From 1f9d9deb8aaa25225d2e171381ad4ddca85e4a12 Mon Sep 17 00:00:00 2001
From: Rickard Nilsson <rickynils@gmail.com>
Date: Wed, 16 Aug 2017 15:10:09 +0200
Subject: libxslt: Patch for CVE-2017-5029

---
 pkgs/development/libraries/libxslt/default.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix
index 118b8af5a6f..07f96fad33e 100644
--- a/pkgs/development/libraries/libxslt/default.nix
+++ b/pkgs/development/libraries/libxslt/default.nix
@@ -17,7 +17,14 @@ stdenv.mkDerivation rec {
     sha256 = "1klh81xbm9ppzgqk339097i39b7fnpmlj8lzn8bpczl3aww6x5xm";
   };
 
-  patches = stdenv.lib.optional stdenv.isSunOS ./patch-ah.patch;
+  patches = [
+    (fetchpatch {
+      name = "CVE-2017-5029";
+      url = "https://git.gnome.org/browse/libxslt/"
+        + "patch/?id=08ab2774b870de1c7b5a48693df75e8154addae5";
+      sha256 = "10azfmyffjf9d7b5js4ipxw9f20qi0kw3zq34bpqmbcpq3l338ky";
+    })
+  ] ++ stdenv.lib.optional stdenv.isSunOS ./patch-ah.patch;
 
   # fixes: can't build x86_64-unknown-cygwin shared library unless -no-undefined is specified
   postPatch = optionalString hostPlatform.isCygwin ''
-- 
cgit 1.4.1