pyrox.dev
Merge pull request #213031 from LeSuisse/opusfile-CVE-2022-47021
opusfile: apply patch for CVE-2022-47021
authored by Martin Weinelt and committed by GitHub 95eddec8 0f147556
+9
-2
pkgs/applications/audio/opusfile/default.nix
+9
-2
pkgs/applications/audio/opusfile/default.nix
···
1
-
{ lib, stdenv, fetchurl, pkg-config, openssl, libogg, libopus }:
1
+
{ lib, stdenv, fetchurl, pkg-config, openssl, libogg, libopus, fetchpatch }:
2
2
3
3
stdenv.mkDerivation rec {
4
4
pname = "opusfile";
···
12
12
buildInputs = [ openssl libogg ];
13
13
propagatedBuildInputs = [ libopus ];
14
14
outputs = [ "out" "dev" ];
15
-
patches = [ ./include-multistream.patch ]
15
+
patches = [
16
+
./include-multistream.patch
17
+
(fetchpatch {
18
+
name = "CVE-2022-47021.patch";
19
+
url = "https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5.patch";
20
+
sha256 = "sha256-XThI/ys5caB+OncFVfxm5IsvQPy1MbLQKwIlYjPvTJQ=";
21
+
})
22
+
]
16
23
# fixes problem with openssl 1.1 dependency
17
24
# see https://github.com/xiph/opusfile/issues/13
18
25
++ lib.optionals stdenv.hostPlatform.isWindows [ ./disable-cert-store.patch ];