pcre3 (1:8.31-2ubuntu2.2) trusty-security; urgency=medium * SECURITY UPDATE: fix multiple security issues by applying patches from Debian jessie package: - 0001-Fix-overflow-when-ovector-has-size-1.patch - 794589-information-disclosure.patch - 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch - 0001-Add-integer-overflow-check-to-n-code.patch - 0001-Fix-bug-for-classes-containing-sequences.patch - 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch - 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch - 0001-Add-missing-integer-overflow-checks.patch - 0001-Fix-compile-time-loop-for-recursive-reference-within.patch - 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch - CVE-2015-2328, CVE-2015-8380, CVE-2015-8382, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394 * SECURITY UPDATE: denial of service via pattern containing (*ACCEPT) substring with nested parantheses - debian/patches/apply-upstream-revision-1631-closes-8159: fix workspace overflow for (*ACCEPT) with deeply nested parentheses in pcreposix.c, pcre_compile.c, pcre_internal.h, add tests to testdata/testoutput11-8, testdata/testoutput11-16, testdata/testinput11. - CVE-2016-3191 * debian/rules: set make check to verbose. -- Marc Deslauriers Fri, 25 Mar 2016 07:55:28 -0400 pcre3 (1:8.31-2ubuntu2.1) trusty-security; urgency=low [ Seyeong Kim ] * SECURITY UPDATE: Heap buffer overflow in pcregrep - debian/patches/cve-2014-8964.patch: add ecode check. Based on upstream - CVE-2014-8964 * SECURITY UPDATE: PCRE Library Heap Overflow Vulnerability - debian/patches/cve-2015-2325.patch: change some variables pointer to integer, and related contents. Based on upstream patch - CVE-2015-2325 * SECURITY UPDATE: PCRE Library Heap overflow Vulnerability II - debian/patches/cve-2015-2326.patch: take save_hwm_offset out from adjust_recurse. Based on upstream patch - CVE-2015-2326 * SECURITY UPDATE: PCRE Library Heap Overflow Vulnerability in find_fixedlength() - debian/patches/cve-2015-5073.patch: add compare errorcode missing test code. Based on upstream patch - CVE-2015-5073 [ Marc Deslauriers ] * debian/patches/cve-2015-2325.patch: updated to fix test suite failure because of lack of auto-possessification in older pcre. -- Marc Deslauriers Fri, 24 Jul 2015 07:57:19 -0400 pcre3 (1:8.31-2ubuntu2) trusty; urgency=low * Don't patch the soname in the generated configure file, but in configure.ac. * Add symbols files to catch the practice to only change the soname in the generated files. -- Matthias Klose Tue, 03 Dec 2013 14:18:01 +0100 pcre3 (1:8.31-2ubuntu1) trusty; urgency=low * Use dh-autoreconf to update config files. * Use explicit stamp for the configure target. * Honor dpkg-buildflags. * Enable parallel builds. * Configure with --disable-silent-rules. -- Matthias Klose Tue, 03 Dec 2013 12:58:45 +0100 pcre3 (1:8.31-2) unstable; urgency=low * Build -dev package as Multi-arch: same. Thanks Steve Langasek / Ubuntu for the patch (Closes: 696217) -- Mark Baker Thu, 03 Jan 2013 20:30:05 +0000 pcre3 (1:8.31-1) unstable; urgency=low * New upstream release * Applied patch from upstream bugzilla #1287 to fix bug where wrong value is in re_nsub in some cases (Closes: #686495) -- Mark Baker Thu, 13 Sep 2012 19:58:45 +0100 pcre3 (1:8.30-5) unstable; urgency=low * There is no use in including debug information for the libraries from the udeb in the debug package; more importantly, because the installation system isn't multiarch, if they are included they result in arch specific files in arch independent paths (debug package is Multi-arch:same). Removed. (Closes: #670018) -- Mark Baker Tue, 01 May 2012 22:38:42 +0100 pcre3 (1:8.30-4) unstable; urgency=low * Reluctantly using an epoch, as it seems the funny version number with extra dots causes problems * Bumped standard version to 3.9.3. No changes needed * Converted to use new source format / quilt * Put back obsolete pcre_info() API that up * Don't include pcregrep binary in debug package Thanks to Elimar Riesebieter for the conversion to the new source format. -- Mark Baker Fri, 23 Mar 2012 22:34:54 +0000 pcre3 (8.30..-3) unstable; urgency=low * configure: fixed libpcreposix version (this is not the same bug as the previous one, though it's in the same few lines) -- Mark Baker Thu, 22 Mar 2012 19:45:03 +0000 pcre3 (8.30..-2) unstable; urgency=low * configure: Correct library version so soname is libpcre.so.3 instead of .2 (Closes: #664983) * Horrible version number is because of NMU of "8.30.really8.12-1.1"; this will sort between that and 8.31-1 -- Mark Baker Thu, 22 Mar 2012 17:52:35 +0000 pcre3 (8.30-1) unstable; urgency=low * New upstream release (Closes:#664166) -- Mark Baker Wed, 21 Mar 2012 21:03:39 +0000 pcre3 (8.12-4) unstable; urgency=low * Multi-arch support. Thanks Steve Langasek for patch (Closes: 634250) -- Mark Baker Mon, 18 Jul 2011 21:59:44 +0100 pcre3 (8.12-3) unstable; urgency=low * debian/rules: Increased shlib version to 8.10 (Closes: #612942, #613227, #613469, #614012, #615019) -- Mark Baker Sun, 20 Feb 2011 12:46:44 +0000 pcre3 (8.12-2) unstable; urgency=low * Include changes from Stéphane's NMU (including fix for bug 581202) that were accidentally omitted in previous release. * debian/control: -dbg package should be section debug, priority extra -- Mark Baker Tue, 08 Feb 2011 20:38:49 +0000 pcre3 (8.12-1) unstable; urgency=low * New upstream release (Closes: #554242) -- Mark Baker Mon, 07 Feb 2011 23:53:42 +0000 pcre3 (8.02-1.1) unstable; urgency=low * Non-maintainer upload. * Add explicit Breaks to applications using libpcre-ocaml, to allow proper upgrades from lenny (Closes: #581202) * Add debian/watch * Add debian/source/format * Remove duplicate fields spotted by Lintian * Promote XC-Package-Type field to Package-Type -- Stéphane Glondu Sat, 31 Jul 2010 16:05:27 -0400 pcre3 (8.02-1) unstable; urgency=low * New upstream release -- Mark Baker Fri, 07 May 2010 21:18:05 +0100 pcre3 (7.8-3) unstable; urgency=low * debian/rules: Install main library in /lib (Closes: 350468, #549608) * debian/pcre-config.1: Minor formatting changes (thanks Alexander Peslyak) (Closes: 338658) * Makefile.am,Makefile.in: Added libpcre.la to LDADD for various things; apparently this will make it cross-build successfully (Closes: 492565) * debian/control: Added ${misc:Depends} to dependencies for all the binary packages * debian/rules: Don't ignore errors from make distclean -- Mark Baker Wed, 07 Oct 2009 00:05:25 +0100 pcre3 (7.8-2) unstable; urgency=low * debian/rules: Bumped shlib version to 7.7 because of new feature in that version (Closes: #500987) -- Mark Baker Sun, 05 Oct 2008 17:06:46 +0100 pcre3 (7.8-1) unstable; urgency=low * New upstream release -- Mark Baker Sun, 21 Sep 2008 21:23:00 +0100 pcre3 (7.6-2.1) unstable; urgency=high * Non-maintainer upload. * Fix heap overflow in the pcre compiler triggered by patterns which contain options and multiple branches (CVE-2008-2371; Closes: #488919). * debian/rules (patch by Bryan Donlan): Update shlibdeps invocation for libpcrecpp0 due to new symbols (Closes: #476925). * debian/copyright: replace license information with the current license information shipped with upstream sources (Closes: #489318). -- Nico Golde Mon, 14 Jul 2008 19:13:11 +0200 pcre3 (7.6-2) unstable; urgency=low * pcrecpp.cc: Applied patch from PCRE bugzilla (bug 664) to fix ABI breakage (Closes: #463170, #463266, #463413, #464974) -- Mark Baker Wed, 13 Feb 2008 22:19:35 +0000 pcre3 (7.6-1) unstable; urgency=low * New upstream release * Ship pcredemo.c in examples directory (Closes: #377587) -- Mark Baker Mon, 28 Jan 2008 23:01:05 +0000 pcre3 (7.4-1) unstable; urgency=low * Build a -dbg package with debug symbols Thanks to Sebastian Dröge ,for all of the following: * New upstream release (Closes: #453372). * debian/control, debian/rules: + Provide udeb (Closes: #443114). Build depend on debhelper (>= 5.0.22) for this. * debian/rules: + Bump shlibs to >= 7.4 (Closes: #449289). * debian/compat: + Update debhelper compat level to 5. * debian/control: + Update Standards-Version to 3.7.3, no additional changes needed. + Use ${binary:Version} instead of ${Source-Version} to make package binNMU safe. * debian/*.files, debian/*.install, debian/rules: + Convert from dh_movefiles to dh_install. * debian/*.dirs: + Removed, not necessary. -- Mark Baker Mon, 7 Jan 2008 21:03:34 +0000 pcre3 (7.3-2) unstable; urgency=low * Overloaded RE::Init(), for compatibility with PCRE 6.x API (Closes #436210). Thanks to Matthias Klose for the patch. * Increased shlibdeps from 4.5 to 6.0. 6.0 introduced a new function (pcre_compile2) to the API, so anything using that requires at least 6.0. (Closes #441345) -- Mark Baker Mon, 7 Jan 2008 21:02:52 +0000 pcre3 (7.3-1) unstable; urgency=low * New upstream release -- Mark Baker Tue, 28 Aug 2007 20:53:39 +0100 pcre3 (7.2-1) unstable; urgency=low * New upstream release (Closes: #420280) * debian/rules: dummy binary-indep target (Closes: #395730) -- Mark Baker Fri, 3 Aug 2007 23:06:28 +0100 pcre3 (6.7-1) unstable; urgency=low * New upstream release (Closes: #389305) -- Mark Baker Mon, 25 Sep 2006 23:24:55 +0100 pcre3 (6.4-2) unstable; urgency=low * Makefile.in: Install pcrepartial.3 (Closes: #362011) * doc/pcreapi.3, doc/pcre_version.3: document pcre_version() as returning a const char * not a char * (Closes: #278619) * debian/libpcre3-dev.files: install libpcre.pc (Closes: #359662) * doc/pcregrep.1: fixed typo (Closes: #310338) * debian/control: drop dummy pgrep package (Closes: #247550) -- Mark Baker Thu, 27 Apr 2006 22:32:06 +0100 pcre3 (6.4-1.1) unstable; urgency=low * Split out the C++ library into it's own package libpcrecpp0, as discussed in #339250. The C++ library was recently added, no package references the C++ library yet. Closes: #339250. * debian/rules: Remove testsavedregex in clean target. -- Matthias Klose Fri, 25 Nov 2005 07:59:14 +0100 pcre3 (6.4-1) unstable; urgency=low * New upstream release (Closes: 333191) -- Mark Baker Mon, 10 Oct 2005 23:14:53 +0100 pcre3 (6.3-1) unstable; urgency=low * New upstream release (Closes: 323761). * This includes fix to security issue CAN-2005-2491 (Closes: 324531) -- Mark Baker Sat, 27 Aug 2005 18:12:22 +0100 pcre3 (5.0-1.1) unstable; urgency=low * Non-maintainer upload. * Correct an alignment error in the pcretest.c test case, which was causing build failures on ia64 (closes: #309606). -- Steve Langasek Thu, 26 May 2005 05:15:34 +0000 pcre3 (5.0-1) unstable; urgency=low * New upstream release (Closes: #295287) - compatible, so same soname and package name can be used. * Compile with --enable-unicode-properties, a new feature of PCRE 5.0 * Removed . from description in control file * Included patch from Niibe Yutaka for cross building (Closes: #285407) Thanks Andreas for the NMU, which this is based on (Closes: #237644, #237265) -- Mark Baker Wed, 16 Feb 2005 21:47:14 +0000 pcre3 (4.5-1.1) unstable; urgency=low * NMU to fix rc-bugs. * Update libtool related files to fix build-error on mips, keep original config.in, as it is no generated file. (Closes: #237265) * pcregrep replaces pgrep. (Closes: #237564) * Bump shlibs, pcre 4.5 includes two new functions. * Let pgrep's /usr/share/doc symlink point to the package it depends on, pcregrep. -- Andreas Metzler Fri, 12 Mar 2004 13:23:02 +0100 pcre3 (4.5-1) unstable; urgency=low * New upstream release Thanks to Andreas Metzler for patches for all the following: * doc/pcregrep.1: added newline between synopsis for pcregrep and that for zpcregrp (Closes: #197899) * debian/control: Change package descriptions (Closes: #209904) * debian/rules and others: Renamed pgrep package to pcregrep, to match name of binary and avoid confusion with pgrep (which greps for processes, and is in the procps package; a dummy pgrep package will ease upgrades (Closes: #217076) -- Mark Baker Wed, 25 Feb 2004 20:49:33 +0000 pcre3 (4.3-4) unstable; urgency=low * debian/libpcre3.files: include pcrepattern(3) manpage in libpcre3 package instead of libpcre3-dev package. This means that anyone using a PCRE based application will have the man page available. -- Mark Baker Thu, 8 Jan 2004 21:19:51 +0000 pcre3 (4.3-3) unstable; urgency=low * ltmain.sh: Replaced with standard version from debian libtool package, but with Phil Hazel's patch applied (although I suspect his patch isn't necessary on debian systems). (Closes: #198147, #198668) I hope. -- Mark Baker Wed, 25 Jun 2003 21:09:22 +0100 pcre3 (4.3-2) unstable; urgency=low * pcretest.c: Cheat at test! Always print 40 instead of the size, because the size varies on different architectures, and we don't really want to fail the test because of this. -- Mark Baker Thu, 19 Jun 2003 21:00:39 +0100 pcre3 (4.3-1) unstable; urgency=low This release is entirely the work of Andreas Metzler . Thanks Andreas. * new upstream version (Closes: 182570) * this version apparently fixes infinite loop bug (Closes: 161184) * repacked using debhelper and upstream's Makefile. Switch to libtool's versioning scheme, see debian/README.Versioning.libtool for details. (Closes: #187371) * (however, don't ship .la files, they only give libtool strange ideas, see http://lists.debian.org/debian-devel/2003/debian-devel-200304/msg00827.html for an example.) * changed compile-options to really follow policy 3.5.7 * debian/control: changed description to say "Perl 5" as Perl 6, when it eventually appears, will have yet another different regex syntax (Closes: #166939) -- Mark Baker Mon, 16 Jun 2003 22:11:08 +0100 pcre3 (3.9-1) unstable; urgency=low * New upstream version (Closes: #119429, #161424) * Added zpcregrep script by Samuel Tardieu (Closes: #36897) * doc/pcregrep.1: mention zpcregrep * debian/rules: use && in test rule rather than -a option to test, for better POSIX compatibility (Closes: #158775) * debian/Makefile: build pcretest once with -rpath for doing tests, and once without, so that: * debian/rules: install pcretest program (Closes: #162998) * Don't create or remove /usr/doc/foo symlinks. This means that none of the packages have prerms and only libpcre3 has a postinst * debian/copyright: corrected to "Debian GNU/Linux" * debian/control: standards version updated to 3.5.7.0 * debian/rules: strip comment and note sections from libraries * The result of the last four changes is that it should now be lintian-clean apart from one caused by a known bug in lintian (see lintian bug #117260) (Closes: #162999) -- Mark Baker Sat, 26 Oct 2002 18:12:13 +0100 pcre3 (3.4-1.1) unstable; urgency=high * Non-maintainer upload. * Rebuild with a version of libc6 without a broken atexit() symbol (closes: #108597, critical). * Add to LD_LIBRARY_PATH rather than clobbering it, to avoid fakeroot dying (closes: #108661, #108891). -- Colin Watson Sun, 19 Aug 2001 20:43:28 +0100 pcre3 (3.4-1) unstable; urgency=low * new upstream version (Closes: #93876) -- Mark Baker Sat, 28 Apr 2001 00:05:22 +0100 pcre3 (3.3-5) unstable; urgency=low * debian/rules: install pcregrep as that name (only) rather than as pgrep with a symlink called pcregrep. This avoids a name clash with the process table grepper also called pgrep. * doc/pcregrep.1: change name of program being documented (back) to pcregrep. -- Mark Baker Tue, 23 Jan 2001 23:54:08 +0000 pcre3 (3.3-4) unstable; urgency=low * debian/rules: only install config files that are meant to be installed in libpcre3-dev package (Closes: #78354) * debian/Makefile: distclean target clears up configure output -- Mark Baker Wed, 29 Nov 2000 23:59:19 +0000 pcre3 (3.3-3) unstable; urgency=low * debian/rules: make debian/Makefile executable before trying to run it (Closes: #74316) -- Mark Baker Sun, 8 Oct 2000 21:18:15 +0100 pcre3 (3.3-2) unstable; urgency=low * debian/rules: pgrep should symlink to docs in /usr/doc/libpcre3, not /usr/doc/libpcre2 * debian/rules: manpage pgrep.1.gz should not be installed as executable! * debian/rules: pcregrep.1.gz is symlink to pgrep.1.gz * doc/pcre-config.1: basic manpage for pcre-config written * debian/rules: install pcre-config.1 * debian/rules: use -isp option to dpkg-gencontrol -- Mark Baker Tue, 22 Aug 2000 00:11:54 +0100 pcre3 (3.3-1) unstable; urgency=low * new package for pcre 3.x -- Mark Baker Sat, 19 Aug 2000 13:44:00 +0000 pcre2 (2.08-1) unstable; urgency=low What follows is the changelog from pcre2, up to the point where the pcre3 package was made. * new upstream version (#50386) * put -lc after -lpcre when linking libpcreposix (#50046) -- Mark Baker Thu, 18 Nov 1999 21:45:14 +0000 pcre2 (2.07-2) unstable; urgency=low * debian/rules: use /usr/share/doc and /usr/share/man, as mandated by policy 3.1.0 * debian/postinst: create /usr/doc symlink; don't install library * debian/postinst-lib (new file): create /usr/doc symlink and install library * debian/prerm: remove /usr/doc symlink * debian/rules: install postinst and prerm for all packages; but postinst-lib for library package -- Mark Baker Sat, 13 Nov 1999 18:57:59 +0000 pcre2 (2.07-1) unstable; urgency=low * new upstream version * pcre.c, pcre.h: new upstream version is incompatible with old one! I've done a nasty hack so that old binaries will still work. Old source won't, but at least it won't fail silently so this shouldn't be a major problem. * debian/rules: /usr/doc/pgrep should be a link to libpcre2, not libpcre1 (#42450) -- Mark Baker Tue, 3 Aug 1999 23:58:35 +0100 pcre2 (2.05-1) unstable; urgency=low * new upstream version (#36776) -- Mark Baker Tue, 27 Apr 1999 23:00:25 +0100 pcre2 (2.02-3) unstable; urgency=low * pcre.3: removed description of regular expression syntax and semantics * pcre.7: new file, containing material removed from above (this is so it can be put in the libpcre2 package (#34087) -- Mark Baker Fri, 5 Mar 1999 01:08:47 +0000 pcre2 (2.02-2) unstable; urgency=low * debian/rules: install copyright in correct location in libpcre2-dev; a typo before meant the package wouldn't install * debian/shlibs: update to refer to libpcre2 instead of libpcre1 -- Mark Baker Fri, 29 Jan 1999 00:12:00 +0000 pcre2 (2.02-1) unstable; urgency=low * first release of pcre2 * install source of pgrep (it's small) in /usr/doc/libpcre2-dev/examples -- Mark Baker Thu, 28 Jan 1999 00:45:00 +0000 pcre (1.09-2) unstable; urgency=low What follows is the changelog from pcre 1, up to the point where the pcre2 package was made. The changes are not that large but the API, and therefore the ABI, are changed so version 2 is not compatible. * pcreposix.c,pcreposix.h: prefixed function names with pcreposix_ * pcreposix.h: #defines so un-prefixed names can be used * These mean pcre routines will be used instead of the regex library built into libc (#22525) * debian/shlibs: pcreposix needs libpcre1 >=1.09-2 now * debian/rules: it's not pcre 1.01 any more. -- Mark Baker Sat, 30 May 1998 16:54:31 +0100 pcre (1.09-1) unstable; urgency=low * New upstream version -- Mark Baker Sat, 28 Feb 1998 21:29:07 +0000 pcre (1.08-1) unstable; urgency=low * New upstream version (new features, so in unstable only) -- Mark Baker Sat, 28 Feb 1998 21:29:07 +0000 pcre (1.06-3) unstable; urgency=low * Strip pgrep -- Mark Baker Sat, 28 Feb 1998 21:29:07 +0000 pcre (1.06-2) unstable; urgency=low * Extended description for pgrep * Compress manpage * Updated standards-version to 2.4.0.0 -- Mark Baker Mon, 9 Feb 1998 23:56:15 +0000 pcre (1.06-1) unstable; urgency=low * New upstream version (bug fixes) -- Mark Baker Sun, 25 Jan 1998 22:37:37 +0000 pcre (1.05-2) unstable; urgency=low * Remove debian/*~ in clean target * Only run ldconfig on "configure" -- Mark Baker Wed, 7 Jan 1998 21:14:51 +0000 pcre (1.05-1) unstable; urgency=low * New upstream version (bug fixes) -- Mark Baker Sat, 27 Dec 1997 11:26:32 +0000 pcre (1.02-1) unstable; urgency=low * New upstream version -- Mark Baker Sat, 13 Dec 1997 22:01:48 +0000 pcre (1.01-4) unstable; urgency=low * Use -fPIC instead of -fpic (identical on i386, but different on other architectures like m68k) * Nasty trick so pgrep gets the right dependencies whether or not libpcre1 is installed -- Mark Baker Tue, 2 Dec 1997 17:57:07 +0000 pcre (1.01-3) unstable; urgency=low * Apply patch to manpage from Karl Hegbloom * Rewritten makefile (copy sent upstream) -- Mark Baker Tue, 25 Nov 1997 12:12:05 +0000 pcre (1.01-2) unstable; urgency=low * Correct typo (libprce) in debian/rules * Use gcc instead of ld in makefile * Build static libraries * Use shlibdeps instead of hard-coding libc6 * Use --strip-unneeded when stripping -- Mark Baker Fri, 21 Nov 1997 23:52:06 +0000 pcre (1.01-1) unstable; urgency=low * Initial debian release -- Mark Baker Fri, 21 Nov 1997 20:36:13 +0000