From ae3e9b5a27e61a5590d1dd4e1fd402b061550b4e Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Fri, 2 Nov 2018 02:09:41 +0100
Subject: python27: add patch to fix CVE-2018-1000802

---
 pkgs/development/interpreters/python/cpython/2.7/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'pkgs/development/interpreters/python')

diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix
index 2609c053d95b..00a1cfc5bd0e 100644
--- a/pkgs/development/interpreters/python/cpython/2.7/default.nix
+++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix
@@ -74,6 +74,12 @@ let
         url = "file://${./type_getattro.patch}";
         sha256 = "11v9yx20hs3jmw0wggzvmw39qs4mxay4kb8iq2qjydwy9ya61nrd";
       })
+
+      (fetchpatch {
+        name = "CVE-2018-1000802.patch";
+        url = "https://github.com/python/cpython/pull/8985.patch";
+        sha256 = "1c8nq2c9sjqa8ipl62hiandg6a7lzrwwfhi3ky6jd3pxgyalrh97";
+      })
     ] ++ optionals (x11Support && stdenv.isDarwin) [
       ./use-correct-tcl-tk-on-darwin.patch
     ] ++ optionals stdenv.isLinux [
-- 
cgit 1.4.1