clamav: apply patch for CVE-2017-6420

Details at [1]. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6420 (cherry picked from commit f01acd4)
NixOS · Nov 22, 2017 · d4cced9 · d4cced9
1 parent c51a749
commit d4cced9
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl
+{ stdenv, fetchurl, fetchpatch, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl
 , libmilter, pcre }:
 
 stdenv.mkDerivation rec {
@@ -10,6 +10,14 @@ stdenv.mkDerivation rec {
     sha256 = "0yh2q318bnmf2152g2h1yvzgqbswn0wvbzb8p4kf7v057shxcyqn";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2017-6420.patch";
+      url = "https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc.patch";
+      sha256 = "08w3p3a4pmi0cmcmyxkagsbn3g0jgx1jqlc34pn141x0qzrlqr60";
+    })
+  ];
+
   # don't install sample config files into the absolute sysconfdir folder
   postPatch = ''
     substituteInPlace Makefile.in --replace ' etc ' ' '