radare2: add patch for CVE-2021-32613

Closes #124670 See also https://nvd.nist.gov/vuln/detail/CVE-2021-32613
2021-05-31 12:53:11 +02:00 · 2021-05-31 12:53:11 +02:00 · 16ce969340
commit 16ce969340
parent 58240d3c21
1 changed files with 14 additions and 0 deletions
--- a/pkgs/development/tools/analysis/radare2/default.nix
+++ b/pkgs/development/tools/analysis/radare2/default.nix
@ -20,6 +20,7 @@
 , ruby
 , lua
 , capstone
+, fetchpatch
 , useX11 ? false
 , rubyBindings ? false
 , pythonBindings ? false
@ -37,6 +38,19 @@ stdenv.mkDerivation rec {
    sha256 = "0n3k190qjhdlj10fjqijx6ismz0g7fk28i83j0480cxdqgmmlbxc";
  };

+  patches = [
+    # fix for CVE-2021-32613
+    (fetchpatch {
+      url = "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05.patch";
+      sha256 = "sha256-zCFNn968buLuSqfUT5E+72qz0l1tA3fEUQIxJl2nd3I=";
+    })
+    (fetchpatch {
+      name = "CVE-2021-32613.patch";
+      url = "https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc.patch";
+      sha256 = "sha256-s8SWGuSQ6fxDCybtjO2ZW8w7H6mr+AuzVLL6dw+XKDw=";
+    })
+  ];
+
  postInstall = ''
    install -D -m755 $src/binr/r2pm/r2pm $out/bin/r2pm
  '';