From e4728dd05f71a44c6864dae8a45c83fcefb59a37 Mon Sep 17 00:00:00 2001
From: Vladimír Čunát <vcunat@gmail.com>
Date: Sat, 6 Feb 2016 13:21:18 +0100
Subject: libxslt: fix CVE-2015-7995 by upstream patch

---
 pkgs/development/libraries/libxslt/default.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'pkgs/development/libraries/libxslt')

diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix
index 3579e99ec7a..9aa70ea0471 100644
--- a/pkgs/development/libraries/libxslt/default.nix
+++ b/pkgs/development/libraries/libxslt/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libxml2, findXMLCatalogs }:
+{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs }:
 
 stdenv.mkDerivation rec {
   name = "libxslt-1.1.28";
@@ -8,14 +8,21 @@ stdenv.mkDerivation rec {
     sha256 = "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz";
   };
 
+  patches = stdenv.lib.optional stdenv.isSunOS ./patch-ah.patch
+    ++ [
+      (fetchpatch {
+        name = "CVE-2015-7995.patch";
+        url = "http://git.gnome.org/browse/libxslt/patch/?id=7ca19df892ca22";
+        sha256 = "1xzg0q94dzbih9nvqp7g9ihz0a3qb0w23l1158m360z9smbi8zbd";
+      })
+    ];
+
   outputs = [ "out" "doc" ];
 
   buildInputs = [ libxml2 ];
 
   propagatedBuildInputs = [ findXMLCatalogs ];
 
-  patches = stdenv.lib.optionals stdenv.isSunOS [ ./patch-ah.patch ];
-
   configureFlags = [
     "--with-libxml-prefix=${libxml2}"
     "--without-python"
-- 
cgit 1.4.1