diff options
author | adisbladis <adis@blad.is> | 2018-01-10 02:05:11 +0800 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2018-01-11 05:25:09 +0100 |
commit | 15b143243537217fa2a7788cd5838889f207826d (patch) | |
tree | 094236768e2786b8ca1c3b14f41aba68069e60fe /pkgs/development/libraries | |
parent | c80dc05ed63118038aede9e1ee4fa215633580ad (diff) | |
download | nixlib-15b143243537217fa2a7788cd5838889f207826d.tar nixlib-15b143243537217fa2a7788cd5838889f207826d.tar.gz nixlib-15b143243537217fa2a7788cd5838889f207826d.tar.bz2 nixlib-15b143243537217fa2a7788cd5838889f207826d.tar.lz nixlib-15b143243537217fa2a7788cd5838889f207826d.tar.xz nixlib-15b143243537217fa2a7788cd5838889f207826d.tar.zst nixlib-15b143243537217fa2a7788cd5838889f207826d.zip |
libvorbis: Fix CVE-2017-14160, CVE-2017-14632 & CVE-2017-14633
Diffstat (limited to 'pkgs/development/libraries')
-rw-r--r-- | pkgs/development/libraries/libvorbis/default.nix | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/pkgs/development/libraries/libvorbis/default.nix b/pkgs/development/libraries/libvorbis/default.nix index f8d61536bef4..f59237ee164c 100644 --- a/pkgs/development/libraries/libvorbis/default.nix +++ b/pkgs/development/libraries/libvorbis/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, libogg, pkgconfig }: +{ stdenv, fetchurl, libogg, pkgconfig, fetchpatch }: stdenv.mkDerivation rec { name = "libvorbis-1.3.5"; @@ -10,6 +10,23 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" "doc" ]; + patches = [ + (fetchpatch { + url = "https://github.com/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993.patch"; + sha256 = "0xhsa96n3dlh2l85bxpz4b9m78mfxfgi2ibhjp77110a0nvkjr6h"; + name = "CVE-2017-14633"; + }) + (fetchpatch { + url = "https://github.com/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f.patch"; + sha256 = "17lb86105im6fc0h0cx5sn94p004jsdbbs2vj1m9ll6z9yb4rxwc"; + name = "CVE-2017-14632"; + }) + (fetchpatch { + url = "https://gitlab.xiph.org/xiph/vorbis/uploads/a68cf70fa10c8081a633f77b5c6576b7/0001-CVE-2017-14160-make-sure-we-don-t-overflow.patch"; + sha256 = "0v21p59cb3z77ch1v6q5dcrd733h91f3m8ifnd7kkkr8gzn17d5x"; + name = "CVE-2017-14160"; + }) + ]; nativeBuildInputs = [ pkgconfig ]; propagatedBuildInputs = [ libogg ]; |