From 38ec5055494ec88883e0033b7078ae6d45ced85a Mon Sep 17 00:00:00 2001
From: Marek Mahut <marek.mahut@satoshilabs.com>
Date: Tue, 16 Jul 2019 16:14:35 +0200
Subject: libosinfo: CVE-2019-13313

Fixes #64660
---
 pkgs/development/libraries/libosinfo/default.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'pkgs/development/libraries')

diff --git a/pkgs/development/libraries/libosinfo/default.nix b/pkgs/development/libraries/libosinfo/default.nix
index 04f0db030bb0..b971c8924f36 100644
--- a/pkgs/development/libraries/libosinfo/default.nix
+++ b/pkgs/development/libraries/libosinfo/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, intltool, gobject-introspection, gtk-doc, docbook_xsl
+{ stdenv, fetchurl, fetchpatch, pkgconfig, intltool, gobject-introspection, gtk-doc, docbook_xsl
 , glib, libsoup, libxml2, libxslt, check, curl, perl, hwdata, osinfo-db, vala ? null
 }:
 
@@ -21,6 +21,17 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./osinfo-db-data-dir.patch
+    # https://nvd.nist.gov/vuln/detail/CVE-2019-13313
+    (fetchpatch {
+      url = "https://gitlab.com/libosinfo/libosinfo/commit/3654abee6ead9f11f8bb9ba8fc71efd6fa4dabbc.patch";
+      name = "CVE-2019-13313-1.patch";
+      sha256 = "1lybywfj6b41zfjk33ap90bab5l84lf5y3kif7vd2b6wq5r91rcn";
+    })
+    (fetchpatch {
+      url = "https://gitlab.com/libosinfo/libosinfo/commit/08fb8316b4ac42fe74c1fa5ca0ac593222cdf81a.patch";
+      name = "CVE-2019-13313-2.patch";
+      sha256 = "1f6rhkrgy3j8nmidk97wnz6p35zs1dsd63d3np76q7qs7ra74w9z";
+    })
   ];
 
   postPatch = ''
-- 
cgit 1.4.1