From 84b810f8e3dfc4e5649558c8898d686909905ace Mon Sep 17 00:00:00 2001
From: c0bw3b <c0bw3b@users.noreply.github.com>
Date: Sat, 27 Apr 2019 02:04:44 +0200
Subject: [PATCH] libxslt: add patch for CVE-2019-11068

References:
https://nvd.nist.gov/vuln/detail/CVE-2019-11068
https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
---
 pkgs/development/libraries/libxslt/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/libxslt/default.nix b/pkgs/development/libraries/libxslt/default.nix
index ce79b2ac5ff9..41633d91f3bd 100644
--- a/pkgs/development/libraries/libxslt/default.nix
+++ b/pkgs/development/libraries/libxslt/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libxml2, findXMLCatalogs, python2, libgcrypt
+{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs, python2, libgcrypt
 , cryptoSupport ? false
 , pythonSupport ? stdenv.buildPlatform == stdenv.hostPlatform
 }:
@@ -18,6 +18,14 @@ stdenv.mkDerivation rec {
     sha256 = "1j1q1swnsy8jgi9x7mclvkrqhfgn09886gdlr9wzk7a08i8n0dlf";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2019-11068.patch";
+      url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
+      sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
+    })
+  ];
+
   outputs = [ "bin" "dev" "out" "man" "doc" ] ++ stdenv.lib.optional pythonSupport "py";
 
   buildInputs = [ libxml2.dev ]