From 9524bf3034433f41648011513f9b508fee35c02d Mon Sep 17 00:00:00 2001
From: Dima <dgoldin+github@protonmail.ch>
Date: Tue, 22 Oct 2019 17:35:20 +0200
Subject: pango: 1.43.0, backport CVE-2019-1010238 fix

There was a previous fix for this in
https://github.com/NixOS/nixpkgs/pull/71571

But some things, most notably pygtk, still rely on deprecated pango
APIs that are not available past 1.43, this backports the CVE
fix to this version.
---
 pkgs/development/libraries/pango/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkgs/development/libraries/pango/default.nix')

diff --git a/pkgs/development/libraries/pango/default.nix b/pkgs/development/libraries/pango/default.nix
index 0f84b382f4d..0aa1caf7e64 100644
--- a/pkgs/development/libraries/pango/default.nix
+++ b/pkgs/development/libraries/pango/default.nix
@@ -42,6 +42,11 @@ in stdenv.mkDerivation rec {
       url = "https://gitlab.gnome.org/GNOME/pango/commit/546f4c242d6f4fe312de3b7c918a848e5172e18d.patch";
       sha256 = "1cqhy4xbwx3ad7z5d1ks7smf038b9as8c6qy84rml44h0fgiq4m2";
     })
+    (fetchpatch {
+      # Fixes CVE-2019-1010238
+      url = "https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54.diff";
+      sha256 = "001g3anvwghdrn3yfgi8cp64j0n3l0zwgiphc1izqg7zr76s87fk";
+    })
   ];
 
   mesonFlags = [
-- 
cgit 1.4.1