gpac: 2.0.0 -> 2.2.0

https://github.com/gpac/gpac/releases/tag/v2.2.0

Also add an additional patch for a recent issue (CVE-2023-0358).

pkgs/applications/video/gpac/default.nix

@@ -1,19 +1,23 @@
-{ lib, stdenv, fetchFromGitHub, pkg-config, zlib }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, zlib }:
 
 stdenv.mkDerivation rec {
-  version = "2.0.0";
+  version = "2.2.0";
   pname = "gpac";
 
   src = fetchFromGitHub {
     owner = "gpac";
     repo = "gpac";
     rev = "v${version}";
-    sha256 = "sha256-MIX32lSqf/lrz9240h4wMIQp/heUmwvDJz8WN08yf6c=";
+    sha256 = "sha256-m2qXTXLGgAyU9y6GEk4Hp/7Al57IPRSqImJatIcwswQ=";
   };
 
-  postPatch = ''
-    substituteInPlace Makefile --replace 'dh_link' 'ln -s'
-  '';
+  patches = [
+    (fetchpatch {
+      name = "CVE-2023-0358.patch";
+      url = "https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b.patch";
+      sha256 = "sha256-0PDQXahbJCOo1JJAC0T0N1u2mqmwAkdm87wXMJnBicM=";
+    })
+  ];
 
   # this is the bare minimum configuration, as I'm only interested in MP4Box
   # For most other functionality, this should probably be extended
@@ -41,14 +45,5 @@ stdenv.mkDerivation rec {
     license = licenses.lgpl21;
     maintainers = with maintainers; [ bluescreen303 mgdelacroix ];
     platforms = platforms.linux;
-    knownVulnerabilities = [
-      "CVE-2022-1035"
-      "CVE-2022-1172"
-      "CVE-2022-1222"
-      "CVE-2022-1795"
-      "CVE-2022-2453"
-      "CVE-2022-2454"
-      "CVE-2022-2549"
-    ];
   };
 }