From 596bf235b6bb666173fbf8dcbbd430f932b2074a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Thu, 9 Apr 2015 20:41:58 +0200
Subject: [PATCH] glibc: security fix CVE-2014-8121, fixes #7207

---
 pkgs/development/libraries/glibc/common.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix
index 01b60361e8e..9a451d48cbc 100644
--- a/pkgs/development/libraries/glibc/common.nix
+++ b/pkgs/development/libraries/glibc/common.nix
@@ -77,6 +77,12 @@ stdenv.mkDerivation ({
     + ''
       cat ${./glibc-remove-datetime-from-nscd.patch} \
         | sed "s,@out@,$out," | patch -p1
+    ''
+    # CVE-2014-8121, see https://bugzilla.redhat.com/show_bug.cgi?id=1165192
+    + ''
+      substituteInPlace ./nss/nss_files/files-XXX.c \
+        --replace 'status = internal_setent (stayopen);' \
+                  'status = internal_setent (1);'
     '';
 
   configureFlags =