Update dependency PCRE2Project/pcre2 to pcre2-10.47
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| PCRE2Project/pcre2 | minor |
pcre2-10.45 -> pcre2-10.47
|
MR created with the help of gitlab-org/frontend/renovate-gitlab-bot
Release Notes
PCRE2Project/pcre2 (PCRE2Project/pcre2)
vpcre2-10.47: PCRE2 10.47
This is a regular semi-annual release, incorporating a few new features and several maintenance and build improvements.
This release is available as before as a (signed) Git tag, or alternatively as a (signed) tarball of the Git tag (attestation).
NEWS
Only changes to behaviour, changes to the API, and other significant changes are described here. Please see the ChangeLog and Git log for further details.
-
(Powerful new feature) Pattern recursion of the form
(?1(GROUP_NAME_OR_NUM,...))acts as a subroutine call which additionally returns the listed capturing groups to the calling context. -
(Significant bugfix) Fixed a crash in pcre2_callout_enumerate() which is easily reachable on any pattern that contains a Unicode character class. If your application uses this function, please read the details for this change and evaluate its severity for your application.
-
(Build change) There are now linker scripts to enable symbol versioning for the PCRE2 dynamic libraries. Downstream Linux distributions may make use of this, or disable it with the new Autoconf
--disable-symversand CMake-DPCRE2_SYMVERSoptions. Linux, Solaris, and FreeBSD (GNU ld, LLVM lld, and Solaris ld) are tested and supported. -
(New API function) Added pcre2_next_match(). This function makes it both simpler and safer for clients to iterate over all matches in a subject. The documentation in
pcre2apialso provides improved guidance in the section "Iterating over all matches". -
(Minor API addition) Added the PCRE2_CONFIG_EFFECTIVE_LINKSIZE option to pcre2_config().
-
(Minor replacement syntax extension) Added support for
$+replacement to pcre2_substitute(). -
(Build change) Modernize the CMake build files, to use the
$<BUILD_INTERFACE:...>,$<INSTALL_INTERFACE:...>andinstall(EXPORT...)expressions to export the PCRE2 targets.
New Contributors
- @MegaManSec made their first contribution in https://github.com/PCRE2Project/pcre2/pull/701
- @qaptoR made their first contribution in https://github.com/PCRE2Project/pcre2/pull/724
- @feuerste made their first contribution in https://github.com/PCRE2Project/pcre2/pull/729
- @iwamatsu made their first contribution in https://github.com/PCRE2Project/pcre2/pull/746
- @Gsus42 made their first contribution in https://github.com/PCRE2Project/pcre2/pull/789
- @IsaacOscar made their first contribution in https://github.com/PCRE2Project/pcre2/pull/811
vpcre2-10.46
This is a security-only release, to address CVE-2025-58050.
Compared to 10.45, this release has only a minimal code change to prevent a read-past-the-end memory error, of arbitrary length. An attacker-controlled regex pattern is required, and it cannot be triggered by providing crafted subject (match) text. The (*ACCEPT) and (*scs:) pattern features must be used together.
Release 10.44 and earlier are not affected.
This could have implications of denial-of-service or information disclosure, and could potentially be used to escalate other vulnerabilities in a system (such as information disclosure being used to escalate the severity of an unrelated bug in another system).
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.