for all packages; but
postinst-lib for library package
* new upstream version
* pcre.c, pcre.h: new upstream version is incompatible with old one! I've
done a nasty hack so that old binaries will still work. Old source won't,
but at least it won't fail silently so this shouldn't be a major problem.
* debian/rules: /usr/doc/pgrep should be a link to libpcre2, not libpcre1
(#42450)
* new upstream version (#36776)
* pcre.3: removed description of regular expression syntax and semantics
* pcre.7: new file, containing material removed from above
(this is so it can be put in the libpcre2 package (#34087)
* debian/rules: install copyright in correct location in libpcre2-dev;
a typo before meant the package wouldn't install
* debian/shlibs: update to refer to libpcre2 instead of libpcre1
* first release of pcre2
* install source of pgrep (it's small) in /usr/doc/libpcre2-dev/examples
What follows is the changelog from pcre 1, up to the point where the pcre2
package was made.
The changes are not that large but the API, and therefore the ABI, are
changed so version 2 is not compatible.
* pcreposix.c,pcreposix.h: prefixed function names with pcreposix_
* pcreposix.h: #defines so un-prefixed names can be used
* These mean pcre routines will be used instead of the regex library
built into libc (#22525)
* debian/shlibs: pcreposix needs libpcre1 >=1.09-2 now
* debian/rules: it's not pcre 1.01 any more.
* New upstream version
* New upstream version (new features, so in unstable only)
* Strip pgrep
* Extended description for pgrep
* Compress manpage
* Updated standards-version to 2.4.0.0
* New upstream version (bug fixes)
* Remove debian/*~ in clean target
* Only run ldconfig on "configure"
* New upstream version (bug fixes)
* New upstream version
* Use -fPIC instead of -fpic (identical on i386, but different on other
architectures like m68k)
* Nasty trick so pgrep gets the right dependencies whether or not
libpcre1 is installed
* Apply patch to manpage from Karl Hegbloom
* Rewritten makefile (copy sent upstream)
* Correct typo (libprce) in debian/rules
* Use gcc instead of ld in makefile
* Build static libraries
* Use shlibdeps instead of hard-coding libc6
* Use --strip-unneeded when stripping
* Initial debian release