diff options
| -rw-r--r-- | pkgs/tools/misc/file/default.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix index ed31d01f09d5e..33d9972e867c4 100644 --- a/pkgs/tools/misc/file/default.nix +++ b/pkgs/tools/misc/file/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, file, zlib, libgnurx }: +{ stdenv, fetchurl, fetchpatch, file, zlib, libgnurx }: stdenv.mkDerivation rec { name = "file-${version}"; @@ -12,6 +12,14 @@ stdenv.mkDerivation rec { sha256 = "0ya330cdkvfi2d28h8gvhghj4gnhysmifmryysl0a97xq2884q7v"; }; + patches = [ + (fetchpatch { + name = "CVE-2019-18218.patch"; + url = "https://sources.debian.org/data/main/f/file/1:5.37-6/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch"; + sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj"; + }) + ]; + nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file; buildInputs = [ zlib ] ++ stdenv.lib.optional stdenv.hostPlatform.isWindows libgnurx; |