From 3aa8f9448cfdf24d6322b31805a969af5b9cfdcd Mon Sep 17 00:00:00 2001
From: Marek Mahut <marek.mahut@satoshilabs.com>
Date: Sun, 16 Jun 2019 12:14:08 +0200
Subject: [PATCH] zziplib: patch CVE-2018-17828

Fixes https://github.com/NixOS/nixpkgs/issues/61961
Close https://github.com/NixOS/nixpkgs/pull/63189
vcunat amended some nitpicks into the original commit.
---
 pkgs/development/libraries/zziplib/default.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/zziplib/default.nix b/pkgs/development/libraries/zziplib/default.nix
index 6aede4e9653f..010c73336b92 100644
--- a/pkgs/development/libraries/zziplib/default.nix
+++ b/pkgs/development/libraries/zziplib/default.nix
@@ -1,4 +1,4 @@
-{ docbook_xml_dtd_412, fetchurl, stdenv, perl, python2, zip, xmlto, zlib }:
+{ docbook_xml_dtd_412, fetchurl, stdenv, perl, python2, zip, xmlto, zlib, fetchpatch }:
 
 stdenv.mkDerivation rec {
   name = "zziplib-${version}";
@@ -9,6 +9,13 @@ stdenv.mkDerivation rec {
     sha256 = "0i052a7shww0fzsxrdp3rd7g4mbzx7324a8ysbc0br7frpblcql4";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-17828.patch";
+      url = "https://github.com/gdraheim/zziplib/commit/f609ae8971f3c0ce6.diff";
+      sha256 = "0jhiz4fgr93wzh6q03avn95b2nsf6402jaki6hxirxyhs5v9ahry";
+    })
+  ];
   postPatch = ''
     sed -i -e s,--export-dynamic,, configure
   '';