expat: patch CVE-2019-15903 (from Debian, issue #68818)

I hope this URL will last for a few months, feel free to find better.
author: Vladimír Čunát <v@cunat.cz> 2019-09-15 12:57:36 +0200
committer: Vladimír Čunát <v@cunat.cz> 2019-09-15 12:57:36 +0200
commit: 531fe80e120cfd2cc25cce983a3846f4e37f61ef (patch)
tree: f62dad1e6b293d5ebd75eb5cd6c44ba83fac7d16 /pkgs
parent: e57969147c893fa7eab9727d5ffc066fe1d06066 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/pkgs/development/libraries/expat/default.nix b/pkgs/development/libraries/expat/default.nix
index 915fbf8d54980..0d52da9c0923b 100644
--- a/pkgs/development/libraries/expat/default.nix
+++ b/pkgs/development/libraries/expat/default.nix
@@ -15,6 +15,13 @@ stdenv.mkDerivation rec {
       sha256 = "1i7bq9sp2k5348dvbfv26bprzv6ka1abf0j5ixjaff9alndm4f19";
       stripLen = 1;
     })
+    (fetchpatch {
+      name = "CVE-2019-15903.patch";
+      url = "https://sources.debian.org/data/main/e/expat/2.2.7-2/debian/patches/CVE-2019-15903_Deny_internal_entities_closing_the_doctype.patch";
+      sha256 = "0lv4392ihpk71fgaf1fz03gandqkaqisal8xrzvcqnvnq4mnmwxp";
+      stripLen = 1;
+      excludes = [ "tests/runtests.c" "Changes" ];
+    })
   ];
 
   outputs = [ "out" "dev" ]; # TODO: fix referrers
author	Vladimír Čunát <v@cunat.cz>	2019-09-15 12:57:36 +0200
committer	Vladimír Čunát <v@cunat.cz>	2019-09-15 12:57:36 +0200
commit	531fe80e120cfd2cc25cce983a3846f4e37f61ef (patch)
tree	f62dad1e6b293d5ebd75eb5cd6c44ba83fac7d16 /pkgs
parent	e57969147c893fa7eab9727d5ffc066fe1d06066 (diff)