From 5b1f8af2180df3a70b192352d776d769b94b7020 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sun, 3 Mar 2024 15:11:32 +0000
Subject: [PATCH] python311Packages.uamqp: add patches for CVE-2024-25110 &
 CVE-2024-27099

---
 .../python-modules/uamqp/default.nix           | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/pkgs/development/python-modules/uamqp/default.nix b/pkgs/development/python-modules/uamqp/default.nix
index 68c72fe80fed..a868fde95be0 100644
--- a/pkgs/development/python-modules/uamqp/default.nix
+++ b/pkgs/development/python-modules/uamqp/default.nix
@@ -2,6 +2,7 @@
 , stdenv
 , buildPythonPackage
 , fetchFromGitHub
+, fetchpatch
 , cython
 , certifi
 , CFNetwork
@@ -29,6 +30,23 @@ buildPythonPackage rec {
   patches = lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [
     ./darwin-azure-c-shared-utility-corefoundation.patch
   ] ++ [
+    (fetchpatch {
+      name = "CVE-2024-25110.patch";
+      url = "https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695.patch";
+      stripLen = 1;
+      extraPrefix = "src/vendor/azure-uamqp-c/";
+      hash = "sha256-igzZqTLUUyuNcpCUbYHI4RXmWxg+7EC/yyD4DBurR2M=";
+    })
+    (fetchpatch {
+      name = "CVE-2024-27099.patch";
+      url = "https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987.patch";
+      stripLen = 1;
+      extraPrefix = "src/vendor/azure-uamqp-c/";
+      # other files are just tests which aren't run from the python
+      # builder anyway
+      includes = [ "src/vendor/azure-uamqp-c/src/link.c" ];
+      hash = "sha256-EqDfG1xAz5CG8MssSSrz8Yrje5qwF8ri1Kdw+UUu5ms=";
+    })
     # Fix incompatible function pointer conversion error with clang 16.
     ./clang-fix-incompatible-function-pointer-conversion.patch
   ];