lynx: add patch for CVE-2021-38165

Co-authored-by: nixinator <33lockdown33@protonmail.com> Co-authored-by: John Bargman <darthpjb@gmail.com> Co-authored-by: Martin Weinelt <hexa@darmstadt.ccc.de> (cherry picked from commit ddce0ec126f1c92504761bd8ece98548a40aa44f)
2021-08-07 23:40:36 +01:00 · 2021-08-07 23:40:36 +01:00 · 7030245979
parent 43acb01642
commit 7030245979
1 changed files with 9 additions and 0 deletions
--- a/pkgs/applications/networking/browsers/lynx/default.nix
+++ b/pkgs/applications/networking/browsers/lynx/default.nix
@ -2,6 +2,7 @@
 , fetchurl, pkg-config, ncurses, gzip
 , sslSupport ? true, openssl ? null
 , nukeReferences
+, fetchpatch
 }:

 assert sslSupport -> openssl != null;
@ -22,6 +23,14 @@ stdenv.mkDerivation rec {

  hardeningEnable = [ "pie" ];

+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-38165.patch";
+      url = "https://git.alpinelinux.org/aports/plain/main/lynx/CVE-2021-38165.patch?id=3400945dbbb8a87065360963e4caa0e17d3dcc61";
+      sha256 = "1aykb9y2g2vdpbbpvjlm4r40x7py2yv6jbywwcqcxrlciqcw4x57";
+    })
+  ];
+
  configureFlags = [
    "--enable-default-colors"
    "--enable-widec"