pjsip-jami: add CVE patches

author: linsui <linsui555@gmail.com> 2023-01-19 20:48:35 +0800
committer: linsui <linsui555@gmail.com> 2023-01-19 20:48:35 +0800
commit: 38eb013da022127161dad544554a06fa51a06d34 (patch)
tree: 94257a44cc842ae700e15a79a14a73e9ebc25ee7 /pkgs/applications/networking/instant-messengers/jami
parent: ec5432af8cf8e71f894a162c2e33facb81cbf8ad (diff)
1 files changed, 26 insertions, 5 deletions
diff --git a/pkgs/applications/networking/instant-messengers/jami/default.nix b/pkgs/applications/networking/instant-messengers/jami/default.nix
index 452d78f708dc1..ea898c0da8c9d 100644
--- a/pkgs/applications/networking/instant-messengers/jami/default.nix
+++ b/pkgs/applications/networking/instant-messengers/jami/default.nix
@@ -3,7 +3,8 @@
 , callPackage
 , fetchFromGitHub
 , fetchzip
-, ffmpeg
+, fetchpatch
+, ffmpeg_5
 , pjsip
 , opendht
 , jack
@@ -40,7 +41,7 @@ let
   readLinesToList = with builtins; file: filter (s: isString s && stringLength s > 0) (split "\n" (readFile file));
 in
 rec {
-  ffmpeg-jami = (ffmpeg.override rec {
+  ffmpeg-jami = (ffmpeg_5.override rec {
     version = "5.0.1";
     branch = version;
     sha256 = "sha256-KN8z1AChwcGyDQepkZeAmjuI73ZfXwfcH/Bn+sZMWdY=";
@@ -50,7 +51,14 @@ rec {
       patch-src = src + "/daemon/contrib/src/ffmpeg/";
     in
     {
-      patches = old.patches ++ (map (x: patch-src + x) (readLinesToList ./config/ffmpeg_patches));
+      patches = old.patches ++ (map (x: patch-src + x) (readLinesToList ./config/ffmpeg_patches)) ++
+        # SDL2 recently changed their versioning
+        [
+          (fetchpatch {
+            url = "https://git.videolan.org/?p=ffmpeg.git;a=patch;h=e5163b1d34381a3319214a902ef1df923dd2eeba";
+            hash = "sha256-nLhP2+34cj5EgpnUrePZp60nYAxmbhZAEDfay4pBVk0=";
+          })
+        ];
       configureFlags = old.configureFlags
         ++ (readLinesToList ./config/ffmpeg_args_common)
         ++ lib.optionals stdenv.isLinux (readLinesToList ./config/ffmpeg_args_linux)
@@ -72,7 +80,20 @@ rec {
         sha256 = "sha256-N7jn4qen+PgFiVkTFi2HSWhx2QPHwAYMtnrpE/ptDVc=";
       };
 
-      patches = (map (x: patch-src + x) (readLinesToList ./config/pjsip_patches));
+      patches = (map (x: patch-src + x) (readLinesToList ./config/pjsip_patches)) ++ [
+        (fetchpatch {
+          name = "CVE-2022-23537.patch";
+          url = "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1.patch";
+          sha256 = "sha256-7ueQCHIiJ7MLaWtR4+GmBc/oKaP+jmEajVnEYqiwLRA=";
+        })
+        (fetchpatch {
+          name = "CVE-2022-23547.patch";
+          url = "https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36.patch";
+          sha256 = "sha256-bpc8e8VAQpfyl5PX96G++6fzkFpw3Or1PJKNPKl7N5k=";
+        })
+      ];
+
+      patchFlags = [ "-p1" "-l" ];
 
       configureFlags = (readLinesToList ./config/pjsip_args_common)
         ++ lib.optionals stdenv.isLinux (readLinesToList ./config/pjsip_args_linux);
@@ -88,6 +109,6 @@ rec {
   };
 
   jami-client = qt6Packages.callPackage ./client.nix {
-    inherit version src jami-meta ffmpeg-jami;
+    inherit version src ffmpeg-jami jami-meta;
   };
 }
author	linsui <linsui555@gmail.com>	2023-01-19 20:48:35 +0800
committer	linsui <linsui555@gmail.com>	2023-01-19 20:48:35 +0800
commit	38eb013da022127161dad544554a06fa51a06d34 (patch)
tree	94257a44cc842ae700e15a79a14a73e9ebc25ee7 /pkgs/applications/networking/instant-messengers/jami
parent	ec5432af8cf8e71f894a162c2e33facb81cbf8ad (diff)