diff --git a/pkgs/tools/networking/tinyproxy/default.nix b/pkgs/tools/networking/tinyproxy/default.nix index 44bca62e8f09..12c8a0d0447e 100644 --- a/pkgs/tools/networking/tinyproxy/default.nix +++ b/pkgs/tools/networking/tinyproxy/default.nix @@ -1,4 +1,11 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, perl, withDebug ? false }: +{ lib +, stdenv +, fetchFromGitHub +, fetchpatch +, autoreconfHook +, perl +, withDebug ? false +}: stdenv.mkDerivation rec { pname = "tinyproxy"; @@ -11,6 +18,14 @@ stdenv.mkDerivation rec { owner = "tinyproxy"; }; + patches = [ + (fetchpatch { + name = "CVE-2022-40468.patch"; + url = "https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7.patch"; + sha256 = "sha256-P0c4mUK227ld3703ss5MQhi8Vo2QVTCVXhKmc9fcufk="; + }) + ]; + # perl is needed for man page generation. nativeBuildInputs = [ autoreconfHook perl ];