From 4d9e5f64b7a7a56aa3092f960b3c459cc71db1e0 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Fri, 10 Oct 2025 22:38:41 +0200
Subject: [PATCH] mruby: apply patch for CVE-2025-7207

---
 pkgs/by-name/mr/mruby/package.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/by-name/mr/mruby/package.nix b/pkgs/by-name/mr/mruby/package.nix
index c0d78848697a..f5ac1c1fb3b4 100644
--- a/pkgs/by-name/mr/mruby/package.nix
+++ b/pkgs/by-name/mr/mruby/package.nix
@@ -4,6 +4,7 @@
   ruby,
   rake,
   fetchFromGitHub,
+  fetchpatch,
   testers,
 }:
 
@@ -18,6 +19,14 @@ stdenv.mkDerivation (finalAttrs: {
     sha256 = "sha256-rCoEC1ioX6bOocPoPi+Lsn4PM8gY0DjKja1/MJvJ1n8=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2025-7207.patch";
+      url = "https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9.patch";
+      hash = "sha256-wtSlLydofkp2brk/pRiJqt4NhkGRdzsx7JpTmWu2B7I=";
+    })
+  ];
+
   nativeBuildInputs = [ rake ];
 
   nativeCheckInputs = [ ruby ];