unrtf: patch against CVE-2016-10091

NixOS · Jan 12, 2017 · 2dab778 · 2dab778
1 parent b8b1892
commit 2dab778
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/pkgs/tools/text/unrtf/default.nix b/pkgs/tools/text/unrtf/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, autoconf, automake, libiconv }:
+{ stdenv, fetchurl, fetchpatch, autoconf, automake, libiconv }:
 
 stdenv.mkDerivation rec {
   name = "unrtf-${version}";
@@ -9,6 +9,14 @@ stdenv.mkDerivation rec {
     sha256 = "1pcdzf2h1prn393dkvg93v80vh38q0v817xnbwrlwxbdz4k7i8r2";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2016-10091-0001-convert.c-Use-safe-buffer-size-and-snprintf.patch";
+      url = "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=849705;filename=0001-convert.c-Use-safe-buffer-size-and-snprintf.patch;msg=20";
+      sha256 = "0s0fjvm3zdm9967sijlipfrwjs0h23n2n8fa6f40xxp8y5qq5a0b";
+    })
+  ];
+
   nativeBuildInputs = [ autoconf automake ];
 
   buildInputs = [ ] ++ stdenv.lib.optional stdenv.isDarwin libiconv;