From 97e7ce23447d0aafe1c20d2e459079abf54b31a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Thu, 6 Feb 2014 20:34:55 +0100
Subject: [PATCH] gnutls2: fix CVE-2013-2116 by Debian patch

---
 pkgs/development/libraries/gnutls/2.12.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkgs/development/libraries/gnutls/2.12.nix b/pkgs/development/libraries/gnutls/2.12.nix
index 86829a3a44b..fa9e5c69b79 100644
--- a/pkgs/development/libraries/gnutls/2.12.nix
+++ b/pkgs/development/libraries/gnutls/2.12.nix
@@ -12,6 +12,13 @@ stdenv.mkDerivation rec {
     sha256 = "1lkys703z4yxfgzarmgas5ccvn6m254w9wvm7s8v0zkj81z7m9nz";
   };
 
+  patches = [(fetchurl {
+    url = "http://anonscm.debian.org/viewvc/pkg-gnutls/packages/gnutls26/trunk/"
+      + "debian/patches/21_sanitycheck.diff?revision=1777&view=co";
+    sha256 = "0k18a7q6irmgjzp647bd18zccjpsr82n2s9arpamnkakgnny4ks9";
+    name = "CVE-2013-2116.patch";
+  })];
+
   configurePhase = ''
     ./configure --prefix="$out"                                 \
       --disable-dependency-tracking --enable-fast-install       \