From 7030245979c15c5dbd979a0472b1f11a53a5b32f Mon Sep 17 00:00:00 2001
From: matthewcroughan <matt@croughan.sh>
Date: Sat, 7 Aug 2021 23:40:36 +0100
Subject: [PATCH] lynx: add patch for CVE-2021-38165

Co-authored-by: nixinator <33lockdown33@protonmail.com>
Co-authored-by: John Bargman <darthpjb@gmail.com>
Co-authored-by: Martin Weinelt <hexa@darmstadt.ccc.de>
(cherry picked from commit ddce0ec126f1c92504761bd8ece98548a40aa44f)
---
 pkgs/applications/networking/browsers/lynx/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/applications/networking/browsers/lynx/default.nix b/pkgs/applications/networking/browsers/lynx/default.nix
index 713f934f778..40feaebd72c 100644
--- a/pkgs/applications/networking/browsers/lynx/default.nix
+++ b/pkgs/applications/networking/browsers/lynx/default.nix
@@ -2,6 +2,7 @@
 , fetchurl, pkg-config, ncurses, gzip
 , sslSupport ? true, openssl ? null
 , nukeReferences
+, fetchpatch
 }:
 
 assert sslSupport -> openssl != null;
@@ -22,6 +23,14 @@ stdenv.mkDerivation rec {
 
   hardeningEnable = [ "pie" ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-38165.patch";
+      url = "https://git.alpinelinux.org/aports/plain/main/lynx/CVE-2021-38165.patch?id=3400945dbbb8a87065360963e4caa0e17d3dcc61";
+      sha256 = "1aykb9y2g2vdpbbpvjlm4r40x7py2yv6jbywwcqcxrlciqcw4x57";
+    })
+  ];
+
   configureFlags = [
     "--enable-default-colors"
     "--enable-widec"