From ed9c71439d590f03f8ef8d70c00dfc1c21cf2408 Mon Sep 17 00:00:00 2001
From: Petr Písař <ppisar@redhat.com>
Date: Dec 14 2015 10:04:10 +0000
Subject: Fix compiling expressions with an empty \Q\E sequence between an item and its qualifier with auto-callouts


---

diff --git a/pcre-8.38-Fix-Q-E-before-qualifier-bug-when-auto-callouts-are-.patch b/pcre-8.38-Fix-Q-E-before-qualifier-bug-when-auto-callouts-are-.patch
new file mode 100644
index 0000000..d001710
--- /dev/null
+++ b/pcre-8.38-Fix-Q-E-before-qualifier-bug-when-auto-callouts-are-.patch
@@ -0,0 +1,122 @@
+From e78ad4264b16988b826bd2939a1781c1165a92d9 Mon Sep 17 00:00:00 2001
+From: ph10 <ph10@2f5784b3-3f2a-0410-8824-cb99058d5e15>
+Date: Mon, 30 Nov 2015 17:44:45 +0000
+Subject: [PATCH 5/5] Fix \Q\E before qualifier bug when auto callouts are
+ enabled.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+git-svn-id: svn://vcs.exim.org/pcre/code/trunk@1616 2f5784b3-3f2a-0410-8824-cb99058d5e15
+
+Petr Písař: Ported to 8.38.
+
+diff --git a/pcre_compile.c b/pcre_compile.c
+index 5786cd3..beed46b 100644
+--- a/pcre_compile.c
++++ b/pcre_compile.c
+@@ -4671,17 +4671,27 @@ for (;; ptr++)
+         }
+       goto NORMAL_CHAR;
+       }
++      
++    /* Check for the start of a \Q...\E sequence. We must do this here rather
++    than later in case it is immediately followed by \E, which turns it into a
++    "do nothing" sequence. */                                            
++                                                                          
++    if (c == CHAR_BACKSLASH && ptr[1] == CHAR_Q)
++      {                                                                   
++      inescq = TRUE;                                                      
++      ptr++;                                                  
++      continue;
++      }           
+     }
+ 
+-  /* In extended mode, skip white space and comments. We need a loop in order
+-  to check for more white space and more comments after a comment. */
++  /* In extended mode, skip white space and comments. */
+ 
+   if ((options & PCRE_EXTENDED) != 0)
+     {
+-    for (;;)
++    const pcre_uchar *wscptr = ptr;
++    while (MAX_255(c) && (cd->ctypes[c] & ctype_space) != 0) c = *(++ptr);
++    if (c == CHAR_NUMBER_SIGN)
+       {
+-      while (MAX_255(c) && (cd->ctypes[c] & ctype_space) != 0) c = *(++ptr);
+-      if (c != CHAR_NUMBER_SIGN) break;
+       ptr++;
+       while (*ptr != CHAR_NULL)
+         {
+@@ -4695,7 +4705,15 @@ for (;; ptr++)
+         if (utf) FORWARDCHAR(ptr);
+ #endif
+         }
+-      c = *ptr;     /* Either NULL or the char after a newline */
++      }
++
++    /* If we skipped any characters, restart the loop. Otherwise, we didn't see
++    a comment. */
++
++    if (ptr > wscptr)
++      {
++      ptr--;
++      continue;
+       }
+     }
+ 
+@@ -7900,16 +7918,6 @@ for (;; ptr++)
+       c = ec;
+     else
+       {
+-      if (escape == ESC_Q)            /* Handle start of quoted string */
+-        {
+-        if (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
+-          ptr += 2;               /* avoid empty string */
+-            else inescq = TRUE;
+-        continue;
+-        }
+-
+-      if (escape == ESC_E) continue;  /* Perl ignores an orphan \E */
+-
+       /* For metasequences that actually match a character, we disable the
+       setting of a first character if it hasn't already been set. */
+ 
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index e8ca4fe..3a1134f 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -4227,4 +4227,6 @@ backtracking verbs. --/
+ 
+ /(A*)\E+/CBZ
+ 
++/()\Q\E*]/BCZ
++
+ /-- End of testinput2 --/
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index 09756b8..ac33cc4 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -14624,4 +14624,19 @@ No match
+         End
+ ------------------------------------------------------------------
+ 
++/()\Q\E*]/BCZ
++------------------------------------------------------------------
++        Bra
++        Callout 255 0 7
++        Brazero
++        SCBra 1
++        Callout 255 1 0
++        KetRmax
++        Callout 255 7 1
++        ]
++        Callout 255 8 0
++        Ket
++        End
++------------------------------------------------------------------
++
+ /-- End of testinput2 --/
+-- 
+2.4.3
+
diff --git a/pcre.spec b/pcre.spec
index aa637e3..f9e5d4d 100644
--- a/pcre.spec
+++ b/pcre.spec
@@ -47,6 +47,10 @@ Patch5:     pcre-8.38-Give-error-for-regexec-with-pmatch-NULL-and-REG_STAR.patch
 # Fix a stack overflow when formatting a 32-bit integer in pcregrep tool,
 # upstream bug #1728, fixed in upstream after 8.38
 Patch6:     pcre-8.38-Allow-for-up-to-32-bit-numbers-in-the-ordin-function.patch
+# Fix compiling expressions with an empty \Q\E sequence between an item and
+# its qualifier with auto-callouts, upstream bug #1735,
+# fixed in upstream after 8.38
+Patch7:     pcre-8.38-Fix-Q-E-before-qualifier-bug-when-auto-callouts-are-.patch
 BuildRequires:  readline-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -102,6 +106,7 @@ Utilities demonstrating PCRE capabilities like pcregrep or pcretest.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 # Because of rpath patch
 libtoolize --copy --force
 autoreconf -vif
@@ -192,6 +197,8 @@ make %{?_smp_mflags} check VERBOSE=yes
   NULL (upstream bug #1727)
 - Fix a stack overflow when formatting a 32-bit integer in pcregrep tool
   (upstream bug #1728)
+- Fix compiling expressions with an empty \Q\E sequence between an item and
+  its qualifier with auto-callouts (upstream bug #1735)
 
 * Thu Nov 26 2015 Petr Pisar <ppisar@redhat.com> - 8.37-7
 - Fix CVE-2015-8380 (a heap-based buffer overflow in pcre_exec() when ovector