libxslt: add patch for CVE-2019-11068

References: https://nvd.nist.gov/vuln/detail/CVE-2019-11068 https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
NixOS · Apr 27, 2019 · 84b810f · 84b810f
1 parent fba13b5
commit 84b810f
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libxml2, findXMLCatalogs, python2, libgcrypt
+{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs, python2, libgcrypt
 , cryptoSupport ? false
 , pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform
 }:
@@ -18,6 +18,14 @@ stdenv.mkDerivation rec {
     sha256 = "1j1q1swnsy8jgi9x7mclvkrqhfgn09886gdlr9wzk7a08i8n0dlf";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2019-11068.patch";
+      url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
+      sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
+    })
+  ];
+
   outputs = [ "bin" "dev" "out" "man" "doc" ] ++ stdenv.lib.optional pythonSupport "py";
 
   buildInputs = [ libxml2.dev ]