hnswlib: add patch for CVE-2023-37365

2023-08-20 21:44:56 +01:00 · 2023-08-20 21:44:56 +01:00 · 781822bc8f
parent 95d630c68d
commit 781822bc8f
1 changed files with 9 additions and 0 deletions
--- a/pkgs/development/libraries/hnswlib/default.nix
+++ b/pkgs/development/libraries/hnswlib/default.nix
@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, fetchpatch
 , cmake
 , python3
 }:
@ -21,6 +22,14 @@ stdenv.mkDerivation (finalAttrs: {
    hash = "sha256-XXz0NIQ5dCGwcX2HtbK5NFTalP0TjLO6ll6TmH3oflI=";
  };

+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-37365.patch";
+      url = "https://github.com/nmslib/hnswlib/commit/f6d170ce0b41f9e75ace473b09df6e7872590757.patch";
+      hash = "sha256-28nakC0rh6kx6yYjv7m6r9/yJ+lWQuooRFyYYQN2rX8=";
+    })
+  ];
+
  # this is a header-only library, so we don't need to build it
  # we need `cmake` only to run tests
  nativeBuildInputs = lib.optionals finalAttrs.doCheck [