--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package pcre3/2:8.35-3.3+deb8u3
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Fri, 25 Mar 2016 07:39:59 +0100
- Message-id: <145888799983.9524.16464839336505036460.reportbug@lorien.valinor.li>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi stable release managers,
X-Debbugs-CC for Matthew and Moritz.
I would like to propose another update for pcre3 addressing two CVEs
which are as well no-dsa and have it possibly included in the next
Jessie point release.
The CVEs addressed are CVE-2016-1283 (#809706) and CVE-2016-3191
(#815921).
I have additionally refreshed one previous patch which included a
change to the error strings but actually belongs to one other change
(cf. 0001-Give-error-for-x-and-o.patch). It adds the new ERR86, which
then makes it easier to handle correctly the patch for CVE-2016-3191.
Attached ist the full debdiff.
Regards,
Salvatore
diff -Nru pcre3-8.35/debian/changelog pcre3-8.35/debian/changelog
--- pcre3-8.35/debian/changelog 2016-01-10 19:49:57.000000000 +0100
+++ pcre3-8.35/debian/changelog 2016-03-25 07:22:27.000000000 +0100
@@ -1,3 +1,20 @@
+pcre3 (2:8.35-3.3+deb8u3) jessie; urgency=medium
+
+ * Non-maintainer upload.
+ * Refresh CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch.
+ Drop addition of "error text" for error ERR86 in pcre_compile.c. This
+ change belongs to upstream revision 1481 (Give error for \x{} and \o{}).
+ * Add 0001-Give-error-for-x-and-o.patch.
+ Give error for \x{} and \o{}.
+ * Add 0001-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch.
+ CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply nested
+ parentheses. (Closes: #815921)
+ * Add 0001-Yet-another-duplicate-name-bugfix-by-overestimating-.patch.
+ CVE-2016-1283: heap buffer overflow in handling of duplicate named
+ groups. (Closes: #809706)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Fri, 25 Mar 2016 07:05:50 +0100
+
pcre3 (2:8.35-3.3+deb8u2) jessie; urgency=medium
* Non-maintainer upload.
diff -Nru pcre3-8.35/debian/patches/0001-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch pcre3-8.35/debian/patches/0001-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch
--- pcre3-8.35/debian/patches/0001-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch 1970-01-01 01:00:00.000000000 +0100
+++ pcre3-8.35/debian/patches/0001-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch 2016-03-25 07:22:27.000000000 +0100
@@ -0,0 +1,120 @@
+Description: Fix workspace overflow for (*ACCEPT) with deeply nested parentheses
+ Addresses CVE-2016-3191
+Origin: upstream, http://vcs.pcre.org/pcre?view=revision&revision=1631
+Bug: https://bugs.exim.org/show_bug.cgi?id=1791
+Bug-Debian: https://bugs.debian.org/815921
+Forwarded: not-needed
+Author: Philip Hazel <ph10@cam.ac.uk>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2016-03-25
+Applied-Upstream: 8.39
+---
+
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -549,7 +549,8 @@ static const char error_texts[] =
+ "group name must start with a non-digit\0"
+ /* 85 */
+ "parentheses are too deeply nested (stack check)\0"
+- "digits missing in \\x{} or \\o{}\0"
++ "digits missing in \\x{} or \\o{}\0"
++ "regular expression is too complicated\0"
+ ;
+
+ /* Table to identify digits and hex digits. This is used when compiling
+@@ -4510,7 +4511,8 @@ for (;; ptr++)
+ if (code > cd->start_workspace + cd->workspace_size -
+ WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
+ {
+- *errorcodeptr = ERR52;
++ *errorcodeptr = (code >= cd->start_workspace + cd->workspace_size)?
++ ERR52 : ERR87;
+ goto FAILED;
+ }
+
+@@ -6473,8 +6475,21 @@ for (;; ptr++)
+ cd->had_accept = TRUE;
+ for (oc = cd->open_caps; oc != NULL; oc = oc->next)
+ {
+- *code++ = OP_CLOSE;
+- PUT2INC(code, 0, oc->number);
++ if (lengthptr != NULL)
++ {
++#ifdef COMPILE_PCRE8
++ *lengthptr += 1 + IMM2_SIZE;
++#elif defined COMPILE_PCRE16
++ *lengthptr += 2 + IMM2_SIZE;
++#elif defined COMPILE_PCRE32
++ *lengthptr += 4 + IMM2_SIZE;
++#endif
++ }
++ else
++ {
++ *code++ = OP_CLOSE;
++ PUT2INC(code, 0, oc->number);
++ }
+ }
+ setverb = *code++ =
+ (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
+--- a/testdata/testinput11
++++ b/testdata/testinput11
+@@ -136,4 +136,6 @@ is required for these tests. --/
+
+ /((?+1)(\1))/B
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++
+ /-- End of testinput11 --/
+--- a/testdata/testoutput11-16
++++ b/testdata/testoutput11-16
+@@ -748,4 +748,7 @@ Memory allocation (code space): 14
+ 22 End
+ ------------------------------------------------------------------
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: regular expression is too complicated at offset 490
++
+ /-- End of testinput11 --/
+--- a/testdata/testoutput11-32
++++ b/testdata/testoutput11-32
+@@ -748,4 +748,7 @@ Memory allocation (code space): 28
+ 22 End
+ ------------------------------------------------------------------
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: missing ) at offset 509
++
+ /-- End of testinput11 --/
+--- a/testdata/testoutput11-8
++++ b/testdata/testoutput11-8
+@@ -748,4 +748,7 @@ Memory allocation (code space): 10
+ 34 End
+ ------------------------------------------------------------------
+
++/([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00](*ACCEPT)/
++Failed: missing ) at offset 509
++
+ /-- End of testinput11 --/
+--- a/pcreposix.c
++++ b/pcreposix.c
+@@ -173,7 +173,8 @@ static const int eint[] = {
+ REG_BADPAT, /* group name must start with a non-digit */
+ /* 85 */
+ REG_BADPAT, /* parentheses too deeply nested (stack check) */
+- REG_BADPAT /* missing digits in \x{} or \o{} */
++ REG_BADPAT, /* missing digits in \x{} or \o{} */
++ REG_BADPAT /* pattern too complicated */
+ };
+
+ /* Table of texts corresponding to POSIX error codes */
+--- a/pcre_internal.h
++++ b/pcre_internal.h
+@@ -2281,7 +2281,7 @@ enum { ERR0, ERR1, ERR2, ERR3, ERR4,
+ ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
+ ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
+ ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
+- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
++ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERR87, ERRCOUNT };
+
+ /* JIT compiling modes. The function list is indexed by them. */
+
diff -Nru pcre3-8.35/debian/patches/0001-Give-error-for-x-and-o.patch pcre3-8.35/debian/patches/0001-Give-error-for-x-and-o.patch
--- pcre3-8.35/debian/patches/0001-Give-error-for-x-and-o.patch 1970-01-01 01:00:00.000000000 +0100
+++ pcre3-8.35/debian/patches/0001-Give-error-for-x-and-o.patch 2016-03-25 07:22:27.000000000 +0100
@@ -0,0 +1,105 @@
+Description: Give error for \x{} and \o{}.
+Origin: upstream, http://vcs.pcre.org/pcre?view=revision&revision=1481
+Forwarded: not-needed
+Author: Philip Hazel <ph10@cam.ac.uk>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2016-03-25
+Applied-Upstream: 8.36
+---
+
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -549,6 +549,7 @@ static const char error_texts[] =
+ "group name must start with a non-digit\0"
+ /* 85 */
+ "parentheses are too deeply nested (stack check)\0"
++ "digits missing in \\x{} or \\o{}\0"
+ ;
+
+ /* Table to identify digits and hex digits. This is used when compiling
+@@ -1259,6 +1260,7 @@ else
+
+ case CHAR_o:
+ if (ptr[1] != CHAR_LEFT_CURLY_BRACKET) *errorcodeptr = ERR81; else
++ if (ptr[2] == CHAR_RIGHT_CURLY_BRACKET) *errorcodeptr = ERR86; else
+ {
+ ptr += 2;
+ c = 0;
+@@ -1328,6 +1330,11 @@ else
+ if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
+ {
+ ptr += 2;
++ if (*ptr == CHAR_RIGHT_CURLY_BRACKET)
++ {
++ *errorcodeptr = ERR86;
++ break;
++ }
+ c = 0;
+ overflow = FALSE;
+ while (MAX_255(*ptr) && (digitab[*ptr] & ctype_xdigit) != 0)
+--- a/pcre_internal.h
++++ b/pcre_internal.h
+@@ -2281,7 +2281,7 @@ enum { ERR0, ERR1, ERR2, ERR3, ERR4,
+ ERR50, ERR51, ERR52, ERR53, ERR54, ERR55, ERR56, ERR57, ERR58, ERR59,
+ ERR60, ERR61, ERR62, ERR63, ERR64, ERR65, ERR66, ERR67, ERR68, ERR69,
+ ERR70, ERR71, ERR72, ERR73, ERR74, ERR75, ERR76, ERR77, ERR78, ERR79,
+- ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERRCOUNT };
++ ERR80, ERR81, ERR82, ERR83, ERR84, ERR85, ERR86, ERRCOUNT };
+
+ /* JIT compiling modes. The function list is indexed by them. */
+
+--- a/pcreposix.c
++++ b/pcreposix.c
+@@ -172,7 +172,8 @@ static const int eint[] = {
+ REG_BADPAT, /* invalid range in character class */
+ REG_BADPAT, /* group name must start with a non-digit */
+ /* 85 */
+- REG_BADPAT /* parentheses too deeply nested (stack check) */
++ REG_BADPAT, /* parentheses too deeply nested (stack check) */
++ REG_BADPAT /* missing digits in \x{} or \o{} */
+ };
+
+ /* Table of texts corresponding to POSIX error codes */
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4098,4 +4098,16 @@ backtracking verbs. --/
+
+ /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/
+
++/\othing/
++
++/\o{}/
++
++/\o{whatever}/
++
++/\xthing/
++
++/\x{}/
++
++/\x{whatever}/
++
+ /-- End of testinput2 --/
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14226,4 +14226,21 @@ Failed: number is too big at offset 13
+
+ /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/
+
++/\othing/
++Failed: missing opening brace after \o at offset 1
++
++/\o{}/
++Failed: digits missing in \x{} or \o{} at offset 1
++
++/\o{whatever}/
++Failed: non-octal character in \o{} (closing brace missing?) at offset 3
++
++/\xthing/
++
++/\x{}/
++Failed: digits missing in \x{} or \o{} at offset 3
++
++/\x{whatever}/
++Failed: non-hex character in \x{} (closing brace missing?) at offset 3
++
+ /-- End of testinput2 --/
diff -Nru pcre3-8.35/debian/patches/0001-Yet-another-duplicate-name-bugfix-by-overestimating-.patch pcre3-8.35/debian/patches/0001-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
--- pcre3-8.35/debian/patches/0001-Yet-another-duplicate-name-bugfix-by-overestimating-.patch 1970-01-01 01:00:00.000000000 +0100
+++ pcre3-8.35/debian/patches/0001-Yet-another-duplicate-name-bugfix-by-overestimating-.patch 2016-03-25 07:22:27.000000000 +0100
@@ -0,0 +1,45 @@
+Description: CVE-2016-1283: heap buffer overflow in handling of duplicate named groups
+Origin: upstream, http://vcs.pcre.org/pcre?view=revision&revision=1636
+Bug: https://bugs.exim.org/show_bug.cgi?id=1767
+Bug-Debian: https://bugs.debian.org/809706
+Forwarded: not-needed
+Author: Philip Hazel <ph10@cam.ac.uk>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2016-03-25
+Applied-Upstream: 8.39
+---
+
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -7133,7 +7133,12 @@ for (;; ptr++)
+ so far in order to get the number. If the name is not found, leave
+ the value of recno as 0 for a forward reference. */
+
+- else
++ /* This patch (removing "else") fixes a problem when a reference is
++ to multiple identically named nested groups from within the nest.
++ Once again, it is not the "proper" fix, and it results in an
++ over-allocation of memory. */
++
++ /* else */
+ {
+ ng = cd->named_groups;
+ for (i = 0; i < cd->names_found; i++, ng++)
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4110,4 +4110,6 @@ backtracking verbs. --/
+
+ /\x{whatever}/
+
++/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
++
+ /-- End of testinput2 --/
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14243,4 +14243,6 @@ Failed: digits missing in \x{} or \o{} a
+ /\x{whatever}/
+ Failed: non-hex character in \x{} (closing brace missing?) at offset 3
+
++/((?J)(?'R'(?'R'(?'R'(?'R'(?'R'(?|(\k'R'))))))))/
++
+ /-- End of testinput2 --/
diff -Nru pcre3-8.35/debian/patches/CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch pcre3-8.35/debian/patches/CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch
--- pcre3-8.35/debian/patches/CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch 2016-01-10 19:49:57.000000000 +0100
+++ pcre3-8.35/debian/patches/CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch 2016-03-25 07:22:27.000000000 +0100
@@ -3,17 +3,9 @@
https://security-tracker.debian.org/tracker/CVE-2015-2326
https://security-tracker.debian.org/tracker/CVE-2015-2325
---- pcre3-8.35.orig/pcre_compile.c
-+++ pcre3-8.35/pcre_compile.c
-@@ -549,6 +549,7 @@ static const char error_texts[] =
- "group name must start with a non-digit\0"
- /* 85 */
- "parentheses are too deeply nested (stack check)\0"
-+ "digits missing in \\x{} or \\o{}\0"
- ;
-
- /* Table to identify digits and hex digits. This is used when compiling
-@@ -3936,14 +3937,14 @@ Arguments:
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -3936,14 +3936,14 @@ Arguments:
adjust the amount by which the group is to be moved
utf TRUE in UTF-8 / UTF-16 / UTF-32 mode
cd contains pointers to tables etc.
@@ -30,7 +22,7 @@
{
pcre_uchar *ptr = group;
-@@ -3955,7 +3956,8 @@ while ((ptr = (pcre_uchar *)find_recurse
+@@ -3955,7 +3955,8 @@ while ((ptr = (pcre_uchar *)find_recurse
/* See if this recursion is on the forward reference list. If so, adjust the
reference. */
@@ -40,7 +32,7 @@
{
offset = (int)GET(hc, 0);
if (cd->start_code + offset == ptr + 1)
-@@ -4400,7 +4402,7 @@ const pcre_uchar *tempptr;
+@@ -4400,7 +4401,7 @@ const pcre_uchar *tempptr;
const pcre_uchar *nestptr = NULL;
pcre_uchar *previous = NULL;
pcre_uchar *previous_callout = NULL;
@@ -49,7 +41,7 @@
pcre_uint8 classbits[32];
/* We can fish out the UTF-8 setting once and for all into a BOOL, but we
-@@ -5912,7 +5914,7 @@ for (;; ptr++)
+@@ -5912,7 +5913,7 @@ for (;; ptr++)
if (repeat_max <= 1) /* Covers 0, 1, and unlimited */
{
*code = OP_END;
@@ -58,7 +50,7 @@
memmove(previous + 1, previous, IN_UCHARS(len));
code++;
if (repeat_max == 0)
-@@ -5936,7 +5938,7 @@ for (;; ptr++)
+@@ -5936,7 +5937,7 @@ for (;; ptr++)
{
int offset;
*code = OP_END;
@@ -67,7 +59,7 @@
memmove(previous + 2 + LINK_SIZE, previous, IN_UCHARS(len));
code += 2 + LINK_SIZE;
*previous++ = OP_BRAZERO + repeat_type;
-@@ -5999,26 +6001,25 @@ for (;; ptr++)
+@@ -5999,26 +6000,25 @@ for (;; ptr++)
for (i = 1; i < repeat_min; i++)
{
pcre_uchar *hc;
@@ -101,7 +93,7 @@
code += len;
}
}
-@@ -6063,7 +6064,7 @@ for (;; ptr++)
+@@ -6063,7 +6063,7 @@ for (;; ptr++)
else for (i = repeat_max - 1; i >= 0; i--)
{
pcre_uchar *hc;
@@ -110,7 +102,7 @@
*code++ = OP_BRAZERO + repeat_type;
-@@ -6085,22 +6086,21 @@ for (;; ptr++)
+@@ -6085,22 +6085,21 @@ for (;; ptr++)
copying them. */
while (cd->hwm > cd->start_workspace + cd->workspace_size -
@@ -139,7 +131,7 @@
code += len;
}
-@@ -6196,7 +6196,7 @@ for (;; ptr++)
+@@ -6196,7 +6195,7 @@ for (;; ptr++)
{
int nlen = (int)(code - bracode);
*code = OP_END;
@@ -148,7 +140,7 @@
memmove(bracode + 1 + LINK_SIZE, bracode, IN_UCHARS(nlen));
code += 1 + LINK_SIZE;
nlen += 1 + LINK_SIZE;
-@@ -6330,7 +6330,7 @@ for (;; ptr++)
+@@ -6330,7 +6329,7 @@ for (;; ptr++)
else
{
*code = OP_END;
@@ -157,7 +149,7 @@
memmove(tempcode + 1 + LINK_SIZE, tempcode, IN_UCHARS(len));
code += 1 + LINK_SIZE;
len += 1 + LINK_SIZE;
-@@ -6379,7 +6379,7 @@ for (;; ptr++)
+@@ -6379,7 +6378,7 @@ for (;; ptr++)
default:
*code = OP_END;
@@ -166,7 +158,7 @@
memmove(tempcode + 1 + LINK_SIZE, tempcode, IN_UCHARS(len));
code += 1 + LINK_SIZE;
len += 1 + LINK_SIZE;
-@@ -6411,7 +6411,7 @@ for (;; ptr++)
+@@ -6411,7 +6410,7 @@ for (;; ptr++)
newoptions = options;
skipbytes = 0;
bravalue = OP_CBRA;
@@ -175,7 +167,7 @@
reset_bracount = FALSE;
/* First deal with various "verbs" that can be introduced by '*'. */
-@@ -7086,14 +7086,26 @@ for (;; ptr++)
+@@ -7086,14 +7085,26 @@ for (;; ptr++)
number. If the name is not found, set the value to 0 for a forward
reference. */
@@ -204,7 +196,7 @@
/* Count named back references. */
-@@ -7704,7 +7716,7 @@ for (;; ptr++)
+@@ -7704,7 +7715,7 @@ for (;; ptr++)
const pcre_uchar *p;
pcre_uint32 cf;
@@ -213,7 +205,7 @@
terminator = (*(++ptr) == CHAR_LESS_THAN_SIGN)?
CHAR_GREATER_THAN_SIGN : CHAR_APOSTROPHE;
-@@ -8031,6 +8043,7 @@ int length;
+@@ -8031,6 +8042,7 @@ int length;
unsigned int orig_bracount;
unsigned int max_bracount;
branch_chain bc;
@@ -221,7 +213,7 @@
/* If set, call the external function that checks for stack availability. */
-@@ -8048,6 +8061,8 @@ bc.current_branch = code;
+@@ -8048,6 +8060,8 @@ bc.current_branch = code;
firstchar = reqchar = 0;
firstcharflags = reqcharflags = REQ_UNSET;
@@ -230,7 +222,7 @@
/* Accumulate the length for use in the pre-compile phase. Start with the
length of the BRA and KET and any extra bytes that are required at the
beginning. We accumulate in a local variable to save frequent testing of
-@@ -8241,12 +8256,16 @@ for (;;)
+@@ -8241,12 +8255,16 @@ for (;;)
/* If it was a capturing subpattern, check to see if it contained any
recursive back references. If so, we must wrap it in atomic brackets.
@@ -248,7 +240,7 @@
memmove(start_bracket + 1 + LINK_SIZE, start_bracket,
IN_UCHARS(code - start_bracket));
*start_bracket = OP_ONCE;
-@@ -9265,7 +9284,7 @@ OP_RECURSE that are not fixed length get
+@@ -9265,7 +9283,7 @@ OP_RECURSE that are not fixed length get
exceptional ones forgo this. We scan the pattern to check that they are fixed
length, and set their lengths. */
@@ -257,8 +249,8 @@
{
pcre_uchar *cc = (pcre_uchar *)codestart;
---- pcre3-8.35.orig/testdata/testinput11
-+++ pcre3-8.35/testdata/testinput11
+--- a/testdata/testinput11
++++ b/testdata/testinput11
@@ -132,4 +132,8 @@ is required for these tests. --/
/abc(d|e)(*THEN)x(123(*THEN)4|567(b|q)(*THEN)xx)/B
@@ -268,8 +260,8 @@
+/((?+1)(\1))/B
+
/-- End of testinput11 --/
---- pcre3-8.35.orig/testdata/testinput2
-+++ pcre3-8.35/testdata/testinput2
+--- a/testdata/testinput2
++++ b/testdata/testinput2
@@ -4035,6 +4035,8 @@ backtracking verbs. --/
/(?(R&6yh)abc)/
@@ -292,8 +284,8 @@
+/(?=di(?<=(?1))|(?=(.))))/
+
/-- End of testinput2 --/
---- pcre3-8.35.orig/testdata/testoutput11-16
-+++ pcre3-8.35/testdata/testoutput11-16
+--- a/testdata/testoutput11-16
++++ b/testdata/testoutput11-16
@@ -709,4 +709,43 @@ Memory allocation (code space): 14
62 End
------------------------------------------------------------------
@@ -338,8 +330,8 @@
+------------------------------------------------------------------
+
/-- End of testinput11 --/
---- pcre3-8.35.orig/testdata/testoutput11-32
-+++ pcre3-8.35/testdata/testoutput11-32
+--- a/testdata/testoutput11-32
++++ b/testdata/testoutput11-32
@@ -709,4 +709,43 @@ Memory allocation (code space): 28
62 End
------------------------------------------------------------------
@@ -384,8 +376,8 @@
+------------------------------------------------------------------
+
/-- End of testinput11 --/
---- pcre3-8.35.orig/testdata/testoutput11-8
-+++ pcre3-8.35/testdata/testoutput11-8
+--- a/testdata/testoutput11-8
++++ b/testdata/testoutput11-8
@@ -709,4 +709,43 @@ Memory allocation (code space): 10
76 End
------------------------------------------------------------------
@@ -430,8 +422,8 @@
+------------------------------------------------------------------
+
/-- End of testinput11 --/
---- pcre3-8.35.orig/testdata/testoutput2
-+++ pcre3-8.35/testdata/testoutput2
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
@@ -14093,6 +14093,30 @@ Failed: malformed number or name after (
/(?(R&6yh)abc)/
Failed: group name must start with a non-digit at offset 5
diff -Nru pcre3-8.35/debian/patches/series pcre3-8.35/debian/patches/series
--- pcre3-8.35/debian/patches/series 2016-01-10 19:49:57.000000000 +0100
+++ pcre3-8.35/debian/patches/series 2016-03-25 07:22:27.000000000 +0100
@@ -21,3 +21,6 @@
0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch
0001-Add-missing-integer-overflow-checks.patch
0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch
+0001-Give-error-for-x-and-o.patch
+0001-Fix-workspace-overflow-for-ACCEPT-with-deeply-nested.patch
+0001-Yet-another-duplicate-name-bugfix-by-overestimating-.patch
--- End Message ---