Document configuration for SELinux execmem allocator and fix CMake usage.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 956aa18..5ebe695 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -79,6 +79,7 @@
# 2016-10-07 PH added PCREGREP_MAX_BUFSIZE
# 2017-03-11 PH turned HEAP_MATCH_RECURSE into a NO-OP for 10.30
# 2017-04-08 PH added HEAP_LIMIT
+# 2017-06-15 ZH added SUPPORT_JIT_SEALLOC support
PROJECT(PCRE2 C)
diff --git a/ChangeLog b/ChangeLog
index 67f393c..2bb4e08 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -197,6 +197,9 @@
(a) The -F option did not work for fixed strings containing \E.
(b) The -w option did not work for patterns with multiple branches.
+
+44. Added configuration options for the SELinux compatible execmem allocator in
+JIT.
Version 10.23 14-February-2017
diff --git a/README b/README
index 336f5d9..6bf5b46 100644
--- a/README
+++ b/README
@@ -171,7 +171,10 @@
give large performance improvements on certain platforms, add --enable-jit to
the "configure" command. This support is available only for certain hardware
architectures. If you try to enable it on an unsupported architecture, there
- will be a compile time error.
+ will be a compile time error. If you are running under SELinux you may also
+ want to add --enable-jit-sealloc, which enables the use of an execmem
+ allocator in JIT that is compatible with SELinux. This has no effect if JIT
+ is not enabled.
. If you do not want to make use of the default support for UTF-8 Unicode
character strings in the 8-bit library, UTF-16 Unicode character strings in
@@ -874,4 +877,4 @@
Philip Hazel
Email local part: ph10
Email domain: cam.ac.uk
-Last updated: 11 April 2017
+Last updated: 17 June 2017
diff --git a/config-cmake.h.in b/config-cmake.h.in
index d34cc33..9b4f15d 100644
--- a/config-cmake.h.in
+++ b/config-cmake.h.in
@@ -25,6 +25,7 @@
#cmakedefine SUPPORT_LIBZ 1
#cmakedefine SUPPORT_JIT 1
+#cmakedefine SLJIT_PROT_EXECUTABLE_ALLOCATOR 1
#cmakedefine SUPPORT_PCRE2GREP_JIT 1
#cmakedefine SUPPORT_UNICODE 1
#cmakedefine SUPPORT_VALGRIND 1
diff --git a/doc/pcre2build.3 b/doc/pcre2build.3
index bbf5466..8b081d9 100644
--- a/doc/pcre2build.3
+++ b/doc/pcre2build.3
@@ -1,4 +1,4 @@
-.TH PCRE2BUILD 3 "30 May 2017" "PCRE2 10.30"
+.TH PCRE2BUILD 3 "17 June 2017" "PCRE2 10.30"
.SH NAME
PCRE2 - Perl-compatible regular expressions (revised API)
.
@@ -156,8 +156,13 @@
--enable-jit
.sp
This support is available only for certain hardware architectures. If this
-option is set for an unsupported architecture, a building error occurs.
-See the
+option is set for an unsupported architecture, a building error occurs. If you
+are running under SELinux you may also want to add
+.sp
+ --enable-jit-sealloc
+.sp
+which enables the use of an execmem allocator in JIT that is compatible with
+SELinux. This has no effect if JIT is not enabled. See the
.\" HREF
\fBpcre2jit\fP
.\"
@@ -273,7 +278,7 @@
change this by a setting such as
.sp
--with-heap-limit=500
-.sp
+.sp
which limits the amount of heap to 500 kilobytes. This limit applies only to
interpretive matching in pcre2_match(). It does not apply when JIT (which has
its own memory arrangements) is used, nor does it apply to
@@ -528,7 +533,7 @@
a pointer to a string and the length of the string. When called, this function
tries to compile the string as a pattern, and if that succeeds, to match it.
This is done both with no options and with some random options bits that are
-generated from the string.
+generated from the string.
.P
Setting --enable-fuzz-support also causes a binary called \fBpcre2fuzzcheck\fP
to be created. This is normally run under valgrind or used when PCRE2 is
@@ -542,13 +547,13 @@
.SH "OBSOLETE OPTION"
.rs
.sp
-In versions of PCRE2 prior to 10.30, there were two ways of handling
-backtracking in the \fBpcre2_match()\fP function. The default was to use the
+In versions of PCRE2 prior to 10.30, there were two ways of handling
+backtracking in the \fBpcre2_match()\fP function. The default was to use the
system stack, but if
.sp
--disable-stack-for-recursion
.sp
-was set, memory on the heap was used. From release 10.30 onwards this has
+was set, memory on the heap was used. From release 10.30 onwards this has
changed (the stack is no longer used) and this option now does nothing except
give a warning.
.
@@ -572,6 +577,6 @@
.rs
.sp
.nf
-Last updated: 30 May 2017
+Last updated: 17 June 2017
Copyright (c) 1997-2017 University of Cambridge.
.fi
