mpv: fix CVE-2018-6460

Upstream has fixed this in a series of commits ontop of 0.28.0. Debian
has backported the fixes to 0.27.0.

Upstream issue: https://github.com/mpv-player/mpv/issues/5456
Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888654#8
This commit is contained in:
Andreas Rammhold 2018-02-07 10:01:16 +01:00
parent 8ff7ac4859
commit 95f4d6ba1c
No known key found for this signature in database
GPG Key ID: E432E410B5E48C86

View File

@ -95,6 +95,11 @@ in stdenv.mkDerivation rec {
url = "https://github.com/mpv-player/mpv/commit/2ecf240b1cd20875991a5b18efafbe799864ff7f.patch";
sha256 = "1sr0770rvhsgz8d7ysr9qqp4g9gwdhgj8g3rgnz90wl49lgrykhb";
})
(fetchpatch {
name = "CVE-2018-6360.patch";
url = https://salsa.debian.org/multimedia-team/mpv/raw/ddface85a1adfdfe02ffb25b5ac7fac715213b97/debian/patches/09_ytdl-hook-whitelist-protocols.patch;
sha256 = "1gb1lkjbr8rv4v9ji6w5z97kbxbi16dbwk2255ajbvngjrc7vivv";
})
];
postPatch = ''