pcre: 8.38 -> 8.39 (security)
Fixes: - CVE-2014-9769 - CVE-2015-2327 - CVE-2015-2328 - CVE-2015-8382 - CVE-2016-3191 cc #18856
This commit is contained in:
parent
265a4752f6
commit
6244be2d0a
@ -1,18 +0,0 @@
|
||||
Index: pcre_compile.c
|
||||
===================================================================
|
||||
--- a/pcre_compile.c (revision 1635)
|
||||
+++ b/pcre_compile.c (revision 1636)
|
||||
@@ -7311,7 +7311,12 @@
|
||||
so far in order to get the number. If the name is not found, leave
|
||||
the value of recno as 0 for a forward reference. */
|
||||
|
||||
- else
|
||||
+ /* This patch (removing "else") fixes a problem when a reference is
|
||||
+ to multiple identically named nested groups from within the nest.
|
||||
+ Once again, it is not the "proper" fix, and it results in an
|
||||
+ over-allocation of memory. */
|
||||
+
|
||||
+ /* else */
|
||||
{
|
||||
ng = cd->named_groups;
|
||||
for (i = 0; i < cd->names_found; i++, ng++)
|
@ -7,7 +7,7 @@ with stdenv.lib;
|
||||
assert elem variant [ null "cpp" "pcre16" "pcre32" ];
|
||||
|
||||
let
|
||||
version = "8.38";
|
||||
version = "8.39";
|
||||
pname = if (variant == null) then "pcre"
|
||||
else if (variant == "cpp") then "pcre-cpp"
|
||||
else variant;
|
||||
@ -17,13 +17,9 @@ in stdenv.mkDerivation rec {
|
||||
|
||||
src = fetchurl {
|
||||
url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-${version}.tar.bz2";
|
||||
sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r";
|
||||
sha256 = "12wyajlqx2v7dsh39ra9v9m5hibjkrl129q90bp32c28haghjn5q";
|
||||
};
|
||||
|
||||
patches = [
|
||||
./CVE-2016-1283.patch
|
||||
];
|
||||
|
||||
outputs = [ "bin" "dev" "out" "doc" "man" ];
|
||||
|
||||
configureFlags = [
|
||||
|
Loading…
Reference in New Issue
Block a user