mmahut/gist:5390f0e6ab1528274404b24a0337438c Secret

## gistfile1.txt
mmahut@highhopes ~/repo/nixpkgs (curlCVE) $ git show
commit 5dd0191d8ad29decf86b9d24a78e7dfbdc477d49 (HEAD -> curlCVE)
Author: Marek Mahut <marek.mahut@satoshilabs.com>
Date:   Sun Jun 16 13:26:15 2019 +0200

    wip

diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index b165142d85a..6545f91e5ff 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl, pkgconfig, perl
+{ stdenv, lib, fetchurl, pkgconfig, perl, fetchpatch
 , http2Support ? true, nghttp2
 , idnSupport ? false, libidn ? null
 , ldapSupport ? false, openldap ? null
@@ -34,6 +34,14 @@ stdenv.mkDerivation rec {
     sha256 = "1szj9ia1snbfqzfcsk6hx1j7jhbqsy0f9k5d7x9xiy8w5lfblwym";
   };

+  patches = [
+    (fetchpatch {
+      url = "https://github.com/curl/curl/commit/5fc28510a4664f4.patch";
+      name = "CVE-2019-5435.patch";
+      sha256 = "1szj9iaoonbfqzfcsk6hx1j7jhbqsy0f9k5d7x9xiy8w5lfblwyo";
+    })
+  ];
+
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
   separateDebugInfo = stdenv.isLinux;

mmahut@highhopes ~/repo/nixpkgs (curlCVE) $ nix-build -A curl --show-trace
error: while evaluating the attribute 'configureFlags' of the derivation 'curl-7.64.0' at /home/mmahut/repo/nixpkgs/pkgs/tools/networking/curl/default.nix:27:3:
while evaluating the attribute 'nativeBuildInputs' of the derivation 'openssl-1.0.2r' at /home/mmahut/repo/nixpkgs/pkgs/development/libraries/openssl/default.nix:11:5:
while evaluating the attribute 'patches' of the derivation 'perl-5.28.1' at /home/mmahut/repo/nixpkgs/pkgs/development/interpreters/perl/default.nix:29:5:
while evaluating the attribute 'nativeBuildInputs' of the derivation '0001-Fix-missing-build-dependency-for-pods.patch' at /home/mmahut/repo/nixpkgs/pkgs/build-support/fetchurl/default.nix:115:3:
while evaluating the attribute 'patches' of the derivation 'curl-7.64.0' at /home/mmahut/repo/nixpkgs/pkgs/tools/networking/curl/default.nix:27:3:
while evaluating the attribute 'nativeBuildInputs' of the derivation 'CVE-2019-5435.patch' at /home/mmahut/repo/nixpkgs/pkgs/build-support/fetchurl/default.nix:115:3:
infinite recursion encountered, at undefined position
mmahut@highhopes ~/repo/nixpkgs (curlCVE) $
	mmahut@highhopes ~/repo/nixpkgs (curlCVE) $ git show
	commit 5dd0191d8ad29decf86b9d24a78e7dfbdc477d49 (HEAD -> curlCVE)
	Author: Marek Mahut <marek.mahut@satoshilabs.com>
	Date: Sun Jun 16 13:26:15 2019 +0200

	wip

	diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
	index b165142d85a..6545f91e5ff 100644
	--- a/pkgs/tools/networking/curl/default.nix
	+++ b/pkgs/tools/networking/curl/default.nix
	@@ -1,4 +1,4 @@
	-{ stdenv, lib, fetchurl, pkgconfig, perl
	+{ stdenv, lib, fetchurl, pkgconfig, perl, fetchpatch
	, http2Support ? true, nghttp2
	, idnSupport ? false, libidn ? null
	, ldapSupport ? false, openldap ? null
	@@ -34,6 +34,14 @@ stdenv.mkDerivation rec {
	sha256 = "1szj9ia1snbfqzfcsk6hx1j7jhbqsy0f9k5d7x9xiy8w5lfblwym";
	};

	+ patches = [
	+ (fetchpatch {
	+ url = "https://github.com/curl/curl/commit/5fc28510a4664f4.patch";
	+ name = "CVE-2019-5435.patch";
	+ sha256 = "1szj9iaoonbfqzfcsk6hx1j7jhbqsy0f9k5d7x9xiy8w5lfblwyo";
	+ })
	+ ];
	+
	outputs = [ "bin" "dev" "out" "man" "devdoc" ];
	separateDebugInfo = stdenv.isLinux;

	mmahut@highhopes ~/repo/nixpkgs (curlCVE) $ nix-build -A curl --show-trace
	error: while evaluating the attribute 'configureFlags' of the derivation 'curl-7.64.0' at /home/mmahut/repo/nixpkgs/pkgs/tools/networking/curl/default.nix:27:3:
	while evaluating the attribute 'nativeBuildInputs' of the derivation 'openssl-1.0.2r' at /home/mmahut/repo/nixpkgs/pkgs/development/libraries/openssl/default.nix:11:5:
	while evaluating the attribute 'patches' of the derivation 'perl-5.28.1' at /home/mmahut/repo/nixpkgs/pkgs/development/interpreters/perl/default.nix:29:5:
	while evaluating the attribute 'nativeBuildInputs' of the derivation '0001-Fix-missing-build-dependency-for-pods.patch' at /home/mmahut/repo/nixpkgs/pkgs/build-support/fetchurl/default.nix:115:3:
	while evaluating the attribute 'patches' of the derivation 'curl-7.64.0' at /home/mmahut/repo/nixpkgs/pkgs/tools/networking/curl/default.nix:27:3:
	while evaluating the attribute 'nativeBuildInputs' of the derivation 'CVE-2019-5435.patch' at /home/mmahut/repo/nixpkgs/pkgs/build-support/fetchurl/default.nix:115:3:
	infinite recursion encountered, at undefined position
	mmahut@highhopes ~/repo/nixpkgs (curlCVE) $