From fdafac8b00c859cdaeaefcfe453aec68b62bd79b Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Wed, 20 Jan 2021 23:24:04 +0100
Subject: [PATCH] libexosip: 4.1.0 -> 5.2.0

Fix CVE-2014-10375.

sipwitch is marked as broken as it does compile with libexosip > 5.0.0
and the upstream project appears to be stalled/abandoned.
---
 pkgs/development/libraries/exosip/default.nix | 15 ++++-----------
 pkgs/servers/sip/sipwitch/default.nix         |  1 +
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/pkgs/development/libraries/exosip/default.nix b/pkgs/development/libraries/exosip/default.nix
index 400d7696e3ca..f40dea19bb9d 100644
--- a/pkgs/development/libraries/exosip/default.nix
+++ b/pkgs/development/libraries/exosip/default.nix
@@ -1,24 +1,17 @@
-{ lib, stdenv, fetchurl, libosip, openssl, pkg-config, fetchpatch }:
+{ lib, stdenv, fetchurl, libosip, openssl, pkg-config }:
 
 stdenv.mkDerivation rec {
  pname = "libexosip2";
- version = "4.1.0";
+ version = "5.2.0";
 
  src = fetchurl {
-    url = "mirror://savannah/exosip/libeXosip2-${version}.tar.gz";
-    sha256 = "17cna8kpc8nk1si419vgr6r42k2lda0rdk50vlxrw8rzg0xp2xrw";
+    url = "mirror://savannah/exosip/${pname}-${version}.tar.gz";
+    sha256 = "09bj7cm6mk8yr68y5a09a625x10ql6an3zi4pj6y1jbkhpgqibp3";
   };
 
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [ libosip openssl ];
 
-  patches = [
-    (fetchpatch {
-      url = "https://sources.debian.net/data/main/libe/libexosip2/4.1.0-2.1/debian/patches/openssl110.patch";
-      sha256 = "01q2dax7pwh197mn18r22y38mrsky85mvs9vbkn9fpcilrdayal6";
-    })
-  ];
-
   meta = with lib; {
     license = licenses.gpl2Plus;
     description = "Library that hides the complexity of using the SIP protocol";
diff --git a/pkgs/servers/sip/sipwitch/default.nix b/pkgs/servers/sip/sipwitch/default.nix
index 3e69602170f0..f5b3288c60cc 100644
--- a/pkgs/servers/sip/sipwitch/default.nix
+++ b/pkgs/servers/sip/sipwitch/default.nix
@@ -23,5 +23,6 @@ stdenv.mkDerivation rec {
     license = lib.licenses.gpl3Plus;
     maintainers = with lib.maintainers; [ ];
     platforms = with lib.platforms; linux;
+    broken = true; # Require libexosip2 < 5.0.0 which is vulnerable to CVE-2014-10375.
   };
 }