radare2: add patch for CVE-2021-32613

Closes #124670
See also https://nvd.nist.gov/vuln/detail/CVE-2021-32613

pkgs/development/tools/analysis/radare2/default.nix

@@ -20,6 +20,7 @@
 , ruby
 , lua
 , capstone
+, fetchpatch
 , useX11 ? false
 , rubyBindings ? false
 , pythonBindings ? false
@@ -37,6 +38,19 @@ stdenv.mkDerivation rec {
     sha256 = "0n3k190qjhdlj10fjqijx6ismz0g7fk28i83j0480cxdqgmmlbxc";
   };
 
+  patches = [
+    # fix for CVE-2021-32613
+    (fetchpatch {
+      url = "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05.patch";
+      sha256 = "sha256-zCFNn968buLuSqfUT5E+72qz0l1tA3fEUQIxJl2nd3I=";
+    })
+    (fetchpatch {
+      name = "CVE-2021-32613.patch";
+      url = "https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc.patch";
+      sha256 = "sha256-s8SWGuSQ6fxDCybtjO2ZW8w7H6mr+AuzVLL6dw+XKDw=";
+    })
+  ];
+
   postInstall = ''
     install -D -m755 $src/binr/r2pm/r2pm $out/bin/r2pm
   '';