From 955b79f4629dd7ea8ba6b234c043b97e4ed5e5f5 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Sun, 26 Mar 2017 17:12:13 +0200
Subject: pcre2: 10.22 -> 10.23 + security fix

CVE-2017-7186

refs nixos/security#57 #24319
---
 pkgs/development/libraries/pcre2/default.nix | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

(limited to 'pkgs/development/libraries/pcre2')

diff --git a/pkgs/development/libraries/pcre2/default.nix b/pkgs/development/libraries/pcre2/default.nix
index d226a51d0f8ee..8df18530472a8 100644
--- a/pkgs/development/libraries/pcre2/default.nix
+++ b/pkgs/development/libraries/pcre2/default.nix
@@ -1,11 +1,11 @@
-{ stdenv, fetchurl }:
+{ stdenv, fetchurl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "pcre2-${version}";
-  version = "10.22";
+  version = "10.23";
   src = fetchurl {
     url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/${name}.tar.bz2";
-    sha256 = "05pl338962d7syd1rbkg96916mq7d3amz1n2fjnm0v5cyhcldd5j";
+    sha256 = "0vn5g0mkkp99mmzpissa06hpyj6pk9s4mlwbjqrjvw3ihy8rpiyz";
   };
 
   configureFlags = [
@@ -14,6 +14,23 @@ stdenv.mkDerivation rec {
     "--enable-jit"
   ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2017-7186-part1.patch";
+      url = "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?view=patch&r1=316&r2=670&sortby=date";
+      sha256 = "10yzglvbn7h06hg7zffr5zh378i5jihvx7d5gggkynws79vgwvfr";
+      stripLen = 2;
+      addPrefixes = true;
+    })
+    (fetchpatch {
+      name = "CVE-2017-7186-part2.patch";
+      url = "https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?view=patch&r1=600&r2=670&sortby=date";
+      sha256 = "1bggk7vd5hg0bjg96lj4h1lacmr6grq68dm6iz1n7vg3zf7virjn";
+      stripLen = 2;
+      addPrefixes = true;
+    })
+  ];
+
   outputs = [ "bin" "dev" "out" "doc" "man" "devdoc" ];
 
   postFixup = ''
-- 
cgit 1.4.1