libxslt: fix CVE-2015-7995 by upstream patch

2016-02-06 13:21:18 +01:00 · 2016-02-06 13:21:18 +01:00 · e4728dd05f
parent 96cbdc70f2
commit e4728dd05f
1 changed files with 10 additions and 3 deletions
--- a/pkgs/development/libraries/libxslt/default.nix
+++ b/pkgs/development/libraries/libxslt/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libxml2, findXMLCatalogs }:
+{ stdenv, fetchurl, fetchpatch, libxml2, findXMLCatalogs }:

 stdenv.mkDerivation rec {
  name = "libxslt-1.1.28";
@ -8,14 +8,21 @@ stdenv.mkDerivation rec {
    sha256 = "13029baw9kkyjgr7q3jccw2mz38amq7mmpr5p3bh775qawd1bisz";
  };

+  patches = stdenv.lib.optional stdenv.isSunOS ./patch-ah.patch
+    ++ [
+      (fetchpatch {
+        name = "CVE-2015-7995.patch";
+        url = "http://git.gnome.org/browse/libxslt/patch/?id=7ca19df892ca22";
+        sha256 = "1xzg0q94dzbih9nvqp7g9ihz0a3qb0w23l1158m360z9smbi8zbd";
+      })
+    ];
+
  outputs = [ "out" "doc" ];

  buildInputs = [ libxml2 ];

  propagatedBuildInputs = [ findXMLCatalogs ];

-  patches = stdenv.lib.optionals stdenv.isSunOS [ ./patch-ah.patch ];
-
  configureFlags = [
    "--with-libxml-prefix=${libxml2}"
    "--without-python"