From 5767c18d99a035aa642286d1390698ff40d5d231 Mon Sep 17 00:00:00 2001
From: Vladimír Čunát <v@cunat.cz>
Date: Sun, 10 Mar 2019 09:52:14 +0100
Subject: libarchive: apply upstream CVE patches

Fixes #57150.
---
 pkgs/development/libraries/libarchive/default.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'pkgs/development')

diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix
index 029be971ac17..f2a1c500a8be 100644
--- a/pkgs/development/libraries/libarchive/default.nix
+++ b/pkgs/development/libraries/libarchive/default.nix
@@ -17,6 +17,21 @@ stdenv.mkDerivation rec {
     sha256 = "0bhfncid058p7n1n8v29l6wxm3mhdqfassscihbsxfwz3iwb2zms";
   };
 
+  patches = [
+    (fetchpatch {
+      # details: https://github.com/libarchive/libarchive/pull/1105
+      name = "cve-2018-1000877.diff"; # CVE-2018-1000877..80
+      url = "https://github.com/libarchive/libarchive/pull/1105.diff";
+      sha256 = "0mxcawfdy9m40mykzwhkl39a6vnh4ypgy0ipcz74qm4bi72x0gyf";
+    })
+    (fetchpatch {
+      # details: https://github.com/libarchive/libarchive/pull/1120
+      name = "cve-2019-1000019_cve-2019-1000020.diff";
+      url = "https://github.com/libarchive/libarchive/pull/1120.diff";
+      sha256 = "1mgx92v8hm7hw9j34nbfriqfkxshh3cy25rhavr7kl7lz4x5a6g4";
+    })
+  ];
+
   outputs = [ "out" "lib" "dev" ];
 
   nativeBuildInputs = [ pkgconfig ];
-- 
cgit 1.4.1