From 1e2fe7e07dda9b354a1aacb7b9b2ce05045c7b45 Mon Sep 17 00:00:00 2001 From: Micxjo Funkcio Date: Fri, 8 Apr 2016 13:29:28 -0700 Subject: [PATCH 1/2] pcre: patch CVE-2016-1283 This fixes CVE-2016-1283, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1283 --- .../libraries/pcre/CVE-2016-1283.patch | 18 ++++++++++++++++++ pkgs/development/libraries/pcre/default.nix | 5 +++-- 2 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/libraries/pcre/CVE-2016-1283.patch diff --git a/pkgs/development/libraries/pcre/CVE-2016-1283.patch b/pkgs/development/libraries/pcre/CVE-2016-1283.patch new file mode 100644 index 000000000000..2c2dad29e929 --- /dev/null +++ b/pkgs/development/libraries/pcre/CVE-2016-1283.patch @@ -0,0 +1,18 @@ +Index: pcre_compile.c +=================================================================== +--- a/pcre_compile.c (revision 1635) ++++ b/pcre_compile.c (revision 1636) +@@ -7311,7 +7311,12 @@ + so far in order to get the number. If the name is not found, leave + the value of recno as 0 for a forward reference. */ + +- else ++ /* This patch (removing "else") fixes a problem when a reference is ++ to multiple identically named nested groups from within the nest. ++ Once again, it is not the "proper" fix, and it results in an ++ over-allocation of memory. */ ++ ++ /* else */ + { + ng = cd->named_groups; + for (i = 0; i < cd->names_found; i++, ng++) diff --git a/pkgs/development/libraries/pcre/default.nix b/pkgs/development/libraries/pcre/default.nix index afeffae3e5fa..5ae79e91b922 100644 --- a/pkgs/development/libraries/pcre/default.nix +++ b/pkgs/development/libraries/pcre/default.nix @@ -22,8 +22,9 @@ in stdenv.mkDerivation rec { sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"; }; - patches = - [ ]; + patches = [ + ./CVE-2016-1283.patch + ]; outputs = [ "out" "doc" "man" ]; From cdc5326a31189d596abfcb30b776de8ba3e65569 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sat, 9 Apr 2016 02:48:14 +0300 Subject: [PATCH 2/2] pcre: cleanup a little --- pkgs/development/libraries/pcre/default.nix | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/pkgs/development/libraries/pcre/default.nix b/pkgs/development/libraries/pcre/default.nix index 5ae79e91b922..b1bbe0342578 100644 --- a/pkgs/development/libraries/pcre/default.nix +++ b/pkgs/development/libraries/pcre/default.nix @@ -14,11 +14,11 @@ let else abort "Invalid character size"; in stdenv.mkDerivation rec { - name = "pcre${lib.optionalString (withCharSize != 8) (toString withCharSize)}-8.38"; - # FIXME: add "version" attribute and use it in URL + name = "pcre${lib.optionalString (withCharSize != 8) (toString withCharSize)}-${version}"; + version = "8.38"; src = fetchurl { - url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.bz2"; + url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-${version}.tar.bz2"; sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r"; }; @@ -28,12 +28,11 @@ in stdenv.mkDerivation rec { outputs = [ "out" "doc" "man" ]; - # FIXME: Refactor into list! - configureFlags = '' - --enable-jit - ${lib.optionalString unicodeSupport "--enable-unicode-properties"} - ${lib.optionalString (!cplusplusSupport) "--disable-cpp"} - '' + lib.optionalString (charFlags != []) " ${toString charFlags}"; + configureFlags = + [ "--enable-jit" ] + ++ lib.optional unicodeSupport "--enable-unicode-properties" + ++ lib.optional (!cplusplusSupport) "--disable-cpp" + ++ charFlags; doCheck = with stdenv; !(isCygwin || isFreeBSD); # XXX: test failure on Cygwin