From b4e8099795072dc2ba7fa39898e9bda1db4246ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <dev@schuetz-co.de>
Date: Fri, 28 May 2021 10:59:08 +0200
Subject: [PATCH] graphviz: patch CVE-2020-18032

---
 pkgs/tools/graphics/graphviz/base.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/graphics/graphviz/base.nix b/pkgs/tools/graphics/graphviz/base.nix
index 000e2b280891..1a387042b2d5 100644
--- a/pkgs/tools/graphics/graphviz/base.nix
+++ b/pkgs/tools/graphics/graphviz/base.nix
@@ -21,7 +21,14 @@ let
     buildCommand = "sed s/dot_root/agroot/g ${raw_patch} > $out";
   };
   # 2.42 has the patch included
-  patches = optional (lib.versionOlder version "2.42") patchToUse;
+  patches = optional (lib.versionOlder version "2.42") patchToUse
+  ++ optionals (lib.versionOlder version "2.46.0") [
+    (fetchpatch {
+      name = "CVE-2020-18032.patch";
+      url = "https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b.patch";
+      sha256 = "1nkw9ism8lkfvxsp5fh95i2l5s5cbjsidbb3g1kjfv10rxkyb41m";
+    })
+  ];
 in
 
 stdenv.mkDerivation {