From 95f4d6ba1caec48ea28df06a456cfcecc0c91825 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Wed, 7 Feb 2018 10:01:16 +0100
Subject: mpv: fix CVE-2018-6460

Upstream has fixed this in a series of commits ontop of 0.28.0. Debian
has backported the fixes to 0.27.0.

Upstream issue: https://github.com/mpv-player/mpv/issues/5456
Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888654#8
---
 pkgs/applications/video/mpv/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkgs/applications/video/mpv')

diff --git a/pkgs/applications/video/mpv/default.nix b/pkgs/applications/video/mpv/default.nix
index dcbafd8594d3..403fc7e4ee11 100644
--- a/pkgs/applications/video/mpv/default.nix
+++ b/pkgs/applications/video/mpv/default.nix
@@ -95,6 +95,11 @@ in stdenv.mkDerivation rec {
       url = "https://github.com/mpv-player/mpv/commit/2ecf240b1cd20875991a5b18efafbe799864ff7f.patch";
       sha256 = "1sr0770rvhsgz8d7ysr9qqp4g9gwdhgj8g3rgnz90wl49lgrykhb";
     })
+    (fetchpatch {
+      name = "CVE-2018-6360.patch";
+      url = https://salsa.debian.org/multimedia-team/mpv/raw/ddface85a1adfdfe02ffb25b5ac7fac715213b97/debian/patches/09_ytdl-hook-whitelist-protocols.patch;
+      sha256 = "1gb1lkjbr8rv4v9ji6w5z97kbxbi16dbwk2255ajbvngjrc7vivv";
+    })
   ];
 
   postPatch = ''
-- 
cgit 1.4.1