libredwg: apply patch for CVE-2023-26157

https://github.com/LibreDWG/libredwg/issues/850
author: Thomas Gerbet <thomas@gerbet.me> 2024-01-28 11:07:48 +0100
committer: Thomas Gerbet <thomas@gerbet.me> 2024-01-28 11:07:48 +0100
commit: 926673e78004d8bc482a0ecc19b1b8b4d8165e68 (patch)
tree: b722649350f5ebd0a89764a799204f7918e06e3f /pkgs/development/libraries/libredwg/default.nix
parent: 81155d4645bf608b90194aaa2effe07ff38294a9 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/development/libraries/libredwg/default.nix b/pkgs/development/libraries/libredwg/default.nix
index 9f530271771ac..7759917d97504 100644
--- a/pkgs/development/libraries/libredwg/default.nix
+++ b/pkgs/development/libraries/libredwg/default.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchpatch
 , autoreconfHook
 , writeShellScript
 , pkg-config
@@ -27,6 +28,14 @@ stdenv.mkDerivation rec {
     fetchSubmodules = true;
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-26157.patch";
+      url = "https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc.patch";
+      hash = "sha256-EEF3YYPW+6SvXRiAw3zz6tWU9w/qmGtc09Tf8wn7hVc=";
+    })
+  ];
+
   postPatch = let
     printVersion = writeShellScript "print-version" ''
       echo -n ${lib.escapeShellArg version}
author	Thomas Gerbet <thomas@gerbet.me>	2024-01-28 11:07:48 +0100
committer	Thomas Gerbet <thomas@gerbet.me>	2024-01-28 11:07:48 +0100
commit	926673e78004d8bc482a0ecc19b1b8b4d8165e68 (patch)
tree	b722649350f5ebd0a89764a799204f7918e06e3f /pkgs/development/libraries/libredwg/default.nix
parent	81155d4645bf608b90194aaa2effe07ff38294a9 (diff)