From abc2a76cb5814ae090fcec996ba06cfdc6e1106a Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Mon, 26 Jul 2021 22:18:23 +0200
Subject: [PATCH] aspell: fix buffer overflow in objstack

Fixes: CVE-2019-25051
(cherry picked from commit 000fe8c92ccbf44c91d48235bd5ecb9773b223ed)
---
 pkgs/development/libraries/aspell/default.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/aspell/default.nix b/pkgs/development/libraries/aspell/default.nix
index 01acced98f6..777bad1e5a5 100644
--- a/pkgs/development/libraries/aspell/default.nix
+++ b/pkgs/development/libraries/aspell/default.nix
@@ -23,7 +23,14 @@ stdenv.mkDerivation rec {
     sha256 = "1wi60ankalmh8ds7nplz434jd7j94gdvbahdwsr539rlad8pxdzr";
   };
 
-  patches = lib.optional searchNixProfiles ./data-dirs-from-nix-profiles.patch;
+  patches = [
+    (fetchpatch {
+      #  objstack: assert that the alloc size will fit within a chunk
+      name = "CVE-2019-25051.patch";
+      url = "https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a.patch";
+      sha256 = "03z259xrk41x3j190gaprf3mqysyfgh3a04rjmch3h625vj95x39";
+    })
+  ] ++ lib.optional searchNixProfiles ./data-dirs-from-nix-profiles.patch;
 
   postPatch = ''
     patch interfaces/cc/aspell.h < ${./clang.patch}