From 1e2fe7e07dda9b354a1aacb7b9b2ce05045c7b45 Mon Sep 17 00:00:00 2001
From: Micxjo Funkcio <micxjo@fastmail.com>
Date: Fri, 8 Apr 2016 13:29:28 -0700
Subject: pcre: patch CVE-2016-1283

This fixes CVE-2016-1283, which allows remote attackers to cause
a denial of service (heap-based buffer overflow) or possibly
have unspecified other impact via a crafted regular expression.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1283
---
 pkgs/development/libraries/pcre/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'pkgs/development/libraries/pcre/default.nix')

diff --git a/pkgs/development/libraries/pcre/default.nix b/pkgs/development/libraries/pcre/default.nix
index afeffae3e5f..5ae79e91b92 100644
--- a/pkgs/development/libraries/pcre/default.nix
+++ b/pkgs/development/libraries/pcre/default.nix
@@ -22,8 +22,9 @@ in stdenv.mkDerivation rec {
     sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r";
   };
 
-  patches =
-    [ ];
+  patches = [
+    ./CVE-2016-1283.patch
+  ];
 
   outputs = [ "out" "doc" "man" ];
 
-- 
cgit 1.4.1


From cdc5326a31189d596abfcb30b776de8ba3e65569 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Sat, 9 Apr 2016 02:48:14 +0300
Subject: pcre: cleanup a little

---
 pkgs/development/libraries/pcre/default.nix | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

(limited to 'pkgs/development/libraries/pcre/default.nix')

diff --git a/pkgs/development/libraries/pcre/default.nix b/pkgs/development/libraries/pcre/default.nix
index 5ae79e91b92..b1bbe034257 100644
--- a/pkgs/development/libraries/pcre/default.nix
+++ b/pkgs/development/libraries/pcre/default.nix
@@ -14,11 +14,11 @@ let
               else abort "Invalid character size";
 
 in stdenv.mkDerivation rec {
-  name = "pcre${lib.optionalString (withCharSize != 8) (toString withCharSize)}-8.38";
-  # FIXME: add "version" attribute and use it in URL
+  name = "pcre${lib.optionalString (withCharSize != 8) (toString withCharSize)}-${version}";
+  version = "8.38";
 
   src = fetchurl {
-    url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.bz2";
+    url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-${version}.tar.bz2";
     sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r";
   };
 
@@ -28,12 +28,11 @@ in stdenv.mkDerivation rec {
 
   outputs = [ "out" "doc" "man" ];
 
-  # FIXME: Refactor into list!
-  configureFlags = ''
-    --enable-jit
-    ${lib.optionalString unicodeSupport "--enable-unicode-properties"}
-    ${lib.optionalString (!cplusplusSupport) "--disable-cpp"}
-  '' + lib.optionalString (charFlags != []) " ${toString charFlags}";
+  configureFlags =
+    [ "--enable-jit" ]
+    ++ lib.optional unicodeSupport "--enable-unicode-properties"
+    ++ lib.optional (!cplusplusSupport) "--disable-cpp"
+    ++ charFlags;
 
   doCheck = with stdenv; !(isCygwin || isFreeBSD);
     # XXX: test failure on Cygwin
-- 
cgit 1.4.1