7 files changed, 829 insertions, 44 deletions

diff --git a/meta/recipes-support/libpcre/libpcre/fix-pcre-name-collision.patch b/meta/recipes-support/libpcre/libpcre/fix-pcre-name-collision.patch
deleted file mode 100644
index 89b44f6aa6..0000000000
--- a/meta/recipes-support/libpcre/libpcre/fix-pcre-name-collision.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Upstream-Status: Inappropriate [debian patch]
-
-This patch address a namespace collision with libc.
-
-Although there is no "#include <regex.h>" in the source file, at
-runtime, it's unintentionally linked to the libc version, the regcomp of
-libc is called instead the pcre one using pcre's data structure...
-that looks like a disaster.
-
-Can patch is from Debian (and Ubuntu 11.04alpha has it also).
-
-[sgw: added patch comment]
-Signed-off-by: Qing He <qing.he@intel.com>
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-
---- a/pcreposix.h	2010-05-17 00:17:23.000000000 +0800
-+++ b/pcreposix.h	2009-01-15 04:32:17.000000000 +0800
-@@ -133,14 +130,19 @@
- 
- /* The functions */
- 
--PCREPOSIX_EXP_DECL int regcomp(regex_t *, const char *, int);
--PCREPOSIX_EXP_DECL int regexec(const regex_t *, const char *, size_t,
-+PCREPOSIX_EXP_DECL int pcreposix_regcomp(regex_t *, const char *, int);
-+PCREPOSIX_EXP_DECL int pcreposix_regexec(const regex_t *, const char *, size_t,
-                      regmatch_t *, int);
--PCREPOSIX_EXP_DECL size_t regerror(int, const regex_t *, char *, size_t);
--PCREPOSIX_EXP_DECL void regfree(regex_t *);
-+PCREPOSIX_EXP_DECL size_t pcreposix_regerror(int, const regex_t *, char *, size_t);
-+PCREPOSIX_EXP_DECL void pcreposix_regfree(regex_t *);
- 
- #ifdef __cplusplus
- }   /* extern "C" */
- #endif
- 
-+#define regcomp pcreposix_regcomp
-+#define regexec pcreposix_regexec
-+#define regerror pcreposix_regerror
-+#define regfree pcreposix_regfree
-+
- #endif /* End of pcreposix.h */
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch
new file mode 100644
index 0000000000..42ee417fe7
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586-regression.patch
@@ -0,0 +1,30 @@
+From 5d1e62b0155292b994aa1c96d4ed8ce4346ef4c2 Mon Sep 17 00:00:00 2001
+From: Zoltan Herczeg <hzmester@freemail.hu>
+Date: Thu, 24 Mar 2022 05:34:42 +0000
+Subject: [PATCH] Fix incorrect value reading in JIT.
+
+CVE: CVE-2022-1586
+Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc3]
+
+(cherry picked from commit d4fa336fbcc388f89095b184ba6d99422cfc676c)
+Signed-off-by: Shinu Chandran <shinucha@cisco.com>
+---
+ src/pcre2_jit_compile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
+index 493c96d..fa57942 100644
+--- a/src/pcre2_jit_compile.c
++++ b/src/pcre2_jit_compile.c
+@@ -7188,7 +7188,7 @@ while (*cc != XCL_END)
+     {
+     SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP);
+     cc++;
+-    if (*cc == PT_CLIST && *cc == XCL_PROP)
++    if (*cc == PT_CLIST && cc[-1] == XCL_PROP)
+       {
+       other_cases = PRIV(ucd_caseless_sets) + cc[1];
+       while (*other_cases != NOTACHAR)
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch
new file mode 100644
index 0000000000..fbbbc9ca77
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1586.patch
@@ -0,0 +1,59 @@
+From 233c4248550d0c1d9bfee42198d5ee0855b7d413 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 23 May 2022 13:52:39 +0530
+Subject: [PATCH] CVE-2022-1586
+
+Upstream-Status: Backport from https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ ChangeLog               | 3 +++
+ src/pcre2_jit_compile.c | 2 +-
+ src/pcre2_jit_test.c    | 4 ++++
+ 3 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 0926c29..b5d72dc 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,9 @@
+ Change Log for PCRE2
+ --------------------
+ 
++23. Fixed a unicode properrty matching issue in JIT. The character was not
++fully read in caseless matching.
++
+ 
+ Version 10.34 21-November-2019
+ ------------------------------
+diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
+index f564127..5d43865 100644
+--- a/src/pcre2_jit_compile.c
++++ b/src/pcre2_jit_compile.c
+@@ -7119,7 +7119,7 @@ while (*cc != XCL_END)
+     {
+     SLJIT_ASSERT(*cc == XCL_PROP || *cc == XCL_NOTPROP);
+     cc++;
+-    if (*cc == PT_CLIST)
++    if (*cc == PT_CLIST && *cc == XCL_PROP)
+       {
+       other_cases = PRIV(ucd_caseless_sets) + cc[1];
+       while (*other_cases != NOTACHAR)
+diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c
+index a9b3880..9df87fd 100644
+--- a/src/pcre2_jit_test.c
++++ b/src/pcre2_jit_test.c
+@@ -408,6 +408,10 @@ static struct regression_test_case regression_test_cases[] = {
+ 	{ MUP, A, 0, 0 | F_PROPERTY, "[\xc3\xa2-\xc3\xa6\xc3\x81-\xc3\x84\xe2\x80\xa8-\xe2\x80\xa9\xe6\x92\xad\\p{Zs}]{2,}", "\xe2\x80\xa7\xe2\x80\xa9\xe6\x92\xad \xe6\x92\xae" },
+ 	{ MUP, A, 0, 0 | F_PROPERTY, "[\\P{L&}]{2}[^\xc2\x85-\xc2\x89\\p{Ll}\\p{Lu}]{2}", "\xc3\xa9\xe6\x92\xad.a\xe6\x92\xad|\xc2\x8a#" },
+ 	{ PCRE2_UCP, 0, 0, 0 | F_PROPERTY, "[a-b\\s]{2,5}[^a]", "AB  baaa" },
++	{ MUP, 0, 0, 0 | F_NOMATCH, "[^\\p{Hangul}\\p{Z}]", " " },
++	{ MUP, 0, 0, 0, "[\\p{Lu}\\P{Latin}]+", "c\xEA\xA4\xAE,A,b" },
++	{ MUP, 0, 0, 0, "[\\x{a92e}\\p{Lu}\\P{Latin}]+", "c\xEA\xA4\xAE,A,b" },
++	{ CMUP, 0, 0, 0, "[^S]\\B", "\xe2\x80\x8a" },
+ 
+ 	/* Possible empty brackets. */
+ 	{ MU, A, 0, 0, "(?:|ab||bc|a)+d", "abcxabcabd" },
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch
new file mode 100644
index 0000000000..70f9f9f079
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-1587.patch
@@ -0,0 +1,660 @@
+From aa5aac0d209e3debf80fc2db924d9401fc50454b Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 23 May 2022 14:11:11 +0530
+Subject: [PATCH] CVE-2022-1587
+
+Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0]
+CVE: CVE-2022-1587
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+
+---
+ ChangeLog               |   3 +
+ src/pcre2_jit_compile.c | 290 ++++++++++++++++++++++++++--------------
+ src/pcre2_jit_test.c    |   1 +
+ 3 files changed, 194 insertions(+), 100 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index b5d72dc..de82de9 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -4,6 +4,9 @@ Change Log for PCRE2
+ 23. Fixed a unicode properrty matching issue in JIT. The character was not
+ fully read in caseless matching.
+ 
++24. Fixed an issue affecting recursions in JIT caused by duplicated data
++transfers.
++
+ 
+ Version 10.34 21-November-2019
+ ------------------------------
+diff --git a/src/pcre2_jit_compile.c b/src/pcre2_jit_compile.c
+index 5d43865..493c96d 100644
+--- a/src/pcre2_jit_compile.c
++++ b/src/pcre2_jit_compile.c
+@@ -407,6 +407,9 @@ typedef struct compiler_common {
+   /* Locals used by fast fail optimization. */
+   sljit_s32 fast_fail_start_ptr;
+   sljit_s32 fast_fail_end_ptr;
++  /* Variables used by recursive call generator. */
++  sljit_s32 recurse_bitset_size;
++  uint8_t *recurse_bitset;
+ 
+   /* Flipped and lower case tables. */
+   const sljit_u8 *fcc;
+@@ -2109,19 +2112,39 @@ for (i = 0; i < RECURSE_TMP_REG_COUNT; i++)
+ 
+ #undef RECURSE_TMP_REG_COUNT
+ 
++static BOOL recurse_check_bit(compiler_common *common, sljit_sw bit_index)
++{
++uint8_t *byte;
++uint8_t mask;
++
++SLJIT_ASSERT((bit_index & (sizeof(sljit_sw) - 1)) == 0);
++
++bit_index >>= SLJIT_WORD_SHIFT;
++
++mask = 1 << (bit_index & 0x7);
++byte = common->recurse_bitset + (bit_index >> 3);
++
++if (*byte & mask)
++  return FALSE;
++
++*byte |= mask;
++return TRUE;
++}
++
+ static int get_recurse_data_length(compiler_common *common, PCRE2_SPTR cc, PCRE2_SPTR ccend,
+   BOOL *needs_control_head, BOOL *has_quit, BOOL *has_accept)
+ {
+ int length = 1;
+-int size;
++int size, offset;
+ PCRE2_SPTR alternative;
+ BOOL quit_found = FALSE;
+ BOOL accept_found = FALSE;
+ BOOL setsom_found = FALSE;
+ BOOL setmark_found = FALSE;
+-BOOL capture_last_found = FALSE;
+ BOOL control_head_found = FALSE;
+ 
++memset(common->recurse_bitset, 0, common->recurse_bitset_size);
++
+ #if defined DEBUG_FORCE_CONTROL_HEAD && DEBUG_FORCE_CONTROL_HEAD
+ SLJIT_ASSERT(common->control_head_ptr != 0);
+ control_head_found = TRUE;
+@@ -2144,15 +2167,17 @@ while (cc < ccend)
+       setsom_found = TRUE;
+     if (common->mark_ptr != 0)
+       setmark_found = TRUE;
+-    if (common->capture_last_ptr != 0)
+-      capture_last_found = TRUE;
++    if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
++      length++;
+     cc += 1 + LINK_SIZE;
+     break;
+ 
+     case OP_KET:
+-    if (PRIVATE_DATA(cc) != 0)
++    offset = PRIVATE_DATA(cc);
++    if (offset != 0)
+       {
+-      length++;
++      if (recurse_check_bit(common, offset))
++        length++;
+       SLJIT_ASSERT(PRIVATE_DATA(cc + 1) != 0);
+       cc += PRIVATE_DATA(cc + 1);
+       }
+@@ -2169,39 +2194,55 @@ while (cc < ccend)
+     case OP_SBRA:
+     case OP_SBRAPOS:
+     case OP_SCOND:
+-    length++;
+     SLJIT_ASSERT(PRIVATE_DATA(cc) != 0);
++    if (recurse_check_bit(common, PRIVATE_DATA(cc)))
++      length++;
+     cc += 1 + LINK_SIZE;
+     break;
+ 
+     case OP_CBRA:
+     case OP_SCBRA:
+-    length += 2;
+-    if (common->capture_last_ptr != 0)
+-      capture_last_found = TRUE;
+-    if (common->optimized_cbracket[GET2(cc, 1 + LINK_SIZE)] == 0)
++    offset = GET2(cc, 1 + LINK_SIZE);
++    if (recurse_check_bit(common, OVECTOR(offset << 1)))
++      {
++      SLJIT_ASSERT(recurse_check_bit(common, OVECTOR((offset << 1) + 1)));
++      length += 2;
++      }
++    if (common->optimized_cbracket[offset] == 0 && recurse_check_bit(common, OVECTOR_PRIV(offset)))
++      length++;
++    if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
+       length++;
+     cc += 1 + LINK_SIZE + IMM2_SIZE;
+     break;
+ 
+     case OP_CBRAPOS:
+     case OP_SCBRAPOS:
+-    length += 2 + 2;
+-    if (common->capture_last_ptr != 0)
+-      capture_last_found = TRUE;
++    offset = GET2(cc, 1 + LINK_SIZE);
++    if (recurse_check_bit(common, OVECTOR(offset << 1)))
++      {
++      SLJIT_ASSERT(recurse_check_bit(common, OVECTOR((offset << 1) + 1)));
++      length += 2;
++      }
++    if (recurse_check_bit(common, OVECTOR_PRIV(offset)))
++      length++;
++    if (recurse_check_bit(common, PRIVATE_DATA(cc)))
++      length++;
++    if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
++      length++;
+     cc += 1 + LINK_SIZE + IMM2_SIZE;
+     break;
+ 
+     case OP_COND:
+     /* Might be a hidden SCOND. */
+     alternative = cc + GET(cc, 1);
+-    if (*alternative == OP_KETRMAX || *alternative == OP_KETRMIN)
++    if ((*alternative == OP_KETRMAX || *alternative == OP_KETRMIN) && recurse_check_bit(common, PRIVATE_DATA(cc)))
+       length++;
+     cc += 1 + LINK_SIZE;
+     break;
+ 
+     CASE_ITERATOR_PRIVATE_DATA_1
+-    if (PRIVATE_DATA(cc) != 0)
++    offset = PRIVATE_DATA(cc);
++    if (offset != 0 && recurse_check_bit(common, offset))
+       length++;
+     cc += 2;
+ #ifdef SUPPORT_UNICODE
+@@ -2210,8 +2251,12 @@ while (cc < ccend)
+     break;
+ 
+     CASE_ITERATOR_PRIVATE_DATA_2A
+-    if (PRIVATE_DATA(cc) != 0)
++    offset = PRIVATE_DATA(cc);
++    if (offset != 0 && recurse_check_bit(common, offset))
++      {
++      SLJIT_ASSERT(recurse_check_bit(common, offset + sizeof(sljit_sw)));
+       length += 2;
++      }
+     cc += 2;
+ #ifdef SUPPORT_UNICODE
+     if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
+@@ -2219,8 +2264,12 @@ while (cc < ccend)
+     break;
+ 
+     CASE_ITERATOR_PRIVATE_DATA_2B
+-    if (PRIVATE_DATA(cc) != 0)
++    offset = PRIVATE_DATA(cc);
++    if (offset != 0 && recurse_check_bit(common, offset))
++      {
++      SLJIT_ASSERT(recurse_check_bit(common, offset + sizeof(sljit_sw)));
+       length += 2;
++      }
+     cc += 2 + IMM2_SIZE;
+ #ifdef SUPPORT_UNICODE
+     if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
+@@ -2228,20 +2277,29 @@ while (cc < ccend)
+     break;
+ 
+     CASE_ITERATOR_TYPE_PRIVATE_DATA_1
+-    if (PRIVATE_DATA(cc) != 0)
++    offset = PRIVATE_DATA(cc);
++    if (offset != 0 && recurse_check_bit(common, offset))
+       length++;
+     cc += 1;
+     break;
+ 
+     CASE_ITERATOR_TYPE_PRIVATE_DATA_2A
+-    if (PRIVATE_DATA(cc) != 0)
++    offset = PRIVATE_DATA(cc);
++    if (offset != 0 && recurse_check_bit(common, offset))
++      {
++      SLJIT_ASSERT(recurse_check_bit(common, offset + sizeof(sljit_sw)));
+       length += 2;
++      }
+     cc += 1;
+     break;
+ 
+     CASE_ITERATOR_TYPE_PRIVATE_DATA_2B
+-    if (PRIVATE_DATA(cc) != 0)
++    offset = PRIVATE_DATA(cc);
++    if (offset != 0 && recurse_check_bit(common, offset))
++      {
++      SLJIT_ASSERT(recurse_check_bit(common, offset + sizeof(sljit_sw)));
+       length += 2;
++      }
+     cc += 1 + IMM2_SIZE;
+     break;
+ 
+@@ -2253,7 +2311,9 @@ while (cc < ccend)
+ #else
+     size = 1 + 32 / (int)sizeof(PCRE2_UCHAR);
+ #endif
+-    if (PRIVATE_DATA(cc) != 0)
++
++    offset = PRIVATE_DATA(cc);
++    if (offset != 0 && recurse_check_bit(common, offset))
+       length += get_class_iterator_size(cc + size);
+     cc += size;
+     break;
+@@ -2288,8 +2348,7 @@ while (cc < ccend)
+     case OP_THEN:
+     SLJIT_ASSERT(common->control_head_ptr != 0);
+     quit_found = TRUE;
+-    if (!control_head_found)
+-      control_head_found = TRUE;
++    control_head_found = TRUE;
+     cc++;
+     break;
+ 
+@@ -2309,8 +2368,6 @@ SLJIT_ASSERT(cc == ccend);
+ 
+ if (control_head_found)
+   length++;
+-if (capture_last_found)
+-  length++;
+ if (quit_found)
+   {
+   if (setsom_found)
+@@ -2343,14 +2400,12 @@ sljit_sw shared_srcw[3];
+ sljit_sw kept_shared_srcw[2];
+ int private_count, shared_count, kept_shared_count;
+ int from_sp, base_reg, offset, i;
+-BOOL setsom_found = FALSE;
+-BOOL setmark_found = FALSE;
+-BOOL capture_last_found = FALSE;
+-BOOL control_head_found = FALSE;
++
++memset(common->recurse_bitset, 0, common->recurse_bitset_size);
+ 
+ #if defined DEBUG_FORCE_CONTROL_HEAD && DEBUG_FORCE_CONTROL_HEAD
+ SLJIT_ASSERT(common->control_head_ptr != 0);
+-control_head_found = TRUE;
++recurse_check_bit(common, common->control_head_ptr);
+ #endif
+ 
+ switch (type)
+@@ -2438,11 +2493,10 @@ while (cc < ccend)
+     {
+     case OP_SET_SOM:
+     SLJIT_ASSERT(common->has_set_som);
+-    if (has_quit && !setsom_found)
++    if (has_quit && recurse_check_bit(common, OVECTOR(0)))
+       {
+       kept_shared_srcw[0] = OVECTOR(0);
+       kept_shared_count = 1;
+-      setsom_found = TRUE;
+       }
+     cc += 1;
+     break;
+@@ -2450,33 +2504,31 @@ while (cc < ccend)
+     case OP_RECURSE:
+     if (has_quit)
+       {
+-      if (common->has_set_som && !setsom_found)
++      if (common->has_set_som && recurse_check_bit(common, OVECTOR(0)))
+         {
+         kept_shared_srcw[0] = OVECTOR(0);
+         kept_shared_count = 1;
+-        setsom_found = TRUE;
+         }
+-      if (common->mark_ptr != 0 && !setmark_found)
++      if (common->mark_ptr != 0 && recurse_check_bit(common, common->mark_ptr))
+         {
+         kept_shared_srcw[kept_shared_count] = common->mark_ptr;
+         kept_shared_count++;
+-        setmark_found = TRUE;
+         }
+       }
+-    if (common->capture_last_ptr != 0 && !capture_last_found)
++    if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
+       {
+       shared_srcw[0] = common->capture_last_ptr;
+       shared_count = 1;
+-      capture_last_found = TRUE;
+       }
+     cc += 1 + LINK_SIZE;
+     break;
+ 
+     case OP_KET:
+-    if (PRIVATE_DATA(cc) != 0)
++    private_srcw[0] = PRIVATE_DATA(cc);
++    if (private_srcw[0] != 0)
+       {
+-      private_count = 1;
+-      private_srcw[0] = PRIVATE_DATA(cc);
++      if (recurse_check_bit(common, private_srcw[0]))
++        private_count = 1;
+       SLJIT_ASSERT(PRIVATE_DATA(cc + 1) != 0);
+       cc += PRIVATE_DATA(cc + 1);
+       }
+@@ -2493,50 +2545,66 @@ while (cc < ccend)
+     case OP_SBRA:
+     case OP_SBRAPOS:
+     case OP_SCOND:
+-    private_count = 1;
+     private_srcw[0] = PRIVATE_DATA(cc);
++    if (recurse_check_bit(common, private_srcw[0]))
++      private_count = 1;
+     cc += 1 + LINK_SIZE;
+     break;
+ 
+     case OP_CBRA:
+     case OP_SCBRA:
+-    offset = (GET2(cc, 1 + LINK_SIZE)) << 1;
+-    shared_srcw[0] = OVECTOR(offset);
+-    shared_srcw[1] = OVECTOR(offset + 1);
+-    shared_count = 2;
++    offset = GET2(cc, 1 + LINK_SIZE);
++    shared_srcw[0] = OVECTOR(offset << 1);
++    if (recurse_check_bit(common, shared_srcw[0]))
++      {
++      shared_srcw[1] = shared_srcw[0] + sizeof(sljit_sw);
++      SLJIT_ASSERT(recurse_check_bit(common, shared_srcw[1]));
++      shared_count = 2;
++      }
+ 
+-    if (common->capture_last_ptr != 0 && !capture_last_found)
++    if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
+       {
+-      shared_srcw[2] = common->capture_last_ptr;
+-      shared_count = 3;
+-      capture_last_found = TRUE;
++      shared_srcw[shared_count] = common->capture_last_ptr;
++      shared_count++;
+       }
+ 
+-    if (common->optimized_cbracket[GET2(cc, 1 + LINK_SIZE)] == 0)
++    if (common->optimized_cbracket[offset] == 0)
+       {
+-      private_count = 1;
+-      private_srcw[0] = OVECTOR_PRIV(GET2(cc, 1 + LINK_SIZE));
++      private_srcw[0] = OVECTOR_PRIV(offset);
++      if (recurse_check_bit(common, private_srcw[0]))
++        private_count = 1;
+       }
++
+     cc += 1 + LINK_SIZE + IMM2_SIZE;
+     break;
+ 
+     case OP_CBRAPOS:
+     case OP_SCBRAPOS:
+-    offset = (GET2(cc, 1 + LINK_SIZE)) << 1;
+-    shared_srcw[0] = OVECTOR(offset);
+-    shared_srcw[1] = OVECTOR(offset + 1);
+-    shared_count = 2;
++    offset = GET2(cc, 1 + LINK_SIZE);
++    shared_srcw[0] = OVECTOR(offset << 1);
++    if (recurse_check_bit(common, shared_srcw[0]))
++      {
++      shared_srcw[1] = shared_srcw[0] + sizeof(sljit_sw);
++      SLJIT_ASSERT(recurse_check_bit(common, shared_srcw[1]));
++      shared_count = 2;
++      }
+ 
+-    if (common->capture_last_ptr != 0 && !capture_last_found)
++    if (common->capture_last_ptr != 0 && recurse_check_bit(common, common->capture_last_ptr))
+       {
+-      shared_srcw[2] = common->capture_last_ptr;
+-      shared_count = 3;
+-      capture_last_found = TRUE;
++      shared_srcw[shared_count] = common->capture_last_ptr;
++      shared_count++;
+       }
+ 
+-    private_count = 2;
+     private_srcw[0] = PRIVATE_DATA(cc);
+-    private_srcw[1] = OVECTOR_PRIV(GET2(cc, 1 + LINK_SIZE));
++    if (recurse_check_bit(common, private_srcw[0]))
++      private_count = 1;
++
++    offset = OVECTOR_PRIV(offset);
++    if (recurse_check_bit(common, offset))
++      {
++      private_srcw[private_count] = offset;
++      private_count++;
++      }
+     cc += 1 + LINK_SIZE + IMM2_SIZE;
+     break;
+ 
+@@ -2545,18 +2613,17 @@ while (cc < ccend)
+     alternative = cc + GET(cc, 1);
+     if (*alternative == OP_KETRMAX || *alternative == OP_KETRMIN)
+       {
+-      private_count = 1;
+       private_srcw[0] = PRIVATE_DATA(cc);
++      if (recurse_check_bit(common, private_srcw[0]))
++        private_count = 1;
+       }
+     cc += 1 + LINK_SIZE;
+     break;
+ 
+     CASE_ITERATOR_PRIVATE_DATA_1
+-    if (PRIVATE_DATA(cc))
+-      {
++    private_srcw[0] = PRIVATE_DATA(cc);
++    if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+       private_count = 1;
+-      private_srcw[0] = PRIVATE_DATA(cc);
+-      }
+     cc += 2;
+ #ifdef SUPPORT_UNICODE
+     if (common->utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
+@@ -2564,11 +2631,12 @@ while (cc < ccend)
+     break;
+ 
+     CASE_ITERATOR_PRIVATE_DATA_2A
+-    if (PRIVATE_DATA(cc))
++    private_srcw[0] = PRIVATE_DATA(cc);
++    if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+       {
+       private_count = 2;
+-      private_srcw[0] = PRIVATE_DATA(cc);
+-      private_srcw[1] = PRIVATE_DATA(cc) + sizeof(sljit_sw);
++      private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++      SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
+       }
+     cc += 2;
+ #ifdef SUPPORT_UNICODE
+@@ -2577,11 +2645,12 @@ while (cc < ccend)
+     break;
+ 
+     CASE_ITERATOR_PRIVATE_DATA_2B
+-    if (PRIVATE_DATA(cc))
++    private_srcw[0] = PRIVATE_DATA(cc);
++    if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+       {
+       private_count = 2;
+-      private_srcw[0] = PRIVATE_DATA(cc);
+-      private_srcw[1] = PRIVATE_DATA(cc) + sizeof(sljit_sw);
++      private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++      SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
+       }
+     cc += 2 + IMM2_SIZE;
+ #ifdef SUPPORT_UNICODE
+@@ -2590,30 +2659,30 @@ while (cc < ccend)
+     break;
+ 
+     CASE_ITERATOR_TYPE_PRIVATE_DATA_1
+-    if (PRIVATE_DATA(cc))
+-      {
++    private_srcw[0] = PRIVATE_DATA(cc);
++    if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+       private_count = 1;
+-      private_srcw[0] = PRIVATE_DATA(cc);
+-      }
+     cc += 1;
+     break;
+ 
+     CASE_ITERATOR_TYPE_PRIVATE_DATA_2A
+-    if (PRIVATE_DATA(cc))
++    private_srcw[0] = PRIVATE_DATA(cc);
++    if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+       {
+       private_count = 2;
+-      private_srcw[0] = PRIVATE_DATA(cc);
+       private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++      SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
+       }
+     cc += 1;
+     break;
+ 
+     CASE_ITERATOR_TYPE_PRIVATE_DATA_2B
+-    if (PRIVATE_DATA(cc))
++    private_srcw[0] = PRIVATE_DATA(cc);
++    if (private_srcw[0] != 0 && recurse_check_bit(common, private_srcw[0]))
+       {
+       private_count = 2;
+-      private_srcw[0] = PRIVATE_DATA(cc);
+       private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++      SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
+       }
+     cc += 1 + IMM2_SIZE;
+     break;
+@@ -2630,14 +2699,17 @@ while (cc < ccend)
+       switch(get_class_iterator_size(cc + i))
+         {
+         case 1:
+-        private_count = 1;
+         private_srcw[0] = PRIVATE_DATA(cc);
+         break;
+ 
+         case 2:
+-        private_count = 2;
+         private_srcw[0] = PRIVATE_DATA(cc);
+-        private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++        if (recurse_check_bit(common, private_srcw[0]))
++          {
++          private_count = 2;
++          private_srcw[1] = private_srcw[0] + sizeof(sljit_sw);
++          SLJIT_ASSERT(recurse_check_bit(common, private_srcw[1]));
++          }
+         break;
+ 
+         default:
+@@ -2652,28 +2724,25 @@ while (cc < ccend)
+     case OP_PRUNE_ARG:
+     case OP_THEN_ARG:
+     SLJIT_ASSERT(common->mark_ptr != 0);
+-    if (has_quit && !setmark_found)
++    if (has_quit && recurse_check_bit(common, common->mark_ptr))
+       {
+       kept_shared_srcw[0] = common->mark_ptr;
+       kept_shared_count = 1;
+-      setmark_found = TRUE;
+       }
+-    if (common->control_head_ptr != 0 && !control_head_found)
++    if (common->control_head_ptr != 0 && recurse_check_bit(common, common->control_head_ptr))
+       {
+       shared_srcw[0] = common->control_head_ptr;
+       shared_count = 1;
+-      control_head_found = TRUE;
+       }
+     cc += 1 + 2 + cc[1];
+     break;
+ 
+     case OP_THEN:
+     SLJIT_ASSERT(common->control_head_ptr != 0);
+-    if (!control_head_found)
++    if (recurse_check_bit(common, common->control_head_ptr))
+       {
+       shared_srcw[0] = common->control_head_ptr;
+       shared_count = 1;
+-      control_head_found = TRUE;
+       }
+     cc++;
+     break;
+@@ -2681,7 +2750,7 @@ while (cc < ccend)
+     default:
+     cc = next_opcode(common, cc);
+     SLJIT_ASSERT(cc != NULL);
+-    break;
++    continue;
+     }
+ 
+   if (type != recurse_copy_shared_to_global && type != recurse_copy_kept_shared_to_global)
+@@ -13262,7 +13331,7 @@ SLJIT_ASSERT(!(common->req_char_ptr != 0 && common->start_used_ptr != 0));
+ common->cbra_ptr = OVECTOR_START + (re->top_bracket + 1) * 2 * sizeof(sljit_sw);
+ 
+ total_length = ccend - common->start;
+-common->private_data_ptrs = (sljit_s32 *)SLJIT_MALLOC(total_length * (sizeof(sljit_s32) + (common->has_then ? 1 : 0)), allocator_data);
++common->private_data_ptrs = (sljit_s32*)SLJIT_MALLOC(total_length * (sizeof(sljit_s32) + (common->has_then ? 1 : 0)), allocator_data);
+ if (!common->private_data_ptrs)
+   {
+   SLJIT_FREE(common->optimized_cbracket, allocator_data);
+@@ -13304,6 +13373,7 @@ if (!compiler)
+ common->compiler = compiler;
+ 
+ /* Main pcre_jit_exec entry. */
++LJIT_ASSERT((private_data_size & (sizeof(sljit_sw) - 1)) == 0);
+ sljit_emit_enter(compiler, 0, SLJIT_ARG1(SW), 5, 5, 0, 0, private_data_size);
+ 
+ /* Register init. */
+@@ -13524,20 +13594,40 @@ common->fast_fail_end_ptr = 0;
+ common->currententry = common->entries;
+ common->local_quit_available = TRUE;
+ quit_label = common->quit_label;
+-while (common->currententry != NULL)
++if (common->currententry != NULL)
+   {
+-  /* Might add new entries. */
+-  compile_recurse(common);
+-  if (SLJIT_UNLIKELY(sljit_get_compiler_error(compiler)))
++  /* A free bit for each private data. */
++  common->recurse_bitset_size = ((private_data_size / (int)sizeof(sljit_sw)) + 7) >> 3;
++  SLJIT_ASSERT(common->recurse_bitset_size > 0);
++  common->recurse_bitset = (sljit_u8*)SLJIT_MALLOC(common->recurse_bitset_size, allocator_data);;
++
++  if (common->recurse_bitset != NULL)
++    {
++    do
++      {
++      /* Might add new entries. */
++      compile_recurse(common);
++      if (SLJIT_UNLIKELY(sljit_get_compiler_error(compiler)))
++        break;
++      flush_stubs(common);
++      common->currententry = common->currententry->next;
++      }
++    while (common->currententry != NULL);
++
++    SLJIT_FREE(common->recurse_bitset, allocator_data);
++    }
++
++  if (common->currententry != NULL)
+     {
++    /* The common->recurse_bitset has been freed. */
++    SLJIT_ASSERT(sljit_get_compiler_error(compiler) || common->recurse_bitset == NULL);
++
+     sljit_free_compiler(compiler);
+     SLJIT_FREE(common->optimized_cbracket, allocator_data);
+     SLJIT_FREE(common->private_data_ptrs, allocator_data);
+     PRIV(jit_free_rodata)(common->read_only_data_head, allocator_data);
+     return PCRE2_ERROR_NOMEMORY;
+     }
+-  flush_stubs(common);
+-  common->currententry = common->currententry->next;
+   }
+ common->local_quit_available = FALSE;
+ common->quit_label = quit_label;
+diff --git a/src/pcre2_jit_test.c b/src/pcre2_jit_test.c
+index 9df87fd..2f84834 100644
+--- a/src/pcre2_jit_test.c
++++ b/src/pcre2_jit_test.c
+@@ -746,6 +746,7 @@ static struct regression_test_case regression_test_cases[] = {
+ 	{ MU, A, 0, 0, "((?(R)a|(?1)){1,3}?)M", "aaaM" },
+ 	{ MU, A, 0, 0, "((.)(?:.|\\2(?1))){0}#(?1)#", "#aabbccdde# #aabbccddee#" },
+ 	{ MU, A, 0, 0, "((.)(?:\\2|\\2{4}b)){0}#(?:(?1))+#", "#aaaab# #aaaaab#" },
++	{ MU, A, 0, 0 | F_NOMATCH, "(?1)$((.|\\2xx){1,2})", "abc" },
+ 
+ 	/* 16 bit specific tests. */
+ 	{ CM, A, 0, 0 | F_FORCECONV, "\xc3\xa1", "\xc3\x81\xc3\xa1" },
+-- 
+2.25.1
+
diff --git a/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch b/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch
new file mode 100644
index 0000000000..882277ae73
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre2/CVE-2022-41409.patch
@@ -0,0 +1,74 @@
+From 94e1c001761373b7d9450768aa15d04c25547a35 Mon Sep 17 00:00:00 2001
+From: Philip Hazel <Philip.Hazel@gmail.com>
+Date: Tue, 16 Aug 2022 17:00:45 +0100
+Subject: [PATCH] Diagnose negative repeat value in pcre2test subject line
+
+CVE: CVE-2022-41409
+Upstream-Status: Backport [https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35]
+
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+
+---
+ ChangeLog            | 3 +++
+ src/pcre2test.c      | 4 ++--
+ testdata/testinput2  | 3 +++
+ testdata/testoutput2 | 4 ++++
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index eab50eb7..276eb57a 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -7,6 +7,9 @@ fully read in caseless matching.
+ 24. Fixed an issue affecting recursions in JIT caused by duplicated data
+ transfers.
+ 
++20. A negative repeat value in a pcre2test subject line was not being 
++diagnosed, leading to infinite looping.
++
+ 
+ Version 10.34 21-November-2019
+ ------------------------------
+diff --git a/src/pcre2test.c b/src/pcre2test.c
+index 08f86096..f6f5d66c 100644
+--- a/src/pcre2test.c
++++ b/src/pcre2test.c
+@@ -6700,9 +6700,9 @@ while ((c = *p++) != 0)
+       }
+ 
+     i = (int32_t)li;
+-    if (i-- == 0)
++    if (i-- <= 0)
+       {
+-      fprintf(outfile, "** Zero repeat not allowed\n");
++      fprintf(outfile, "** Zero or negative repeat not allowed\n");
+       return PR_OK;
+       }
+ 
+diff --git a/testdata/testinput2 b/testdata/testinput2
+index 655e519..14e00ed 100644
+--- a/testdata/testinput2
++++ b/testdata/testinput2
+@@ -5772,4 +5772,7 @@ a)"xI
+ /(a)?a/I
+     manm
+ 
++--
++    \[X]{-10}
++
+ # End of testinput2
+diff --git a/testdata/testoutput2 b/testdata/testoutput2
+index c733c12..958f246 100644
+--- a/testdata/testoutput2
++++ b/testdata/testoutput2
+@@ -17435,6 +17435,10 @@ Subject length lower bound = 1
+     manm
+  0: a
+ 
++--
++    \[X]{-10}
++** Zero or negative repeat not allowed
++
+ # End of testinput2
+ Error -70: PCRE2_ERROR_BADDATA (unknown error number)
+ Error -62: bad serialized data
diff --git a/meta/recipes-support/libpcre/libpcre2_10.34.bb b/meta/recipes-support/libpcre/libpcre2_10.34.bb
index fa8655e027..53277270d2 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.34.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.34.bb
@@ -10,8 +10,12 @@ SECTION = "devel"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37"
 
-SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
+SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/pcre2-${PV}.tar.bz2 \
            file://pcre-cross.patch \
+           file://CVE-2022-1586.patch \
+           file://CVE-2022-1586-regression.patch \
+	    file://CVE-2022-1587.patch \
+	    file://CVE-2022-41409.patch \
 "
 
 SRC_URI[md5sum] = "d280b62ded13f9ccf2fac16ee5286366"
diff --git a/meta/recipes-support/libpcre/libpcre_8.44.bb b/meta/recipes-support/libpcre/libpcre_8.44.bb
index e5471e81da..3267c5ad72 100644
--- a/meta/recipes-support/libpcre/libpcre_8.44.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.44.bb
@@ -7,8 +7,7 @@ HOMEPAGE = "http://www.pcre.org"
 SECTION = "devel"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=3bb381a66a5385b246d4877922e7511e"
-SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre-${PV}.tar.bz2 \
-           file://fix-pcre-name-collision.patch \
+SRC_URI = "${SOURCEFORGE_MIRROR}/pcre/pcre-${PV}.tar.bz2 \
            file://run-ptest \
            file://Makefile \
            "