pcre: bump to version 8.37

Description: CVE-2014-8964, heap buffer overflow

 Heap buffer overflow if an assertion with a zero minimum repeat is used as

 the condition in a conditional group.

Origin: upstream http://bugs.exim.org/show_bug.cgi?id=1546

Bug: http://bugs.exim.org/show_bug.cgi?id=1546

Applied-Upstream: Yes, after 8.36

Signed-off-by: Baruch Siach <baruch@tkos.co.il>

---

This patch header follows DEP-3: http://dep.debian.net/deps/dep3/

--- a/pcre_exec.c

+++ b/pcre_exec.c

@@ -1404,8 +1404,11 @@

         condition = TRUE;

         /* Advance ecode past the assertion to the start of the first branch,

-        but adjust it so that the general choosing code below works. */

+        but adjust it so that the general choosing code below works. If the

+	assertion has a quantifier that allows zero repeats we must skip over

+	the BRAZERO. This is a lunatic thing to do, but somebody did! */

+	if (*ecode == OP_BRAZERO) ecode++;

         ecode += GET(ecode, 1);

         while (*ecode == OP_ALT) ecode += GET(ecode, 1);

         ecode += 1 + LINK_SIZE - PRIV(OP_lengths)[condcode];

# From http://sourceforge.net/projects/pcre/files/pcre/8.36/

md5	ff7b4bb14e355f04885cf18ff4125c98	pcre-8.36.tar.gz

sha1	fb537757756818133d8157ec878bc11f5a93ef4d	pcre-8.36.tar.gz

# From http://sourceforge.net/projects/pcre/files/pcre/8.37/

md5	ed91be292cb01d21bc7e526816c26981	pcre-8.37.tar.bz2

sha1	4c629b3f582366fae4e8912f0d9fa3140347d6e7	pcre-8.37.tar.bz2

#

################################################################################

PCRE_VERSION = 8.36

PCRE_VERSION = 8.37

PCRE_SITE = ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre

PCRE_SOURCE = pcre-$(PCRE_VERSION).tar.bz2

PCRE_LICENSE = BSD-3c

PCRE_LICENSE_FILES = LICENCE

PCRE_INSTALL_STAGING = YES