Change logs for pcre3 source package in Stretch

pcre3 (2:8.39-3) unstable; urgency=high

  * CVE-2017-7186: invalid Unicode property lookup may cause denial of
    service (Closes: #858238)

 -- Matthew Vernon <email address hidden>  Tue, 21 Mar 2017 22:03:19 +0000

pcre3 (2:8.39-2.1) unstable; urgency=high

  * Non-maintainer upload.
  * CVE-2017-6004: crafted regular expression may cause denial of service
    (Closes: #855405)

 -- Salvatore Bonaccorso <email address hidden>  Fri, 17 Feb 2017 15:56:09 +0100

pcre3 (2:8.39-2) unstable; urgency=low

  * Update symbols file to reflect compilation with gcc6 (Closes: #811969)

 -- Matthew Vernon <email address hidden>  Fri, 19 Aug 2016 09:04:15 +0100

pcre3 (2:8.39-1) unstable; urgency=medium

  [ Ian Jackson ]
  * New upstream version (Closes: #832354).
    - Drop CVE-2016-1283.patch (now in upstream).
    - Adjusted sonames: bumped each minor number where upstream
      bumped theirs.

  [ Matthew Vernon ]
  * Add notes encouraging people to move to pcre2
  
 -- Matthew Vernon <email address hidden>  Thu, 28 Jul 2016 16:58:55 +0100

pcre3 (2:8.38-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * CVE-2016-1283: heap buffer overflow in handling of duplicate named
    groups (Closes: #809706)

 -- Salvatore Bonaccorso <email address hidden>  Tue, 22 Mar 2016 21:05:13 +0100

pcre3 (2:8.38-3) unstable; urgency=low

  * Apply Ubuntu patch from Iain Lane (modified by Graham Inggs) to add
    symbols files (Closes: #767374)

 -- Matthew Vernon <email address hidden>  Sun, 28 Feb 2016 11:24:52 +0000

pcre3 (2:8.38-1) unstable; urgency=low

  * New upstream version

 -- Matthew Vernon <email address hidden>  Tue, 22 Dec 2015 13:37:39 +0000

pcre3 (2:8.35-8) unstable; urgency=low

  * Remove conflicts with long-vanished pcre{1,2}-dev packages (so new PCRE2 packages can co-exist)

 -- Matthew Vernon <email address hidden>  Sat, 21 Nov 2015 15:35:13 +0000

pcre3 (2:8.35-7.4) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix copy-and-paste error in Disable_JIT_on_sparc64.patch.

 -- John Paul Adrian Glaubitz <email address hidden>  Mon, 02 Nov 2015 18:51:13 +0100

pcre3 (2:8.35-7.2) unstable; urgency=low

  * Non-maintainer upload (with maintainer's permission).
  * Add Fix-compiler-crash-misbehaviour-for-zero-repeated-gr.patch.
    Fixes "PCRE Library Stack Overflow Vulnerability" (Upstream bug 1503)
  * Add Fix-compile-time-loop-for-recursive-reference-within.patch.
    Fixes "PCRE Call Stack Overflow Vulnerability" (Upstream bug 1515)
  * Add 794589-information-disclosure.patch.
    Fixes "pcre_exec does not fill offsets for certain regexps" leading to
    information disclosure. (Closes: #794589)
  * Add Fix-bad-compile-for-groups-like-2-0-1999.patch.
    CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
  * Add Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch.
    CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
  * Add Fix-buffer-overflow-for-named-recursive-back-referen.patch.
    CVE-2015-3210: heap buffer overflow in pcre_compile2() /
    compile_regex(). (Closes: #787433)

 -- Salvatore Bonaccorso <email address hidden>  Fri, 11 Sep 2015 20:04:19 +0200

pcre3 (2:8.35-7.1) unstable; urgency=medium

  * Rename libpcrecpp0 to libpcrecpp0v5. Addresses: #791236.
  * Add Conflict/Replaces to the old library.
  * Add libpcrecpp0v5 symbols file for GCC 5.

 -- Matthias Klose <email address hidden>  Tue, 04 Aug 2015 20:23:03 +0200

pcre3 (2:8.35-7) unstable; urgency=medium

  * Apply upstream patch to fix buffer overflow for forward reference
    within backward assertion with excess closing parenthesis 
    (Closes: #790000)

 -- Matthew Vernon <email address hidden>  Fri, 26 Jun 2015 08:08:55 +0100

pcre3 (2:8.35-6) unstable; urgency=low

  [ Thorsten Glaser ]
  * Re-add patch disabling JIT on powerpcspe and x32 (Closes: #760327)
  * Add back missing debian/changelog entries for 1:8.35-3.2 and 1:8.36-1

 -- Matthew Vernon <email address hidden>  Sat, 13 Jun 2015 11:45:25 +0100

pcre3 (2:8.35-5) unstable; urgency=low

  * re-enable jit on ppc64el (by dropping the patch that disables it)
    (Closes: #786530)
  * patch from Frederic Bonnard to fix the watch file (Closes: #785726)

 -- Matthew Vernon <email address hidden>  Tue, 26 May 2015 08:27:56 +0100

pcre3 (2:8.35-3.3+deb8u4) jessie; urgency=medium

  * Non-maintainer upload.
  * Add 0001-Fixed-an-issue-with-nested-table-jumps.patch.
    Fixes issue with nested table jumps. (Closes: #819050)

 -- Salvatore Bonaccorso <email address hidden>  Fri, 25 Mar 2016 19:58:10 +0100

pcre3 (2:8.35-3.3+deb8u2) jessie; urgency=medium

  * Non-maintainer upload.
  * Add additional CVE references and bug closer to previous changelog.
    CVE-2015-2327 fix was included in the previous 2:8.35-3.3+deb8u1 upload.
    CVE-2015-8384 different issue than CVE-2015-3210 but fixed with same
    commit.
    CVE-2015-8388 different issue than CVE-2015-5073 but fixed with same
    commit.
    Add bug closer to bugs in the BTS retrospectively.
  * Add 0001-Fix-compile-time-loop-for-recursive-reference-within.patch.
    CVE-2015-2328: Stack-based buffer overflow in compile_regex().
  * Add 794589-information-disclosure.patch.
    CVE-2015-8382: Fix "pcre_exec does not fill offsets for certain regexps"
    leading to information disclosure. (Closes: #794589)
  * Add 0001-Fix-buffer-overflow-for-repeated-conditional-when-re.patch.
    CVE-2015-8383: Buffer overflow caused by repeated conditional group.
  * Add 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch.
    CVE-2015-8385: Buffer overflow caused by forward reference by name to
    certain group.
  * Add 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch.
    CVE-2015-8386: Buffer overflow caused by lookbehind assertion.
  * Add 0001-Add-integer-overflow-check-to-n-code.patch.
    CVE-2015-8387: Integer overflow in subroutine calls.
  * Add 0001-Fix-overflow-when-ovector-has-size-1.patch.
    CVE-2015-8380: Heap-based buffer overflow in pcre_exec. (Closes: #806467)
  * Add 0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch.
    CVE-2015-8389: Infinite recursion in JIT compiler when processing
    certain patterns.
  * Add 0001-Fix-bug-for-classes-containing-sequences.patch.
    CVE-2015-8390: Reading from uninitialized memory when processing certain
    patterns.
  * Add 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch.
    CVE-2015-8391: Some pathological patterns causes pcre_compile() to run
    for a very long time.
  * Add 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch.
    CVE-2015-8392: Buffer overflow caused by certain patterns with
    duplicated named groups.
  * Add 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch.
    CVE-2015-8393: Information leak when running pcgrep -q on crafted
    binary.
  * Add 0001-Add-missing-integer-overflow-checks.patch.
    CVE-2015-8394: Integer overflow caused by missing check for certain
    conditions.
  * Add 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch.
    CVE-2015-8381: Heap Overflow in compile_regex().
    CVE-2015-8395: Buffer overflow caused by certain references.
    (Closes: #796762)

 -- Salvatore Bonaccorso <email address hidden>  Tue, 29 Dec 2015 09:19:11 +0100

pcre3 (2:8.35-3.3) unstable; urgency=medium


  * Non-maintainer upload.
  * Upstream patch for heap buffer overflow, CVE-2014-8964, taken from
    1:8.36-1 (Closes: #770478)
    Thanks to Salvatore Bonaccorso for the reminder.

 -- Ivo De Decker <email address hidden>  Sat, 06 Dec 2014 19:58:19 +0100