From d4cced993421eaeee743be4d22fca7f1ba87b3bc Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Tue, 21 Nov 2017 21:36:00 +0100
Subject: [PATCH] clamav: apply patch for CVE-2017-6420

Details at [1].

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6420

(cherry picked from commit f01acd4cd57e1c9fc30323edf193b72db391eb0b)
---
 pkgs/tools/security/clamav/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix
index 83a2a1fd85eadb..506d6fc3fce863 100644
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl
+{ stdenv, fetchurl, fetchpatch, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl
 , libmilter, pcre }:
 
 stdenv.mkDerivation rec {
@@ -10,6 +10,14 @@ stdenv.mkDerivation rec {
     sha256 = "0yh2q318bnmf2152g2h1yvzgqbswn0wvbzb8p4kf7v057shxcyqn";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2017-6420.patch";
+      url = "https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc.patch";
+      sha256 = "08w3p3a4pmi0cmcmyxkagsbn3g0jgx1jqlc34pn141x0qzrlqr60";
+    })
+  ];
+
   # don't install sample config files into the absolute sysconfdir folder
   postPatch = ''
     substituteInPlace Makefile.in --replace ' etc ' ' '