summary refs log tree commit diff
path: root/pkgs/tools/misc/file/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/misc/file/default.nix')
-rw-r--r--pkgs/tools/misc/file/default.nix10
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix
index b3ed85ca228..a06b38c0ec7 100644
--- a/pkgs/tools/misc/file/default.nix
+++ b/pkgs/tools/misc/file/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, file, zlib, libgnurx }:
+{ stdenv, fetchurl, fetchpatch, file, zlib, libgnurx }:
 
 stdenv.mkDerivation rec {
   pname = "file";
@@ -12,6 +12,14 @@ stdenv.mkDerivation rec {
     sha256 = "0zz0p9bqnswfx0c16j8k62ivjq1m16x10xqv4hy9lcyxyxkkkhg9";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2019-18218.patch";
+      url = "https://sources.debian.org/data/main/f/file/1:5.37-6/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch";
+      sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj";
+    })
+  ];
+
   nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file;
   buildInputs = [ zlib ]
               ++ stdenv.lib.optional stdenv.hostPlatform.isWindows libgnurx;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-12 08:07:28 +0000