python311Packages.blosc2: add patches for CVE-2024-3203 & CVE-2024-3204

author: Robert Scott <code@humanleg.org.uk> 2024-04-15 21:49:19 +0100
committer: Robert Scott <code@humanleg.org.uk> 2024-04-15 21:49:19 +0100
commit: cf564bcd0d8bb9a70a6c0ba38f9e723ddb86eae3 (patch)
tree: 9c33614b11656660f49ef1d8d54eea1758493e7b /pkgs/development
parent: cd69dcb7dfcf30215e1b0c797bfcdf99ea47af71 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/pkgs/development/python-modules/blosc2/default.nix b/pkgs/development/python-modules/blosc2/default.nix
index a4c1db3d7b700..075de1ea28739 100644
--- a/pkgs/development/python-modules/blosc2/default.nix
+++ b/pkgs/development/python-modules/blosc2/default.nix
@@ -1,6 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchFromGitHub
+, fetchpatch
 
 # build-system
 , cmake
@@ -37,6 +38,23 @@ buildPythonPackage rec {
     hash = "sha256-5a94Zm6sYl/nSfkcFbKG7PkyXwLB6bAoIvfaq0yVGHo=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-3203.CVE-2024-3204.part-1.patch";
+      url = "https://github.com/Blosc/c-blosc2/commit/892f6d9c8ffc6e3c4d571df8fc02114f88c69b52.patch";
+      stripLen = 1;
+      extraPrefix = "blosc2/c-blosc2/";
+      hash = "sha256-sNgDcdT9HFrx41VKohp4GNUEjM1sqLYkIZu4baKRMeI=";
+    })
+    (fetchpatch {
+      name = "CVE-2024-3203.CVE-2024-3204.part-2.patch";
+      url = "https://github.com/Blosc/c-blosc2/commit/9cc79a79373f1b338b2e029e2e489b4e7971cd0c.patch";
+      stripLen = 1;
+      extraPrefix = "blosc2/c-blosc2/";
+      hash = "sha256-J/zcyNrxQr43+ROhDDQFmUJZQSTwo9qDuLwZeLd/ooo=";
+    })
+  ];
+
   postPatch = ''
     substituteInPlace requirements-runtime.txt \
       --replace "pytest" ""
author	Robert Scott <code@humanleg.org.uk>	2024-04-15 21:49:19 +0100
committer	Robert Scott <code@humanleg.org.uk>	2024-04-15 21:49:19 +0100
commit	cf564bcd0d8bb9a70a6c0ba38f9e723ddb86eae3 (patch)
tree	9c33614b11656660f49ef1d8d54eea1758493e7b /pkgs/development
parent	cd69dcb7dfcf30215e1b0c797bfcdf99ea47af71 (diff)