From 788764b193f681a0d97c1b3e98cd687d131ef6b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Thu, 18 Jun 2020 16:39:47 +0200
Subject: [PATCH] transmission: patch CVE-2018-10756

nixpkgs master is not vulnerable to this.  We use Fedora patch,
as the upstream one does not apply to this version.
Fixes #91026 (roundup issue).
---
 .../networking/p2p/transmission/default.nix          | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkgs/applications/networking/p2p/transmission/default.nix b/pkgs/applications/networking/p2p/transmission/default.nix
index 25996953e11ac..bdecb4b47b6ce 100644
--- a/pkgs/applications/networking/p2p/transmission/default.nix
+++ b/pkgs/applications/networking/p2p/transmission/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, intltool, file, wrapGAppsHook
+{ stdenv, fetchurl, fetchpatch, pkgconfig, intltool, file, wrapGAppsHook
 , openssl, curl, libevent, inotify-tools, systemd, zlib
 , enableGTK3 ? false, gtk3
 , enableSystemd ? stdenv.isLinux
@@ -24,6 +24,16 @@ stdenv.mkDerivation rec {
     ++ optionals enableSystemd [ systemd ]
     ++ optionals stdenv.isLinux [ inotify-tools ];
 
+  patches = [
+    (fetchpatch {
+      name = "cve-2018-10756.diff";
+      url = "https://src.fedoraproject.org/rpms/transmission/raw/ec98cd40/f/"
+          + "2123adf8e5e1c2b48791f9d22fc8c747e974180e.patch";
+      extraPrefix = "./"; # this way we don't need to add -p0 flag
+      sha256 = "1wq2sk81yyi8ida4115f9mpkna63dijkx8vphac72w2fhpz905k7";
+    })
+  ];
+
   postPatch = ''
     substituteInPlace ./configure \
       --replace "libsystemd-daemon" "libsystemd" \