summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/libpcre/libpcre2
Commit message (Collapse)AuthorAgeFilesLines
* libpcre2 : Follow up fix CVE-2022-1586Shinu Chandran2023-10-131-0/+30
| | | | | | | | | | | | | | | | | | | CVE-2022-1586 was originally fixed by OE commit https://github.com/openembedded/openembedded-core/commit/7f4daf88b71f through libpcre2 commit https://github.com/PCRE2Project/pcre2/commit/50a51cb7e672 The follow up patch is required to resolve a bug in the initial fix[50a51cb7e672] https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3 Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-1586 https://security-tracker.debian.org/tracker/CVE-2022-1586 (From OE-Core rev: 7e2fe508b456207fd991ece7621ef8ba24b89e59) Signed-off-by: Shinu Chandran <shinucha@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libpcre2: patch CVE-2022-41409Peter Marko2023-08-161-0/+74
| | | | | | | | | | Backport commit mentioned in NVD DB links. https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 (From OE-Core rev: c25b88fc321b7c050108b29c75c0a159e0754f84) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* pcre2: CVE-2022-1587 Out-of-bounds readHitendra Prajapati2022-06-111-0/+660
| | | | | | | | | | | | | | | Source: https://github.com/PCRE2Project/pcre2 MR: 118031 Type: Security Fix Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 ChangeID: 8fbc562b3e6b6a3674f435f6527a62afc67ef933 Description: CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c. (From OE-Core rev: 46323b9e0f44f58f6aae242ebf5a0101d8c36654) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pcre2: CVE-2022-1586 Out-of-bounds readHitendra Prajapati2022-05-281-0/+59
| | | | | | | | | | | | | | | | | | Source: https://github.com/PCRE2Project/pcre2 MR: 118027 Type: Security Fix Disposition: Backport from https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a ChangeID: e9b448d96a7e58b34b2c4069757a6f3ca0917713 Description: CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c. (From OE-Core rev: 7f4daf88b71f486ddc7140500d2b44181a99222f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre: refresh patchesRoss Burton2018-03-071-12/+12
| | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: eb7632f593b81066da4de44bc001974d6726a118) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre2: update to 10.30Armin Kuster2017-11-072-189/+0
| | | | | | | | | | | | | | LICENSE files changed: Amend licence to relax its conditions for chains of binary distributions. removed included patches includes CVE-2017-8399 (From OE-Core rev: d8ea0674d1feee803b75cf837e8d029619f8d663) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre2: Fix CVE-2017-7186Robert Yang2017-08-311-0/+96
| | | | | | | | | | | | | | | | A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the library. For who is interested in a detailed description of the bug, will follow a feedback from upstream: This was a genuine bug in the 32-bit library. Thanks for finding it. The crash was caused by trying to find a Unicode property for a code value greater than 0x10ffff, the Unicode maximum, when running in non-UTF mode (where character values can be up to 0xffffffff). (From OE-Core rev: 1b87201784e733f3a9d436f56cb5a6151ba6bdfa) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre2: Fix CVE-2017-8786Robert Yang2017-08-311-0/+93
| | | | | | | | | | | The pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. (From OE-Core rev: dd63a26fedb8a578d34850ede4c27e26b8876e7e) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre2: add it for newer vteRobert Yang2017-02-231-0/+65
There are two major versions of the PCRE library. The newest version, PCRE2, was released in 2015 and is at version 10.22. The original, very widely deployed PCRE library, originally released in 1997, is at version 8.40, and the API and feature set are stable, future releases will be for bugfixes only. All new future features will be to PCRE2, not the original PCRE 8.x series. The newer vte depends on libpcre2, so add it. (From OE-Core rev: f7165d379cb67c4d4918a8a3e9509d3d823d61da) (From OE-Core rev: 69c4d94dd6b825c710c6e76fe77e5255ddd1183d) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-12 10:28:27 +0000