From 57ee482824ab447858efbba7862f010308933956 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Thu, 4 Sep 2025 16:56:34 +0200
Subject: [PATCH] esphome: apply patch for CVE-2025-57808

https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635
---
 pkgs/by-name/es/esphome/package.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkgs/by-name/es/esphome/package.nix b/pkgs/by-name/es/esphome/package.nix
index 5846a147625b..2553c546ab76 100644
--- a/pkgs/by-name/es/esphome/package.nix
+++ b/pkgs/by-name/es/esphome/package.nix
@@ -3,6 +3,7 @@
   callPackage,
   python3Packages,
   fetchFromGitHub,
+  fetchpatch,
   installShellFiles,
   platformio,
   esptool,
@@ -43,6 +44,15 @@ python.pkgs.buildPythonApplication rec {
     hash = "sha256-vy/wjtl/IbdSOxAUsV4bl7VNEBTetsvIDh2V1gDHSMs=";
   };
 
+  patches = [
+    (fetchpatch {
+      # https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635
+      name = "CVE-2025-57808.patch";
+      url = "https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5.patch";
+      hash = "sha256-SLqjjQXM1ABxY0pmNCXgTVzMcsRLKszinvf/ZchacEM=";
+    })
+  ];
+
   build-systems = with python.pkgs; [
     setuptools
     argcomplete