diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2018-02-07 10:01:16 +0100 |
|---|---|---|
| committer | Andreas Rammhold <andreas@rammhold.de> | 2018-02-07 10:01:16 +0100 |
| commit | 95f4d6ba1caec48ea28df06a456cfcecc0c91825 (patch) | |
| tree | d6ff685c27f82592115962f49ebe7d29875a2c95 /pkgs/applications/video/mpv | |
| parent | 8ff7ac4859b52baa7378a6a8028d4ec5aea11e85 (diff) | |
| download | nixlib-95f4d6ba1caec48ea28df06a456cfcecc0c91825.tar nixlib-95f4d6ba1caec48ea28df06a456cfcecc0c91825.tar.gz nixlib-95f4d6ba1caec48ea28df06a456cfcecc0c91825.tar.bz2 nixlib-95f4d6ba1caec48ea28df06a456cfcecc0c91825.tar.lz nixlib-95f4d6ba1caec48ea28df06a456cfcecc0c91825.tar.xz nixlib-95f4d6ba1caec48ea28df06a456cfcecc0c91825.tar.zst nixlib-95f4d6ba1caec48ea28df06a456cfcecc0c91825.zip | |
mpv: fix CVE-2018-6460
Upstream has fixed this in a series of commits ontop of 0.28.0. Debian has backported the fixes to 0.27.0. Upstream issue: https://github.com/mpv-player/mpv/issues/5456 Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888654#8
Diffstat (limited to 'pkgs/applications/video/mpv')
| -rw-r--r-- | pkgs/applications/video/mpv/default.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkgs/applications/video/mpv/default.nix b/pkgs/applications/video/mpv/default.nix index dcbafd8594d3..403fc7e4ee11 100644 --- a/pkgs/applications/video/mpv/default.nix +++ b/pkgs/applications/video/mpv/default.nix @@ -95,6 +95,11 @@ in stdenv.mkDerivation rec { url = "https://github.com/mpv-player/mpv/commit/2ecf240b1cd20875991a5b18efafbe799864ff7f.patch"; sha256 = "1sr0770rvhsgz8d7ysr9qqp4g9gwdhgj8g3rgnz90wl49lgrykhb"; }) + (fetchpatch { + name = "CVE-2018-6360.patch"; + url = https://salsa.debian.org/multimedia-team/mpv/raw/ddface85a1adfdfe02ffb25b5ac7fac715213b97/debian/patches/09_ytdl-hook-whitelist-protocols.patch; + sha256 = "1gb1lkjbr8rv4v9ji6w5z97kbxbi16dbwk2255ajbvngjrc7vivv"; + }) ]; postPatch = '' |