From a7681d29dcb415593a06cf265aabc776bd3a02c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Wed, 6 Apr 2016 23:27:10 +0200
Subject: gnu: pcre: Fix CVE-2016-3191.

* gnu/packages/pcre.scm (pcre)[replacement]: New field.
(pcre-fixed): New variable.
* gnu/packages/patches/pcre-CVE-2016-3191.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
---
 gnu/packages/pcre.scm | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'gnu/packages/pcre.scm')

diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index d2933bbe38..9794def4c1 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -22,6 +22,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu))
@@ -30,6 +31,7 @@
   (package
    (name "pcre")
    (version "8.38")
+   (replacement pcre-fixed)
    (source (origin
             (method url-fetch)
             (uri (list
@@ -65,6 +67,13 @@ POSIX regular expression API.")
    (license license:bsd-3)
    (home-page "http://www.pcre.org/")))
 
+(define pcre-fixed                                ;for CVE-2016-3191
+  (package
+    (inherit pcre)
+    (source (origin
+              (inherit (package-source pcre))
+              (patches (list (search-patch "pcre-CVE-2016-3191.patch")))))))
+
 (define-public pcre2
   (package
     (name "pcre2")
-- 
cgit v1.2.3