Merge pull request #64911 from mmahut/CVE-2019-13313

libosinfo: CVE-2019-13313

1 files changed, 12 insertions, 1 deletions

diff --git a/pkgs/development/libraries/libosinfo/default.nix b/pkgs/development/libraries/libosinfo/default.nix
index 04f0db030bb0..b971c8924f36 100644
--- a/pkgs/development/libraries/libosinfo/default.nix
+++ b/pkgs/development/libraries/libosinfo/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, intltool, gobject-introspection, gtk-doc, docbook_xsl
+{ stdenv, fetchurl, fetchpatch, pkgconfig, intltool, gobject-introspection, gtk-doc, docbook_xsl
 , glib, libsoup, libxml2, libxslt, check, curl, perl, hwdata, osinfo-db, vala ? null
 }:
 
@@ -21,6 +21,17 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./osinfo-db-data-dir.patch
+    # https://nvd.nist.gov/vuln/detail/CVE-2019-13313
+    (fetchpatch {
+      url = "https://gitlab.com/libosinfo/libosinfo/commit/3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc.patch";
+      name = "CVE-2019-13313-1.patch";
+      sha256 = "1lybywfj6b41zfjk33ap90bab5l84lf5y3kif7vd2b6wq5r91rcn";
+    })
+    (fetchpatch {
+      url = "https://gitlab.com/libosinfo/libosinfo/commit/08fb8316b4ac42fe74c1fa5ca0ac593222cdf81a.patch";
+      name = "CVE-2019-13313-2.patch";
+      sha256 = "1f6rhkrgy3j8nmidk97wnz6p35zs1dsd63d3np76q7qs7ra74w9z";
+    })
   ];
 
   postPatch = ''