fdk-aac-encoder: apply patch for CVE-2022-37781

author: Thomas Gerbet <thomas@gerbet.me> 2023-01-15 12:07:12 +0100
committer: Thomas Gerbet <thomas@gerbet.me> 2023-01-15 13:47:45 +0100
commit: 7766691094ff79aa1640725f338f871c09ae4c03 (patch)
tree: bf5e5036c7f432948ef3bea5a5801179bd621a95 /pkgs/applications/audio
parent: 2d798b38ac8473e7cc6a3d4b38d7651cbd56fda5 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/pkgs/applications/audio/fdkaac/default.nix b/pkgs/applications/audio/fdkaac/default.nix
index 7aef140da6518..be6e0fcca228a 100644
--- a/pkgs/applications/audio/fdkaac/default.nix
+++ b/pkgs/applications/audio/fdkaac/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, autoreconfHook, fetchFromGitHub, fdk_aac }:
+{ lib, stdenv, autoreconfHook, fetchFromGitHub, fetchpatch, fdk_aac }:
 
 stdenv.mkDerivation rec {
   pname = "fdkaac";
@@ -11,6 +11,15 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-7a8JlQtMGuMWgU/HePd31/EvtBNc2tBMz8V8NQivuNo=";
   };
 
+  patches = [
+    # To be removed when 1.0.4 is released, see https://github.com/nu774/fdkaac/issues/54
+    (fetchpatch {
+      name = "CVE-2022-37781.patch";
+      url = "https://github.com/nu774/fdkaac/commit/ecddb7d63306e01d137d65bbbe7b78c1e779943c.patch";
+      sha256 = "sha256-uZPf5tqBmF7VWp1fJcjp5pbYGRfzqgPZpBHpkdWYkV0=";
+    })
+  ];
+
   nativeBuildInputs = [ autoreconfHook ];
 
   buildInputs = [ fdk_aac ];
author	Thomas Gerbet <thomas@gerbet.me>	2023-01-15 12:07:12 +0100
committer	Thomas Gerbet <thomas@gerbet.me>	2023-01-15 13:47:45 +0100
commit	7766691094ff79aa1640725f338f871c09ae4c03 (patch)
tree	bf5e5036c7f432948ef3bea5a5801179bd621a95 /pkgs/applications/audio
parent	2d798b38ac8473e7cc6a3d4b38d7651cbd56fda5 (diff)