From: Adolf Belka Date: Tue, 2 Sep 2025 07:30:44 +0000 (+0200) Subject: pcre2: Update to version 10.46 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5c924fdccb6cceacaf536d4710dd989c829a689f;p=ipfire-2.x.git pcre2: Update to version 10.46 - Update from version 10.45 to 10.46 - Update of rootfile - Changelog 10.46 This is a security-only release, to address CVE-2025-58050. Compared to 10.45, this release has only a minimal code change to prevent a read-past-the-end memory error, of arbitrary length. An attacker-controlled regex pattern is required, and it cannot be triggered by providing crafted subject (match) text. The (*ACCEPT) and (*scs:) pattern features must be used together. Release 10.44 and earlier are not affected. This could have implications of denial-of-service or information disclosure, and could potentially be used to escalate other vulnerabilities in a system (such as information disclosure being used to escalate the severity of an unrelated bug in another system). Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/common/pcre2 b/config/rootfiles/common/pcre2 index fc7ffed4e..c80d7453b 100644 --- a/config/rootfiles/common/pcre2 +++ b/config/rootfiles/common/pcre2 @@ -23,121 +23,121 @@ usr/lib/libpcre2-posix.so.3.0.6 #usr/lib/pkgconfig/libpcre2-32.pc #usr/lib/pkgconfig/libpcre2-8.pc #usr/lib/pkgconfig/libpcre2-posix.pc -#usr/share/doc/pcre-pcre2-10.45 -#usr/share/doc/pcre-pcre2-10.45/AUTHORS.md -#usr/share/doc/pcre-pcre2-10.45/COPYING -#usr/share/doc/pcre-pcre2-10.45/ChangeLog -#usr/share/doc/pcre-pcre2-10.45/LICENCE.md -#usr/share/doc/pcre-pcre2-10.45/NEWS -#usr/share/doc/pcre-pcre2-10.45/README -#usr/share/doc/pcre-pcre2-10.45/SECURITY.md -#usr/share/doc/pcre-pcre2-10.45/html -#usr/share/doc/pcre-pcre2-10.45/html/NON-AUTOTOOLS-BUILD.txt -#usr/share/doc/pcre-pcre2-10.45/html/README.txt -#usr/share/doc/pcre-pcre2-10.45/html/index.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2-config.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_callout_enumerate.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_code_copy.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_code_copy_with_tables.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_code_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_compile.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_compile_context_copy.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_compile_context_create.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_compile_context_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_config.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_convert_context_copy.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_convert_context_create.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_convert_context_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_converted_pattern_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_dfa_match.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_general_context_copy.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_general_context_create.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_general_context_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_get_error_message.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_get_mark.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_get_match_data_heapframes_size.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_get_match_data_size.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_get_ovector_count.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_get_ovector_pointer.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_get_startchar.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_jit_compile.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_jit_free_unused_memory.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_jit_match.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_jit_stack_assign.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_jit_stack_create.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_jit_stack_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_maketables.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_maketables_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_match.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_match_context_copy.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_match_context_create.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_match_context_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_match_data_create.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_match_data_create_from_pattern.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_match_data_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_pattern_convert.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_pattern_info.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_serialize_decode.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_serialize_encode.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_serialize_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_serialize_get_number_of_codes.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_bsr.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_callout.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_character_tables.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_compile_extra_options.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_compile_recursion_guard.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_depth_limit.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_glob_escape.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_glob_separator.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_heap_limit.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_match_limit.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_max_pattern_compiled_length.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_max_pattern_length.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_max_varlookbehind.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_newline.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_offset_limit.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_optimize.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_parens_nest_limit.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_recursion_limit.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_recursion_memory_management.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_substitute_callout.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_set_substitute_case_callout.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substitute.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_copy_byname.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_copy_bynumber.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_get_byname.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_get_bynumber.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_length_byname.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_length_bynumber.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_list_free.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_list_get.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_nametable_scan.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2_substring_number_from_name.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2api.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2build.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2callout.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2compat.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2convert.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2demo.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2grep.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2jit.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2limits.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2matching.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2partial.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2pattern.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2perform.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2posix.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2sample.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2serialize.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2syntax.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2test.html -#usr/share/doc/pcre-pcre2-10.45/html/pcre2unicode.html -#usr/share/doc/pcre-pcre2-10.45/pcre2-config.txt -#usr/share/doc/pcre-pcre2-10.45/pcre2.txt -#usr/share/doc/pcre-pcre2-10.45/pcre2grep.txt -#usr/share/doc/pcre-pcre2-10.45/pcre2test.txt +#usr/share/doc/pcre-pcre2-10.46 +#usr/share/doc/pcre-pcre2-10.46/AUTHORS.md +#usr/share/doc/pcre-pcre2-10.46/COPYING +#usr/share/doc/pcre-pcre2-10.46/ChangeLog +#usr/share/doc/pcre-pcre2-10.46/LICENCE.md +#usr/share/doc/pcre-pcre2-10.46/NEWS +#usr/share/doc/pcre-pcre2-10.46/README +#usr/share/doc/pcre-pcre2-10.46/SECURITY.md +#usr/share/doc/pcre-pcre2-10.46/html +#usr/share/doc/pcre-pcre2-10.46/html/NON-AUTOTOOLS-BUILD.txt +#usr/share/doc/pcre-pcre2-10.46/html/README.txt +#usr/share/doc/pcre-pcre2-10.46/html/index.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2-config.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_callout_enumerate.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_code_copy.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_code_copy_with_tables.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_code_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_compile.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_compile_context_copy.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_compile_context_create.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_compile_context_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_config.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_convert_context_copy.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_convert_context_create.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_convert_context_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_converted_pattern_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_dfa_match.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_general_context_copy.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_general_context_create.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_general_context_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_get_error_message.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_get_mark.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_get_match_data_heapframes_size.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_get_match_data_size.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_get_ovector_count.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_get_ovector_pointer.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_get_startchar.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_jit_compile.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_jit_free_unused_memory.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_jit_match.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_jit_stack_assign.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_jit_stack_create.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_jit_stack_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_maketables.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_maketables_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_match.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_match_context_copy.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_match_context_create.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_match_context_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_match_data_create.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_match_data_create_from_pattern.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_match_data_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_pattern_convert.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_pattern_info.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_serialize_decode.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_serialize_encode.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_serialize_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_serialize_get_number_of_codes.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_bsr.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_callout.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_character_tables.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_compile_extra_options.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_compile_recursion_guard.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_depth_limit.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_glob_escape.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_glob_separator.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_heap_limit.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_match_limit.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_max_pattern_compiled_length.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_max_pattern_length.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_max_varlookbehind.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_newline.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_offset_limit.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_optimize.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_parens_nest_limit.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_recursion_limit.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_recursion_memory_management.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_substitute_callout.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_set_substitute_case_callout.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substitute.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_copy_byname.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_copy_bynumber.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_get_byname.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_get_bynumber.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_length_byname.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_length_bynumber.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_list_free.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_list_get.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_nametable_scan.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2_substring_number_from_name.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2api.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2build.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2callout.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2compat.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2convert.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2demo.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2grep.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2jit.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2limits.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2matching.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2partial.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2pattern.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2perform.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2posix.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2sample.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2serialize.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2syntax.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2test.html +#usr/share/doc/pcre-pcre2-10.46/html/pcre2unicode.html +#usr/share/doc/pcre-pcre2-10.46/pcre2-config.txt +#usr/share/doc/pcre-pcre2-10.46/pcre2.txt +#usr/share/doc/pcre-pcre2-10.46/pcre2grep.txt +#usr/share/doc/pcre-pcre2-10.46/pcre2test.txt #usr/share/man/man1/pcre2-config.1 #usr/share/man/man1/pcre2grep.1 #usr/share/man/man1/pcre2test.1 diff --git a/lfs/pcre2 b/lfs/pcre2 index 34b71b393..900545323 100644 --- a/lfs/pcre2 +++ b/lfs/pcre2 @@ -24,7 +24,7 @@ include Config -VER = 10.45 +VER = 10.46 THISAPP = pcre2-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -54,7 +54,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = ec8a76cb28ef6680f8655828462551baf4e48019ff01e40bda2732b43b849bd69f8321238d7fa8f6b650ec88f7229a72928ad95d57423643f995d95264f5a4db +$(DL_FILE)_BLAKE2 = ebd501ba2105c847bb830c932bbfafef2e14583743f62b46af7671aa801eff0ca8b1ed9ce8252f9b091f18ef6e5ef38d47777f657d3ba3813be3d94856558080 install : $(TARGET)