This bug was fixed in the package pcre3 - 2:8.39-12~18.10 --------------- pcre3 (2:8.39-12~18.10) cosmic-proposed; urgency=medium
* SRU: LP: #1823667. pcre3 (2:8.39-12) unstable; urgency=medium * Patch from Andrej Shadura <[email protected]> to mark one more STL symbol as optional (Closes: #923743). pcre3 (2:8.39-11) unstable; urgency=medium [ Matthias Klose ] * Mark 2 STL symbols as optional (Closes: #904008) [ Matthew Vernon ] * Bump debian/compat to 11 (Closes: #646973) * Fixes to debian/rules so package builds with dh compat 11 pcre3 (2:8.39-10) unstable; urgency=high * Update symbols file (Closes: #897834 pcre3 (2:8.39-9) unstable; urgency=medium * Update symbols file (Closes: #888921) pcre3 (2:8.39-8) unstable; urgency=medium * drive ulimit correctly (Closes: #876299) pcre3 (2:8.39-7) unstable; urgency=low * increase stack limit before running tests (Closes: #876299) pcre3 (2:8.39-6) unstable; urgency=medium * patch from Sergei from MariaDB (via Ondřej Surý) to fix stack frame size detection (Closes: #878107, #876299) pcre3 (2:8.39-5) unstable; urgency=medium * patch from Katsuhiko Nishimra to symbols file to fix FTBFS with gcc7 (Closes: #876046, #853606) pcre3 (2:8.39-4) unstable; urgency=low * Remove now-deprecated Pre-Depends on multiarch-support (not needed since jessie) (Closes: #865987) pcre3 (2:8.39-3) unstable; urgency=high * CVE-2017-7186: invalid Unicode property lookup may cause denial of service (Closes: #858238) pcre3 (2:8.39-2.1) unstable; urgency=high * Non-maintainer upload. * CVE-2017-6004: crafted regular expression may cause denial of service (Closes: #855405) pcre3 (2:8.39-2) unstable; urgency=low * Update symbols file to reflect compilation with gcc6 (Closes: #811969) pcre3 (2:8.39-1) unstable; urgency=medium [ Ian Jackson ] * New upstream version (Closes: #832354). - Drop CVE-2016-1283.patch (now in upstream). - Adjusted sonames: bumped each minor number where upstream bumped theirs. [ Matthew Vernon ] * Add notes encouraging people to move to pcre2 pcre3 (2:8.38-3.1) unstable; urgency=medium * Non-maintainer upload. * CVE-2016-1283: heap buffer overflow in handling of duplicate named groups (Closes: #809706) pcre3 (2:8.38-3) unstable; urgency=low * Apply Ubuntu patch from Iain Lane (modified by Graham Inggs) to add symbols files (Closes: #767374) pcre3 (2:8.38-2) unstable; urgency=low * Apply upstream patch to fix workspace overflow for (*ACCEPT) with deeply nested parentheses (Closes: #815921) pcre3 (2:8.38-1) unstable; urgency=low * New upstream version pcre3 (2:8.35-8) unstable; urgency=low * Remove conflicts with long-vanished pcre{1,2}-dev packages (so new PCRE2 packages can co-exist) pcre3 (2:8.35-7.4) unstable; urgency=medium * Non-maintainer upload. * Fix copy-and-paste error in Disable_JIT_on_sparc64.patch. pcre3 (2:8.35-7.3) unstable; urgency=medium * Non-maintainer upload. * Add Disable_JIT_on_sparc64.patch to disable JIT on sparc64. The patch no_jit_x32_powerpcspe.patch to disable JIT on powerpcspe was already added in 2:8.35-6 (Closes: #765079). pcre3 (2:8.35-7.2) unstable; urgency=low * Non-maintainer upload (with maintainer's permission). * Add Fix-compiler-crash-misbehaviour-for-zero-repeated-gr.patch. Fixes "PCRE Library Stack Overflow Vulnerability" (Upstream bug 1503) * Add Fix-compile-time-loop-for-recursive-reference-within.patch. Fixes "PCRE Call Stack Overflow Vulnerability" (Upstream bug 1515) * Add 794589-information-disclosure.patch. Fixes "pcre_exec does not fill offsets for certain regexps" leading to information disclosure. (Closes: #794589) * Add Fix-bad-compile-for-groups-like-2-0-1999.patch. CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795) * Add Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch. CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285) * Add Fix-buffer-overflow-for-named-recursive-back-referen.patch. CVE-2015-3210: heap buffer overflow in pcre_compile2() / compile_regex(). (Closes: #787433) pcre3 (2:8.35-7.1) unstable; urgency=medium * Rename libpcrecpp0 to libpcrecpp0v5. Addresses: #791236. * Add Conflict/Replaces to the old library. * Add libpcrecpp0v5 symbols file for GCC 5. pcre3 (2:8.35-7) unstable; urgency=medium * Apply upstream patch to fix buffer overflow for forward reference within backward assertion with excess closing parenthesis (Closes: #790000) pcre3 (2:8.35-6) unstable; urgency=low [ Thorsten Glaser ] * Re-add patch disabling JIT on powerpcspe and x32 (Closes: #760327) * Add back missing debian/changelog entries for 1:8.35-3.2 and 1:8.36-1 pcre3 (2:8.35-5) unstable; urgency=low * re-enable jit on ppc64el (by dropping the patch that disables it) (Closes: #786530) * patch from Frederic Bonnard to fix the watch file (Closes: #785726) pcre3 (2:8.35-4) experimental; urgency=medium [ Mattia Rizzolo ] * Add a libpcre16-3 package with the 16 bit pcre16 library (Closes: 748781). * Add a libpcre32-3 package with the 32 bit pcre32 library. [ Matthew Vernon ] * Adopt this package (Closes: #772994) pcre3 (2:8.35-3.3) unstable; urgency=medium * Non-maintainer upload. * Upstream patch for heap buffer overflow, CVE-2014-8964, taken from 1:8.36-1 (Closes: #770478) Thanks to Salvatore Bonaccorso for the reminder. pcre3 (2:8.35-3.2) unstable; urgency=medium * Non-maintainer upload. * Update shlibs dependency to 1:8.35 for new symbol introduced in upstream version 8.35 (Closes: #767907) * Revert upload of upstream version 8.36 to allow this upload to migrate to jessie. pcre3 (1:8.36-1) unstable; urgency=medium * New upstream release * Upped shlibs dependency to 8.35 (Closes: #767903) * Upstream patch for heap buffer overflow, CVE-2014-8964 (Closes: #770478) pcre3 (1:8.35-3.2) unstable; urgency=low * Non-maintainer upload with maintainer permission. * Disable JIT on x32 and powerpcspe (Closes: #760327). pcre3 (1:8.35-3.1) unstable; urgency=medium * Non-maintainer upload. * Enable build hardening flags (closes: #656008). pcre3 (1:8.35-3) unstable; urgency=medium Thanks to Simon McVittie for all of the work on this: * Run tests with VERBOSE=1 so we can see the logs for failing tests (Closes: #755052) * Apply part of upstream r1472 to fix undefined behaviour when parsing {n} or {m,n} quantifiers, which causes mis-parsing and test failures under gcc 4.9 (Closes: #751828) pcre3 (1:8.35-2) unstable; urgency=medium * Build-depends on auto-reconf (Closes: 754540) pcre3 (1:8.35-1) unstable; urgency=medium * New upstream release * Use dh-autoreconf * Disable JIT on ppc64el (Closes: 751390) (Thanks Erwan Prioul) pcre3 (1:8.31-5) unstable; urgency=medium * Previous attempt at detecting JIT support didn't work when cross compiling. Now runs the host compiler, and doesn't try to run the output (Closes: 745222) pcre3 (1:8.31-4) unstable; urgency=medium * Enable JIT compilation only on architectures where it is supported - fixes FTBFS on ones where it isn't (Closes: 745114) * Verbose build logs (Closes: 745069) pcre3 (1:8.31-3) unstable; urgency=medium * Enable JIT regex compilation (http://sljit.sourceforge.net/pcre). Note that this has no effect by default so should not break anything; to use it you need to pass a flag to pcre_compile_regex() (Closes: 740954) * Changed shlibs:Depends to 8.20 as pcre_free_study() is not in older versions (Closes: 743164) pcre3 (1:8.31-2) unstable; urgency=low * Build -dev package as Multi-arch: same. Thanks Steve Langasek / Ubuntu for the patch (Closes: 696217) pcre3 (1:8.31-1) unstable; urgency=low * New upstream release * Applied patch from upstream bugzilla #1287 to fix bug where wrong value is in re_nsub in some cases (Closes: #686495) pcre3 (1:8.30-5) unstable; urgency=low * There is no use in including debug information for the libraries from the udeb in the debug package; more importantly, because the installation system isn't multiarch, if they are included they result in arch specific files in arch independent paths (debug package is Multi-arch:same). Removed. (Closes: #670018) pcre3 (1:8.30-4) unstable; urgency=low * Reluctantly using an epoch, as it seems the funny version number with extra dots causes problems * Bumped standard version to 3.9.3. No changes needed * Converted to use new source format / quilt * Put back obsolete pcre_info() API that up * Don't include pcregrep binary in debug package Thanks to Elimar Riesebieter for the conversion to the new source format. -- Matthias Klose <[email protected]> Mon, 08 Apr 2019 14:41:46 +0200 ** Changed in: pcre3 (Ubuntu Cosmic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8964 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2325 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2326 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3210 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1283 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6004 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7186 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcre3 in Ubuntu. https://bugs.launchpad.net/bugs/1823667 Title: SRU: pcre3 ftbfs with cosmic toolchain updates Status in pcre3 package in Ubuntu: In Progress Status in pcre3 source package in Cosmic: Fix Released Bug description: Fix the symbols file error by backporting the disco upload, marking more symbols as optional. Test case: the package builds, in current 18.10, and with the planned toolchain updates in ppa:ubuntu-toolchain-r/ppa. Regression potential: Should be the same as for every no-change rebuild. https://launchpadlibrarian.net/418304485/buildlog_ubuntu-cosmic- amd64.pcre3_2%3A8.39-11_BUILDING.txt.gz dh_makeshlibs -plibpcre3 --add-udeb="libpcre3-udeb" -V 'libpcre3 (>= 1:8.35)' -- -c4 dh_makeshlibs -plibpcrecpp0v5 -V 'libpcrecpp0v5 (>= 7.7)' -- -c4 dpkg-gensymbols: warning: some symbols or patterns disappeared in the symbols file: see diff output below dpkg-gensymbols: warning: debian/libpcrecpp0v5/DEBIAN/symbols doesn't match completely debian/libpcrecpp0v5.symbols --- debian/libpcrecpp0v5.symbols (libpcrecpp0v5_2:8.39-11_amd64) +++ dpkg-gensymbolsc5z0KV 2019-04-08 00:54:17.137602850 +0000 @@ -80,9 +80,9 @@ (c++)"pcrecpp::Scanner::SetSkipExpression(char const*)@Base" 7.7 (c++)"pcrecpp::Scanner::Skip(char const*)@Base" 7.7 (c++)"pcrecpp::Scanner::~Scanner()@Base" 7.7 -#MISSING: 2:8.39-9# (c++|optional=STL)"std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_insert_aux(__gnu_cxx::__normal_iterator<pcrecpp::StringPiece*, std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> > >, pcrecpp::StringPiece const&)@Base" 7.7 +#MISSING: 2:8.39-11# (c++|optional=STL)"std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_insert_aux(__gnu_cxx::__normal_iterator<pcrecpp::StringPiece*, std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> > >, pcrecpp::StringPiece const&)@Base" 7.7 (c++|optional=STL)"void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag)@Base" 2:8.39-10 -#MISSING: 2:8.39-9# (c++|optional=STL)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_emplace_back_aux<pcrecpp::StringPiece>(pcrecpp::StringPiece&&)@Base" 2:8.39-2 +#MISSING: 2:8.39-11# (c++|optional=STL)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_emplace_back_aux<pcrecpp::StringPiece>(pcrecpp::StringPiece&&)@Base" 2:8.39-2 (c++|optional=STL)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_realloc_insert<pcrecpp::StringPiece const&>(__gnu_cxx::__normal_iterator<pcrecpp::StringPiece*, std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> > >, pcrecpp::StringPiece const&)@Base" 2:8.39-4 (c++|optional=STL)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_realloc_insert<pcrecpp::StringPiece>(__gnu_cxx::__normal_iterator<pcrecpp::StringPiece*, std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> > >, pcrecpp::StringPiece&&)@Base" 2:8.39-9 - (c++)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::emplace_back<pcrecpp::StringPiece>(pcrecpp::StringPiece&&)@Base" 2:8.39-10 +#MISSING: 2:8.39-11# (c++)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::emplace_back<pcrecpp::StringPiece>(pcrecpp::StringPiece&&)@Base" 2:8.39-10 dh_makeshlibs: failing due to earlier errors make: *** [debian/rules:116: binary-arch] Error 2 dpkg-buildpackage: error: fakeroot debian/rules binary subprocess returned exit status 2 -------------------------------------------------------------------------------- Build finished at 20190408-0054 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1823667/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
