libxslt: Fix use-after-free in xsltApplyTemplates

Fixes: CVE-2021-30560
2022-02-17 14:52:22 +01:00 · 2022-02-17 14:52:22 +01:00 · 54806020fa
commit 54806020fa
parent cc89582356
1 changed files with 10 additions and 1 deletions
--- a/pkgs/development/libraries/libxslt/default.nix
+++ b/pkgs/development/libraries/libxslt/default.nix
@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl
+{ lib, stdenv, fetchurl, fetchpatch
 , pkg-config
 , libxml2, findXMLCatalogs, gettext, python, libgcrypt
 , cryptoSupport ? false
@ -14,6 +14,15 @@ stdenv.mkDerivation rec {
    sha256 = "0zrzz6kjdyavspzik6fbkpvfpbd25r2qg6py5nnjaabrsr3bvccq";
  };

+  patches = [
+    (fetchpatch {
+      # Fixes use-after-free in xsltApplyTemplates
+      name = "CVE-2021-30560.patch";
+      url = "https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8.patch";
+      hash = "sha256-XJD9SBo8xzztQQ6g13h4IzID7HV7u3xWSQdb2rVCJBQ=";
+    })
+  ];
+
  outputs = [ "bin" "dev" "out" "man" "doc" ] ++ lib.optional pythonSupport "py";

  nativeBuildInputs = [