opusfile: apply patch for CVE-2022-47021

Upstream issue: https://github.com/xiph/opusfile/issues/36
This commit is contained in:
Thomas Gerbet 2023-01-27 23:08:52 +01:00
parent 99e30309e5
commit 6515a7acd5

View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchurl, pkg-config, openssl, libogg, libopus }:
{ lib, stdenv, fetchurl, pkg-config, openssl, libogg, libopus, fetchpatch }:
stdenv.mkDerivation rec {
pname = "opusfile";
@ -12,7 +12,14 @@ stdenv.mkDerivation rec {
buildInputs = [ openssl libogg ];
propagatedBuildInputs = [ libopus ];
outputs = [ "out" "dev" ];
patches = [ ./include-multistream.patch ]
patches = [
./include-multistream.patch
(fetchpatch {
name = "CVE-2022-47021.patch";
url = "https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5.patch";
sha256 = "sha256-XThI/ys5caB+OncFVfxm5IsvQPy1MbLQKwIlYjPvTJQ=";
})
]
# fixes problem with openssl 1.1 dependency
# see https://github.com/xiph/opusfile/issues/13
++ lib.optionals stdenv.hostPlatform.isWindows [ ./disable-cert-store.patch ];