Merge pull request #122217 from mweinelt/flac

flac: fix out of bound reads due to heap buffer overflow
This commit is contained in:
Luke Granger-Brown 2021-05-08 19:19:37 +01:00 committed by GitHub
commit 2c9d982257
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,13 +1,22 @@
{ lib, stdenv, fetchurl, libogg }:
{ lib, stdenv, fetchurl, fetchpatch, libogg }:
stdenv.mkDerivation rec {
name = "flac-1.3.3";
pname = "flac";
version = "1.3.3";
src = fetchurl {
url = "http://downloads.xiph.org/releases/flac/${name}.tar.xz";
url = "http://downloads.xiph.org/releases/flac/${pname}-${version}.tar.xz";
sha256 = "0j0p9sf56a2fm2hkjnf7x3py5ir49jyavg4q5zdyd7bcf6yq4gi1";
};
patches = [
(fetchpatch {
name = "CVE-2020-0499.patch";
url = "https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4.patch";
sha256 = "160qzq9ms5addz7sx06pnyjjkqrffr54r4wd8735vy4x008z71ah";
})
];
buildInputs = [ libogg ];
#doCheck = true; # takes lots of time