tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

faad2: apply security patches from Debian

(cherry picked from commit 57aa3ec33b052199cf13f1b056da9b516c6a7cf9)

Vladimír Čunát 411e12a4 b02feb63

+24
unified split
+24
pkgs/development/libraries/faad2/default.nix
··· 12 12 sha256 = "1db37ydb6mxhshbayvirm5vz6j361bjim4nkpwjyhmy4ddfinmhl"; 13 13 }; 14 14 15 + patches = let 16 + fp = { ver ? "2.8.8-3", pname, name ? (pname + ".patch"), sha256 }: fetchurl { 17 + url = "https://salsa.debian.org/multimedia-team/faad2/raw/debian/${ver}" 18 + + "/debian/patches/${pname}.patch?inline=false"; 19 + inherit name sha256; 20 + }; 21 + in [ 22 + (fp { 23 + # critical bug addressed in vlc 3.0.7 (but we use system-provided faad) 24 + pname = "0004-Fix-a-couple-buffer-overflows"; 25 + sha256 = "1mwycdfagz6wpda9j3cp7lf93crgacpa8rwr58p3x0i5cirnnmwq"; 26 + }) 27 + (fp { 28 + name = "CVE-2018-20362.patch"; 29 + pname = "0009-syntax.c-check-for-syntax-element-inconsistencies"; 30 + sha256 = "1z849l5qyvhyn5pvm6r07fa50nrn8nsqnrka2nnzgkhxlhvzpa81"; 31 + }) 32 + (fp { 33 + name = "CVE-2018-20194.patch"; 34 + pname = "0010-sbr_hfadj-sanitize-frequency-band-borders"; 35 + sha256 = "1b1kbz4mv0zhpq8h3djnvqafh1gn12nikk9v3jrxyryywacirah4"; 36 + }) 37 + ]; 38 + 15 39 configureFlags = [] 16 40 ++ optional drmSupport "--with-drm"; 17 41