pkgs/librxtx_java: Add a few fixes from Debian

Ugh! I haven't looked at the source code of this library before, but I'm
glad I'm not using it for anything serious (who'd want to use *any* Java
application for serious things anyway).

Those patches fix only a few printf-related overflows, so it's only the
tip of the iceberg I don't really want to uncover X-D

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

1 files changed, 19 insertions, 1 deletions

diff --git a/pkgs/librxtx-java/default.nix b/pkgs/librxtx-java/default.nix
index 14b0a9da..1553a146 100644
--- a/pkgs/librxtx-java/default.nix
+++ b/pkgs/librxtx-java/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, unzip, jdk, lockdev }:
+{ stdenv, fetchurl, fetchpatch, unzip, jdk, lockdev }:
 
 stdenv.mkDerivation rec {
   name = "rxtx-${version}";
@@ -12,6 +12,24 @@ stdenv.mkDerivation rec {
     sha256 = "00sv9604hkq81mshih0fhqfzn4mf01d6rish6vplsi0gfqz3fc1w";
   };
 
+  patches = let
+    baseurl = "https://sources.debian.net/data/main/"
+            + "r/rxtx/2.2pre2-13/debian/patches";
+  in [
+    (fetchpatch {
+      url = "${baseurl}/fhs_lock_buffer_overflow_fix.patch";
+      sha256 = "1v31q6ciy5v6bm5z8a1wssqn4nwvbcg4nnplgsvv1h8mzdq2832i";
+    })
+    (fetchpatch {
+      url = "${baseurl}/fix_snprintf.patch";
+      sha256 = "09r9jca0hb13bx85l348jkxnh1p0g5i0d6dnpm142vlwsj0d7afy";
+    })
+    (fetchpatch {
+      url = "${baseurl}/format_security.patch";
+      sha256 = "0adg7y9ak4xvgyswdhx6fsxq8jlb8y55xl3s6l0p8w0mfrhw7ysk";
+    })
+  ];
+
   buildInputs = [ unzip jdk lockdev ];
 
   NIX_CFLAGS_COMPILE = "-DUTS_RELEASE=\"3.8.0\"";