diff options
author | Mikael Fangel <34864484+MikaelFangel@users.noreply.github.com> | 2023-10-09 02:34:58 +0200 |
---|---|---|
committer | Mikael Fangel <34864484+MikaelFangel@users.noreply.github.com> | 2023-10-09 22:18:07 +0200 |
commit | b153175ff3781be08a4a4075757a4aa457a73e71 (patch) | |
tree | 955292c391562109a0789602a0251d45f5291cdb /pkgs/servers/sip/freeswitch | |
parent | 961e8be9ea254565380d3ca8a65a87cfd6296d73 (diff) | |
download | nixpkgs-b153175ff3781be08a4a4075757a4aa457a73e71.tar nixpkgs-b153175ff3781be08a4a4075757a4aa457a73e71.tar.gz nixpkgs-b153175ff3781be08a4a4075757a4aa457a73e71.tar.bz2 nixpkgs-b153175ff3781be08a4a4075757a4aa457a73e71.tar.lz nixpkgs-b153175ff3781be08a4a4075757a4aa457a73e71.tar.xz nixpkgs-b153175ff3781be08a4a4075757a4aa457a73e71.tar.zst nixpkgs-b153175ff3781be08a4a4075757a4aa457a73e71.zip |
freeswitch: patch CVE-2023-5217 and CVE-2023-44488
Co-authored-by: éclairevoyant <848000+eclairevoyant@users.noreply.github.com> Co-authored-by: Thomas Gerbet <thomas@gerbet.me>
Diffstat (limited to 'pkgs/servers/sip/freeswitch')
-rw-r--r-- | pkgs/servers/sip/freeswitch/default.nix | 44 |
1 files changed, 37 insertions, 7 deletions
diff --git a/pkgs/servers/sip/freeswitch/default.nix b/pkgs/servers/sip/freeswitch/default.nix index 499bef7e237..55721a38cd8 100644 --- a/pkgs/servers/sip/freeswitch/default.nix +++ b/pkgs/servers/sip/freeswitch/default.nix @@ -1,12 +1,28 @@ -{ fetchFromGitHub, stdenv, lib, pkg-config, autoreconfHook -, ncurses, gnutls, readline -, openssl, perl, sqlite, libjpeg, speex, pcre, libuuid -, ldns, libedit, yasm, which, libsndfile, libtiff, libxcrypt - +{ fetchFromGitHub +, fetchpatch +, stdenv +, lib +, pkg-config +, autoreconfHook +, ncurses +, gnutls +, readline +, openssl +, perl +, sqlite +, libjpeg +, speex +, pcre +, libuuid +, ldns +, libedit +, yasm +, which +, libsndfile +, libtiff +, libxcrypt , callPackage - , SystemConfiguration - , modules ? null , nixosTests }: @@ -110,6 +126,20 @@ stdenv.mkDerivation rec { done ''; + ## TODO Validate with the next upstream release + patches = [ + (fetchpatch { + name = "CVE-2023-44488.patch"; + url = "https://github.com/signalwire/freeswitch/commit/f1fb05214e4f427dcf922f531431ab649cf0622b.patch"; + hash = "sha256-6GMebE6O2EBx60NE2LSRVljaiLm9T4zTrkIpwGvaB08="; + }) + (fetchpatch { + name = "CVE-2023-5217.patch"; + url = "https://github.com/signalwire/freeswitch/commit/6f9e72c585265d8def8a613b36cd4f524c201980.patch"; + hash = "sha256-l64mBpyq/TzRM78n73kbuD0UNsk5zIH5QNJlMKdPfr4="; + }) + ]; + strictDeps = true; nativeBuildInputs = [ pkg-config autoreconfHook perl which yasm ]; buildInputs = [ |