From 31eea73f994b8cca50d3f88d6a4fadd98e09e798 Mon Sep 17 00:00:00 2001
From: Rickard Nilsson <rickynils@gmail.com>
Date: Thu, 17 Aug 2017 18:31:29 +0200
Subject: libsndfile: Security patches

Fixes CVE-2017-12562, CVE-2017-6892, CVE-2017-8361, CVE-2017-8363,
CVE-2017-8363, CVE-2017-8362
---
 pkgs/development/libraries/libsndfile/default.nix | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'pkgs/development/libraries/libsndfile')

diff --git a/pkgs/development/libraries/libsndfile/default.nix b/pkgs/development/libraries/libsndfile/default.nix
index 180d217ddf10..597f74feb547 100644
--- a/pkgs/development/libraries/libsndfile/default.nix
+++ b/pkgs/development/libraries/libsndfile/default.nix
@@ -10,6 +10,29 @@ stdenv.mkDerivation rec {
     sha256 = "1afzm7jx34jhqn32clc5xghyjglccam2728yxlx37yj2y0lkkwqz";
   };
 
+  patches = [
+    # CVE-2017-12562
+    (fetchurl {
+       url = "https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8.patch";
+       sha256 = "1jg3wq30wdn9nv52mcyv6jyi4d80h4r1h9p96czcria7l91yh4sy";
+    })
+    # CVE-2017-6892
+    (fetchurl {
+       url = "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748.patch";
+       sha256 = "05xkmz2ihc1zcj73sbmj1ikrv9qlcym2bkp1v6ak7w53ky619mwq";
+    })
+    # CVE-2017-8361, CVE-2017-8363, CVE-2017-8363
+    (fetchurl {
+       url = "https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3.patch";
+       sha256 = "0ccndnvjzx5fw18zvy03vnb29rr81h5vsh1m16msqbxk8ibndln2";
+    })
+    # CVE-2017-8362
+    (fetchurl {
+       url = "https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808.patch";
+       sha256 = "1xyv30ga71cpy4wx5f76sc4dma91la2lcc6s9f3pk9rndyi7gj9x";
+    })
+  ];
+
   buildInputs = [ pkgconfig flac libogg libvorbis ]
     ++ stdenv.lib.optionals stdenv.isDarwin [ Carbon AudioToolbox ];
 
-- 
cgit 1.4.1