From 124e85cac82d6c4764ca083ab870c5d0ec9911a5 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sat, 2 Dec 2023 12:59:48 +0100
Subject: [PATCH] libnbd: 1.18.0 -> 1.18.1 and apply patch for CVE-2023-5871

Fixes CVE-2023-5215 and CVE-2023-5871.

Changes:
https://gitlab.com/nbdkit/libnbd/-/commits/v1.18.1?ref_type=tags
---
 pkgs/development/libraries/libnbd/default.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libnbd/default.nix b/pkgs/development/libraries/libnbd/default.nix
index 31104b262af9..ff90c9b116ad 100644
--- a/pkgs/development/libraries/libnbd/default.nix
+++ b/pkgs/development/libraries/libnbd/default.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchurl
+, fetchpatch
 , bash-completion
 , pkg-config
 , perl
@@ -12,13 +13,21 @@
 
 stdenv.mkDerivation rec {
   pname = "libnbd";
-  version = "1.18.0";
+  version = "1.18.1";
 
   src = fetchurl {
     url = "https://download.libguestfs.org/libnbd/${lib.versions.majorMinor version}-stable/${pname}-${version}.tar.gz";
-    hash = "sha256-srJyd32eCIthoncvM9JQEKCWEOZxxc3YntaV4Ay8kZ8=";
+    hash = "sha256-UNHRphDw1ycRnp0KClzHlSuLIxs5Mc4gcjB+EF/smbY=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-5871.patch";
+      url = "https://gitlab.com/nbdkit/libnbd/-/commit/4451e5b61ca07771ceef3e012223779e7a0c7701.patch";
+      hash = "sha256-zmg/kxSJtjp2w9917Sp33ezt7Ccj/inngzCUVesF1Tc=";
+    })
+  ];
+
   nativeBuildInputs = [
     bash-completion
     pkg-config