From 08d77caac01d567acf1816c36cd16f38fecf41b2 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Tue, 5 Jan 2021 19:39:28 +0100
Subject: [PATCH] tcpdump: fix CVE-2020-8037

https://nvd.nist.gov/vuln/detail/CVE-2020-8037
---
 pkgs/tools/networking/tcpdump/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/networking/tcpdump/default.nix b/pkgs/tools/networking/tcpdump/default.nix
index fd7b203fbbf437..fa555ad4f99ce5 100644
--- a/pkgs/tools/networking/tcpdump/default.nix
+++ b/pkgs/tools/networking/tcpdump/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libpcap, perl }:
+{ stdenv, fetchurl, libpcap, perl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   pname = "tcpdump";
@@ -9,6 +9,14 @@ stdenv.mkDerivation rec {
     sha256 = "0434vdcnbqaia672rggjzdn4bb8p8dchz559yiszzdk0sjrprm1c";
   };
 
+  patches = [
+    # Patch for CVE-2020-8037
+    (fetchpatch {
+      url = "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231.patch";
+      sha256 = "sha256-bO3aV032ru9+M/9isBRjmH8jTZLKj9Zf9ha2rmOaZwc=";
+    })
+  ];
+
   postPatch = ''
     patchShebangs tests
   '';