1 files changed, 15 insertions, 3 deletions

diff --git a/infra/libkookie/nixpkgs/pkgs/development/libraries/libxml2/default.nix b/infra/libkookie/nixpkgs/pkgs/development/libraries/libxml2/default.nix
index 5e290b25832d..594928876888 100644
--- a/infra/libkookie/nixpkgs/pkgs/development/libraries/libxml2/default.nix
+++ b/infra/libkookie/nixpkgs/pkgs/development/libraries/libxml2/default.nix
@@ -28,14 +28,26 @@ stdenv.mkDerivation rec {
     #   https://github.com/NixOS/nixpkgs/pull/72342
     ./utf8-xmlErrorFuncHandler.patch
     (fetchpatch {
+      name = "CVE-2019-20388.patch";
+      url = "https://gitlab.gnome.org/GNOME/libxml2/commit/6088a74bcf7d0c42e24cff4594d804e1d3c9fbca.patch";
+      sha256 = "070s7al2r2k92320h9cdfc2097jy4kk04d0disc98ddc165r80jl";
+    })
+    (fetchpatch {
       name = "CVE-2020-7595.patch";
       url = "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5.patch";
       sha256 = "0klvaxkzakkpyq0m44l9xrpn5kwaii194sqsivfm6zhnb9hhl15l";
     })
     (fetchpatch {
-      name = "CVE-2019-20388.patch";
-      url = "https://gitlab.gnome.org/GNOME/libxml2/commit/6088a74bcf7d0c42e24cff4594d804e1d3c9fbca.patch";
-      sha256 = "070s7al2r2k92320h9cdfc2097jy4kk04d0disc98ddc165r80jl";
+      name = "CVE-2020-24977.patch";
+      url = "https://gitlab.gnome.org/GNOME/libxml2/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2.patch";
+      sha256 = "093f1ic5qfiq8nk9mc6b8p1qcs8m9hir3ardr6r5il4zi2dnjrj4";
+    })
+    # Fix compatibility with Python 3.9.
+    # https://gitlab.gnome.org/GNOME/libxml2/-/issues/149
+    (fetchpatch {
+      name = "python39.patch";
+      url = "https://gitlab.gnome.org/nwellnhof/libxml2/-/commit/e4fb36841800038c289997432ca547c9bfef9db1.patch";
+      sha256 = "0h3vpy9fg3339b14qa64640ypp65z3hrrrmpjl8qm72srkp24ci5";
     })
   ];