From b50d7d0683d61bf00a101ce7b67c7b0f065d7ff6 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sun, 25 Jul 2021 14:23:36 +0100
Subject: [PATCH] libgrss: add patch for CVE-2016-20011

---
 pkgs/development/libraries/libgrss/default.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/libraries/libgrss/default.nix b/pkgs/development/libraries/libgrss/default.nix
index 8c5ea73af0b9..5e1c2b17858d 100644
--- a/pkgs/development/libraries/libgrss/default.nix
+++ b/pkgs/development/libraries/libgrss/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, pkg-config, vala, gobject-introspection, gtk-doc, docbook_xsl, docbook_xml_dtd_412, glib, libxml2, libsoup, gnome }:
+{ lib, stdenv, fetchurl, fetchpatch, pkg-config, vala, gobject-introspection, gtk-doc, docbook_xsl, docbook_xml_dtd_412, glib, libxml2, libsoup, gnome }:
 
 let
   version = "0.7.0";
@@ -14,6 +14,15 @@ stdenv.mkDerivation {
     sha256 = "1nalslgyglvhpva3px06fj6lv5zgfg0qmj0sbxyyl5d963vc02b7";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2016-20011.patch";
+      # https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7, not yet merged!
+      url = "https://gitlab.gnome.org/GNOME/libgrss/-/commit/2c6ea642663e2a44efc8583fae7c54b7b98f72b3.patch";
+      sha256 = "1ijvq2jl97vphcvrbrqxvszdmv6yyjfygdca9vyaijpafwyzzb18";
+    })
+  ];
+
   nativeBuildInputs = [ pkg-config vala gobject-introspection gtk-doc docbook_xsl docbook_xml_dtd_412 ];
   buildInputs = [ glib libxml2 libsoup ];