Bug#1000118: generator-scripting-language: depends on obsolete pcre3 library

[Bastian Germann]

Control: forwarded -1 https://github.com/zeromq/gsl/pull/52

I have created an upstream Pull Request for Yavor's work.
Please consider merging it.

Bug#1000118: generator-scripting-language: depends on obsolete pcre3 library

[Yavor Doganov]

Control: tags -1 + patch

On Thu, Jun 29, 2023 at 09:39:18PM +0100, Luca Boccassi wrote:
> If someone provides a patch, that is tested against such workflows
> to confirm that they are not affected, then I'd merged it, upstream.

Please find attached a patch.  I could not test it, though, as I do
not understand what these workflows are and I couldn't figure out how
to write a testcase after my (admittedly short) glimpse at the
documentation.
Description: Port to PCRE2
Bug-Debian: https://bugs.debian.org/1000118
Author: Yavor Doganov 
Forwarded: no
Last-Update: 2023-12-06
---

--- generator-scripting-language-4.1.5.orig/src/ggpcre.c
+++ generator-scripting-language-4.1.5/src/ggpcre.c
@@ -51,7 +51,8 @@
 regexp_functions, tblsize (regexp_functions) };
 
 
-#include 
+#define PCRE2_CODE_UNIT_WIDTH 8
+#include 
 
 
 static int
@@ -86,13 +87,17 @@
   {
 GGCODE_TCB
 *tcb = gsl_thread-> tcb;
-pcre
+pcre2_code
 *re;
+pcre2_match_data
+*md;
 char
 *error;
-int 
+int
+errcode;
+size_t
 erroffset;
-int 
+size_t
 *ovector;
 int
 oveccount,
@@ -103,47 +108,50 @@
 VALUE
 value;
 
-re = pcre_compile (string_value (> value),
-   0,
-   (const char **) ,
-   ,
-   NULL);
+re = pcre2_compile ((PCRE2_SPTR) string_value (> value),
+PCRE2_ZERO_TERMINATED,
+0,
+,
+,
+NULL);
 if (! re)
   {
+PCRE2_UCHAR buf[120];
+
+pcre2_get_error_message (errcode, buf, sizeof(buf));
 snprintf (object_error, LINE_MAX,
   "Regular expression pattern error: %s\n%s\n%*c",
-  error,
+  buf,
   pattern-> value. s,
-  erroffset + 1, '^');
+  (int) erroffset + 1, '^');
 return -1;
   }
 
-rc = pcre_fullinfo (re,
-NULL,
-PCRE_INFO_CAPTURECOUNT,
-);
+rc = pcre2_pattern_info (re,
+ PCRE2_INFO_CAPTURECOUNT,
+ );
 oveccount = (oveccount + 1) * 3;
-ovector   = mem_alloc (oveccount * sizeof (int));
+md= pcre2_match_data_create (oveccount, NULL);
 
 string_value (> value);
-rc = pcre_exec (re,
-NULL,
-subject-> value. s,
-(int) strlen (subject-> value. s),
-0,
-0,
-ovector,
-oveccount);
+rc = pcre2_match (re,
+  (PCRE2_SPTR) subject-> value. s,
+  strlen (subject-> value. s),
+  0,
+  0,
+  md,
+  NULL);
 
-(pcre_free) (re);
+(pcre2_code_free) (re);
+ovector = pcre2_get_ovector_pointer (md);
 
-if (rc == PCRE_ERROR_NOMATCH)
+if (rc == PCRE2_ERROR_NOMATCH)
 rc = 0;
 else if (rc < 0)
   {
 snprintf (object_error, LINE_MAX,
  "Regular expression matching error: %d", rc);
-mem_free (ovector);
+pcre2_match_data_free (md);
 return -1;
   }
 else if (rc == 1)
@@ -179,7 +187,7 @@
   {
 strncpy (object_error, error, LINE_MAX);
 mem_free (value.s);
-mem_free (ovector);
+pcre2_match_data_free (md);
 return -1;
   }
 destroy_value (& value);
@@ -187,7 +195,7 @@
 i++;
   }
 
-mem_free (ovector);
+pcre2_match_data_free (md);
   }
 
 return 0;  /*  Just in case  */
--- generator-scripting-language-4.1.5.orig/src/Makefile
+++ generator-scripting-language-4.1.5/src/Makefile
@@ -51,9 +51,7 @@
 EXE =
 DBG =
 CC = ./c -q
-export CCLIBS = -lpcre
-
-CPPFLAGS ?= -I/usr/include/pcre
+export CCLIBS = -lpcre2-8
 
 # Reset the suffixes that will be considered to just our own list.
 #

Bug#1000118: generator-scripting-language: depends on obsolete pcre3 library

[Luca Boccassi]

Control: severity -1 wishlist
Control: tags -1 help

On Thu, 18 Nov 2021 11:49:04 + Matthew Vernon 
wrote:
> Source: generator-scripting-language
> Severity: important
> User: matthew-pcre...@debian.org
> Usertags: obsolete-pcre3
> 
> Dear maintainer,
> 
> Your package still depends on the old, obsolete PCRE3[0] libraries
> (i.e. libpcre3-dev). This has been end of life for a while now, and
> upstream do not intend to fix any further bugs in it. Accordingly, I
> would like to remove the pcre3 libraries from Debian, preferably in
> time for the release of Bookworm.
> 
> The newer PCRE2 library was first released in 2015, and has been in
> Debian since stretch. Upstream's documentation for PCRE2 is available
> here: https://pcre.org/current/doc/html/
> 
> Many large projects that use PCRE have made the switch now (e.g. git,
> php); it does involve some work, but we are now at the stage where
> PCRE3 should not be used, particularly if it might ever be exposed to
> untrusted input.

As already mentioned, this package is not used to process untrusted
input, it is a 'done' project that hasn't been touched in a decade and
just works as part of an existing toolchain. If someone provides a
patch, that is tested against such workflows to confirm that they are
not affected, then I'd merged it, upstream.

If push came to shove, I will simply vendor the existing pcre code.

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part