[Bug 1823667] Re: SRU: pcre3 ftbfs with cosmic toolchain updates
Launchpad Bug Tracker
1823667 at bugs.launchpad.net
Tue Apr 23 09:06:41 UTC 2019
This bug was fixed in the package pcre3 - 2:8.39-12~18.10
---------------
pcre3 (2:8.39-12~18.10) cosmic-proposed; urgency=medium
* SRU: LP: #1823667.
pcre3 (2:8.39-12) unstable; urgency=medium
* Patch from Andrej Shadura <andrew.shadura at collabora.co.uk> to mark one
more STL symbol as optional (Closes: #923743).
pcre3 (2:8.39-11) unstable; urgency=medium
[ Matthias Klose ]
* Mark 2 STL symbols as optional (Closes: #904008)
[ Matthew Vernon ]
* Bump debian/compat to 11 (Closes: #646973)
* Fixes to debian/rules so package builds with dh compat 11
pcre3 (2:8.39-10) unstable; urgency=high
* Update symbols file (Closes: #897834
pcre3 (2:8.39-9) unstable; urgency=medium
* Update symbols file (Closes: #888921)
pcre3 (2:8.39-8) unstable; urgency=medium
* drive ulimit correctly (Closes: #876299)
pcre3 (2:8.39-7) unstable; urgency=low
* increase stack limit before running tests (Closes: #876299)
pcre3 (2:8.39-6) unstable; urgency=medium
* patch from Sergei from MariaDB (via Ondřej Surý) to fix stack frame
size detection (Closes: #878107, #876299)
pcre3 (2:8.39-5) unstable; urgency=medium
* patch from Katsuhiko Nishimra to symbols file to fix FTBFS with gcc7
(Closes: #876046, #853606)
pcre3 (2:8.39-4) unstable; urgency=low
* Remove now-deprecated Pre-Depends on multiarch-support (not needed
since jessie) (Closes: #865987)
pcre3 (2:8.39-3) unstable; urgency=high
* CVE-2017-7186: invalid Unicode property lookup may cause denial of
service (Closes: #858238)
pcre3 (2:8.39-2.1) unstable; urgency=high
* Non-maintainer upload.
* CVE-2017-6004: crafted regular expression may cause denial of service
(Closes: #855405)
pcre3 (2:8.39-2) unstable; urgency=low
* Update symbols file to reflect compilation with gcc6 (Closes:
#811969)
pcre3 (2:8.39-1) unstable; urgency=medium
[ Ian Jackson ]
* New upstream version (Closes: #832354).
- Drop CVE-2016-1283.patch (now in upstream).
- Adjusted sonames: bumped each minor number where upstream
bumped theirs.
[ Matthew Vernon ]
* Add notes encouraging people to move to pcre2
pcre3 (2:8.38-3.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2016-1283: heap buffer overflow in handling of duplicate named
groups (Closes: #809706)
pcre3 (2:8.38-3) unstable; urgency=low
* Apply Ubuntu patch from Iain Lane (modified by Graham Inggs) to add
symbols files (Closes: #767374)
pcre3 (2:8.38-2) unstable; urgency=low
* Apply upstream patch to fix workspace overflow for (*ACCEPT) with
deeply nested parentheses (Closes: #815921)
pcre3 (2:8.38-1) unstable; urgency=low
* New upstream version
pcre3 (2:8.35-8) unstable; urgency=low
* Remove conflicts with long-vanished pcre{1,2}-dev packages (so new
PCRE2 packages can co-exist)
pcre3 (2:8.35-7.4) unstable; urgency=medium
* Non-maintainer upload.
* Fix copy-and-paste error in Disable_JIT_on_sparc64.patch.
pcre3 (2:8.35-7.3) unstable; urgency=medium
* Non-maintainer upload.
* Add Disable_JIT_on_sparc64.patch to disable JIT on sparc64. The patch
no_jit_x32_powerpcspe.patch to disable JIT on powerpcspe was already
added in 2:8.35-6 (Closes: #765079).
pcre3 (2:8.35-7.2) unstable; urgency=low
* Non-maintainer upload (with maintainer's permission).
* Add Fix-compiler-crash-misbehaviour-for-zero-repeated-gr.patch.
Fixes "PCRE Library Stack Overflow Vulnerability" (Upstream bug 1503)
* Add Fix-compile-time-loop-for-recursive-reference-within.patch.
Fixes "PCRE Call Stack Overflow Vulnerability" (Upstream bug 1515)
* Add 794589-information-disclosure.patch.
Fixes "pcre_exec does not fill offsets for certain regexps" leading to
information disclosure. (Closes: #794589)
* Add Fix-bad-compile-for-groups-like-2-0-1999.patch.
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
* Add Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch.
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
* Add Fix-buffer-overflow-for-named-recursive-back-referen.patch.
CVE-2015-3210: heap buffer overflow in pcre_compile2() /
compile_regex(). (Closes: #787433)
pcre3 (2:8.35-7.1) unstable; urgency=medium
* Rename libpcrecpp0 to libpcrecpp0v5. Addresses: #791236.
* Add Conflict/Replaces to the old library.
* Add libpcrecpp0v5 symbols file for GCC 5.
pcre3 (2:8.35-7) unstable; urgency=medium
* Apply upstream patch to fix buffer overflow for forward reference
within backward assertion with excess closing parenthesis
(Closes: #790000)
pcre3 (2:8.35-6) unstable; urgency=low
[ Thorsten Glaser ]
* Re-add patch disabling JIT on powerpcspe and x32 (Closes: #760327)
* Add back missing debian/changelog entries for 1:8.35-3.2 and 1:8.36-1
pcre3 (2:8.35-5) unstable; urgency=low
* re-enable jit on ppc64el (by dropping the patch that disables it)
(Closes: #786530)
* patch from Frederic Bonnard to fix the watch file (Closes: #785726)
pcre3 (2:8.35-4) experimental; urgency=medium
[ Mattia Rizzolo ]
* Add a libpcre16-3 package with the 16 bit pcre16 library (Closes: 748781).
* Add a libpcre32-3 package with the 32 bit pcre32 library.
[ Matthew Vernon ]
* Adopt this package (Closes: #772994)
pcre3 (2:8.35-3.3) unstable; urgency=medium
* Non-maintainer upload.
* Upstream patch for heap buffer overflow, CVE-2014-8964, taken from
1:8.36-1 (Closes: #770478)
Thanks to Salvatore Bonaccorso for the reminder.
pcre3 (2:8.35-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Update shlibs dependency to 1:8.35 for new symbol introduced in upstream
version 8.35 (Closes: #767907)
* Revert upload of upstream version 8.36 to allow this upload to migrate to
jessie.
pcre3 (1:8.36-1) unstable; urgency=medium
* New upstream release
* Upped shlibs dependency to 8.35 (Closes: #767903)
* Upstream patch for heap buffer overflow, CVE-2014-8964 (Closes: #770478)
pcre3 (1:8.35-3.2) unstable; urgency=low
* Non-maintainer upload with maintainer permission.
* Disable JIT on x32 and powerpcspe (Closes: #760327).
pcre3 (1:8.35-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Enable build hardening flags (closes: #656008).
pcre3 (1:8.35-3) unstable; urgency=medium
Thanks to Simon McVittie for all of the work on this:
* Run tests with VERBOSE=1 so we can see the logs for failing tests
(Closes: #755052)
* Apply part of upstream r1472 to fix undefined behaviour when parsing
{n} or {m,n} quantifiers, which causes mis-parsing and test failures
under gcc 4.9 (Closes: #751828)
pcre3 (1:8.35-2) unstable; urgency=medium
* Build-depends on auto-reconf (Closes: 754540)
pcre3 (1:8.35-1) unstable; urgency=medium
* New upstream release
* Use dh-autoreconf
* Disable JIT on ppc64el (Closes: 751390) (Thanks Erwan Prioul)
pcre3 (1:8.31-5) unstable; urgency=medium
* Previous attempt at detecting JIT support didn't work when cross
compiling. Now runs the host compiler, and doesn't try to run the
output (Closes: 745222)
pcre3 (1:8.31-4) unstable; urgency=medium
* Enable JIT compilation only on architectures where it is supported -
fixes FTBFS on ones where it isn't (Closes: 745114)
* Verbose build logs (Closes: 745069)
pcre3 (1:8.31-3) unstable; urgency=medium
* Enable JIT regex compilation (http://sljit.sourceforge.net/pcre).
Note that this has no effect by default so should not break anything;
to use it you need to pass a flag to pcre_compile_regex()
(Closes: 740954)
* Changed shlibs:Depends to 8.20 as pcre_free_study() is not in older
versions (Closes: 743164)
pcre3 (1:8.31-2) unstable; urgency=low
* Build -dev package as Multi-arch: same. Thanks Steve Langasek / Ubuntu
for the patch (Closes: 696217)
pcre3 (1:8.31-1) unstable; urgency=low
* New upstream release
* Applied patch from upstream bugzilla #1287 to fix bug where wrong
value is in re_nsub in some cases (Closes: #686495)
pcre3 (1:8.30-5) unstable; urgency=low
* There is no use in including debug information for the libraries from
the udeb in the debug package; more importantly, because the
installation system isn't multiarch, if they are included they result
in arch specific files in arch independent paths (debug package is
Multi-arch:same). Removed. (Closes: #670018)
pcre3 (1:8.30-4) unstable; urgency=low
* Reluctantly using an epoch, as it seems the funny version number with
extra dots causes problems
* Bumped standard version to 3.9.3. No changes needed
* Converted to use new source format / quilt
* Put back obsolete pcre_info() API that up
* Don't include pcregrep binary in debug package
Thanks to Elimar Riesebieter for the conversion to the new source
format.
-- Matthias Klose <doko at ubuntu.com> Mon, 08 Apr 2019 14:41:46 +0200
** Changed in: pcre3 (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8964
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2325
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-2326
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3210
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1283
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6004
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7186
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pcre3 in Ubuntu.
https://bugs.launchpad.net/bugs/1823667
Title:
SRU: pcre3 ftbfs with cosmic toolchain updates
Status in pcre3 package in Ubuntu:
In Progress
Status in pcre3 source package in Cosmic:
Fix Released
Bug description:
Fix the symbols file error by backporting the disco upload, marking
more symbols as optional.
Test case: the package builds, in current 18.10, and with the planned toolchain updates in ppa:ubuntu-toolchain-r/ppa.
Regression potential: Should be the same as for every no-change rebuild.
https://launchpadlibrarian.net/418304485/buildlog_ubuntu-cosmic-
amd64.pcre3_2%3A8.39-11_BUILDING.txt.gz
dh_makeshlibs -plibpcre3 --add-udeb="libpcre3-udeb" -V 'libpcre3 (>= 1:8.35)' -- -c4
dh_makeshlibs -plibpcrecpp0v5 -V 'libpcrecpp0v5 (>= 7.7)' -- -c4
dpkg-gensymbols: warning: some symbols or patterns disappeared in the symbols file: see diff output below
dpkg-gensymbols: warning: debian/libpcrecpp0v5/DEBIAN/symbols doesn't match completely debian/libpcrecpp0v5.symbols
--- debian/libpcrecpp0v5.symbols (libpcrecpp0v5_2:8.39-11_amd64)
+++ dpkg-gensymbolsc5z0KV 2019-04-08 00:54:17.137602850 +0000
@@ -80,9 +80,9 @@
(c++)"pcrecpp::Scanner::SetSkipExpression(char const*)@Base" 7.7
(c++)"pcrecpp::Scanner::Skip(char const*)@Base" 7.7
(c++)"pcrecpp::Scanner::~Scanner()@Base" 7.7
-#MISSING: 2:8.39-9# (c++|optional=STL)"std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_insert_aux(__gnu_cxx::__normal_iterator<pcrecpp::StringPiece*, std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> > >, pcrecpp::StringPiece const&)@Base" 7.7
+#MISSING: 2:8.39-11# (c++|optional=STL)"std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_insert_aux(__gnu_cxx::__normal_iterator<pcrecpp::StringPiece*, std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> > >, pcrecpp::StringPiece const&)@Base" 7.7
(c++|optional=STL)"void std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>(char const*, char const*, std::forward_iterator_tag)@Base" 2:8.39-10
-#MISSING: 2:8.39-9# (c++|optional=STL)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_emplace_back_aux<pcrecpp::StringPiece>(pcrecpp::StringPiece&&)@Base" 2:8.39-2
+#MISSING: 2:8.39-11# (c++|optional=STL)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_emplace_back_aux<pcrecpp::StringPiece>(pcrecpp::StringPiece&&)@Base" 2:8.39-2
(c++|optional=STL)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_realloc_insert<pcrecpp::StringPiece const&>(__gnu_cxx::__normal_iterator<pcrecpp::StringPiece*, std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> > >, pcrecpp::StringPiece const&)@Base" 2:8.39-4
(c++|optional=STL)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::_M_realloc_insert<pcrecpp::StringPiece>(__gnu_cxx::__normal_iterator<pcrecpp::StringPiece*, std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> > >, pcrecpp::StringPiece&&)@Base" 2:8.39-9
- (c++)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::emplace_back<pcrecpp::StringPiece>(pcrecpp::StringPiece&&)@Base" 2:8.39-10
+#MISSING: 2:8.39-11# (c++)"void std::vector<pcrecpp::StringPiece, std::allocator<pcrecpp::StringPiece> >::emplace_back<pcrecpp::StringPiece>(pcrecpp::StringPiece&&)@Base" 2:8.39-10
dh_makeshlibs: failing due to earlier errors
make: *** [debian/rules:116: binary-arch] Error 2
dpkg-buildpackage: error: fakeroot debian/rules binary subprocess returned exit status 2
--------------------------------------------------------------------------------
Build finished at 20190408-0054
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1823667/+subscriptions
More information about the foundations-bugs
mailing list