pcre: 8.38 -> 8.39 (security)

Fixes:

  - CVE-2014-9769
  - CVE-2015-2327
  - CVE-2015-2328
  - CVE-2015-8382
  - CVE-2016-3191

cc #18856

pkgs/development/libraries/pcre/CVE-2016-1283.patch

@@ -1,18 +0,0 @@
-Index: pcre_compile.c
-===================================================================
---- a/pcre_compile.c	(revision 1635)
-+++ b/pcre_compile.c	(revision 1636)
-@@ -7311,7 +7311,12 @@
-           so far in order to get the number. If the name is not found, leave
-           the value of recno as 0 for a forward reference. */
- 
--          else
-+          /* This patch (removing "else") fixes a problem when a reference is
-+          to multiple identically named nested groups from within the nest.
-+          Once again, it is not the "proper" fix, and it results in an
-+          over-allocation of memory. */
-+
-+          /* else */
-             {
-             ng = cd->named_groups;
-             for (i = 0; i < cd->names_found; i++, ng++)

pkgs/development/libraries/pcre/default.nix

@@ -7,7 +7,7 @@ with stdenv.lib;
 assert elem variant [ null "cpp" "pcre16" "pcre32" ];
 
 let
-  version = "8.38";
+  version = "8.39";
   pname = if (variant == null) then "pcre"
     else  if (variant == "cpp") then "pcre-cpp"
     else  variant;
@@ -17,13 +17,9 @@ in stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-${version}.tar.bz2";
-    sha256 = "1pvra19ljkr5ky35y2iywjnsckrs9ch2anrf5b0dc91hw8v2vq5r";
+    sha256 = "12wyajlqx2v7dsh39ra9v9m5hibjkrl129q90bp32c28haghjn5q";
   };
 
-  patches = [
-    ./CVE-2016-1283.patch
-  ];
-
   outputs = [ "bin" "dev" "out" "doc" "man" ];
 
   configureFlags = [