diff options
author | Vladimír Čunát <v@cunat.cz> | 2019-06-11 15:31:10 +0200 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2019-06-11 15:38:21 +0200 |
commit | 57aa3ec33b052199cf13f1b056da9b516c6a7cf9 (patch) | |
tree | 271080ceadf1610a6f15299f1e7ed96c8bf93cb1 /pkgs/development/libraries/faad2 | |
parent | feb949cd617485100198bb282006721dbd106e1e (diff) |
faad2: apply security patches from Debian
Diffstat (limited to 'pkgs/development/libraries/faad2')
-rw-r--r-- | pkgs/development/libraries/faad2/default.nix | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/pkgs/development/libraries/faad2/default.nix b/pkgs/development/libraries/faad2/default.nix index 50323846e980..e7e4835d2ed3 100644 --- a/pkgs/development/libraries/faad2/default.nix +++ b/pkgs/development/libraries/faad2/default.nix @@ -12,6 +12,30 @@ stdenv.mkDerivation rec { sha256 = "1db37ydb6mxhshbayvirm5vz6j361bjim4nkpwjyhmy4ddfinmhl"; }; + patches = let + fp = { ver ? "2.8.8-3", pname, name ? (pname + ".patch"), sha256 }: fetchurl { + url = "https://salsa.debian.org/multimedia-team/faad2/raw/debian/${ver}" + + "/debian/patches/${pname}.patch?inline=false"; + inherit name sha256; + }; + in [ + (fp { + # critical bug addressed in vlc 3.0.7 (but we use system-provided faad) + pname = "0004-Fix-a-couple-buffer-overflows"; + sha256 = "1mwycdfagz6wpda9j3cp7lf93crgacpa8rwr58p3x0i5cirnnmwq"; + }) + (fp { + name = "CVE-2018-20362.patch"; + pname = "0009-syntax.c-check-for-syntax-element-inconsistencies"; + sha256 = "1z849l5qyvhyn5pvm6r07fa50nrn8nsqnrka2nnzgkhxlhvzpa81"; + }) + (fp { + name = "CVE-2018-20194.patch"; + pname = "0010-sbr_hfadj-sanitize-frequency-band-borders"; + sha256 = "1b1kbz4mv0zhpq8h3djnvqafh1gn12nikk9v3jrxyryywacirah4"; + }) + ]; + configureFlags = [] ++ optional drmSupport "--with-drm"; |