diff options
| -rw-r--r-- | debian/changelog | 13 | ||||
| -rw-r--r-- | debian/control | 6 | ||||
| -rw-r--r-- | debian/patches/series | 1 | ||||
| -rw-r--r-- | debian/patches/upstream-patch-fixing-cve-2020-14155.patch | 37 |
4 files changed, 54 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 63a2961..3c236be 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +pcre3 (2:8.39-15) unstable; urgency=medium + + * Make currently-important packages optional as pcre3 is obsolete + (Closes: #1026214) + + -- Matthew Vernon <matthew@debian.org> Thu, 22 Dec 2022 16:45:21 +0000 + +pcre3 (2:8.39-14) unstable; urgency=low + + * Relax Depends: of libpcre3-dev to just libc-dev (Closes: #1008714) + + -- Matthew Vernon <matthew@debian.org> Sat, 02 Apr 2022 14:13:07 +0100 + pcre3 (2:8.39-13) unstable; urgency=medium * upstream patch fixing CVE-2020-14155 (Closes: #963086) diff --git a/debian/control b/debian/control index c599ff6..318e0b3 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,7 @@ Build-Depends: debhelper (>= 11~), dpkg-dev (>= 1.16.0), dh-autoreconf Package: libpcre3 Section: libs Architecture: any -Priority: important +Priority: optional Depends: ${shlibs:Depends}, ${misc:Depends} Conflicts: libpcre3-dev (<= 4.3-3) Breaks: @@ -33,7 +33,7 @@ Package: libpcre3-udeb Section: debian-installer Package-Type: udeb Architecture: any -Priority: important +Priority: optional Depends: ${shlibs:Depends}, ${misc:Depends} Conflicts: libpcre3-dev (<= 4.3-3) Description: Old Perl 5 Compatible Regular Expression Library - runtime files (udeb) @@ -60,7 +60,7 @@ Package: libpcre3-dev Section: libdevel Architecture: any Multi-Arch: same -Depends: libc6-dev, libpcre3 (= ${binary:Version}), libpcre16-3 (= ${binary:Version}), libpcre32-3 (= ${binary:Version}), libpcrecpp0v5 (= ${binary:Version}), ${misc:Depends} +Depends: libc-dev, libpcre3 (= ${binary:Version}), libpcre16-3 (= ${binary:Version}), libpcre32-3 (= ${binary:Version}), libpcrecpp0v5 (= ${binary:Version}), ${misc:Depends} Description: Old Perl 5 Compatible Regular Expression Library - development files This is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language. diff --git a/debian/patches/series b/debian/patches/series index 6b773a6..053e837 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -8,3 +8,4 @@ Disable_JIT_on_sparc64.patch CVE-2017-6004.patch upstream-fix-for-cve-2017-7186-upstream- patch-from-mariadb-to-fix-stack-frame-si +upstream-patch-fixing-cve-2020-14155.patch diff --git a/debian/patches/upstream-patch-fixing-cve-2020-14155.patch b/debian/patches/upstream-patch-fixing-cve-2020-14155.patch new file mode 100644 index 0000000..625708d --- /dev/null +++ b/debian/patches/upstream-patch-fixing-cve-2020-14155.patch @@ -0,0 +1,37 @@ +From: Matthew Vernon <matthew@debian.org> +Date: Thu, 18 Jun 2020 19:32:51 +0100 +X-Dgit-Generated: 2:8.39-13 7b88c83f87391950756256072f886a08c44ed78f +Subject: upstream patch fixing CVE-2020-14155 + +This checks the size of the number after (?C as it is read, in order +to avoid integer overflow. + +--- + +--- pcre3-8.39.orig/pcre_compile.c ++++ pcre3-8.39/pcre_compile.c +@@ -7086,17 +7086,19 @@ for (;; ptr++) + int n = 0; + ptr++; + while(IS_DIGIT(*ptr)) ++ { + n = n * 10 + *ptr++ - CHAR_0; ++ if (n > 255) ++ { ++ *errorcodeptr = ERR38; ++ goto FAILED; ++ } ++ } + if (*ptr != CHAR_RIGHT_PARENTHESIS) + { + *errorcodeptr = ERR39; + goto FAILED; + } +- if (n > 255) +- { +- *errorcodeptr = ERR38; +- goto FAILED; +- } + *code++ = n; + PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */ + PUT(code, LINK_SIZE, 0); /* Default length */ |