From a1446cc63db75aadf0bb1bb156b706d395163e06 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Mon, 31 May 2021 16:09:50 +0100
Subject: [PATCH] python3Packages.websockets: add patch for CVE-2021-33880

this is a reintroduction of CVE-2018-1000518 which i had been calling
CVE-2018-1000518-redux before it got its own CVE assigned

(cherry picked from commit aba83e7f878d6c48e781a3934a79f98b072bb659)

(yes, a forward cherry-pick because i fully expected the websockets
9.1 to make it into 21.05)
---
 pkgs/development/python-modules/websockets/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkgs/development/python-modules/websockets/default.nix b/pkgs/development/python-modules/websockets/default.nix
index eeb12bd5b75..c979b97be69 100644
--- a/pkgs/development/python-modules/websockets/default.nix
+++ b/pkgs/development/python-modules/websockets/default.nix
@@ -1,5 +1,6 @@
 { lib
 , fetchFromGitHub
+, fetchpatch
 , buildPythonPackage
 , pythonOlder
 , pytest
@@ -17,6 +18,15 @@ buildPythonPackage rec {
     sha256 = "05jbqcbjg50ydwl0fijhdlqcq7fl6v99kjva66kmmzzza7vwa872";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-33880.patch";
+      url = "https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0.patch";
+      excludes = [ "docs/changelog.rst" ];
+      sha256 = "1wgsvza53ga8ldrylb3rqc17yxcrchwsihbq6i6ldpycq83q5akq";
+    })
+  ];
+
   disabled = pythonOlder "3.3";
 
   # Tests fail on Darwin with `OSError: AF_UNIX path too long`