From 2207fb33684c62f1e23e429ae8995f66b43fb7c3 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sun, 1 Oct 2023 01:08:42 +0200 Subject: [PATCH] libvpx: 1.13.0 -> 1.13.1 https://github.com/webmproject/libvpx/raw/v1.13.1/CHANGELOG Fixes: CVE-2023-44488 --- pkgs/development/libraries/libvpx/default.nix | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/pkgs/development/libraries/libvpx/default.nix b/pkgs/development/libraries/libvpx/default.nix index 3df8cce6f4b4..eb5b320b317b 100644 --- a/pkgs/development/libraries/libvpx/default.nix +++ b/pkgs/development/libraries/libvpx/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, fetchpatch, perl, yasm +{ lib, stdenv, fetchFromGitHub, perl, yasm , vp8DecoderSupport ? true # VP8 decoder , vp8EncoderSupport ? true # VP8 encoder , vp9DecoderSupport ? true # VP9 decoder @@ -75,27 +75,15 @@ assert isCygwin -> unitTestsSupport && webmIOSupport && libyuvSupport; stdenv.mkDerivation rec { pname = "libvpx"; - version = "1.13.0"; + version = "1.13.1"; src = fetchFromGitHub { owner = "webmproject"; repo = pname; rev = "v${version}"; - sha256 = "sha256-IH+ZWbBUlU5fbciYe+dNGnTFFCte2BXxAlLcvmzdAeY="; + hash = "sha256-KTbzZ5/qCH+bCvatYZhFiWcT+L2duD40E2w/BUaRorQ="; }; - patches = [ - (fetchpatch { - # https://www.openwall.com/lists/oss-security/2023/09/28/5 - name = "CVE-2023-5217.patch"; - url = "https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590.patch"; - hash = "sha256-1hHUd/dNGm8dmdYYN60j1aOgC2pdIIq7vqJZ7mTXfps="; - includes = [ - "vp8/encoder/onyx_if.c" - ]; - }) - ]; - postPatch = '' patchShebangs --build \ build/make/*.sh \