fix CVE-2019-20454

CVE-2019-20454.patch

@@ -0,0 +1,28 @@
+From ae72065b4aefb98ea581ebb509f7af51d27f05c2 Mon Sep 17 00:00:00 2001
+Date: Mom, 13 May 2019 16:38:18 +0800
+Subject: [PATCH] Forgot this file in previous commit. Fixes JIT non-UTF bug.
+https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_jit_compile.c?r1=1089&r2=1092&pathrev=1092
+
+---
+ src/pcre2_jit_compile.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
+index 1f21bfb..9ced906 100644
+--- a/src/pcre2_jit_compile.c
++++ b/src/pcre2_jit_compile.c
+@@ -8538,7 +8538,10 @@ int lgb, rgb, ricount;
+ PCRE2_SPTR bptr;
+ uint32_t c;
+ 
+-GETCHARINC(c, cc);
++/* Patch by PH */
++/* GETCHARINC(c, cc); */
++
++c = *cc++;
+ #if PCRE2_CODE_UNIT_WIDTH == 32
+ if (c >= 0x110000)
+   return NULL;
+-- 
+1.8.3.1
+

pcre2.spec

@@ -1,12 +1,13 @@
 Name:        pcre2
 Version:     10.33
-Release:     2
+Release:     3
 Summary:     Perl Compatible Regular Expressions
 License:     BSD
 URL:         http://www.pcre.org/
 Source0:     https://ftp.pcre.org/pub/pcre/%{name}-%{version}.tar.bz2
 
 Patch0:      Implement-a-check-on-the-number-of-capturing-parenth.patch
+Patch1:      CVE-2019-20454.patch
 
 BuildRequires:  autoconf libtool automake coreutils gcc make readline-devel
 Obsoletes:      pcre2-utf16 pcre2-utf32 pcre2-tools
@@ -119,6 +120,12 @@ make check
 %{_pkgdocdir}/html/
 
 %changelog
+* Tue Apr 7 2020 openEuler Buildteam <buildteam@openeuler.org> - 10.33-3
+- Type:cves
+- ID:CVE-2019-20454
+- SUG:NA
+- DESC:fix CVE-2019-20454
+
 * Mon Feb 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 10.33-2
 - Fix stack buffer overflow