diff options
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-05-08 19:12:40 +0200 |
|---|---|---|
| committer | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2021-05-08 17:55:24 +0000 |
| commit | 279bdc9dcec7af555dfc32087cf1054603778f89 (patch) | |
| tree | 4b8750439143d9adc0a50ec67d92b5f03e99e8f6 /pkgs/applications/audio/flac/default.nix | |
| parent | 2af2325cf7ff4ca1ee53d5ab4068172a0b6066f2 (diff) | |
| download | nixpkgs-279bdc9dcec7af555dfc32087cf1054603778f89.tar nixpkgs-279bdc9dcec7af555dfc32087cf1054603778f89.tar.gz nixpkgs-279bdc9dcec7af555dfc32087cf1054603778f89.tar.bz2 nixpkgs-279bdc9dcec7af555dfc32087cf1054603778f89.tar.lz nixpkgs-279bdc9dcec7af555dfc32087cf1054603778f89.tar.xz nixpkgs-279bdc9dcec7af555dfc32087cf1054603778f89.tar.zst nixpkgs-279bdc9dcec7af555dfc32087cf1054603778f89.zip | |
flac: fix out of bound reads due to heap buffer overflow
Fixes: CVE-2020-0499
Diffstat (limited to 'pkgs/applications/audio/flac/default.nix')
| -rw-r--r-- | pkgs/applications/audio/flac/default.nix | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/pkgs/applications/audio/flac/default.nix b/pkgs/applications/audio/flac/default.nix index b4e4af9f516..0b1a2edc3ba 100644 --- a/pkgs/applications/audio/flac/default.nix +++ b/pkgs/applications/audio/flac/default.nix @@ -1,13 +1,22 @@ -{ lib, stdenv, fetchurl, libogg }: +{ lib, stdenv, fetchurl, fetchpatch, libogg }: stdenv.mkDerivation rec { - name = "flac-1.3.3"; + pname = "flac"; + version = "1.3.3"; src = fetchurl { - url = "http://downloads.xiph.org/releases/flac/${name}.tar.xz"; + url = "http://downloads.xiph.org/releases/flac/${pname}-${version}.tar.xz"; sha256 = "0j0p9sf56a2fm2hkjnf7x3py5ir49jyavg4q5zdyd7bcf6yq4gi1"; }; + patches = [ + (fetchpatch { + name = "CVE-2020-0499.patch"; + url = "https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4.patch"; + sha256 = "160qzq9ms5addz7sx06pnyjjkqrffr54r4wd8735vy4x008z71ah"; + }) + ]; + buildInputs = [ libogg ]; #doCheck = true; # takes lots of time |