Merge pull request #210885 from LeSuisse/fdk-aac-encoder-CVE-2022-37781

fdk-aac-encoder: apply patch for CVE-2022-37781
This commit is contained in:
Nick Cao 2023-01-16 15:54:09 +08:00 committed by GitHub
commit c85d086929
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,4 +1,4 @@
{ lib, stdenv, autoreconfHook, fetchFromGitHub, fdk_aac }:
{ lib, stdenv, autoreconfHook, fetchFromGitHub, fetchpatch, fdk_aac }:
stdenv.mkDerivation rec {
pname = "fdkaac";
@ -11,6 +11,15 @@ stdenv.mkDerivation rec {
sha256 = "sha256-7a8JlQtMGuMWgU/HePd31/EvtBNc2tBMz8V8NQivuNo=";
};
patches = [
# To be removed when 1.0.4 is released, see https://github.com/nu774/fdkaac/issues/54
(fetchpatch {
name = "CVE-2022-37781.patch";
url = "https://github.com/nu774/fdkaac/commit/ecddb7d63306e01d137d65bbbe7b78c1e779943c.patch";
sha256 = "sha256-uZPf5tqBmF7VWp1fJcjp5pbYGRfzqgPZpBHpkdWYkV0=";
})
];
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ fdk_aac ];