pcre: 8.38 -> 8.39 (security)

Fixes: - CVE-2014-9769 - CVE-2015-2327 - CVE-2015-2328 - CVE-2015-8382 - CVE-2016-3191 cc #18856
2016-09-24 19:27:50 +02:00 · 2016-09-24 19:27:50 +02:00 · 6244be2d0a
commit 6244be2d0a
parent 265a4752f6
2 changed files with 2 additions and 24 deletions
--- a/pkgs/development/libraries/pcre/CVE-2016-1283.patch
+++ b/pkgs/development/libraries/pcre/CVE-2016-1283.patch
@ -1,18 +0,0 @@
 Index: pcre_compile.c
 ===================================================================
 --- a/pcre_compile.c	(revision 1635)
 +++ b/pcre_compile.c	(revision 1636)
@@ -7311,7 +7311,12 @@
           so far in order to get the number. If the name is not found, leave
           the value of recno as 0 for a forward reference. */
 -          else
 +          /* This patch (removing "else") fixes a problem when a reference is
 +          to multiple identically named nested groups from within the nest.
 +          Once again, it is not the "proper" fix, and it results in an
 +          over-allocation of memory. */
 +
 +          /* else */
             {
             ng = cd->named_groups;
             for (i = 0; i < cd->names_found; i++, ng++)
--- a/pkgs/development/libraries/pcre/default.nix
+++ b/pkgs/development/libraries/pcre/default.nix
@ -7,7 +7,7 @@ with stdenv.lib;
 assert elem variant [ null "cpp" "pcre16" "pcre32" ];
 let
-  version = "8.38";
+  version = "8.39";
  pname = if (variant == null) then "pcre"
    else  if (variant == "cpp") then "pcre-cpp"
    else  variant;
@ -17,13 +17,9 @@ in stdenv.mkDerivation rec {
  src = fetchurl {
    url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-${version}.tar.bz2";
-    sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r";
+    sha256 = "12wyajlqx2v7dsh39ra9v9m5hibjkrl129q90bp32c28haghjn5q";
  };
  patches = [
    ./CVE-2016-1283.patch
  ];
  outputs = [ "bin" "dev" "out" "doc" "man" ];
  configureFlags = [