From c99fae3a0fe224de2a86ee2e84f6a64c5c93472c Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Sat, 28 Jun 2025 17:02:44 +0200
Subject: [PATCH] corosync: apply patch for CVE-2025-30472

Related issue:
https://github.com/corosync/corosync/issues/778
---
 pkgs/by-name/co/corosync/package.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/by-name/co/corosync/package.nix b/pkgs/by-name/co/corosync/package.nix
index b3bf4bd5c463..85ca67d8abae 100644
--- a/pkgs/by-name/co/corosync/package.nix
+++ b/pkgs/by-name/co/corosync/package.nix
@@ -2,6 +2,7 @@
   lib,
   stdenv,
   fetchurl,
+  fetchpatch2,
   makeWrapper,
   pkg-config,
   kronosnet,
@@ -32,6 +33,14 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-IDNUu93uGpezxQoHbq6JxjX0Bt1nTMrvyUu5CSrNlTU=";
   };
 
+  patches = [
+    (fetchpatch2 {
+      name = "CVE-2025-30472.patch";
+      url = "https://github.com/corosync/corosync/commit/7839990f9cdf34e55435ed90109e82709032466a.patch??full_index=1";
+      hash = "sha256-EgGTfOM9chjLnb1QWNGp6IQQKQGdetNkztdddXlN/uo=";
+    })
+  ];
+
   nativeBuildInputs = [
     makeWrapper
     pkg-config