From aea3ad0d4d2cfd91b1f703a50f4aed8616753a6e Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Tue, 9 Mar 2021 22:56:58 +0100
Subject: [PATCH] zstd: 1.4.8 -> 1.4.9

Fixes CVE-2021-24032.
---
 pkgs/tools/compression/zstd/default.nix        |  6 ++++--
 .../compression/zstd/playtests-darwin.patch    | 18 ++++++++++++++----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/pkgs/tools/compression/zstd/default.nix b/pkgs/tools/compression/zstd/default.nix
index e1437e3843d..f7f8949a8a2 100644
--- a/pkgs/tools/compression/zstd/default.nix
+++ b/pkgs/tools/compression/zstd/default.nix
@@ -7,13 +7,13 @@
 
 stdenv.mkDerivation rec {
   pname = "zstd";
-  version = "1.4.8";
+  version = "1.4.9";
 
   src = fetchFromGitHub {
     owner = "facebook";
     repo = "zstd";
     rev = "v${version}";
-    sha256 = "018zgigp5xlrb4mgshgrvns0cfbhhcg89cifbjj4rv6s3n9riphw";
+    sha256 = "18alxnym54gswsmsr5ra82q4k1q5fyzsyx0jykb2sk2nkpvx7334";
   };
 
   nativeBuildInputs = [ cmake ]
@@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
   buildInputs = lib.optional stdenv.hostPlatform.isUnix bash;
 
   patches = [
+    # This patches makes sure we do not attempt to use the MD5 implementation
+    # of the host platform when running the tests
     ./playtests-darwin.patch
   ] # This I didn't upstream because if you use posix threads with MinGW it will
     # work fine, and I'm not sure how to write the condition.
diff --git a/pkgs/tools/compression/zstd/playtests-darwin.patch b/pkgs/tools/compression/zstd/playtests-darwin.patch
index a98365eec33..f829c93c705 100644
--- a/pkgs/tools/compression/zstd/playtests-darwin.patch
+++ b/pkgs/tools/compression/zstd/playtests-darwin.patch
@@ -1,18 +1,28 @@
 --- a/tests/playTests.sh
 +++ b/tests/playTests.sh
-@@ -109,5 +109,2 @@ esac
+@@ -112,17 +112,10 @@ case "$OS" in
+ esac
+ 
  case "$UNAME" in
 -  Darwin) MD5SUM="md5 -r" ;;
 -  FreeBSD) MD5SUM="gmd5sum" ;;
+-  NetBSD) MD5SUM="md5 -n" ;;
 -  OpenBSD) MD5SUM="md5" ;;
    *) MD5SUM="md5sum" ;;
-@@ -116,5 +113,2 @@ esac
+ esac
+ 
  MTIME="stat -c %Y"
 -case "$UNAME" in
--    Darwin | FreeBSD | OpenBSD) MTIME="stat -f %m" ;;
+-    Darwin | FreeBSD | OpenBSD | NetBSD) MTIME="stat -f %m" ;;
 -esac
  
-@@ -752,3 +746,2 @@ zstd -d --rm dirTestDict/*.zst -D tmpDictC  # note : use internal checksum by de
+ DIFF="diff"
+ case "$UNAME" in
+@@ -842,7 +835,6 @@ $MD5SUM dirTestDict/* > tmph1
+ zstd -f --rm dirTestDict/* -D tmpDictC
+ zstd -d --rm dirTestDict/*.zst -D tmpDictC  # note : use internal checksum by default
  case "$UNAME" in
 -  Darwin) println "md5sum -c not supported on OS-X : test skipped" ;;  # not compatible with OS-X's md5
    *) $MD5SUM -c tmph1 ;;
+ esac
+ rm -rf dirTestDict
\ No newline at end of file