cyrus_sasl: add patch for CVE-2019-19906

sourced from debian as patch isn't even in upstream master yet. (cherry picked from commit 302a77a)
danderson · Jan 2, 2020 · c3f2b77 · c3f2b77
1 parent 4351df6
commit c3f2b77
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/pkgs/development/libraries/cyrus-sasl/default.nix b/pkgs/development/libraries/cyrus-sasl/default.nix
@@ -1,6 +1,6 @@
 { lib, stdenv, fetchurl, openssl, openldap, kerberos, db, gettext
 , pam, fixDarwinDylibNames, autoreconfHook, enableLdap ? false
-, buildPackages, pruneLibtoolFiles }:
+, buildPackages, pruneLibtoolFiles, fetchpatch }:
 
 with stdenv.lib;
 stdenv.mkDerivation rec {
@@ -27,6 +27,11 @@ stdenv.mkDerivation rec {
   patches = [
     ./missing-size_t.patch # https://bugzilla.redhat.com/show_bug.cgi?id=906519
     ./cyrus-sasl-ac-try-run-fix.patch
+    (fetchpatch {
+      name = "CVE-2019-19906.patch";
+      url = "https://sources.debian.org/data/main/c/cyrus-sasl2/2.1.27+dfsg-1+deb10u1/debian/patches/0021-CVE-2019-19906.patch";
+      sha256 = "1n4c5wg7l9j8rlbvx8i605j5d39xmj5wm618k8acxl4fmglcmfls";
+    })
   ];
 
   configureFlags = [