pyrox.dev
freeswitch: patch CVE-2023-5217 and CVE-2023-44488
Co-authored-by: éclairevoyant <848000+eclairevoyant@users.noreply.github.com>
Co-authored-by: Thomas Gerbet <thomas@gerbet.me>
+37
-7
pkgs/servers/sip/freeswitch/default.nix
+37
-7
pkgs/servers/sip/freeswitch/default.nix
···
1
-
{ fetchFromGitHub, stdenv, lib, pkg-config, autoreconfHook
2
-
, ncurses, gnutls, readline
3
-
, openssl, perl, sqlite, libjpeg, speex, pcre, libuuid
4
-
, ldns, libedit, yasm, which, libsndfile, libtiff, libxcrypt
5
-
6
, callPackage
7
-
8
, SystemConfiguration
9
-
10
, modules ? null
11
, nixosTests
12
}:
···
109
} > $f
110
done
111
'';
112
113
strictDeps = true;
114
nativeBuildInputs = [ pkg-config autoreconfHook perl which yasm ];
···
1
+
{ fetchFromGitHub
2
+
, fetchpatch
3
+
, stdenv
4
+
, lib
5
+
, pkg-config
6
+
, autoreconfHook
7
+
, ncurses
8
+
, gnutls
9
+
, readline
10
+
, openssl
11
+
, perl
12
+
, sqlite
13
+
, libjpeg
14
+
, speex
15
+
, pcre
16
+
, libuuid
17
+
, ldns
18
+
, libedit
19
+
, yasm
20
+
, which
21
+
, libsndfile
22
+
, libtiff
23
+
, libxcrypt
24
, callPackage
25
, SystemConfiguration
26
, modules ? null
27
, nixosTests
28
}:
···
125
} > $f
126
done
127
'';
128
+
129
+
## TODO Validate with the next upstream release
130
+
patches = [
131
+
(fetchpatch {
132
+
name = "CVE-2023-44488.patch";
133
+
url = "https://github.com/signalwire/freeswitch/commit/f1fb05214e4f427dcf922f531431ab649cf0622b.patch";
134
+
hash = "sha256-6GMebE6O2EBx60NE2LSRVljaiLm9T4zTrkIpwGvaB08=";
135
+
})
136
+
(fetchpatch {
137
+
name = "CVE-2023-5217.patch";
138
+
url = "https://github.com/signalwire/freeswitch/commit/6f9e72c585265d8def8a613b36cd4f524c201980.patch";
139
+
hash = "sha256-l64mBpyq/TzRM78n73kbuD0UNsk5zIH5QNJlMKdPfr4=";
140
+
})
141
+
];
142
143
strictDeps = true;
144
nativeBuildInputs = [ pkg-config autoreconfHook perl which yasm ];