From cf564bcd0d8bb9a70a6c0ba38f9e723ddb86eae3 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Mon, 15 Apr 2024 21:49:19 +0100
Subject: [PATCH] python311Packages.blosc2: add patches for CVE-2024-3203 &
 CVE-2024-3204

---
 .../python-modules/blosc2/default.nix          | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/pkgs/development/python-modules/blosc2/default.nix b/pkgs/development/python-modules/blosc2/default.nix
index a4c1db3d7b700..075de1ea28739 100644
--- a/pkgs/development/python-modules/blosc2/default.nix
+++ b/pkgs/development/python-modules/blosc2/default.nix
@@ -1,6 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchFromGitHub
+, fetchpatch
 
 # build-system
 , cmake
@@ -37,6 +38,23 @@ buildPythonPackage rec {
     hash = "sha256-5a94Zm6sYl/nSfkcFbKG7PkyXwLB6bAoIvfaq0yVGHo=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-3203.CVE-2024-3204.part-1.patch";
+      url = "https://github.com/Blosc/c-blosc2/commit/892f6d9c8ffc6e3c4d571df8fc02114f88c69b52.patch";
+      stripLen = 1;
+      extraPrefix = "blosc2/c-blosc2/";
+      hash = "sha256-sNgDcdT9HFrx41VKohp4GNUEjM1sqLYkIZu4baKRMeI=";
+    })
+    (fetchpatch {
+      name = "CVE-2024-3203.CVE-2024-3204.part-2.patch";
+      url = "https://github.com/Blosc/c-blosc2/commit/9cc79a79373f1b338b2e029e2e489b4e7971cd0c.patch";
+      stripLen = 1;
+      extraPrefix = "blosc2/c-blosc2/";
+      hash = "sha256-J/zcyNrxQr43+ROhDDQFmUJZQSTwo9qDuLwZeLd/ooo=";
+    })
+  ];
+
   postPatch = ''
     substituteInPlace requirements-runtime.txt \
       --replace "pytest" ""