lynx: add patch for CVE-2021-38165

Co-authored-by: nixinator <33lockdown33@protonmail.com> Co-authored-by: John Bargman <darthpjb@gmail.com> Co-authored-by: Martin Weinelt <hexa@darmstadt.ccc.de>
author: matthewcroughan <matt@croughan.sh> 2021-08-07 23:40:36 +0100
committer: matthewcroughan <matt@croughan.sh> 2021-08-07 23:42:54 +0100
commit: ddce0ec126f1c92504761bd8ece98548a40aa44f (patch)
tree: a85dca52eea47494ccc1072a1d6b5753da9d10b7 /pkgs/applications/networking/browsers/lynx/default.nix
parent: 024ad03c23fc178ed0a4d3cd7b68ba213e9836df (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/applications/networking/browsers/lynx/default.nix b/pkgs/applications/networking/browsers/lynx/default.nix
index 713f934f7789d..40feaebd72cc2 100644
--- a/pkgs/applications/networking/browsers/lynx/default.nix
+++ b/pkgs/applications/networking/browsers/lynx/default.nix
@@ -2,6 +2,7 @@
 , fetchurl, pkg-config, ncurses, gzip
 , sslSupport ? true, openssl ? null
 , nukeReferences
+, fetchpatch
 }:
 
 assert sslSupport -> openssl != null;
@@ -22,6 +23,14 @@ stdenv.mkDerivation rec {
 
   hardeningEnable = [ "pie" ];
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-38165.patch";
+      url = "https://git.alpinelinux.org/aports/plain/main/lynx/CVE-2021-38165.patch?id=3400945dbbb8a87065360963e4caa0e17d3dcc61";
+      sha256 = "1aykb9y2g2vdpbbpvjlm4r40x7py2yv6jbywwcqcxrlciqcw4x57";
+    })
+  ];
+
   configureFlags = [
     "--enable-default-colors"
     "--enable-widec"
author	matthewcroughan <matt@croughan.sh>	2021-08-07 23:40:36 +0100
committer	matthewcroughan <matt@croughan.sh>	2021-08-07 23:42:54 +0100
commit	ddce0ec126f1c92504761bd8ece98548a40aa44f (patch)
tree	a85dca52eea47494ccc1072a1d6b5753da9d10b7 /pkgs/applications/networking/browsers/lynx/default.nix
parent	024ad03c23fc178ed0a4d3cd7b68ba213e9836df (diff)