From fe9373460c08c83449657b22c026c806bec92d21 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Thu, 5 Jan 2017 06:40:43 +0100
Subject: [PATCH] pythonPackages.pycrypto: add patch to fix CVE-2013-7459

cc #21642
---
 pkgs/development/python-modules/pycrypto/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/python-modules/pycrypto/default.nix b/pkgs/development/python-modules/pycrypto/default.nix
index 0cbe4491d67..182a8c6f7fa 100644
--- a/pkgs/development/python-modules/pycrypto/default.nix
+++ b/pkgs/development/python-modules/pycrypto/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, python, buildPythonPackage, gmp }:
+{ stdenv, fetchurl, fetchpatch, python, buildPythonPackage, gmp }:
 
 buildPythonPackage rec {
   name = "pycrypto-2.6.1";
@@ -9,6 +9,14 @@ buildPythonPackage rec {
     sha256 = "0g0ayql5b9mkjam8hym6zyg6bv77lbh66rv1fyvgqb17kfc1xkpj";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2013-7459.patch";
+      url = "https://anonscm.debian.org/cgit/collab-maint/python-crypto.git/plain/debian/patches/CVE-2013-7459.patch?h=debian/2.6.1-7";
+      sha256 = "01r7aghnchc1bpxgdv58qyi2085gh34bxini973xhy3ks7fq3ir9";
+    })
+  ];
+
   preConfigure = ''
     sed -i 's,/usr/include,/no-such-dir,' configure
     sed -i "s!,'/usr/include/'!!" setup.py