--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/pcre/patches/05-CVE-2015-3217.patch Thu Jun 25 13:02:22 2015 -0700
@@ -0,0 +1,65 @@
+Patch from upstream:
+http://vcs.pcre.org/pcre?view=revision&revision=1566
+to fix CVE-2015-3217 for this upstream bug
+https://bugs.exim.org/show_bug.cgi?id=1638
+
+This patch may be removed when pcre is upgraded from version 8.37
+
+--- pcre-8.37-orig/ChangeLog 2015-06-18 14:42:05.162869794 -0700
++++ pcre-8.37/ChangeLog 2015-06-18 14:42:49.750142570 -0700
+@@ -23,6 +23,10 @@ Changes since Version 8.37
+ another group caused a buffer overflow. For example:
+ /(?J)(?'d'(?'d'\g{d}))/. This bug was discovered by the LLVM fuzzer.
+
++5. If a non-capturing group containing a conditional group that could match
++ an empty string was repeated, it was not identified as matching an empty
++ string itself. For example: /^(?:(?(1)x|)+)+$()/.
++
+
+ Version 8.37 28-April-2015
+ --------------------------
+--- pcre-8.37-orig/pcre_compile.c 2015-06-18 14:43:18.613383953 -0700
++++ pcre-8.37/pcre_compile.c 2015-06-18 14:44:14.866515479 -0700
+@@ -2487,7 +2487,7 @@ for (code = first_significant_code(code
+ if (c == OP_BRA || c == OP_BRAPOS ||
+ c == OP_CBRA || c == OP_CBRAPOS ||
+ c == OP_ONCE || c == OP_ONCE_NC ||
+- c == OP_COND)
++ c == OP_COND || c == OP_SCOND)
+ {
+ BOOL empty_branch;
+ if (GET(code, 1) == 0) return TRUE; /* Hit unclosed bracket */
+--- pcre-8.37-orig/testdata/testinput2 2015-06-18 14:45:30.453719449 -0700
++++ pcre-8.37/testdata/testinput2 2015-06-18 14:46:14.175672070 -0700
+@@ -4168,4 +4168,6 @@ backtracking verbs. --/
+
+ "(?J)(?'d'(?'d'\g{d}))"
+
++/^(?:(?(1)x|)+)+$()/BZ
++
+ /-- End of testinput2 --/
+--- pcre-8.37-orig/testdata/testoutput2 2015-06-18 14:45:38.047882931 -0700
++++ pcre-8.37/testdata/testoutput2 2015-06-18 14:47:02.815368178 -0700
+@@ -14456,4 +14456,22 @@ Failed: reference to non-existent subpat
+
+ "(?J)(?'d'(?'d'\g{d}))"
+
++/^(?:(?(1)x|)+)+$()/BZ
++------------------------------------------------------------------
++ Bra
++ ^
++ SBra
++ SCond
++ 1 Cond ref
++ x
++ Alt
++ KetRmax
++ KetRmax
++ $
++ CBra 1
++ Ket
++ Ket
++ End
++------------------------------------------------------------------
++
+ /-- End of testinput2 --/