From 34cf7934c3a733b81e9c804e4cb8385e38d98d0e Mon Sep 17 00:00:00 2001
From: Robert Helgesson <robert@rycee.net>
Date: Thu, 19 May 2016 21:40:04 +0200
Subject: expat: patch CVE-2015-1283 and CVE-2016-0718 (close #15561)

Note, CVE-2015-1283 is already patched in expat version 2.1.1 but, as
explained in the patch, the fix was insufficient.
---
 pkgs/development/libraries/expat/default.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'pkgs/development/libraries/expat/default.nix')

diff --git a/pkgs/development/libraries/expat/default.nix b/pkgs/development/libraries/expat/default.nix
index bc1801ef804..1b663fc21a9 100644
--- a/pkgs/development/libraries/expat/default.nix
+++ b/pkgs/development/libraries/expat/default.nix
@@ -15,6 +15,8 @@ stdenv.mkDerivation rec {
 
   outputMan = "dev"; # tiny page for a dev tool
 
+  patches = [ ./CVE-2015-1283-refix.patch ./CVE-2016-0718-v2-2-1.patch ];
+
   doCheck = true;
 
   meta = with stdenv.lib; {
-- 
cgit 1.4.1