From 06e7a48f458164ae012bc82337f7ef88579cafc8 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Wed, 15 Aug 2018 22:27:39 +0200
Subject: [PATCH] libxml2: fix CVE-2018-14567 & CVE-2018-14404

Since the already added patch for CVE-2018-9251 also affects
CVE-2018-14567 I renamed the applied patch accordingly.
---
 pkgs/development/libraries/libxml2/default.nix | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix
index ede65d5e8c5e..2f0f0f1425d1 100644
--- a/pkgs/development/libraries/libxml2/default.nix
+++ b/pkgs/development/libraries/libxml2/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl
+{ stdenv, lib, fetchurl, fetchpatch
 , zlib, xz, python2, findXMLCatalogs
 , buildPlatform, hostPlatform
 , pythonSupport ? buildPlatform == hostPlatform
@@ -20,9 +20,15 @@ in stdenv.mkDerivation rec {
   };
 
   patches = [
-    (fetchurl { # CVE-2018-9251
-      url = https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74.diff;
-      sha256 = "01c5dnipz2rmv2dgma1ycvhyiyfvy9makyn6ywahm10jwk5chn3i";
+    (fetchpatch {
+      name = "CVE-2018-14567_CVE-2018-9251.patch";
+      url = https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74.patch;
+      sha256 = "1xpqsfkzhrqasza51c821mnds5l317djrz8086fmzpyf68vld03h";
+    })
+    (fetchpatch {
+      name = "CVE-2018-14404.patch";
+      url = https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594.patch;
+      sha256 = "19vp7p32vrninnfa7vk9ipw7n4cl1gg16xxbhjy2d0kwp1crvzqh";
     })
   ];