From aa9f441226e4e3d16ca51e867ce9d861e79c7ffc Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Mon, 31 May 2021 12:53:11 +0200
Subject: [PATCH] radare2: add patch for CVE-2021-32613

Closes #124670
See also https://nvd.nist.gov/vuln/detail/CVE-2021-32613

(cherry picked from commit 16ce96934052e728445e57e5c9b1242dbfa836bd)
---
 .../development/tools/analysis/radare2/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkgs/development/tools/analysis/radare2/default.nix b/pkgs/development/tools/analysis/radare2/default.nix
index e59c48f91d3..0ffe937a93f 100644
--- a/pkgs/development/tools/analysis/radare2/default.nix
+++ b/pkgs/development/tools/analysis/radare2/default.nix
@@ -20,6 +20,7 @@
 , ruby
 , lua
 , capstone
+, fetchpatch
 , useX11 ? false
 , rubyBindings ? false
 , pythonBindings ? false
@@ -37,6 +38,19 @@ stdenv.mkDerivation rec {
     sha256 = "0n3k190qjhdlj10fjqijx6ismz0g7fk28i83j0480cxdqgmmlbxc";
   };
 
+  patches = [
+    # fix for CVE-2021-32613
+    (fetchpatch {
+      url = "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05.patch";
+      sha256 = "sha256-zCFNn968buLuSqfUT5E+72qz0l1tA3fEUQIxJl2nd3I=";
+    })
+    (fetchpatch {
+      name = "CVE-2021-32613.patch";
+      url = "https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc.patch";
+      sha256 = "sha256-s8SWGuSQ6fxDCybtjO2ZW8w7H6mr+AuzVLL6dw+XKDw=";
+    })
+  ];
+
   postInstall = ''
     install -D -m755 $src/binr/r2pm/r2pm $out/bin/r2pm
   '';