From f5eea8ba1d04c4b7f72bdd48f553585052f820f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Wed, 22 Feb 2017 18:56:56 +0100
Subject: [PATCH] libevent: apply security patches from Debian

/cc #23072.  As with curl, it's nontrivial rebuild but security...
https://lwn.net/Alerts/714571/
---
 pkgs/development/libraries/libevent/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkgs/development/libraries/libevent/default.nix b/pkgs/development/libraries/libevent/default.nix
index 17aeb1d4377f..4abd0b033757 100644
--- a/pkgs/development/libraries/libevent/default.nix
+++ b/pkgs/development/libraries/libevent/default.nix
@@ -9,6 +9,20 @@ stdenv.mkDerivation {
     sha256 = "18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki";
   };
 
+  prePatch = let
+      # https://lwn.net/Vulnerabilities/714581/
+      debian = fetchurl {
+        url = "http://http.debian.net/debian/pool/main/libe/libevent/"
+            + "libevent_2.0.21-stable-3.debian.tar.xz";
+        sha256 = "0b2syswiq3cvfbdvi4lbca15c31lilxnahax4a4b4qxi5fcab7h5";
+      };
+    in ''
+      tar xf '${debian}'
+      patches="$patches $(cat debian/patches/series | grep -v '^$\|^#' \
+                          | grep -v '^20d6d445.patch' \
+                          | grep -v '^dh-autoreconf' | sed 's|^|debian/patches/|')"
+    '';
+
   outputs = [ "out" "dev" ];
   outputBin = "dev";