mbedtls: add patch for CVE-2024-28755

author: Robert Scott <code@humanleg.org.uk> 2024-04-13 18:59:44 +0100
committer: Robert Scott <code@humanleg.org.uk> 2024-04-13 18:59:44 +0100
commit: de9919537ef431ad1b1a6f277d43df3ebb71cbde (patch)
tree: d0e082be9df42880f063e39689045f6e101659f7 /pkgs/development
parent: 29386c74722ff5133ea94f8001063c6355e56688 (diff)
2 files changed, 12 insertions, 1 deletions
diff --git a/pkgs/development/libraries/mbedtls/3.nix b/pkgs/development/libraries/mbedtls/3.nix
index 267349ac5d7be..abba77308a61c 100644
--- a/pkgs/development/libraries/mbedtls/3.nix
+++ b/pkgs/development/libraries/mbedtls/3.nix
@@ -1,6 +1,14 @@
-{ callPackage }:
+{ callPackage, fetchpatch }:
 
 callPackage ./generic.nix {
   version = "3.5.2";
   hash = "sha256-lVGmnSYccNmRS6vfF/fDiny5cYRPc/wJBpgciFLPUvM=";
+
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-28755.patch";
+      url = "https://github.com/Mbed-TLS/mbedtls/commit/ad736991bb59211118a29fe115367c24495300c2.patch";
+      hash = "sha256-MUnGT2ptlBikpZYL6+cvoF7fOiD2vMK4cbkgevgyl60=";
+    })
+  ];
 }
diff --git a/pkgs/development/libraries/mbedtls/generic.nix b/pkgs/development/libraries/mbedtls/generic.nix
index 2e79a593b7c31..045f59b269eda 100644
--- a/pkgs/development/libraries/mbedtls/generic.nix
+++ b/pkgs/development/libraries/mbedtls/generic.nix
@@ -3,6 +3,7 @@
 , version
 , hash
 , fetchFromGitHub
+, patches ? []
 
 , cmake
 , ninja
@@ -23,6 +24,8 @@ stdenv.mkDerivation rec {
     inherit hash;
   };
 
+  inherit patches;
+
   nativeBuildInputs = [ cmake ninja perl python3 ];
 
   strictDeps = true;
author	Robert Scott <code@humanleg.org.uk>	2024-04-13 18:59:44 +0100
committer	Robert Scott <code@humanleg.org.uk>	2024-04-13 18:59:44 +0100
commit	de9919537ef431ad1b1a6f277d43df3ebb71cbde (patch)
tree	d0e082be9df42880f063e39689045f6e101659f7 /pkgs/development
parent	29386c74722ff5133ea94f8001063c6355e56688 (diff)