libunwind: security fix for CVE-2015-3239

Thanks to the monitor. Low security and high rebuild impact, but still...

pkgs/development/libraries/libunwind/cve-2015-3239.patch

@@ -0,0 +1,15 @@
+http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
+
+diff --git a/include/dwarf_i.h b/include/dwarf_i.h
+index 0e72845..86dcdb8 100644
+--- a/include/dwarf_i.h
++++ b/include/dwarf_i.h
+@@ -20,7 +20,7 @@
+ extern const uint8_t dwarf_to_unw_regnum_map[DWARF_REGNUM_MAP_LENGTH];
+ /* REG is evaluated multiple times; it better be side-effects free!  */
+ # define dwarf_to_unw_regnum(reg)					  \
+-  (((reg) <= DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
++  (((reg) < DWARF_REGNUM_MAP_LENGTH) ? dwarf_to_unw_regnum_map[reg] : 0)
+ #endif
+ 
+ #ifdef UNW_LOCAL_ONLY

pkgs/development/libraries/libunwind/default.nix

@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "libunwind-1.1";
-  
+
   src = fetchurl {
     url = "mirror://savannah/libunwind/${name}.tar.gz";
     sha256 = "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx";
   };
 
-  patches = [ ./libunwind-1.1-lzma.patch ];
+  patches = [ ./libunwind-1.1-lzma.patch ./cve-2015-3239.patch ];
 
   postPatch = ''
     sed -i -e '/LIBLZMA/s:-lzma:-llzma:' configure
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
       sed -i 's,-llzma,${xz}/lib/liblzma.la,' $file
     done
   '';
-  
+
   meta = with stdenv.lib; {
     homepage = http://www.nongnu.org/libunwind;
     description = "A portable and efficient API to determine the call-chain of a program";

pkgs/top-level/all-packages.nix

@@ -7450,7 +7450,7 @@ let
   libusbmuxd = callPackage ../development/libraries/libusbmuxd { };
 
   libunwind = if stdenv.isDarwin
-    then callPackage ../development/libraries/libunwind/native.nix {}
+    then libunwindNative
     else callPackage ../development/libraries/libunwind { };
 
   libunwindNative = callPackage ../development/libraries/libunwind/native.nix {};