From da3105d5385d6feb2b655c6d1ecbbbbc26a544c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Thu, 5 Feb 2015 12:16:25 +0100
Subject: [PATCH] exiv2: fix CVE-2014-9449 by upstream patch

It's just a crash fix, not a "real" vulnerability.
---
 pkgs/development/libraries/exiv2/default.nix | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/libraries/exiv2/default.nix b/pkgs/development/libraries/exiv2/default.nix
index 22b6cf242c8..0702d24a80b 100644
--- a/pkgs/development/libraries/exiv2/default.nix
+++ b/pkgs/development/libraries/exiv2/default.nix
@@ -1,15 +1,21 @@
-{stdenv, fetchurl, zlib, expat}:
+{stdenv, fetchurl, fetchpatch, zlib, expat}:
 
 stdenv.mkDerivation rec {
   name = "exiv2-0.24";
-  
+
   src = fetchurl {
     url = "http://www.exiv2.org/${name}.tar.gz";
     sha256 = "13pgvz14kyapxl89pxjaq3274k56d5lzfckpg1g9z7gvqzk4797l";
   };
-  
+
+  patches = [(fetchpatch {
+    name = "CVE-2014-9449.diff";
+    url = "http://dev.exiv2.org/projects/exiv2/repository/revisions/3264/diff?format=diff&rev_to=3263";
+    sha256 = "02w0fksl966d4v6bkg6rq3wmvv8xjpvfp47qr0nv1xq0bphxqzag";
+  })];
+
   propagatedBuildInputs = [zlib expat];
-  
+
 # configure script finds zlib&expat but it thinks that they're in /usr
   configureFlags = "--with-zlib=${zlib} --with-expat=${expat}";