libusbmuxd, libimobiledevice: Fix CVE-2016-5104

1 files changed, 8 insertions, 2 deletions

diff --git a/pkgs/development/libraries/libimobiledevice/default.nix b/pkgs/development/libraries/libimobiledevice/default.nix
index 40bb9a5a140..cfc31c120b4 100644
--- a/pkgs/development/libraries/libimobiledevice/default.nix
+++ b/pkgs/development/libraries/libimobiledevice/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, python, pkgconfig, usbmuxd, glib, libgcrypt,
+{ stdenv, fetchurl, fetchpatch, python, pkgconfig, usbmuxd, glib, libgcrypt,
   libtasn1, libplist, readline, libusbmuxd, openssl }:
 
 stdenv.mkDerivation rec {
@@ -8,7 +8,13 @@ stdenv.mkDerivation rec {
   buildInputs = [ readline ];
   propagatedBuildInputs = [ libusbmuxd glib libgcrypt libtasn1 libplist openssl ];
 
-  patches = [ ./disable_sslv3.patch ];
+  patches = [
+    ./disable_sslv3.patch
+    (fetchpatch { # CVE-2016-5104
+      url = "https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e.patch";
+      sha256 = "06ygb9aqcvm4v08wrldsddjgyqv5bkpq6lxzq2a1nwqp9mq4a4k1";
+    })
+  ];
 
   postPatch = ''sed -e 's@1\.3\.21@@' -i configure'';
   passthru.swig = libplist.swig;