diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2023-01-27 23:08:52 +0100 |
---|---|---|
committer | Thomas Gerbet <thomas@gerbet.me> | 2023-01-27 23:08:52 +0100 |
commit | 6515a7acd54d71b5a1272564d01699a9aa754cf2 (patch) | |
tree | 63c0003a0a2e5cf8c92e4ba293cc5dafc42ff4fd /pkgs/applications/audio/opusfile | |
parent | 99e30309e5b5112852238d8ddef688db5e5f3c08 (diff) | |
download | nixpkgs-6515a7acd54d71b5a1272564d01699a9aa754cf2.tar nixpkgs-6515a7acd54d71b5a1272564d01699a9aa754cf2.tar.gz nixpkgs-6515a7acd54d71b5a1272564d01699a9aa754cf2.tar.bz2 nixpkgs-6515a7acd54d71b5a1272564d01699a9aa754cf2.tar.lz nixpkgs-6515a7acd54d71b5a1272564d01699a9aa754cf2.tar.xz nixpkgs-6515a7acd54d71b5a1272564d01699a9aa754cf2.tar.zst nixpkgs-6515a7acd54d71b5a1272564d01699a9aa754cf2.zip |
opusfile: apply patch for CVE-2022-47021
Upstream issue: https://github.com/xiph/opusfile/issues/36
Diffstat (limited to 'pkgs/applications/audio/opusfile')
-rw-r--r-- | pkgs/applications/audio/opusfile/default.nix | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/pkgs/applications/audio/opusfile/default.nix b/pkgs/applications/audio/opusfile/default.nix index f86595361b6..47d7a64e3c2 100644 --- a/pkgs/applications/audio/opusfile/default.nix +++ b/pkgs/applications/audio/opusfile/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, pkg-config, openssl, libogg, libopus }: +{ lib, stdenv, fetchurl, pkg-config, openssl, libogg, libopus, fetchpatch }: stdenv.mkDerivation rec { pname = "opusfile"; @@ -12,7 +12,14 @@ stdenv.mkDerivation rec { buildInputs = [ openssl libogg ]; propagatedBuildInputs = [ libopus ]; outputs = [ "out" "dev" ]; - patches = [ ./include-multistream.patch ] + patches = [ + ./include-multistream.patch + (fetchpatch { + name = "CVE-2022-47021.patch"; + url = "https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5.patch"; + sha256 = "sha256-XThI/ys5caB+OncFVfxm5IsvQPy1MbLQKwIlYjPvTJQ="; + }) + ] # fixes problem with openssl 1.1 dependency # see https://github.com/xiph/opusfile/issues/13 ++ lib.optionals stdenv.hostPlatform.isWindows [ ./disable-cert-store.patch ]; |