From 16ce96934052e728445e57e5c9b1242dbfa836bd Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Mon, 31 May 2021 12:53:11 +0200 Subject: [PATCH] radare2: add patch for CVE-2021-32613 Closes #124670 See also https://nvd.nist.gov/vuln/detail/CVE-2021-32613 --- .../development/tools/analysis/radare2/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkgs/development/tools/analysis/radare2/default.nix b/pkgs/development/tools/analysis/radare2/default.nix index e59c48f91d30..0ffe937a93fb 100644 --- a/pkgs/development/tools/analysis/radare2/default.nix +++ b/pkgs/development/tools/analysis/radare2/default.nix @@ -20,6 +20,7 @@ , ruby , lua , capstone +, fetchpatch , useX11 ? false , rubyBindings ? false , pythonBindings ? false @@ -37,6 +38,19 @@ stdenv.mkDerivation rec { sha256 = "0n3k190qjhdlj10fjqijx6ismz0g7fk28i83j0480cxdqgmmlbxc"; }; + patches = [ + # fix for CVE-2021-32613 + (fetchpatch { + url = "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05.patch"; + sha256 = "sha256-zCFNn968buLuSqfUT5E+72qz0l1tA3fEUQIxJl2nd3I="; + }) + (fetchpatch { + name = "CVE-2021-32613.patch"; + url = "https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc.patch"; + sha256 = "sha256-s8SWGuSQ6fxDCybtjO2ZW8w7H6mr+AuzVLL6dw+XKDw="; + }) + ]; + postInstall = '' install -D -m755 $src/binr/r2pm/r2pm $out/bin/r2pm '';