diff options
author | linsui <linsui555@gmail.com> | 2023-01-19 20:48:35 +0800 |
---|---|---|
committer | linsui <linsui555@gmail.com> | 2023-01-19 20:48:35 +0800 |
commit | 38eb013da022127161dad544554a06fa51a06d34 (patch) | |
tree | 94257a44cc842ae700e15a79a14a73e9ebc25ee7 /pkgs/applications/networking/instant-messengers/jami | |
parent | ec5432af8cf8e71f894a162c2e33facb81cbf8ad (diff) |
pjsip-jami: add CVE patches
Diffstat (limited to 'pkgs/applications/networking/instant-messengers/jami')
-rw-r--r-- | pkgs/applications/networking/instant-messengers/jami/default.nix | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/pkgs/applications/networking/instant-messengers/jami/default.nix b/pkgs/applications/networking/instant-messengers/jami/default.nix index 452d78f708dc1..ea898c0da8c9d 100644 --- a/pkgs/applications/networking/instant-messengers/jami/default.nix +++ b/pkgs/applications/networking/instant-messengers/jami/default.nix @@ -3,7 +3,8 @@ , callPackage , fetchFromGitHub , fetchzip -, ffmpeg +, fetchpatch +, ffmpeg_5 , pjsip , opendht , jack @@ -40,7 +41,7 @@ let readLinesToList = with builtins; file: filter (s: isString s && stringLength s > 0) (split "\n" (readFile file)); in rec { - ffmpeg-jami = (ffmpeg.override rec { + ffmpeg-jami = (ffmpeg_5.override rec { version = "5.0.1"; branch = version; sha256 = "sha256-KN8z1AChwcGyDQepkZeAmjuI73ZfXwfcH/Bn+sZMWdY="; @@ -50,7 +51,14 @@ rec { patch-src = src + "/daemon/contrib/src/ffmpeg/"; in { - patches = old.patches ++ (map (x: patch-src + x) (readLinesToList ./config/ffmpeg_patches)); + patches = old.patches ++ (map (x: patch-src + x) (readLinesToList ./config/ffmpeg_patches)) ++ + # SDL2 recently changed their versioning + [ + (fetchpatch { + url = "https://git.videolan.org/?p=ffmpeg.git;a=patch;h=e5163b1d34381a3319214a902ef1df923dd2eeba"; + hash = "sha256-nLhP2+34cj5EgpnUrePZp60nYAxmbhZAEDfay4pBVk0="; + }) + ]; configureFlags = old.configureFlags ++ (readLinesToList ./config/ffmpeg_args_common) ++ lib.optionals stdenv.isLinux (readLinesToList ./config/ffmpeg_args_linux) @@ -72,7 +80,20 @@ rec { sha256 = "sha256-N7jn4qen+PgFiVkTFi2HSWhx2QPHwAYMtnrpE/ptDVc="; }; - patches = (map (x: patch-src + x) (readLinesToList ./config/pjsip_patches)); + patches = (map (x: patch-src + x) (readLinesToList ./config/pjsip_patches)) ++ [ + (fetchpatch { + name = "CVE-2022-23537.patch"; + url = "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1.patch"; + sha256 = "sha256-7ueQCHIiJ7MLaWtR4+GmBc/oKaP+jmEajVnEYqiwLRA="; + }) + (fetchpatch { + name = "CVE-2022-23547.patch"; + url = "https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36.patch"; + sha256 = "sha256-bpc8e8VAQpfyl5PX96G++6fzkFpw3Or1PJKNPKl7N5k="; + }) + ]; + + patchFlags = [ "-p1" "-l" ]; configureFlags = (readLinesToList ./config/pjsip_args_common) ++ lib.optionals stdenv.isLinux (readLinesToList ./config/pjsip_args_linux); @@ -88,6 +109,6 @@ rec { }; jami-client = qt6Packages.callPackage ./client.nix { - inherit version src jami-meta ffmpeg-jami; + inherit version src ffmpeg-jami jami-meta; }; } |