pcre: 8.38 -> 8.39 (security)

Fixes:

  - CVE-2014-9769
  - CVE-2015-2327
  - CVE-2015-2328
  - CVE-2015-8382
  - CVE-2016-3191

cc #18856
This commit is contained in:
Franz Pletz 2016-09-24 19:27:50 +02:00
parent 265a4752f6
commit 6244be2d0a
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4
2 changed files with 2 additions and 24 deletions

View File

@ -1,18 +0,0 @@
Index: pcre_compile.c
===================================================================
--- a/pcre_compile.c (revision 1635)
+++ b/pcre_compile.c (revision 1636)
@@ -7311,7 +7311,12 @@
so far in order to get the number. If the name is not found, leave
the value of recno as 0 for a forward reference. */
- else
+ /* This patch (removing "else") fixes a problem when a reference is
+ to multiple identically named nested groups from within the nest.
+ Once again, it is not the "proper" fix, and it results in an
+ over-allocation of memory. */
+
+ /* else */
{
ng = cd->named_groups;
for (i = 0; i < cd->names_found; i++, ng++)

View File

@ -7,7 +7,7 @@ with stdenv.lib;
assert elem variant [ null "cpp" "pcre16" "pcre32" ];
let
version = "8.38";
version = "8.39";
pname = if (variant == null) then "pcre"
else if (variant == "cpp") then "pcre-cpp"
else variant;
@ -17,13 +17,9 @@ in stdenv.mkDerivation rec {
src = fetchurl {
url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-${version}.tar.bz2";
sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r";
sha256 = "12wyajlqx2v7dsh39ra9v9m5hibjkrl129q90bp32c28haghjn5q";
};
patches = [
./CVE-2016-1283.patch
];
outputs = [ "bin" "dev" "out" "doc" "man" ];
configureFlags = [