From f6369651e563eef04a1485c7d9046b1563b3b638 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Wed, 26 Oct 2022 21:23:02 +0100
Subject: jami: don't use main package's patches, mark with
 knownVulnerabilities

the patches for CVE-2022-39269 & CVE-2022-39244 won't apply to
jami's pinned version of pjsip, upstream don't seem to be on
top of this either
---
 pkgs/applications/networking/instant-messengers/jami/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'pkgs/applications')

diff --git a/pkgs/applications/networking/instant-messengers/jami/default.nix b/pkgs/applications/networking/instant-messengers/jami/default.nix
index 690f6534e93..5982b9b0dde 100644
--- a/pkgs/applications/networking/instant-messengers/jami/default.nix
+++ b/pkgs/applications/networking/instant-messengers/jami/default.nix
@@ -71,10 +71,14 @@ rec {
         sha256 = "sha256-ENRfQh/HCXqInTV0tu8tGQO7+vTbST6XXpptERXMACE=";
       };
 
-      patches = old.patches ++ (map (x: patch-src + x) (readLinesToList ./config/pjsip_patches));
+      patches = (map (x: patch-src + x) (readLinesToList ./config/pjsip_patches));
 
       configureFlags = (readLinesToList ./config/pjsip_args_common)
         ++ lib.optionals stdenv.isLinux (readLinesToList ./config/pjsip_args_linux);
+
+      meta = {
+        knownVulnerabilities = [ "CVE-2022-39269" "CVE-2022-39244" ];
+      } // old.meta;
     });
 
   opendht-jami = opendht.override {
-- 
cgit 1.4.1