From ee62ec62ec3200727f5c0723a13991378f03528a Mon Sep 17 00:00:00 2001
From: Marek Mahut <marek.mahut@gmail.com>
Date: Sun, 25 Aug 2019 19:16:38 +0200
Subject: [PATCH] python2: CVE-2018-20852

Fixes #67200

(cherry picked from commit 302cac35f586d0cc4813ae0cf5d124f1375deecf)
---
 .../development/interpreters/python/cpython/2.7/default.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkgs/development/interpreters/python/cpython/2.7/default.nix b/pkgs/development/interpreters/python/cpython/2.7/default.nix
index de980f1ca687..4e323898afbf 100644
--- a/pkgs/development/interpreters/python/cpython/2.7/default.nix
+++ b/pkgs/development/interpreters/python/cpython/2.7/default.nix
@@ -79,6 +79,12 @@ let
         sha256 = "0l9rw6r5r90iybdkp3hhl2pf0h0s1izc68h5d3ywrm92pq32wz57";
       })
 
+      (fetchpatch {
+        url = "https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13.patch";
+        name = "CVE-2018-20852.patch";
+        sha256 = "0p838ycssd6abxzby69rhngjqqm59cmlp07910mpjx7lmsz049pb";
+      })
+
       # Fix race-condition during pyc creation. Has a slight backwards
       # incompatible effect: pyc symlinks will now be overridden
       # (https://bugs.python.org/issue17222). Included in python >= 3.4,