Merge pull request #72798 from risicle/ris-file-CVE-2019-18218-r19.03

[r19.03] file: add patch for CVE-2019-18218
author: Florian Klink <flokli@flokli.de> 2019-11-04 22:54:55 +0100
committer: GitHub <noreply@github.com> 2019-11-04 22:54:55 +0100
commit: c06d264772717b7b6d21d37d95e2ed9aee27c4ca (patch)
tree: 3eec3f21000b049d244640a6055d9596b4cb7aaf
parent: 0391c19a73bbe758acf10f2766d1a54db08bd458 (diff)
parent: be28735bfe1a9cb307355cd32c4d8603df756136 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix
index ed31d01f09d5e..33d9972e867c4 100644
--- a/pkgs/tools/misc/file/default.nix
+++ b/pkgs/tools/misc/file/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, file, zlib, libgnurx }:
+{ stdenv, fetchurl, fetchpatch, file, zlib, libgnurx }:
 
 stdenv.mkDerivation rec {
   name = "file-${version}";
@@ -12,6 +12,14 @@ stdenv.mkDerivation rec {
     sha256 = "0ya330cdkvfi2d28h8gvhghj4gnhysmifmryysl0a97xq2884q7v";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2019-18218.patch";
+      url = "https://sources.debian.org/data/main/f/file/1:5.37-6/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch";
+      sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj";
+    })
+  ];
+
   nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file;
   buildInputs = [ zlib ]
               ++ stdenv.lib.optional stdenv.hostPlatform.isWindows libgnurx;
author	Florian Klink <flokli@flokli.de>	2019-11-04 22:54:55 +0100
committer	GitHub <noreply@github.com>	2019-11-04 22:54:55 +0100
commit	c06d264772717b7b6d21d37d95e2ed9aee27c4ca (patch)
tree	3eec3f21000b049d244640a6055d9596b4cb7aaf
parent	0391c19a73bbe758acf10f2766d1a54db08bd458 (diff)
parent	be28735bfe1a9cb307355cd32c4d8603df756136 (diff)