Merge remote-tracking branch 'upstream/master' into HEAD

1 files changed, 23 insertions, 0 deletions

diff --git a/pkgs/development/libraries/libsndfile/default.nix b/pkgs/development/libraries/libsndfile/default.nix
index 75e1374a228..21710375ed7 100644
--- a/pkgs/development/libraries/libsndfile/default.nix
+++ b/pkgs/development/libraries/libsndfile/default.nix
@@ -10,6 +10,29 @@ stdenv.mkDerivation rec {
     sha256 = "1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz";
   };
 
+  patches = [
+    # CVE-2017-12562
+    (fetchurl {
+       url = "https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8.patch";
+       sha256 = "1jg3wq30wdn9nv52mcyv6jyi4d80h4r1h9p96czcria7l91yh4sy";
+    })
+    # CVE-2017-6892
+    (fetchurl {
+       url = "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748.patch";
+       sha256 = "05xkmz2ihc1zcj73sbmj1ikrv9qlcym2bkp1v6ak7w53ky619mwq";
+    })
+    # CVE-2017-8361, CVE-2017-8363, CVE-2017-8363
+    (fetchurl {
+       url = "https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3.patch";
+       sha256 = "0ccndnvjzx5fw18zvy03vnb29rr81h5vsh1m16msqbxk8ibndln2";
+    })
+    # CVE-2017-8362
+    (fetchurl {
+       url = "https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808.patch";
+       sha256 = "1xyv30ga71cpy4wx5f76sc4dma91la2lcc6s9f3pk9rndyi7gj9x";
+    })
+  ];
+
   buildInputs = [ pkgconfig flac libogg libvorbis ]
     ++ stdenv.lib.optionals stdenv.isDarwin [ Carbon AudioToolbox ];